Privacy update and action items following Seattle’s February CTTAB meeting

The evening of Tuesday, February 10th, 2015 was the City of Seattle’s monthly CTTAB meeting that is open to the public. I attend as a Seattle resident and most there know about my involvement with Seattle Privacy Coalition. During the public comment period I brought up more issues than I typically do, which I feel is appreciated by those in attendance. Disclaimer: these should not be considered facts, I only took mental notes and made a bunch of random tweets.

Education shared with me that I wasn’t clear about:

1 — The recently created Privacy Principles that were announced by Ed Murray are going to be presented to the City Council soon. The City Council still has the ability to change them before they adopt them. Comments can be send to CTO Michael Mattmiller and the Privacy Advisory Committee via privacy at seattle dot gov. The Privacy Principles, once adopted, will get turned into a Privacy Statement that all of Seattle’s departments will have to be in line with. The Principles are a high-level “philosophy”, of sorts, that each City department should consider when taking on new projects. They will not contain specifics about any given technology or application. The Privacy Statement is planned to be created before or during the month of August.

1a —

1b —

Concerns that I voiced to CTTAB and to Seattle’s CTO, Michael Mattmiller:

2 — I voiced my personal concerns with the Privacy Principles. The Principles speak as if the City of Seattle gives privacy to people, which is a fundamental misunderstanding of what privacy is. I tried to explain to Mattmiller and CTTAB that the semantic usage of “privacy” should not be confused with “confidentiality” or “information security”. The City is responsible for keeping our information confidential, which is a different matter than aiming to protect resident’s privacy. Privacy is my ability to keep information confidential to myself, to not be documented or recorded, so that I cannot be abused by any planned or unplanned consequences of aggregating said information. Privacy is not the governments acquiring and holding of personal information, let alone the trust that it expects us to automatically give them in return for taking my information. The principles do not speak to the fact that the city can simply *not* take information and that inaction is the *best* way to protect resident privacy.

3 — Federal DoT “connected vehicles” program development — how will it impact the city? In short, no body knows anything. I believe I was the catalyst for someone from WSDOT being invited to a future CTTAB meeting to start the discussion. I am hoping that CTTAB will be educated on the issue so that when it does become an issue for Seattle, if it hasn’t already, CTTAB needs to be able to educate the City Council. Privacy is a cornerstone issue given that by 2020, 250 million cars will be connected to each other and other things.

3a —

3b —

3c —

4 — I explicitly asked about Ms. O’Toole (Seattle Police Department) past comment to move Seattle’s wireless mesh network from SPD oversight to the Department of Information Technology (DoIT, aka Mattmiller). Mattmiller explained that said transfer is still being considered, and that privacy is one of the concerns. It sounds like they are still waiting to see what happens with the to-be adopted Privacy Principles and Privacy Statement. He mentioned that Police and Fire employees will exclusively be using the network via PKI access, and, interestingly, that the mesh network does not have the capability to monitor non-connected MAC addresses.

Actions needed to support CTTAB, the CTO, and thus the city:

5 — Documentation of existing privacy-related laws that are in use by other cities, states, etc, are wanted to best understand the consequences of the Privacy Principles and the upcoming Privacy Statement. Can Seattle Privacy Coalition organize this? Nobody at the CTTAB meeting “has time” to take on the challenge. I would love to, but I would need help.

6 — CTTAB’s privacy committee, a different entity from the above mentioned Privacy Advisory Committee, gives a monthly report on their developments. The CTTAB privacy committee does not meet monthly, so this month’s update was simply that the upcoming symposium is being postponed again (lastly stated as March 26th) because of the main speaker’s professional agenda. CTTAB’s privacy committee is always looking for volunteers. The upcoming symposium will focus on “under-represented communities” in Seattle.

6a —

I am very appreciative of everyone’s time at CTTAB meetings, including Michael Mattmiller. I am thankful for everyone’s interest in privacy and for listening to my concerns.