House Bill 1909: Automatic License Plate Reader Systems

My testimony to the State of Washington House Transportation Committee:

Chair Clibborn and members of the committee, my name is Christopher Sheats, Chair of the Privacy Committee for Seattle’s Community Technology Advisory Board, and Chair of the Seattle Privacy Coalition. I want to make clear that any form of Automatic License Plate Reader (ALPR), regardless of its security or policy controls, is fundamentally a mass-surveillance system for the simple fact that it indiscriminately collects data about everyone.

ALPR mass-surveillance systems collect an incredible amount of personal information.

Where are you and where are you not?
Where are you heading?
What time were you there and not anywhere else?
Who else was traveling or not traveling around that time?

All of these personal facts can facilitate identifying our interests, affiliations, activities, and beliefs. Data collection, and any amount of data retention, allows for the copying and sharing of said data. According to the U.S. Department of Transportation Bureau of Transportation Statistics, an “overwhelming majority of person trips—for all purposes—are taken in personal vehicles.” When mass-surveillance data of our vehicles is collected, granularly surveilling a state, a city, a community, or an individual becomes trivial.

Where do they live?
Who lives around them?
Where do they go to church?
Who else goes to their church?
Where do they work?
When do they visit their friends and family?
When do they drop their children off at school or childcare?
When do they leave the house to go grocery shopping?
When do they visit their doctor and how often?

Answering these questions go above and beyond “personal information,” yet these questions become answerable when data collected by an ALRP mass-surveillance system is gathered by an abusive government or hacker, domestic or foreign.

If the State is to condone APRL mass-surveillance systems, whereby we have precluded we will not protect human rights by not collecting personal data in the first place, the only other rational alternative is to not retain collected data for any period longer than absolutely needed.

Thank you for your time.

Concerns of mine that I did not include in my testimony because of the delicate nature of politics:

Regarding House Bill 1909, I have several concerns:

1. How is House Bill 1909 going to impact RCW 40.24 — Address Confidentiality for Victims of Domestic Violence, Sexual Assault, and Stalking? Particularly, how is House Bill 1909 going to protect vulnerable people from law enforcement abuses?

2. Is any part of the ALPR mass-surveillance system, including data retention, managed or operated by unregulated third party providers?

3. Why are third parties not explicitly barred from owning and operating ALRP mass-surveillance systems?

4. What specific controls and audit safeguards will be put in place to prevent system operators from performing unapproved searches of people or vehicles?

5. Once data is collected by mass-surveillance systems, it can be copied, used, copied again, and re-used for unimaginable purposes. What specific controls and audit safeguards will be put in place to prevent data copying by federal agency data systems such as regional Fusion Centers?

6. The “Second War Powers Act of 1942” removed Census privacy protections of Japanese-Americans, allowing federal agents to know exactly where go and whom to arrest. How is Washington State going to defend us from unconstitutional policy changes brought on by an illegitimate U.S. President?

City of Seattle could lead privacy and transparency efforts with SecureDrop and Tor

Draft 2

The City of Seattle has an opportunity to become the first city in the world to adopt cutting edge technology that supports personal data privacy, information security, and government transparency. SecureDrop and Tor, both free software solutions, independently designed and independently important, together create an ecosystem for government accountability.

Tor is an encrypted networking protocol used in conjunction with Tor Browser, an application that allows anyone to maintain confidentiality of certain personal data when browsing the Internet. Tor Browser is advocated to many underserved communities, like the Cambridge domestic violence prevention organization Transition House [1]. Similarly, Seattle Public Library discussed how they plan to support Tor Browser in a recent blog post titled, Online Privacy and the Use of the Tor Network in the Library [2].

Another Tor application is called “Hidden Services”. Hidden Services provide end-to-end encryption just like using “HTTPS” when connecting to your bank, but with the benefit of Tor routing that further protects personal data. There are many ethically-centered reasons why the social platform Facebook and the search engine DuckDuckGo provide their users access via Hidden Service, but mainly it is to give their users identity control.

SecureDrop is a secure and anonymous document submission system that employs Hidden Services. It is currently used by law firms like the ACLU of Washington for client intake, in addition to news media organizations like the New Yorker and the Washington Post for protecting journalist sources. SecureDrop would help satisfy the requirements of “internal institutional and external oversight mechanisms” discussed in the recently published United Nations Report of the Special Rapporteur to the General Assembly on the Protection of Sources and Whistleblowers [3].

According to Tor Project, Hidden Services provide a means for Tor users to create sites and services that are accessible exclusively within the Tor network, with privacy and security features that make them useful and appealing for a wide variety of applications. The potential of Hidden Services is huge, and much of it is yet to be explored [4].

To maximize trust building opportunities, the City should exclusively use free software when deploying technologies that interface with the public. Adopting Tor privacy applications would not just set a high bar for data privacy expectations, it would establish trust because anyone can independently review how the software works and how personal data is protected. There are several ways that City government departments could take advantage of these privacy applications. Each would provide real-world benefits that defend the rights of City residents:

1. Tor Browser

Deploying Tor Browser on certain City government computers, or supporting Tor Browser through explicit policy and education, would provide certain assurances about data privacy and demonstrate a commitment to web based data privacy initiatives. The target audience could be City government employees or the general public depending on location and goals.

Additionally, providing educational material to targeted groups of people about how to use Tor Browser effectively from personally owned computers will decrease the apprehension of accessing certain public resources or providing meaningful but anonymous feedback to specific City government organizations.

2. Hidden Services

City government organizations supply many web-based resources, but sometimes accessing these resources carry potential social or legal consequences that turn people away. These resources can be made available via Hidden Service, allowing people to access web-based resources with less stress.

3. SecureDrop

Internal: City government organizations can use SecureDrop to strengthen their commitments to accountability. By sharing a SecureDrop server address internally, organizations can deploy a dependable whistleblowing avenue, or a powerful tool for soliciting anonymous feedback.

External: Having SecureDrop for secure and anonymous document submissions would guarantee certain data privacy and information security protections because of the design of the system. Like Tor and other free and open source software projects, anyone can read about and comprehensively understand both the code and the operations of how the application is supposed to work. Public complaints, public feedback, perceived government abuse, and issues pertaining to the City of Seattle can all be securely and anonymously received with a publicly shared SecureDrop server.


1 http://www.betaboston.com/news/2014/05/07/as-domestic-abuse-goes-digital-shelters-turn-to-counter-surveillance-with-tor/

2 https://shelftalkblog.wordpress.com/2015/09/22/online-privacy-and-the-use-of-the-tor-network-in-the-library/

3 http://www.ohchr.org/EN/Issues/FreedomOpinion/Pages/ProtectionOfSources.aspx

4 https://blog.torproject.org/blog/crowdfunding-future-hidden-services

A resolution for Seattle: encryption and anonymity as moral imperatives

Published: 2015-Sep-19
Updated: 2015-Sep-19, revision 17


CITY OF SEATTLE
RESOLUTION _________________

title

A RESOLUTION affirming the human right to encryption and anonymity as consistent with the findings of the United Nations report on encryption, anonymity, and the human rights framework, advancing previously adopted human rights resolutions.

body

WHEREAS, in December 2012, the Seattle City Council adopted Resolution 31420 proclaiming Seattle to be a Human Rights City, endorsing the human rights set forth in the Universal Declaration of Human Rights, recognizing the importance of using the international human rights framework for cities to work on their commitment to protecting, respecting, and fulfilling the full range of universal human rights; and

WHEREAS, in July 2015, the Seattle City Council adopted Resolution 31598 affirming privacy as a human right and aligning the work of the City’s privacy initiative with the right to privacy as described in the Universal Declaration of Human Rights; and

WHEREAS, in May 2015, the United Nations report on encryption, anonymity, and the human rights framework was published and finds that encryption and anonymity, and the security concepts behind them, provide the privacy and security necessary for the exercise of the right to freedom of opinion and expression in the digital age; and

WHEREAS, with respect to encryption and anonymity, the City of Seattle should adopt policies of non-restriction or comprehensive protection: (1) only adopt restrictions on a case-specific basis and that meet the requirements of legality, necessity, proportionality and legitimacy in objective, (2) require court orders for any specific limitation, and (3) promote security and privacy online through public education; and

WHEREAS, potential criminality and emergency situations do not relieve the City of its obligation to ensure respect for international human rights law; and

WHEREAS, legislative proposals for the revision or adoption of restrictions on individual security or privacy online should be subject to public debate and adopted according to regular, public, informed and transparent legislative process; and

WHEREAS, the City must promote effective participation of a wide variety of civil society actors and minority groups in such debate and processes and avoid adopting such legislation under accelerated legislative procedures; and

WHEREAS, all Seattle organizations should not block or limit the transmission of encrypted communications and should permit anonymous communication; and

WHEREAS, all Seattle organizations should support secure technologies for websites and software applications, develop widespread end-to-end encryption, and employ anonymity-preserving software to support privacy-sensitive populations; and

WHEREAS, the City’s laws must recognize that individuals are free to protect the privacy of their communications by using encryption technology and tools that allow anonymity online; and

WHEREAS, the City’s legislation and regulations protecting human rights defenders and journalists must include provisions enabling access and providing support to use the technologies to secure their communications; and

WHEREAS, the City must avoid all measures that weaken the security that individuals may enjoy online, such as backdoors, weak encryption standards and key escrows; and

WHEREAS, the City must refrain from making the identification of users a condition for access to digital communications and online services and requiring SIM card registration for mobile users; and

WHEREAS, all Seattle organizations should consider their own policies that restrict encryption and anonymity (including through the use of pseudonyms); and

WHEREAS, all Seattle organizations should follow internationally and regionally accepted principles for conducting business in accordance with human rights law; and

WHEREAS, court-ordered decryption, subject to domestic and international law, may only be permissible when it results from transparent and publicly accessible laws applied solely on a targeted, case-by-case basis to individuals (i.e., not to a mass of people) and subject to judicial warrant and the protection of due process rights of individuals; and

WHEREAS, all Seattle organizations will not conduct any manner of intentional or unintentional mass tracking, monitoring, or surveillance of person-linkable information or metadata without strict anonymization processes during collection, transfer, and storage processes; and

WHEREAS, if strict anonymization processes during person-linkable information or metadata collection, transfer, and storage cannot be performed, then those tracking, monitoring, or surveillance technologies will not be used; and

WHEREAS, given the relevance of new communication technologies in the promotion of human rights and development, all those involved should systematically promote access to encryption and anonymity without discrimination; and

WHEREAS, given the threats to freedom of expression online, corporate actors should review the adequacy of their practices with regard to human right norms; and

WHEREAS, Seattle companies should adhere to principles such as those laid out in the Guiding Principles on Business and Human Rights (PDF), the Global Network Initiative’s Principles on Freedom of Expression and Privacy (PDF), the European Commission’s ICT Sector Guide on Implementing the UN Guiding Principles on Business and Human Rights, and the Telecommunications Industry Dialogue Guiding Principles; NOW, THEREFORE,

BE IT RESOLVED BY THE CITY COUNCIL OF THE CITY OF SEATTLE, THE MAYOR CONCURRING, THAT:

Section 1. In accordance with the findings of the UN Report on encryption, anonymity, and the human rights framework, the City Council affirms the human right to encryption and anonymity are foundational to human dignity, intellectual freedom, and democratic governance in the digital age.

Section 2. The City Council implores that all City of Seattle past, present, and future technology projects maximize person anonymity during the collection, transference, and storage of person-linkable data and information.

Section 3.

Email security for Black Lives Matter activists

Since the following email will be seen by surveillance systems via unsecured email, I’ve copied it here for others to read. Please excuse the formatting, it was copied from email to maintain PGP signing verifiability.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Dear Deray and WeTheProtesters,

I'm Christopher, a Seattle resident and activist with Seattle Privacy
Coalition [0] and information security masters student. I'm writing to
you about the security and thus privacy of your email. I tweeted some
screen shots to you earlier [1][2].

You can verify [3][4] that your email server does not support
STARTTLS, a protocol used to opportunistically encrypt the
transmissions between you and your email server (if you're using a
local client like Outlook or Thunderbird) and more importantly the
transmissions between your email server and someone else's email server.

STARTTLS is like HTTPS but for email routing. When someone emails you
like I am right now (from Riseup.net), any intermediary, corporate or
government, can and will see this entire email in clear text, before
it even arrives to your email provider's servers (hostedemail.com, the
MX destination of your "thisisthemovement.org" domain). If you connect
to your email server via HTTPS, that's good, that means you're using
end-to-end encryption between you and your email server. But the email
contents and metadata (who you email, who emails you, when, etc) is
still easily accessible to illegal surveillance systems.

STARTTLS uses TLS to ensure end-to-end encryption between mail
servers, as long as both email servers have setup proper TLS or
STARTTLS protocols and security certificates. Your email provider has
neither.

Why does this matter? Thanks to Edward Snowden, we know that the
NSA/FBI/DEA's XKEYSCORE system [5] can and will collect your email,
illegally, because your email address has likely been marked as a
"strong selector". In addition to this illegal collection possibly
affecting your physical safety, you also have to be concerned about
"parallel construction" [6].

Using PGP to encrypt your emails would be a good start to protecting
the content of your email, but it requires learning PGP and how to
manage your "key pair" certificates. It also requires that people you
communicate with do the same. In short, PGP is a difficult system to
leverage. PGP also does not protect email metadata the same way that
STARTTLS should from surveillance systems like XKEYSCORE.

Your ideal solution is to abandon email and leverage OTR (Off The
Record) communication--in other words, Jabber encrypted with OTR. OTR
encryption is superior to STARTTLS and PGP. OTR is end-to-end
encryption like HTTPS, but it uses Forward Secrecy. In short, Forward
Secrecy is a protocol that rotates the security keys to hamper
collection and surveillance.

You can easily use OTR with the Free and Open Source Android/iOS
application "ChatSecure", developed by the awesome people at The
Guardian Project. Facebook email accounts are Jabber accounts, but you
cannot see or chat with Jabber accounts outside of Facebook, a major
detractor, in addition to Facebook recording metadata. A list of good,
free Jabber providers can be found at here [7]. Smart friends of mine
sometimes use these Jabber providers [8][9].

Of course, using ChatSecure, or any other mobile device application
(like TextSecure, RedPhone, or Signal -- other outstanding
communication tools) is pointless if your mobile device is or becomes
compromised. Local surveillance software can record anything that you
do on your device, in addition to reveal physical location via illegal
mobile device GPS, photo or video recording. If you attend protests
regularly, a sound course of action is to use a new iPod Touch
(ChatSecure and Signal compatible) so it cannot be compromised by
cellular network attacks (including IMSI catchers).

My personal choice is to use Riseup.net. My Riseup email address
doubles as my Jabber address. Riseup does not spy on my email, they do
not store metadata (email or Jabber), and they employ strong
encryption wherever possible. You can apply for a Riseup account, but
that takes time. If you'd like, I can provide you with one of the two
invite codes that you'd need to create a new account right away.

If you must reply on email, I suggest moving to a better provider.
Google uses good encryption and two-factor authentication, but
activists shouldn't use Gmail because of their illegal cooperation
with the US Government. Open Tech Fund keeps an updated list on GitHub
of email alternatives [10]. You may not be able to keep your
"@thisisthemovement.org" email domain. You must choose good security
over vanity, and picking a probably-secure host takes planning.

All of this is merely brief advice. My secure contact information can
be found on my website [11], if you have any questions. I'm happy to
freely and anonymously consult any peaceful Black Lives Matter
activists as time permits.

Christopher / @yawnbox

[0] https://seattleprivacy.org/
[1] https://twitter.com/yawnbox/status/628095889148502016
[2] https://twitter.com/yawnbox/status/628096643917725696
[3] https://starttls.info/
[4] https://ssl-tools.net/mailservers/
[5] https://en.wikipedia.org/wiki/XKeyscore
[6] https://en.wikipedia.org/wiki/Parallel_construction
[7] https://xmpp.net/list.php
[8] https://www.calyxinstitute.org/projects/public_jabber_xmpp_server
[9] https://duck.co/blog/post/2/using-pidgin-with-xmpp-jabber
[10] https://github.com/OpenTechFund/secure-email#web-mail
[11] https://yawnbox.com/
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJVwBQKAAoJEL6vFCBSOutGG8EP/3hO4Zo5ysF9WvkKQrvUAcR8
AWfoNW6fcxtjjKn7RL8zytXn/BWxiWyr/c8zMsmEObVri9GvbXtM4SynOnzLGGr5
FnJKa7MGFvCZHcFtJc5FzSmVHgwHIIPUHjO3w7jtWaD+vqhIqxSco8vyFAf70xQE
8KaXiKa3pvMoC3tXokdGokr2eYfP8D/Y0+FplQEhCR723DGbMyNuqOXv3apctp4q
jg3+B/BSlxTNlKV4uVOds4pHdYWBBeFixz9sOzYuQZj9pU1vb7EQiN5dTrVZnxy9
dAAkMHkGkfK2J6gjDaq9psWe60gNWBrb3Wb8qSWhKJ95OZMi/4TptRuspKk4tvx3
bESJi1KUzrH6ybEASPnJCrPXzY38psAJY9DmNXMEh/mLbhrk9zpHhjr/4ZRNu53z
EFF2b8ZRAM8OIYTAPVtGDHk6HqZTAFM/Au8p1XfpqeLGb7WDNShz5CSrgsE1bsUB
vxJkWheiGwBiq0I2jTn1ilS3yxvKRP55lu/QDtIqpmYJQVj4a0PfX9BwwvzvC3xp
BbrAw3e/kTM9usy3ORPMI8QKbi1NLwa5+wGulLWx0f7mUJ072Upgjl5MDBW/AppJ
We5jjKMrHDZK3RD4ak87iEs7yCu2obnTkqrK3wc4ThqIycEbOKTyBfr45ilyTRgp
51fKGr3kBvlYXXW+S+eZ
=uGSw
-----END PGP SIGNATURE-----

Municipal privacy law, a proposal

As we now know, the technical capabilities for governments and corporations outpace the public’s ability to identify and react to the consequences of unchecked surveillance. Personal information and metadata collection technology can have grave consequences on human rights that have been proven to negatively affect populations including health practitioners, journalists, lawyers, activists, and the Muslim community. Coupled with policy makers’ lack of technical knowledge in information systems, my goal is to do most of the work that our politicians are failing to do.

I would like to present a plan that will aim to create a new set of privacy ordinances that will focus on these three tasks:

1) research and analyze existing privacy laws

2) design a framework that is similar to what the International Modern Media Institute is doing for freedom of expression — create a bundle of proven laws from all over the world as a base.

3) design new laws that are knowledgeable of and target technical capabilities to support people’s right to privacy

To start, we might look at the Electronic Communications Privacy Act. Law enforcement and “national security” have overly-broad exemptions in the act, particularly for the collection of metadata. A group of technical professionals might then create a city law that makes it clear that a warrant is explicitly needed in any case that data or information about a person or person’s communications is sought after. This, of course, brings in a recent ruling about the “third party doctrine”, which now provides further precedent that data collected as a business need does not deserve privacy protections. This, of course, is absurd. Facebook needs a list of your friends in order to operate, so it’s free game to law enforcement? The electricity company needs personally identifiable power usage data, should that be free to law enforcement?

We can show how the abuse of data collection has negatively affected specific people and specific organizations. Government has unjustly and unconstitutionally hacked the system to increase its own power. While a city law might only impact people and organizations in Seattle, this would be a great start. What works in Seattle might be good for Redmond or Bellevue, too. Maybe Olympia will adopt this progress and blanket the state with hardened civil liberty protections.

As an avid Internet user, I sometimes try to delete my data and information. For example, when I tried to delete my LinkedIn profile, the language of their responsibilities merely says they’re going to hide the profile. No where do they day they assure deletion. And then there’s Facebook who makes “black profiles” of people even if said people never visited Facebook.com in their life. I want control over my data and information. Maybe we can create a law that allows me to request data and information about me, along with legal tools to correct or delete it. I’m not talking about public information, but data and information put into a third party application I expected to have specific levels of confidentiality. I want explicit information, like business address and contact information, about who said data was shared with and when. And if a company refuses to help my see, correct, or delete my data and information, I want legal tools to file malicious charges.

Obviously, the legal tools that I”m asking for would end up costing companies a lot of money. Aside from my ideals and their lack of respect for me, a package of privacy laws should offer protections to companies, too. To start, it probably costs technology providers a lot of money to process law enforcement requests. And if any given company decides to do what’s right and fight gag orders, now we’re talking about hundreds of thousands or even millions of dollars. We need privacy laws that help companies defend against these kinds of attacks, too.

I think data is the new oil. Governments and corporations are extraordinarily greedy. New technology is creating new holes in ourselves that governments and corporations are pumping data from with no respect and it’s sold to the highest bidder.

Privacy update and action items following Seattle’s February CTTAB meeting

The evening of Tuesday, February 10th, 2015 was the City of Seattle’s monthly CTTAB meeting that is open to the public. I attend as a Seattle resident and most there know about my involvement with Seattle Privacy Coalition. During the public comment period I brought up more issues than I typically do, which I feel is appreciated by those in attendance. Disclaimer: these should not be considered facts, I only took mental notes and made a bunch of random tweets.

Education shared with me that I wasn’t clear about:

1 — The recently created Privacy Principles that were announced by Ed Murray are going to be presented to the City Council soon. The City Council still has the ability to change them before they adopt them. Comments can be send to CTO Michael Mattmiller and the Privacy Advisory Committee via privacy at seattle dot gov. The Privacy Principles, once adopted, will get turned into a Privacy Statement that all of Seattle’s departments will have to be in line with. The Principles are a high-level “philosophy”, of sorts, that each City department should consider when taking on new projects. They will not contain specifics about any given technology or application. The Privacy Statement is planned to be created before or during the month of August.

1a — http://murray.seattle.gov/seattle-poised-to-be-leader-in-protecting-resident-privacy/

1b — http://www.seattle.gov/information-technology/initiatives/privacy-initiative

Concerns that I voiced to CTTAB and to Seattle’s CTO, Michael Mattmiller:

2 — I voiced my personal concerns with the Privacy Principles. The Principles speak as if the City of Seattle gives privacy to people, which is a fundamental misunderstanding of what privacy is. I tried to explain to Mattmiller and CTTAB that the semantic usage of “privacy” should not be confused with “confidentiality” or “information security”. The City is responsible for keeping our information confidential, which is a different matter than aiming to protect resident’s privacy. Privacy is my ability to keep information confidential to myself, to not be documented or recorded, so that I cannot be abused by any planned or unplanned consequences of aggregating said information. Privacy is not the governments acquiring and holding of personal information, let alone the trust that it expects us to automatically give them in return for taking my information. The principles do not speak to the fact that the city can simply *not* take information and that inaction is the *best* way to protect resident privacy.

3 — Federal DoT “connected vehicles” program development — how will it impact the city? In short, no body knows anything. I believe I was the catalyst for someone from WSDOT being invited to a future CTTAB meeting to start the discussion. I am hoping that CTTAB will be educated on the issue so that when it does become an issue for Seattle, if it hasn’t already, CTTAB needs to be able to educate the City Council. Privacy is a cornerstone issue given that by 2020, 250 million cars will be connected to each other and other things.

3a — http://www.its.dot.gov/connected_vehicle/connected_vehicle_research.htm

3b — http://www.techtimes.com/articles/29002/20150128/250-million-number-of-connected-vehicles-on-the-road-in-2020-according-to-gartner.htm

3c — http://gcn.com/articles/2015/01/29/connected-vehicles.aspx

4 — I explicitly asked about Ms. O’Toole (Seattle Police Department) past comment to move Seattle’s wireless mesh network from SPD oversight to the Department of Information Technology (DoIT, aka Mattmiller). Mattmiller explained that said transfer is still being considered, and that privacy is one of the concerns. It sounds like they are still waiting to see what happens with the to-be adopted Privacy Principles and Privacy Statement. He mentioned that Police and Fire employees will exclusively be using the network via PKI access, and, interestingly, that the mesh network does not have the capability to monitor non-connected MAC addresses.

Actions needed to support CTTAB, the CTO, and thus the city:

5 — Documentation of existing privacy-related laws that are in use by other cities, states, etc, are wanted to best understand the consequences of the Privacy Principles and the upcoming Privacy Statement. Can Seattle Privacy Coalition organize this? Nobody at the CTTAB meeting “has time” to take on the challenge. I would love to, but I would need help.

6 — CTTAB’s privacy committee, a different entity from the above mentioned Privacy Advisory Committee, gives a monthly report on their developments. The CTTAB privacy committee does not meet monthly, so this month’s update was simply that the upcoming symposium is being postponed again (lastly stated as March 26th) because of the main speaker’s professional agenda. CTTAB’s privacy committee is always looking for volunteers. The upcoming symposium will focus on “under-represented communities” in Seattle.

6a — http://www.seattle.gov/cttab/what-we-docommittees/privacy

I am very appreciative of everyone’s time at CTTAB meetings, including Michael Mattmiller. I am thankful for everyone’s interest in privacy and for listening to my concerns.

News article titles are not trivial

Information is both meaningful and factual, or else it risks becoming something else: misinformation. Information, however short in specific contexts such as email subjects, news article titles, and Twitter posts, lays down a path for people to expand their knowledge in a targeted direction.

My overarching issue here is concerning the ethical use of information in these condensed forms. My arguments below attempt to demonstrate the impact of news article titles on three groups of people.

  1. None: People in this group have no background in any given story.
  2. Partial: People in this group know bits and pieces to a large story made up of either historical or current events.
  3. Exhaustive: people in this group have a highly extensive and diverse knowledge about any given story.

Why is it important to have high quality information in news article titles, or in any format where someone is presenting the theme of information content? I believe that high quality information should be as specific as possible, because details always matter when it comes to complexity. So, I’ll look at a specific example in this post.

“Top appeals court to hear why NSA metadata spying should stay or go”

An authoritative information source–like a news agency–has a responsibility to address all three groups of people. Like the author of the above article, I’m a member of the third group. The mass surveillance scandal has a great deal to do with the NSA, but it is not the whole story, and metadata collection is an even smaller part of the higher-level story regardless of the intelligence community’s tactics.

Narrowing in on Verizon, it is the only story hung out to dry by President Obama that is now being looked at by a court. The information “NSA metadata spying” is incredibly vague when juxtaposed between the larger story and the narrowly scoped story that’s titled above. Such ambiguity can negatively impact all three groups of people. Most legitimately, to the ‘none’ and ‘partial’ groups of people, it may lead those information consumers to believe that the entirety of the NSA’s mass surveillance practices are being looked at by an American appeals court, which would be false. Leading readers in this direction is unethical, because it means an information consumer may have a harder time understanding the content, because the initial indicators were presumed incorrectly. An authoritative information producer should know better and avoid this situation by being as specific as possible.

The ‘partial’ group of people have it the worst. Having only bits and pieces, they are the hardest to bring to a state of ideally-complete knowledge because their existing knowledge may be weighted by emotion instead of facts. The goal for a news agency, after all, is to help its readers attain as close to 100% information as possible based on what’s available, and in particular make available new information (factual, meaningful content) after investigating.

You never know what the ‘partial’ group knows and doesn’t know. A news article title should mimic its respective article’s content with specificity. Creating many and diverse logical links to the content via the introduction (the title) will allow the reader to realize more quickly what the scope of the information should be.

The ‘none’ group takes the most work, so it is easy to see why news producers fail to provide easy access to the larger picture. But as soon as an editor creates a vague, likely attention-grabbing headline, the information consumer has even more work to do.

The ‘exhaustive’ group should know better. When I came about the above mentioned title, I didn’t even bother to read the article because of the seemingly intentional ambiguity in the title. I know from extensive research experience what to probabilisticlly expect. I know that digital media organizations want clicks for ad money, so I go to sources that value respect over ad money. My example is extremely subjective and relative to many things– but the bottom line is that the people who know about the story beforehand, because they’ve already been exposed to said information, are not going to spend a lot of time reading something that’s redundant or annoying. Pre-existing knowledge is always going to alter the outcome of any information producer-consumer exchange, and information producers need to come up with more respectable ways of attracting consumers.

We Created the Very Threat We Claim to be Fighting

the United States, through its policies, created the very threat that it claims to be fighting now, and in continuing this policy, what President Obama is doing is embracing the very lies that made the Cheney-Bush Iraq War possible. And in the process, he’s creating yet another generation of people in the Islamic world who are going to grow up in a society where they believe that their religion is being targeted, where they believe that the United States is a gratuitous enemy.

As stated by Jeremy Scahill on Democracy Now!

Some awesome documentaries

My ex boyfriend really enjoyed watching documentaries (and he even got me to pronounce the word correctly!) so I’m going to start a new “documentary” section for my blog, so maybe I’ll spend more time watching them and sharing them here. A good place I’ve found to look for some good ones: https://www.reddit.com/r/Documentaries/

Me watching the North Korean documentary
Me watching the North Korean documentary

 

 

 

The very thought provoking things I’ve watched lately:

Vandana Shiva: Food, Ethics, and Sustainability

(start on 24:50. from here: http://www.yesmagazine.org/about/vandana-shiva-speaks-at-seattle-town-hall)

This Is What Democracy Looks Like (Seattle 1999 WTO)

All Wars Are Bankers’ Wars

North Korea Exposes the Western Propaganda

Cities: adopt these privacy laws

To follow up on a my previous post about enacting local initiatives for the people’s right to privacy:

  • A publicly-accessible warrant must be provided to monitor or capture any private voice communication or digital data, at rest or in motion.
  • Only the entities that privately sign digital certificates for the purpose of encrypting voice communication or digital data, at rest or in motion, can decrypt said voice communication or digital data.
  • Only the original creator of a private certificate may own and use, in such a way, that allows said entity to view or record decrypted voice communication or digital data.
  • It is illegal for any entity to attempt to break or subvert any voice or data encryption mechanism.

I foresee some business impacts to these, so some of them probably need to change. Discuss!