Archive for March, 2015

ShotSpotter: There’s no lobbyist like an arms lobbyist

Seattle Privacy Coalition has blogged before about the aggressive marketing practices of ShotSpotterTM, the controversial gun-fire detection system that Seattle City Council wants to purchase. Now our friendly competitor news outlet The Intercept has blasted the story sky-high. When a sales pitch in Council Chambers is really a lobbying campaign by an international arms dealer, hold onto your wallet and your freedoms.

Here’s the Intercept article in a nutshell:

  • Despite claims to the contrary, ShotSpotter, which uses a network of microphones to pinpoint gunshots in covered areas, also records conversations going on in the vicinity. This is established fact, inasmuch as the recordings have been admitted as evidence in criminal trials.
  • ShotSpotter’s wide deployment in over 90 US cities is powered by an aggressive lobbying campaign.
    • DC lobbyist Ferguson Group, by targeting congressional delegations, has secured $7 million in federal funds to purchase ShotSpotter through Department of Justice.
    • ShotSpotter also has hired lobbying firms Squire Patton Boggs, Raben Group, Greenberg Traurig, and Mercury Group Public Affairs to sell its products at the federal, state, and city levels, including coordination with police unions.
    • Having laid the federal funding groundwork, ShotSpotter guides potential customers through the grant application process.
    • ShotSpotter cultivates revolving-door relationships with law-enforcement heavies. Senior Vice President David Chipman is a former senior official at the ATF and a former fellow to the International Association of Chiefs of Police, and New York Police Commissioner William J. Bratton did a stint as a board member before assuming his present position as one of ShotSpotter’s newest and biggest customers. (Fortunately for the American Way, he recused himself from that purchasing decision.)

The article also spotlights the silly claims by company executives that ShotSpotter is not a listening device. As one helpfully explains, “It’s an acoustic sensor. It’s not a microphone,” which you can file under Distinction Without A Difference. And, as usual, ShotSpotter can’t keep its story straight. Our Oakland friend @marymad contributes this capture from the ShotSpotter Web site:

Embedded image permalink

Just like a cell phone, eh? That explains why the 20-30 foot limit is nonsense, too. Cell phone users know that speaker-phone mode picks up anything loud enough to be picked up, regardless of distance. A conversation 100 feet away on a quiet street? No problem.

The Intercept piece concludes with this alarming assessment of the privacy issues presented by ShotSpotter’s audio surveillance:

ShotSpotter’s privacy policy claims this audio is “erased and overwritten” and “lost permanently” if its system does not sense a gunshot. However, even if this is true, the policy also states that ShotSpotter has detected and recorded “3 million incidents” over the past ten years. This also indicates the sensors report a staggering level of false alarms, and that the company has permanently recorded 18 million seconds — in other words, 5,000 hours or approximately seven months — of audio. According to a promotional document emailed to Miami city officials by ShotSpotter’s sales team, the technology allows end users to retain this audio online for two years and offline for another five.

The lessons here are not new:

  • ShotSpotter is a questionable use of money, a technical quick-fix that does little for public safety and nothing for the underlying causers of crime.
  • The company is a snake-oil merchant that constantly makes claims that defy scientific logic.
  • The ShotSpotter lobbying machine is a public menace.

 

We support the plan by Seattle City Council to closely review the money provisionally allocated to purchase ShotSpotter.

New round-up from the Privacy Project

In Seattle, the blurry, redacted videos from police that are posted to You Tube are getting attention, and at the state level, a compromise bill on police body-cam video in the state legislature is proposed to buy some time for writing privacy legislation, the delightful concept of nefarious drones is introduced, and so much more:

Privacy News Update 3-28-2015

Anonymity, privacy, and recovery online

Here’s the transcript of the talk I gave at PechaKucha Seattle in Feb 2015:

“It’s 2008, and I am newly sober alcoholic. And I’m on Twitter. I’m on Twitter as myself, under my real name, and I’m on Twitter under a fake name, for talking anonymously to other alcoholics in recovery, who all use fake names too, and pictures of their pets as avatars.

And I love their pictures of pets, and I love them, because they say raw, honest, hilarious, tragic, helpful, and authentic things. Truth-telling on a level it’s hard to come by in everyday life, where so much is advertising.

One day I’m tweeting from my Jan Bultmann Twitter account, and a message pops up on the side of the screen. Twitter, suggesting that I follow “people near me,” with interests like mine. To my horror, one of them is anonymous alcoholic ME!

Outside of a recovery meeting, it’s hard to explain the kinds of things you say to and hear from other alcoholics. But it’s easy to explain, and easy to understand, I think, that you promise never to betray the confidences that other people share with you.

Here in Seattle it’s pretty safe to be an alcoholic and out about it. People might ask you suspiciously about “the higher power thing,” but that’s about it. But in some places, the information that you are an alcoholic could be used to harm you. Badly.

I closed my alcoholic twitter account without even saying good-bye. But it was too late. Unfamiliar names, faces and titles were popping up as suggestions in my Linked In account, as people who might be part of my professional network, people I should connect with.

When this first happened, I was like, come on LinkedIn, what is your ISSUE?

Why are you suggesting that I know a military recruiter in San Antonio, a real estate broker in North Carolina, a priest in London? Then I looked a little closer, and…. ahhhh. My former twitter correspondents in recovery, all previously, we had imagined, anonymous.

I felt the same way I felt one day in a kayak in the San Juan islands when an orca surfaced briefly beside me, and I realized a pod was passing through. A sense of large, invisible predators moving under the surface all around me, intent on a mission of their own.

What we know about data mining now makes it seem like I was just foolish back then. Now, the mining and aggregating and selling of data has become a kind of background noise, as unregarded as wires that carry electricity or pipes that carry water, part of the infrastructure.

I’m a tech writer. I started writing for a Microsoft web site about how people with computer networks at home could protect their kids from cyberbullies, their home wi-fi from wardrivers, their passwords from social engineering attacks. This probably wasn’t very good for me.

Then, I worked briefly as a legislative aide in a city council office or two here in Seattle. In the public sector, I encountered the weird mirror side of personal privacy, that is, transparency requirements in government.

I came from Microsoft, where I’d got used to putting my every thought down in email. I was quickly educated by lifers in the political scene about how every email of mine could end up on the front page of a newspaper. How I should know that. How I should be very very careful about what I texted, emailed, what I wrote on a post-it.

Then the surveillance cameras went up on Alki Beach Park, along with their meshnet nodes. Those of us who were answering the council phones didn’t know anything about them, when the first constituents called in. Eventually it emerged that the $5 million system was owned and managed by the Seattle Police Department, acquired through federal funding, and available to assorted other agencies.

Those cameras, like the ill-fated Seattle police drones before them, stirred in me some flicker of hope that there was still a way out of the Watch Me Now society we were building for ourselves. Because I couldn’t really do anything about Twitter, or Linked In, apart from not use them. But I could make myself heard in municipal government.

I left my job as a legislative aide and, with some like-minded folks, formed the privacy advocacy group Seattle Privacy Coalition. We thought, if this area can lead with minimum wage law, marriage quality, and in ending marijuana prohibition, why can’t we lead in privacy protection, too?

Our friends joked about tinfoil hats. One said to me on a sidewalk, in a spooky voice, “Are we being watched right NOW?” We were at the corner of 4th and Cherry, we had smartphones in our pockets, and there were 5 surveillance cameras, public and private, in view, but at that time it still seemed like an absurd question.

And then, whistleblower Edward Snowden started talking, and the extent of the surveillance society began to be revealed. By the way, if you haven’t seen the Oscar-winning CitizenFour, about Snowden, please do. Regardless of how you feel about the man, you should have the information.

We’ve made progress here in Seattle (City Rolls Out Innovative Privacy Program). But if you follow the news, you know we’re already far behind. The data breaches are fast and furious, and the biometric systems: the iris scanners, the facial recognition software, the mobile DNA sampler apps, are coming online.

I told you my story to show you how feeling watched has worked in my life. Here’s what I know: It makes you choose not to say things. Choose not to do things. It makes your life smaller.

It makes you unfree.”

 

Researching local-level privacy law

We told the Seattle Citizens Technology and Telecommunications Advisory Board, (that is, CTTAB), that we would research existing municipal level privacy law. We’re starting a list. Please let us know if you know of others!

Moving through Oakland City Council process now: http://www2.oaklandnet.com/Government/o/CityAdministration/oak051790

Virginia: Municipal ordinance against drones:
http://www.usnews.com/news/articles/2013/02/05/city-in-virginia-becomes-first-to-pass-anti-drone-legislation-

Good cross section, probably a few missing: http://www.informationshield.com/usprivacylaws.html

Ontario: http://airdberlis.com/Templates/Newsletters/newsletterFiles/48/municipal%20privacy%20law%20%28jan06%29.pdf

NYC: compulsory ID cards
http://www.npr.org/2015/01/12/376788822/new-york-city-id-could-open-up-doors-and-privacy-concerns

Basic statements on the topic, including mostly Supreme Court case law as it applies to privacy rights (including that of businesses, privacy of your garbage, etc.)
http://www.rbs2.com/privacy.htm
Warrantless code inspection of your home or apartment:
https://supreme.justia.com/cases/federal/us/387/523/case.html

EPIC’s privacy laws by state:
https://epic.org/privacy/consumer/states.html

Privacy news update from Privacy Project

Another great round up of privacy and surveillance news from our friends (and SPC board members) at the Privacy Project. Here are some specific to municipal governments:

Berkeley council passes one-year moratorium on police drones

NYPD buying nationwide car surveillance database

Tallahassee: Police secrecy about Stingray devices proves a case’s undoing

Ground rules needed as San Francisco drone use skyrockets

For state, federal, international, and tech-specific stories, including, for example, the fascinating news that law enforcement makes requests to Dropcam for video made inside people’s homes, and a wrap up of all the different ways people hate President Obama’s Privacy Bill of Rights, see Privacy Project.