Archive for the 'Institutional Transparency' Category

Tell City Council that Feds Must Follow Seattle Law

Call for action: Demand transparency related to federal government surveillance in Seattle

tl,dr

Email the city and insist that city employees document cooperation with federal requests for surveillance cameras.

Details

What: Meeting of Seattle City Council Committee on Energy and Environment. Agenda:  https://seattle.legistar.com/View.ashx…

When: Tuesday, January 24, at 2 pm

Where: Council Chambers at Seattle City Hall (601 5th Avenue, at Cherry)

Why: Of interest in the agenda is item #2:

Warrantless Surveillance Cameras in Seattle: How to protect
the privacy of Seattleites and reverse the proliferation of
surveillance cameras installed by the Seattle Police
Department and Federal law enforcement agencies on SCL
polls in public space without democratic authorization or
transparency.

As many of you will know, Seattle currently has legislation about surveillance equipment on the books. Currently, however, federal agencies ignore it (because it doesn’t apply to them) and use city resources to put up their own cameras. Seattle Privacy has documented several cases where the ATF or FBI entered into informal, off-the-record, verbal agreements Seattle City Light employees allowing the placement of cameras on utility poles.

We support the committee’s study of this issue call on the committee members to back corrective legislation.

What you can do

Attend the meeting if you can, and speak out during the public comment period.

If you can’t attend, you can submit a public comment by emailing the committee members:

For example, you might feel that…

  • Any agreements between federal and city agencies regarding surveillance equipment should be written down and FOIA-able.
  • The public should know who makes the call to allow ATF cameras.
  • The lack of transparency in the city’s dealings with the federal government is at odds with our status as a sanctuary city.

We’ll be at the meeting, and hope to see you there.

Seattle Privacy Coalition joins other “state-sponsored” attack targets to demand answers from Twitter

twitter3“Where no conspiracy existed before, the actions of an unknown government have created one.”

 

In December 2015, the Seattle Privacy Coalition Twitter account (@seattleprivacy) received a disturbing notice from Twitter:

As a precaution, we are alerting you that your Twitter account is one of a small group of accounts that may have been targeted by state-sponsored actors. We believe that these actors (possibly associated with a government) may have been trying to obtain information such as email addresses, IP addresses, and/or phone numbers.

Within days, more than 50 such targets identified themselves publicly via social media. Journalists around the world covered the story. (See a partial list.)

Many or most of the attack targets were involved in privacy advocacy or information security research. As a consequence, some targets (including three board members of Seattle Privacy) were present at the Chaos Communication Congress, the great hacker convention in Hamburg, Germany, in late December. We met and discussed how to respond to the mysterious and alarming notification. Our individual efforts to learn more about the who/what/when/why behind the attacks had gone nowhere, so we decided to take collective action.

Today we unveil a collectively created website, https://state-sponsored-actors.net, where we share what we’ve learned and call on Twitter (and anybody else with relevant knowledge or insight) to provide more information about what happened. This open call to Twitter currently has about 25 signers, all of them attack targets.

These are the questions we want answered:

Nature of the attacks

  • When did the attacks happen — directly prior to the first alerts in December 2015, or during a longer period previously?
  • Are the attacks continuing?
  • What were the attackers interested in? The alert email message speaks of phone numbers, IP addresses, and email. Was there anything else?
  • How were the attacks detected?
  • Were these automated brute-force attacks, or customized attacks with a human behind them, or something else?
  • Did the attackers gain administrative or other direct access to Twitter’s servers?
  • Why does Twitter suspect that the attacks came from state-sponsored actors?
  • How does Twitter define a state-sponsored actor?
  • Has Twitter identified any specific state as the source of the attacks?
  • Have the attacks come from actors with ties to the US government?
  • Are all of the attacks coming from the same actor(s)?
  • What else does Twitter know about the attacks?

Reasons for targeting

  • What is the common element, if any, among the targeted accounts?
  • Were accounts attacked because of not using Tor / because of using Tor / despite using Tor?

Twitter’s response

  • Are Twitter’s alerts sent by humans or by machines responding to irregular activity?
  • Why did Twitter start sending the alerts now?
  • Other companies have started sending out similar emails, e.g., Facebook, Google, and Yahoo. Is this a concerted effort? What is the background or the aim of the notifications?
  • Why are there different kinds of notifications (email vs. popup)?
  • What is the purpose of Twitter’s recommendation to use Tor, when many of the targeted accounts already use Tor?

Legalities

  • Why isn’t Twitter telling us more?
  • Is Twitter’s silence the result of a gag order?
  • Has Twitter received warrants, subpoenas, or National Security Letters in connection with the attacks?

The new site is available in English, German, French, and Italian, with more to come, as befits reaction to a government-backed assault against a world-wide communication service and the people using it.

As privacy activists who lawfully petitioned our various governments to protect our essential human rights, we now find ourselves the object of government overreach. Many of us became acquainted for the first time through our collective harm and our search for answers. Where no conspiracy existed before, the actions of an unknown government have created one.

Let the reckoning begin.

Audio surveillance coming to a streetlight near you?

The Seattle Police Department is teaming up with the Bureau of Alcohol, Tobacco & Firearms to bring yet another surveillance technology to Seattle. For several years, SPD has been considering an Acoustic Gunshot Location System and is being courted by ShotSpotter, LLC, which has cornered the market on this technology.

Now General Electric is developing a cheaper, integrated acoustic monitor in their next-generation streetlight which can interface with ShotSpotter’s audio surveillance system with the stated purpose of locating gunfire within dense, urban areas.

The Seattle Privacy Coalition has worked with the city in the development of a privacy protecting ordinance and a process for evaluating the impact of new surveillance technologies. We’ll be watching this new technology and offering criticism of its potential privacy impacts, especially when it’s being pushed by a government agency that has already circumvented the public process by installing surveillance cameras in the Central District with the help of Seattle City Light.

We’ll be asking the city’s new Chief Privacy Officer to perform and publish a thorough audit of all programs and purchases under SPD, and all MOUs or informal agreements SPD maintains with Federal agencies in accordance with the City’s privacy program.

Contact Seattle’s CTOthe Mayor and City Council members to share your concerns with them.

Previously:

ShotSpotter makes up its gunfire data, but it STILL doesn’t make any sense

ShotSpotter: There’s no lobbyist like an arms lobbyist

ShotSpotter (SST, Inc.) Fact Sheet prepared for City of Seattle

Reminder from Laura Poitras: “If not for Seattle, this history would be different”

Why is a Seattle police detective on the Hacking Team mailing list?

The Italian company Hacking Team, a notorious trafficker in computer tools that help governments spy on dissidents and other state enemies, was cracked wide open by an anonymous real hacker on July 5. Reporters Without Borders, a group that defends press freedom world-wide, lists Hacking Team as one of five “Corporate Enemies of the Internet,” five private-sector companies that are “digital era mercenaries.” One million or more of Hacking Team’s internal files are now in the public domain. Among them are email archives which can be conveniently searched on the Wikileaks Web site at https://wikileaks.org/hackingteam/emails/.

These documents reveal a scandal that entangles not just overt dictatorships such as Sudan, Uzbekistan, Ethiopia, Egypt, and Azerbaijan, but also the FBI, DEA, and armed forces in this country. (Presumably it’s easier for the lower-echelon feds to buy computer break-in tools on the open market than to get the NSA to share its in-house goodies.) While publicly billing themselves as “good guys” helping law enforcement, they have no qualms about selling to some of the nastiest regimes on the planet, as long as they can do it in secret.

 

hackingteam_011-100594951-orig

From a Hacking Team client list. (www.csoonline.com)

 

The Seattle connection

The Seattle Privacy Coalition has discovered that Hacking Team’s customer mailing lists include the name and address of a Seattle police detective. Here’s what we know:

  • The detective is a 19-year veteran of the force.
  • Expertise includes Cyber Crimes, Domestic Terrorism, Homeland Security, Surveillance, and Criminal Intelligence.
  • Has participated in emergency-response training at the University of Washington.
  • Received email messages form Hacking Team in 2013-2014.

 

Just wondering…

We already know that Hacking Team engaged in aggressive marketing, even to the point of hawking their spy software to the Vatican. No, really:

The security firm even tried to sell the Vatican on its services with the creation of a booby trapped Bible app that could load up spy software on the devices of people the Vatican may want to keep tabs of. It’s unclear if the Vatican actually bought Hacking Team’s services or who the Vatican would want to spy on. (fortune.com)

So why was the company in touch with a senior detective in the Seattle Police Department?

  • How did the detective wind up on Hacking Team’s mailing list?
  • Was this a personal if imprudent interest of the detective’s, or had the detective been assigned to communicate with Hacking Team?
  • Has SPD ever actively communicated with Hacking Team?
  • Has SPD purchased, or entered into discussions about purchasing, software or services from Hacking Team? (We hear that the Bible app is going cheap.)

The Seattle Privacy Coalition calls on Chief Kathleen O’Toole and Mayor Ed Murray to fully explain the city’s relationship with Hacking Team.

Seattle Takes the Lead in Nationwide Surveillance vs. Privacy Debate

People all over Seattle, the United States, and the world continue to be shocked by seemingly endless revelations of warrantless surveillance, frustrated by demands that we give up ever more privacy, and outraged at being disenfranchised by the chilling effects of having our every word, association, and move tracked.

This morning, Mayor Ed Murray and Seattle City Council members Mike O’Brien and Bruce Harrell boldly announced a new initiative[1] to begin to address the erosion of privacy in our society. Seattle is the first city in the nation to take such a proactive and farsighted step. The initiative will begin with a systematic review of the potential effects on personal privacy of all city programs and policies.

“This move will save Seattle taxpayers money by limiting spending on ideas like surveillance cameras or drones that later need to be scrapped.” -Adam Shostack

The Seattle privacy initiative comes two years after disclosures about Seattle Police Department’s acquisition of surveillance drones[2] and installation of a public surveillance camera network[3] drew public concern and protest. This debate merged with concerns about spying on political activists, unchecked use of facial-recognition technology, locational surveillance via automated license plate readers, and data sharing with private entities along with state and federal agencies.

The Seattle Privacy Coalition applauds Seattle’s leaders and legislators for their bold move to grapple with the difficult and vexing issue of protecting privacy while embracing technological innovation, and for their commitment to expanding civic involvement and bringing more voices to the table.[4]

“We hope that this effort will serve as a model for other municipal governments, and give heart to grassroots privacy advocates everywhere,” said Jan Bultmann, co-founder of SPC. “This development shows that even if our federal government is too paralyzed and beholden to corporate interests to act, we don’t have to sit back and watch our right to privacy evaporate. We can work with local governments who can still hear and respond to our voices.”

“This move by our city’s leadership is exciting,” said Christopher Sheats, Seattle resident and political activist. “It demonstrates that they’re listening to those whom they represent, and that community input is valued here in Seattle. The proposal to further implant privacy-strengthening processes in our city’s government is a refreshing reminder that civil liberties can be protected regardless of advancements in technology.”

“I am happy to see Seattle recognizing the importance of privacy to our citizens and residents,” said Adam Shostack, Seattle resident and author of Threat Modeling: Designing for Security. This move will save Seattle taxpayers money by limiting spending on ideas like surveillance cameras or drones that later need to be scrapped.”

“Meaningful transparency and accountability requires regular people’s fully informed civic involvement. I’m glad to see that the city of Seattle has heard the call and is committing itself to democratic action. This moment in Seattle is made possible because of the sacrifice and courage of the whistleblower Edward Snowden. It is exactly these kinds of changes all across America that he worked to create,” said Jacob Appelbaum, privacy journalist and co-founder of of Seattle Privacy Coalition.

THE PLAN IN BRIEF

2014

  • Convene team of representatives from city departments to oversee creation and implementation of the privacy program.
  • Appoint a Privacy Advisory Committee of academic and community leaders to develop privacy principles and advise the government team.

2015

  • Develop privacy guidance documents to insure departmental awareness and compliance.
  • Assess the current state of city compliance with the new policies.
  • Remediate gaps in compliance.
  • Establish an ongoing privacy oversight structure.

Seattle Privacy Coalition is a group of current and former Seattle residents that formed in April 2013 over a shared interest in transparency, accountability, and accuracy about the current state of privacy, security, and related issues. Our first project was to explore, document, and provide oversight relating to the Seattle Police Department’s surveillance camera network. Our mission is to urge and empower the City of Seattle to take advantage of Seattle’s leadership in technology and commitment to civil rights to lead the United States to restore and protect all people’s right to privacy.

[1] http://clerk.seattle.gov/~public/meetingrecords/2014/cbriefing20141103_3a.pdf

[2] http://westseattleblog.com/category/seattle-police-surveillance-cameras/

[3] http://westseattleblog.com/category/seattle-police-surveillance-cameras/

[4] https://www.seattleprivacy.org/mission/