The sort of thing we are curious about…

As Seattle Privacy discusses the need for privacy oversight in City Hall, we are interested in both the big policy and governance questions and in the technical details of privacy-sensitive technology. Here is an example of the latter, drawn from city paperwork involving Cascade Networks, Inc., the contractor that installed the police surveillance cameras and mesh radio network in 2012-2013. The radios that make up the mesh network are basically tricked-out, weather-proofed versions of normal Wi-Fi access points. Before the city “turned off” the radios last year, each of them was broadcasting a network ID that you could have seen on your laptop or cell phone alongside Starbucks or the name of your home wireless router.  The specs for the project included requirements about network access and logging:

mesh_spec

In bland technical language, we learn that the network has the following capabilities.

  • It can limit logins to a list of approved users stored in a database.
  • It can identify potential users based on username/password or hardware device IDs.
  • It will keep detailed logs (time, duration, identity, etc.) of client connections.

However, these details raise questions that still have not been answered by the Seattle Police Department or any other city office.

  • What happens if a random passerby with a laptop or cell phone attempts to “associate” with a city access point? The answer to this could have privacy and security implications for both parties.
  • Wi-Fi devices broadcast uniquely identifiable radio beacons; does the city equipment record these beacons, or can it be configured to do so? Authorities in Chicago are planning just such a capability in a potentially intrusive Big Data collection scheme.
  • How long will logs be kept, and who will have access to them? Will they be subject to public records requests?

These are questions that should have been asked and publicly debated at early stages of the planning process. They also quickly become issues of general policy: If data is collected, it will be used by any legal or illegal branch of government whose agents can pick up a phone. To protect privacy, don’t collect sensitive information in the first place.

Below is a link to the source documents, courtesy of Tacoma-based Infowars reporter Mikael Thalen, who discovered them on the Seattle.gov Web site:

http://www.scribd.com/doc/183600279/Port-Security-Video-Surveillance-System-with-Wireless-Mesh-Network-Seattle

Or download the document.

Why we & the federal monitor agree: don’t trust SPD on surveillance tech

(Or: It’s Thanksgiving, and we are thankful for SPD’s federal monitor)

As reported in the Seattle Times, a draft report on the Seattle Police Department’s performance has been released by the federally appointed monitor, Merrick Bob, and it is not pretty. Say what you like about the federal government’s own violations of constitutional and human rights, the Department of Justice has served Seattle well by placing SPD under court review and holding it to an objective standard of policing. The excessive force — the unnecessary deaths, beatings, profilings, and daily humiliations — that compelled the DOJ to get involved must stop, and the SPD must fulfill its mission to serve and protect the people of Seattle.

As the city’s privacy-lovers already know, excessive force is not the only problem at SPD.  It was grant-chasing SPD leaders, particularly in the Information Technology division, who accepted money from the Department of Homeland Security  and deployed a city-wide surveillance of security cameras and radio links without public review or debate. In response to community apprehension (especially in West Seattle, where the first cameras went up), SPD’s leadership promised to manage the collected data responsibly and to allow public scrutiny of the images being captured. Additionally, Ordinance 124142, passed in March 2013, required SPD to submit a use policy within 30 days and gain council approval before turning on the system.

Eight months have passed since March, and no use policy has appeared. After people recently noticed that the system was turned on anyway, SPD promised to turn it off again. A legitimate question at this point would be: Who is running this circus?

The federal monitor’s report makes clear that SPD’s Information Technology division is a big part of the problem. There is not only lack of leadership from the City and inside SPD, there is, front and center, a simple lack of competence in IT.

The following excerpts from the report highlight IT’s inability to oversee large projects, plan new ones, manage its data, keep its machines working, and on and on. Remember, these are the people who sneaked in a public surveillance net, and then promised to manage its data in the public interest. In fact, they can’t even produce reliable data for Merrick Bobb. The failure of IT to manage (or even locate) its data plays directly into the SPD leadership’s conspiratorial, closed-door management style. Got a Freedom of Information Act request? Sorry, that information was lost. Got a federal consent decree? Sorry, we can’t really tell you what we are doing, because we don’t know, and we don’t want to know.

  • IT is incapable of providing responsive data to the federal monitor

The Department’s Information Technology (“IT”) leadership has given incorrect or incomplete information to the Monitor and Monitoring Team and has proven itself unable to tackle the management of projects of import or complexity relating to use of force and other areas encompassed by the Settlement Agreement. SPD’s existing capacities to track, analyze, and use data are, at best, weak. The data produced by the IT Department has been error-ridden and inadequate: The SPD simply does not have the data required to implement the Consent Decree, to manage the risk of unconstitutional conduct, to respond to the Monitoring Team’s requests for data in order to measure progress, to enable the Court to assess the speed and good faith of implementation, or to respond to routine inquiries by
City Council for data needed for legislative purposes. (1)

  • IT’s attitude and equipment are outdated

Modern policing is, in short, a scientific and data~driven enterprise…. The Settlement Agreement repeatedly stresses the need for the SPD to gather accurate data by which to manage the risk of unconstitutional policing and measure compliance. The SPD has nonetheless found it difficult to embrace these new technologies. Current data and analytical capabilities are nowhere near adequate. The SPD generates frequently erroneous and incomplete factual information about itself and officer performance. (6)

  • “We can do this ourselves!” — But they can’t

A business intelligence system, properly conceived and developed, is pivotal to SPD’s ability to hold itself accountable for constitutional policing…. During the last year, the SPD has spent substantial time and money–possibly hundreds of thousands of the business intelligence project because some within the Department firmly insisted that they could develop a system on their own, without input from outside experts or from those who will be the users of the system. A proposed “vendor” solution that would link the Department’s existing, jerry-built silos of erroneous and incomplete data to each other, with a weak interconnection, fell well short of what is needed: a modern, sophisticated, and dynamic tool that SPD can use to pragmatically and rigorously assess its performance. (7)

  • “Nobody can do this!” — Wrong again

Despite the Monitoring Team repeatedly advising SPD to tum to outside experts and consider alternative solutions for collecting more reliable data, this advice was slow to gain internal support. SPD’s IT leadership consistently told the Monitoring Team that some interim solutions were not technologically feasib1e–even though they were later shown to be easy to accomplish. (7)

  • The problem in IT is the leadership

Notwithstanding the SPD’s resistance to change and suspicion of innovation in some quarters, the Monitor emphasizes that there are many talented individuals within the SPD dealing with data and information technology who are working in good faith and taking justifiable pride in their accomplishments. The problem appears Qt to be the lack of a talented and dedicated staff but, instead, a failure by some members of senior IT leadership to fully accept the requirements of the Settlement Agreement…. (7-8)

  • How IT implements racially color-blind policing

The Monitoring Team’s third troubling discovery was that, for two consecutive years, the demographic figures for Asian and Caucasian subjects in use of force incidents were notably inconsistent with subsequent years. After confirming the accuracy of its analysis, the Monitoring Team brought this inconsistency to the attention of the Compliance Coordinator’s office. After an inquiry, the SPD explained that, for two years, “Asian” was incorrectly recorded in AIM as “Caucasian,” and vice–versa. Thus, although the Monitoring Team collected use of force data across only seven basic categories, it discovered a critical systematic error. The Monitoring Team understands that no effort is currently being made to audit or otherwise correct these errors. It underscores DOJ’s view that the SPD 1acked–and the Monitoring Team thinks the SPD still lacks–the basic tools necessary to manage the risk of unconstitutional policing. (11)

  • IT’s reputation for incompetence provides cover for misconduct

As this report details elsewhere, video and audio are missing far too frequently for incidents reviewed by the Use of Force Review Board and Firearms Review Board These omissions compromise the integrity and quality of investigations. When ICV [in-car video] is missing, the Department regularly and without additional inquiry accepts the explanation that the officer’s equipment was not properly functioning or that the officer did not know how to operate it. The days of technical issues being an immediately accepted excuse for the absence of video must come to an end so that officers can be fairly held accountable if they inappropriately fail to activate ICV or cause their on-body microphone to be muted during an incident. (13)

SPD promises interim shutdown of mesh radio network

The Stranger reported on Tuesday that Seattle Police Chief Jim Pugel has ordered deactivation of the mesh radio network installed across the city, pending approval of a use policy for the DHS-funded mesh nodes and surveillance cameras. The policy shift comes days after the Stranger‘s exposé revealing the privacy threat from these devices, which are designed by their manufacturer to track and log mobile wireless devices passing near them.

Pugel’s announcement brings Seattle closer to compliance with its own laws. On March 18, the City Council passed Council Bill 117730, requiring city departments to have advance approval before acquiring new surveillance equipment, and to submit use policies for existing equipment within 30 days. Eight months later, there is still no policy. Meanwhile, investigation by Seattle Privacy Coalition revealed that the radio and camera equipment was turned on and functional, even if not being actively used.

We are currently waiting for the blinking blue and amber lights on the mesh nodes to go dark. So far, a quick check along Alaskan Way finds them powered on, just as before.

Seattle media discover the SPD mesh radio network

The mesh radio network that the Seattle Police Department put in alongside its surveillance cameras has suddenly become an object of interest in the Seattle media. Two recent stories reveal the extent of the network, its ability to track innocent citizens, the concerns voiced for the last eight months by Seattle Privacy Coalition, the ACLU, and others, and the Seattle City Council’s ongoing state of hibernation about this subject, to say nothing of Mayor Un-Elect Mike McGinn’s reflexive support of the everything the police do.

1. The Stranger published a really excellent article on this topic, You are a rogue device, giving credence to its claim of being “Seattle’s Only Newspaper.”

2. KIRO 7 TV aired a November 7 report, Seattle police have a wireless network that can track your every move. Their piece was picked also picked up by The Raw Story on December 10.

If you look to the right side of this page and click on the map (or click here), you can see for yourself where those mesh radio nodes are located.

Keep it coming, Seattle media, and light a fire under City Hall.

Protocols for surveillance data under development in Seattle

Here’s an email I wrote to Seattle City Councilmember Bruce Harrell, who chairs the Committee of Public Safety, Technology, and Civil Rights:

Dear Councilmember Harrell,

Thanks so much for all the work you’re doing to address police accountability, the gender pay gap issue, and equitable access to broadband in the city, among so many other issues.

Quick question: In March of this year, Council passed ordinance 124142, which called for the creation of written protocols for City-owned surveillance equipment. The legislation required programs running previously deployed surveillance equipment — specifically, the Alki “Port Security Cameras” — to provide written protocols for their use within 30 days of the passage of the ordinance.

I searched the Council site and the Committee for Public Safety, Civil Rights, and Technology’s recent agendas, but I didn’t see any mention of these protocols under discussion, and was just wondering if you could provide an update about their progress and when the public might hope to have a peek at them.

Thanks very much,

Jan Bultmann
Seattle Resident
Member, Seattle Privacy

 

Today I got a very encouraging response from a member of CM Harrell’s staff, who wrote that the committee is working with SPD and ACLU on draft protocols for the Wireless Mesh Network cameras. The staff person said, “The document is still subject to further changes and will go before the Public Safety Committee for public discussion. The most recent meeting with ACLU and SPD was on Wednesday, 7/17.”

I’m very glad to hear about this, and we’ll be keeping an eye out for the protocols on the Public Safety Committee agendas for when the draft comes out for public review.

Meanwhile, we’ve updated our map (see right) of the mesh network to include the nodes along third and fourth avenues, and we’re planning to get the latest batch to go up in along Rainier Avenue on the map as soon as we can.

As co-founder Phil Mocek has reported, the government-owned cameras are a fairly small slice of the overall camera pie: There’s also a program in Seattle called Seattle Shield, in which Seattle PD exchanges information with more than 100 private entities. You can read more about Seattle Shield here: http://investor.abm.com/common/mobile/iphone/releasedetail.cfm?ReleaseID=550581&CompanyID=ABM&mobileid=

Phil’s efforts to discover who all is in Seattle Shield through FOIA requests here: https://www.muckrock.com/foi/seattle-69/seattle-shield-mailing-list-2012-2971/.

Or, see a video of a federal officer harassing Phil on the sidewalk yesterday here: http://archive.org/details/20130725FederalProtectiveServiceHarassment.

If you zoom in on our map at right you can see the exact location where this took place: the federal building.