Archive for the 'Seattle Data Privacy Oversight Board' Category

Proposal: Overhaul Surveillance Ordinance as Data Collection, Retention and Sharing Ordinance

By Jan Bultmann and Christopher Sheats

 

Our city has committed to protecting immigrants, refugees, and the many thousands of other vulnerable populations. We argue that this is not possible without strong privacy oversight, safeguards, and enforcement. The local privacy community urges Seattle’s leadership to set aside for the moment the discussion of our Surveillance Ordinance and any amendments to it, and instead to develop an ordinance that holistically addresses the government’s role in data collection, retention, and sharing.

Why pause now? The ACLU of Washington has proposed a stronger version of the existing bill, which has been watered down by multiple revisions that remove the many critical elements including independent oversight, auditing, reporting, and enforcement requirements. But even with the ACLU’s original, stronger proposal, the foundation of the bill is inadequate.

We now live in a very different environment than when the Surveillance Ordinance was first crafted, although it has only been 3 years. This legislation was drafted in response to the public outcry that accompanied the Seattle Police Department’s acquisition of drones without public knowledge. Council chambers were repeatedly packed with demonstrators. After having wasted $82,000 dollars, the drones were ultimately decommissioned. The Surveillance Ordinance was successful to meet that immediate challenge.

Now we promise vulnerable people that we are a sanctuary city that will defend their human rights. We are literally in the crosshairs of a hostile federal government, one that has been shown to disregard local regulations and make backroom deals with city agencies. For example, putting cameras on City Light poles in direct violation of our existing surveillance law, putting nothing in writing, and further, evading any form of FOIA or PDR process.

“As a sanctuary city we have a greater obligation to protect private citizens.” — Kshama Sawant

We have autonomous cars coming, including wireless car to car technology, wireless car to infrastructure technology, and the lobbyists that come with them. We have facial recognition technologies coming and the lobbyists that come with them. We will be seeing the largest developments of these technologies within President Trump’s term.

Seattle’s Race and Social Justice Initiative clearly states:

By 2017, the City of Seattle will work with community-based organizations to support the movement to end structural racism.

We can tell you that the City has not asked the Seattle Privacy Coalition for input on how we might accomplish this, and we are well into 2017. Further, CTAB-Privacy has not been asked for input on these amendments by the Council. How can Seattle’s Surveillance Ordinance go on to exempt technologies designed and purchased for surveillance? Do black lives really matter to Seattle when data collection, retention, and sharing technologies are historically and routinely purchased in the name of defense but used offensively?

If we do not hold ourselves accountable, a government for the people, how are we going to ethically govern the use of these technologies when they are funded, deployed, and managed by third parties? How is Seattle going to defend our human rights if we have a “surveillance ordinance” that is not adequate for the complexity of a major municipality? Common sense demands that we broaden the scope to include all forms of data collection, retention, and sharing. This would eliminate splitting hairs on terms that exclude any technology not specifically purchased to support law enforcement.

The Electronic Frontier Foundation is a legal digital rights organization that maintains an umbrella grassroots organization called Electronic Frontier Alliance. Last week we discussed surveillance ordinances under development in more than 11 municipalities across the United States. The Seattle Washington ordinance was cited as being “well-intended but weak” whereas the Oakland California legislation was cited as effective because their draft legislation includes provisions for independent oversight that are fundamental to all controls, auditing and reporting requirements, and enforcement options such as the public’s right to sue for privacy harms. We strongly advise that Council review the Oakland California ordinance.

The Seattle ordinance MUST include oversight, auditing, reporting, and enforcement, and it cannot be limited to a false notion of what is or it not for surveillance. Without these fundamental changes, we are a sanctuary city in name only. With federal access to municipal databases unmonitored, unchecked, and unreported, anyone who makes use of a city service is vulnerable. When privacy is by design and policies are made to support the most vulnerable in our city, we, in effect, defend everyone’s human rights.

As defined by Seattle’s Privacy Program, we have a Privacy Review Process (PDF) that we can leverage for all forms of data collection. All forms, because there cannot be a lack of transparency and accountability. This must be baked into a Data Collection, Retention and Sharing Ordinance. Every act by the City that takes in information should have a corresponding unique identifier that must be published so that anyone can learn more about the data being collected, what it is being used for, and who is responsible for it. This will build trust. In line with Councilmember Sawant’s wishes to pull down foreign cameras from City utility poles, people have the right to be informed about what their government is collecting about them and their community. We should have the ability to learn about and to respond to our government in constructive ways. With the City’s drive for increasing open data and community engagement, why haven’t we started doing this yet?

Privacy is at risk from always-on microphones, cameras, smartphones, smart meters, automobiles, internet assistants like Alexa, Siri, Echo, and Cortona, Internet connected children’s toys, home appliances, and so many other things that have yet to even be invented. The city of Seattle cannot protect people today from predatory corporate data exploitation. We can, however, model what a human-rights respecting privacy policy looks like. And we must.

Please do not pass the watered-down Surveillance Ordinance rewrite into law because it will cause more harm than good. Instead, we urge the City Council to reach out to local community organizations such as the Seattle Privacy Coalition, Electronic Rights Rainier, and the body that the City Council assembled to advise them on technical issues, the Community Technology Advisory Board, to create a bill we can all be proud of.

If We Care For Survivors, Surveillance Technologies Must Be Heavily Regulated

By Christopher Sheats

 

In Seattle tomorrow, City Council will be discussing Surveillance Ordinance amendments originally proposed by ACLU of Washington and watered down by the council. The Surveillance Ordinance would be incredibly deficient if we passed these amendments. Of primary concern, there are multiple exemptions that are *crazy* if you were to juxtapose a United Nations privacy report.

Surveillance technology does not include:

(a) technology used to collect data from individuals who knowingly and voluntarily consent to provide, or who do not avail themselves of an opportunity to opt out of providing, such data for use by a City department;

(b) social media sites or news monitoring and news alert services;

(c) a body-worn camera;

(d) a camera installed in or on a police vehicle;

(e) a camera installed in or on any vehicle or along a public right-of-way used to record traffic patterns or traffic violations or to otherwise operate the transportation system safely and efficiently, including in any public right-of-way;

(f) a camera installed on City property for security purposes;

(g) a camera installed solely to protect the physical integrity of City infrastructure, such as Seattle Public Utilities reservoirs; and

(h) routine patches, firmware and software updates, and hardware lifecycle replacements.

In February, I spoke along side ACLU of Washington lawyers, University of Washington lawyers, and a domestic violence survivor at a public hearing in our state capitol to support an ACLU bill limiting Automatic Licence Plate Readers. Domestic violence survivors’ privacy, specifically their physical location privacy, is paramount to them and their families. Further, many survivors are victims to police men and women, making this under-served population a critical voice in discussions concerning surveillance technologies. At the hearing, A women with incredible courage showed up to educate the committee about her and the other 5,000+ Address Confidentiality Program participants. With permission, below is her testimony.

As content on our website is licensed using Creative Commons, please feel free to use share her testimony to further privacy rights.

Madame Chair, and members of the committee,

I am here today to discuss a part of my life so terrifying that, at times, I have actually contemplated writing a horror movie script.

Please forgive me, but by the end, it will make sense to today’s hearing.

I am here as a participant in the Washington State Address Confidentiality Program, ACP for short.

You will never understand, nor will I ever be able to convey the fear and torment that one individual can deliver. His words are still etched in my mind: “No woman is going to tell me, a man, what to do.” When trying to end a relationship, what I got in return was physical abuse and psychological terror. I would see him outside my home, my work, at my children’s school or stalking me in my rear-view mirror.

At times, he would convey to me each and every way or place he could have killed me that day.

I discovered that he had made duplicate keys of both my home and my car. Changing door locks didn’t matter. He still got inside. He was letting me know that he was in control.

My oldest son and I would eventually bobby trap our doors when we left, to more easily determine if he might be inside when we returned.

And though time, our much-loved pet cats disappeared one by one.

I lived through death and kidnapping threats to my children’s lives. I feared for my own life.

And in utter, desperate fear one night, I called a helpline, told them of my situation, and was advised to leave the state immediately. I did. On their advice, I gave my house keys to a friend, told nobody where I was going, put my kids and some clothes in my car, and drove to a state where I was offered protection.

I thank you so very much WA for the ACP. I no longer have to be afraid. It took me months but I no longer have to fear looking in my rear-view mirror.

This is hopefully the end of my desperate story.

But now, I want you to clearly understand one implication of unrestricted ALPR technology
I am here representing a vulnerable part of society, those who live in domestic violence situations. My ex-boyfriend kept telling me that he had connections to the police department, that there was no place to hide.

What if that was true? What if someone like me, couldn’t hide ever?

With unrestricted and retained ALPR data that becomes a real possibility.

I want you to consider the lives of spouses of law enforcement who might be in a domestic violence situation. My tale of torture existed because my stalker knew where I lived. Please protect your citizens, all your citizens, from potential location abuse. Please put restrictions on ALPR data.

In search of privacy advocacy from underrepresented communities

In an attempt to bring together various privacy stakeholders in Seattle, particularly from the Muslim community, I attended my first Muslim, Sikh and Arab Advisory Council meeting looking for specific privacy cases to learn about. I later wrote to the Seattle Police Department with various questions and concerns. In light of the City of Seattle establishing a welcomed Privacy Initiative, it seems prudent to involve privacy stakeholders from various local and underrepresented communities.

Below is an email sent to a Seattle Police Department program manager regarding the the Muslim, Sikh and Arab Advisory Council to the Seattle Police Department on November 19th, 2014. The program manager, Maggie Olsen, promptly replied stating that my email had been forwarded to the Commander of the Community Outreach Section, Captain John Hayes. Jan and I have not yet received a reply.

Hello Maggie,

My name is Christopher Sheats, a concerned citizen of Seattle and a volunteer for the Seattle Privacy Coalition (SPC) (seattleprivacy.org).
My colleague Jan is CC'd, she is the SPC director. I'm writing with regard to the Muslim, Sikh and Arab (MSA) Advisory Council to the Seattle Police Department.

This email may be better directed to Detective Yanal Vwich, or possibly Chief Kathleen O'Toole. I attended my first MSA meeting on October 2nd, 2014. I advertised that the Citizens Technology and Telecommunications Advisory Board (CTTAB) was planning a privacy symposium to focus on the privacy impact to vulnerable populations in Seattle. The privacy symposium is supposed to happen next year, but I am not yet sure about details.

I also want Detective Yanal Vwich and the MSA to be aware that the City of Seattle is establishing a special, and likely permanent, privacy advisory board for the city. For more information about the new privacy
board:

CITY OF SEATTLE LAUNCHES DIGITAL PRIVACY INITIATIVE http://murray.seattle.gov/city-of-seattle-launches-digital-privacy-initiative/

Seattle Takes the Lead in Nationwide Surveillance vs. Privacy Debate http://192.168.42.120/press-release-response-to-seattle-privacy-initiative/

Composition of City’s Privacy Advisory Board (written by Jan) http://192.168.42.120/composition-of-citys-privacy-advisory-board/

I have several questions, please help where possible.

Q1- It appears that MSA and the East African Advisory Council's have been combined and that their meeting schedule has been severely reduced. 
Why is that?

Q2- Given the privacy and trust implications of these vulnerable populations, I was surprised to learn that these meetings were being held at a government facility. I know that this has a negative impact on attendance. Why can't it be changed to a community center, with more access to bus routes?

NSA Surveillance Chilling Effects: HRW and ACLU Gather More Evidence https://www.eff.org/deeplinks/2014/07/nsa-surveillance-chilling-effects

Q3- Would't it be prudent to have a member of the Muslim community to be directly involved with the Seattle Privacy Advisory Board?

Latest Snowden Leaks: FBI Targeted Muslim-American Lawyers http://www.wired.com/2014/07/snowden-leaks/

One of the attendees bluntly accused that the FBI was spying on people in his community. The FBI attendee blatantly lied in response--given the Snowden revelations that go into specific proof that says otherwise. The Seattle City Council, the Seattle Police Department, local FBI offices, and the City's IT Dept all share the responsibility in gaining trust though cooperation and privacy enhancements.

Having gone to just one MSA meeting, I was almost overwhelmed with the amount of distrust between attending members of vulnerable populations and the various US Gov attendees. As an empathetic white male, it was uncomfortable.

On behalf of the Seattle Privacy Coalition, I would like to assist wherever possible to help bridge this divide, regarding trust through privacy. Please share the following information to the respective Advisory Councils where appropriate. It would also be great to get members of MSA involved with our citizen group (Seattle Privacy Coalition) for greater diversity:

Send an empty email to the following address to be put on our announce
list:
seattleprivacy-announce-unsubscribe@lists.riseup.net

Seattle Privacy Coalition can be contacted directly:
contact@192.168.42.120

I can be contacted directly, and I have a public PGP key available:
yawnbox@riseup.net
7DFF 4EE5 1C63 9060 C9C9
A48A BEAF 1420 523A EB46

If any of you would like help setting up your own PGP key-pair so that people can securely contact you, or an alternative secure chat application, please let me know.

Lastly, with your permission, I'd like to publish any or all responses to our blog, SeattlePrivacy.org, so that the public can be further educated about these ongoing issues.

Cheers

Christopher Sheats
citizen

“If not for Seattle, this history would be different”

Laura Poitras’s Citizenfour reminds us that courage is local

A few days before the Seattle City Council announced its precedent-setting privacy initiative, the year’s most anticipated documentary, Citizenfour, opened at the Uptown SIFF Cinema.  Laura Poitras’s third film about the post-9/11 American security state tells the story of Edward Snowden, the NSA whistle-blower who made “dragnet surveillance” a household term.

Seattle’s step toward privacy and accountability was well-covered in the local press and also made the leap to a couple of governance trade journals. Seattle Privacy made sure that Laura Poitras herself knew what had happened here at the same time that her film was drawing capacity crowds. She sent us congratulations:

It is fitting that Seattle is first to respond – it is the home of NSA
PRISM partners such as Microsoft, as well a strong community of people
building alternatives to dragnet surveillance. These alternatives, as
well as informing and engaging with the people of Seattle, are a step
toward regaining meaningful democratic oversight relating to security
and privacy in our country.

If not for Seattle, this history would be different.

 

When the Seattle Privacy Coalition came together in early 2013, the city’s political establishment issued us the tin-foil hats reserved for people who worry about government surveillance. The disgraced, federally supervised Seattle Police Department was so used to getting its way in technology matters that it shrugged off negative public reaction to the “port security” camera network. In talks with city officials, we provoked eye-rolls and knowing smirks by suggesting that the city should pass up federal grant money that paid for boondoggles such as police drones. [Note: See the update at the end of this post. It ain’t over.]

After Snowden, the complacency was gone. Little has changed at the national or state levels — the security agencies still run Congress and the White House, Boeing still dictates to Olympia. But locally, there is movement. DHS-funded spying and cops in tanks have become issues with names: Oakland, Ferguson. The city establishment’s dread of controversy now works in favor of privacy advocates. The security lobby will have a hard time influencing every petty municipality the way it influences the federal government.

An evolving model for political action emerges from Citizenfour. In a world where democracy and the press have ceased to function at the highest levels, we watch lone individuals making fateful choices grounded in their private experience. These precise moments of integrity contrast with farcically mediated global contexts: archival footage of NSA Director Keith Alexander and National Security Director James Clapper telling extravagant lies to Congress; a frantic scrum of boom-bearing reporters around Glenn Greenwald and his partner (and taking care to edit themselves out of the film they will broadcast); or the recurring apparition of Wolf Blitzer playing Wolf Blitzer. Always there is a strong implicit case for what it real and what is not, and where personal agency lies.

“There’ll be the breaking of the ancient western code / Your private life will suddenly explode.” — Leonard Cohen

Poitras, not Snowden, is the first example of this in Citizenfour. Out of the blue, Snowden sends her an encrypted email message, an event recreated on-screen as white text unspooling in the black void of a Linux computer terminal. Disembodied in this weirdly intimate environment, an as yet anonymous Snowden tells her he is a spy, that he has classified disclosures to make, that there is great danger, and that their joint government adversary can attempt one trillion password cracks per second. Her private decision to accept this mysterious challenge leads to the events of the movie.  When she later asks “Citizenfour” why he had chosen her, He tells her, “You chose yourself.”

Poitras next tells the story of NSA veteran William Binney.  After the end of the Cold War, he developed systems to automate the collection and analysis of telecommunications metadata. Originally, the targets were foreign, but shortly after 9/11, NSA turned Binney’s work into the basis of its new program of blanket domestic surveillance. His internal protests against NSA’s lawless, ineffective, and wasteful policies went nowhere, and he soon left the agency. After being raided at gun-point in 2007 during an FBI leak investigation (in which he was later cleared), Binney gained prominence as one of the most outspoken NSA whistle-blowers prior to Snowden.

The misguided raid on Binney was provoked in part by the revelations of Mark Klein, who is not actually in the movie, though we do see a hearing from one the lawsuits that resulted. Klein was a technician for AT&T who discovered that Room 641a at 611 Folsom Street  in San Francisco was an NSA diversion site for all of AT&T’s Internet and telephone traffic. Appalled by what amounted to a tap on the entire Internet, Klein took his story to the Los Angeles Times, which refused (under government pressure) to print it. He next took it to the New York Times, which also bowed to government pressure for a year before finally publishing it in 2005.

Seattle Privacy’s co-founder Jacob Appelbaum turns up twice in the film, once before and once after his NSA reporting forced him into Berlin exile. In one segment, he presses an Occupy Wall Street audience to consider whether they have been personally under surveillance, and lists ways it could have happened — not just by means of telephones, email, and the Web, but also credit cards, travel passes, etc. He calls them canaries in a coal mine who are experiencing what everybody will experience in the near future. (As Jacob likes to say, “My present is your future,” though he now thinks the future has pretty much arrived for everyone.) The personal experience entails the universal problem, and is the key to fighting it.

We also meet Ladar Levison, the [former] proprietor of the secure email service Lavabit. Its most famous customer: Edward Snowden. Levison built an encrypted mail service that collected no information on its users, and thus had nothing to give law enforcement even when subpoenaed. Unable to identify Snowden’s correspondents in the usual way by seizing metadata, the FBI  told Levison to give up Lavabit’s master SSL encryption keys, which would allow them to uncloak the entire Lavabit customer base secretly in real time. Levison instead shut down his business rather than betray his customers’ privacy. Try to imagine that in a corporatized setting where profit is paramount and ethical concerns are actionable in civil court.

In bare outline, Snowden’s own story is that he gave up his prior life and risked life imprisonment  (or worse) to expose the actions of NSA and its partners. Most will remember his principled if fatalistic rationale from the original June 2013 interview. In Citizenfour, Snowden’s anxiety and regret become palpable. He masters his fear and steps through the hotel room door into what may be the waiting arms of a hostile government. Though Snowden repeatedly downplays his role in leaking the documents — “I’m not the story” — his choice is the story.

At Seattle Privacy, we hope to change how citizens are treated by their local government and by the police. The recent good news notwithstanding, we will continue to push the City Council to follow through on its stated intentions. We don’t want the promised oversight structure to end up a dead letter like Ordinance 124142, another privacy “first” that was passed 18 months ago and never enforced. At stake is a role for Seattle as a national model of awakened democratic government. It took bold individuals to expose the corrupt surveillance state, and it will take a bold community to prove Laura Poitras right: “If not for Seattle, this history would be different.”

Update:

Even as I wrote and published this, the City Council threatened to reverted business-as-usual by planning a budget hearing for a ShotSpotter-type system. For information about the city’s past flirtation with outdoor audio surveillance (and some sleazy video of Seattle politics at its worst) see our ShotSpotter fact sheet. Rest assured we will communicate to our leaders what we think of their renewed interest in ShotSpotter.

Seattle Takes the Lead in Nationwide Surveillance vs. Privacy Debate

People all over Seattle, the United States, and the world continue to be shocked by seemingly endless revelations of warrantless surveillance, frustrated by demands that we give up ever more privacy, and outraged at being disenfranchised by the chilling effects of having our every word, association, and move tracked.

This morning, Mayor Ed Murray and Seattle City Council members Mike O’Brien and Bruce Harrell boldly announced a new initiative[1] to begin to address the erosion of privacy in our society. Seattle is the first city in the nation to take such a proactive and farsighted step. The initiative will begin with a systematic review of the potential effects on personal privacy of all city programs and policies.

“This move will save Seattle taxpayers money by limiting spending on ideas like surveillance cameras or drones that later need to be scrapped.” -Adam Shostack

The Seattle privacy initiative comes two years after disclosures about Seattle Police Department’s acquisition of surveillance drones[2] and installation of a public surveillance camera network[3] drew public concern and protest. This debate merged with concerns about spying on political activists, unchecked use of facial-recognition technology, locational surveillance via automated license plate readers, and data sharing with private entities along with state and federal agencies.

The Seattle Privacy Coalition applauds Seattle’s leaders and legislators for their bold move to grapple with the difficult and vexing issue of protecting privacy while embracing technological innovation, and for their commitment to expanding civic involvement and bringing more voices to the table.[4]

“We hope that this effort will serve as a model for other municipal governments, and give heart to grassroots privacy advocates everywhere,” said Jan Bultmann, co-founder of SPC. “This development shows that even if our federal government is too paralyzed and beholden to corporate interests to act, we don’t have to sit back and watch our right to privacy evaporate. We can work with local governments who can still hear and respond to our voices.”

“This move by our city’s leadership is exciting,” said Christopher Sheats, Seattle resident and political activist. “It demonstrates that they’re listening to those whom they represent, and that community input is valued here in Seattle. The proposal to further implant privacy-strengthening processes in our city’s government is a refreshing reminder that civil liberties can be protected regardless of advancements in technology.”

“I am happy to see Seattle recognizing the importance of privacy to our citizens and residents,” said Adam Shostack, Seattle resident and author of Threat Modeling: Designing for Security. This move will save Seattle taxpayers money by limiting spending on ideas like surveillance cameras or drones that later need to be scrapped.”

“Meaningful transparency and accountability requires regular people’s fully informed civic involvement. I’m glad to see that the city of Seattle has heard the call and is committing itself to democratic action. This moment in Seattle is made possible because of the sacrifice and courage of the whistleblower Edward Snowden. It is exactly these kinds of changes all across America that he worked to create,” said Jacob Appelbaum, privacy journalist and co-founder of of Seattle Privacy Coalition.

THE PLAN IN BRIEF

2014

  • Convene team of representatives from city departments to oversee creation and implementation of the privacy program.
  • Appoint a Privacy Advisory Committee of academic and community leaders to develop privacy principles and advise the government team.

2015

  • Develop privacy guidance documents to insure departmental awareness and compliance.
  • Assess the current state of city compliance with the new policies.
  • Remediate gaps in compliance.
  • Establish an ongoing privacy oversight structure.

Seattle Privacy Coalition is a group of current and former Seattle residents that formed in April 2013 over a shared interest in transparency, accountability, and accuracy about the current state of privacy, security, and related issues. Our first project was to explore, document, and provide oversight relating to the Seattle Police Department’s surveillance camera network. Our mission is to urge and empower the City of Seattle to take advantage of Seattle’s leadership in technology and commitment to civil rights to lead the United States to restore and protect all people’s right to privacy.

[1] http://clerk.seattle.gov/~public/meetingrecords/2014/cbriefing20141103_3a.pdf

[2] http://westseattleblog.com/category/seattle-police-surveillance-cameras/

[3] http://westseattleblog.com/category/seattle-police-surveillance-cameras/

[4] http://192.168.42.120/mission/