This post was read to the attendees of September 2015’s Community Technology Advisory Board (meeting minutes).
A few months ago I raised concern at CTAB about connected cars technology — about the need to be informed about the technology’s capability — because Seattle residents will not be informed if Seattle government and Seattle leaders are not informed.
Today, Crosscut reporter David Kroman published an article titled, Seattle installs new system to track individual drivers which concerns a related hardware identification tracking system. There are a few problems I have with Seattle’s interpretation of what it considers a “surveillance system” and how it’s unable to safeguard its residents from intrusive surveillance technology even in light of Seattle’s recently adopted privacy principles.
Let’s look at some of the facts of this tracking system:
Seattle government, including its CTO, does not consider this to be a surveillance system despite the manufacturer calling it a tracking system. History proves that tracking systems easily become surveillance systems, just look at our cell phone network.
SDOT is free to pursue infrastructure improvements without approval from the city council and even called this project “business as usual”. (quote: Adiam Emery, an Intelligent Transportation System Engineer with SDOT)
The public was not brought into the conversation before the deployment of this tracking system.
A privacy impact assessment was not performed.
The tracking system records when and where a hardware identifier exists including personal cars, personal cell phones, and markers such as speed, distance, and behavior are analyzed.
Seattle does not receive raw data and Acyclica claims they do not store raw data despite there being no audit of such a system.
Washington state supreme court recently unanimously passed a bill restricting the use of Stingrays and other surveillance devices that mimic cell towers because of the privacy implications.
The tracking system is something that was already in place and its privacy invasive capabilities were later upgraded to include these wireless surveillance mechanisms.
This data is collected 24/7/365 including of nearby homes and work places that are within reach of monitored intersections.
The data is transmitted to a third party but we do not know if the data is encrypted at rest before it is transmitted or if the transmission is encrypted.
SDOT Public Information Officer Norm Mah:
the city receives no raw data from the readers, which they say means it cannot trace information back to individuals or individual devices. Mah compared it to a bar code on a baseball ticket: The system knows you’re there, but not who you are. The data fed into the readers is “scrubbed,” meaning it’s analyzed and aggregated into a lump of useful information, absent of discrete data-points.
The metaphor is wrong and the explanation is not a truthful representation of reality. We do not carry baseball tickets with us everywhere we go, 24/7, and have them scanned, repeatedly, every time we drive through a street intersection. The public knows that American businesses do not have the ability to keep collected data safe from governments, be it the American government or the Chinese.
It would appear that employees of Seattle put demands before history. Do not forget that in 1943, Census released Japanese Americans’ data. Seattle has no business collecting and tracking Seattle residents physical location data and handing it over to third parties because they cannot control the use of that data once its collected.