Rogue cellphone tracker alarms Seattle privacy activists
After the discovery last month of a Wi-Fi signal from a Seattle police communications node that had been turned on accidentally, privacy and civil-liberties advocates have renewed a call for the city to adopt policies for oversight of surveillance technology.
Seattle Times staff reporter
More than a year after Seattle police promised to not turn on a network of surveillance cameras and communication nodes installed as part of a federal port-security grant, the department still hasn’t released a draft policy on how it will use the equipment and protect citizen privacy.
The installation of the 30 cameras and a wireless mesh broadband network came shortly after the Police Department’s purchase of two aerial drones, also with a Homeland Security grant, and also without public notice.
And next year, Seattle City Light plans to start installing smart meters capable of collecting detailed information about residents’ electricity use.
Now, privacy and civil-liberties advocates say the city needs to enact a strong review process to guide how information is collected, stored, shared and protected, rather than leaving the guidelines to various departments.
“We know that whenever these systems are put in place, they can be abused,” said Lee Colleton, a Seattle computer-systems administrator and member of the Seattle Privacy Coalition. “The city needs strong oversight of any surveillance systems.”
Colleton has particular reason to be skeptical. He was protesting a proposed youth jail in July when his cellphone picked up a Wi-Fi signal from one of the communication nodes mounted on a city utility pole at Third and Yesler. Much like other Wi-Fi hot spots, the nodes can collect and retain the identification of individual cellphone users and potentially track them as they move around the city.
The police quickly apologized and said the “rogue node” had been inadvertently activated when a contractor restored power to the pole. Department officials assured the public that it had quickly been turned off again.
But Colleton said the incident highlighted the fears of some residents that the new surveillance equipment could be used to monitor and photograph lawful gatherings.
The American Civil Liberties Union (ACLU) of Washington, which questioned the law-enforcement value of both the drones and surveillance cameras, agrees that the city needs to develop policies that narrowly define how technology will be used and who will have access to it.
“We definitely support the idea that when government is going to be acquiring new technology or programs that collect information on citizens or monitors them that there should be an approval process and clear policies about how that technology can be used,” said Jamela Debelak, technology and liberty director for the ACLU of Washington.
The Seattle Human Rights Commission earlier this year joined with the Privacy Coalition in calling for the city to develop a privacy-impact assessment for all new programs and technologies.
The groups also recommended that the city create a new position of chief privacy officer, who would be responsible for educating city departments on privacy implications and directing the privacy assessments. The groups also want the city to set up an independent privacy advisory board to conduct research and provide oversight to city initiatives.
“There’s a pressing need for accountability,” said David Robinson, another member of the Privacy Coalition. “There’s so much that technology can do and so little transparency about how the city plans to use it.”
City official agrees
The city’s new chief technology officer, Michael Mattmiller, agrees that the city could do a better job protecting the public’s privacy and getting city departments trained to ensure that the enormous amounts of data the city collects — some of it with personally identifiable information — isn’t breached or misused.
Currently, he said, there aren’t consistent and effective policies. “There’s definitely room for improvement,” said Mattmiller, who was a senior strategist for cloud privacy at Microsoft before taking the city job in late June.
Mattmiller suggested that, when possible, the city should obtain advance consent from residents before data is collected and provide notice of how it will be used.
He said the city already has a Citizens Technology and Telecommunications Advisory Board that could address privacy issues and solutions. The city might also develop a tool kit, similar to what it uses for assessing the race and social-justice impacts of new initiatives, to help departments understand privacy implications and to provide transparency for how information will be used, he said.
Mattmiller told the City Council in his confirmation hearing in July that his office would be the logical place to add a privacy point person who could evaluate new programs and advise city departments.
Sgt. Sean Whitcomb, Seattle Police Department spokesman, said the department heard loud and clear, from public hearings on the surveillance network, that residents want oversight and privacy protections in any policy the police adopt.
“People don’t like the idea of government intrusion,” he said. “They want to be sure there are safeguards against that.”
Whitcomb said the department is still developing its use policy for the equipment, and that ultimately new Police Chief Kathleen O’Toole will confer with Mayor Ed Murray before sending the policy to the City Council. He said the policy will reflect input from groups including the ACLU and the Seattle Privacy Coalition, a process he acknowledges should have happened before the cameras were installed.
Asked if there was a timeline for the use policy, Whitcomb said, “The ETA is to get it done right.”
So far the city has spent about $4.4 million of the $5 million grant — taxpayer money — for equipment, project management and installation of a network that has yet to be used. The two aerial drones were sent to the Los Angeles Police Department earlier this year.
Seattle City Light plans to start installing smart meters in late 2015, part of a six-year strategic plan approved by the City Council in July. The old, analog meters were read six times a year to determine energy consumption and calculate customer’s bills. The new meters can collect data every 15 minutes and transmit the information to the city.
City Light estimates it will save $6.4 million annually by reducing use of meter readers and city vehicles. Smart meters can also alert the utility to outages, rather than having to wait for customers to report a loss of power.
Spokesman Scott Thomsen said City Light hasn’t selected the equipment yet, so it can’t say what information it might collect and how privacy might be protected. He said the utility has promised to provide an opt-out option for residents who don’t want the new meters, but there will be some charge because of the extra cost of sending someone to personally read an old meter.
Privacy Coalition members point to research showing that some types of smart meters are capable of identifying specific appliances, medical equipment and even what TV shows are playing.
“The data itself is valid and important, but the identification of any individual needs to be protected and, ideally, not retained,” said Jan Bultmann, a Privacy Coalition member.
City Councilmember Mike O’Brien said he supports the idea of a strong city policy for oversight and transparency of any programs that might compromise residents’ privacy. He said the smart meters can give City Light customers real-time information about their energy consumption and spur conservation efforts.
But he added, “The only way we’re going to get this information is if the public believes we’re using it responsibly and appropriately and we’re transparent about it.”