Hacker News new | past | comments | ask | show | jobs | submit login
Seattle Surveillance Technologies Up for Public Review (seattle.gov)
153 points by markovbot 40 days ago | hide | past | web | favorite | 55 comments

Seattle uses WiFi MAC addresses to track traffic movements. While the data is currently hashed and anonymized, it wouldn't surprise me if this data is eventually processed and combined with CV technology (specifically license plate readers and facial recognition tech) to provide detailed information on the movements of individuals. From one of their documents:

Acyclica technology collects encrypted media access control (MAC) address information and sends the data to the cloud using their RoadTrend Sensor. This sensor is a proprietary Linux-based device that is discreetly installed inside of traffic control cabinets for SDOT. The devices are Ethernet connected and have a Wi-Fi adapter capturing the MAC addresses of all devices within its range. Using the detection of MAC addresses, Acyclica identifies and differentiates vehicle movement as it approaches, stops and leaves an intersection. When Wi-Fi enabled device comes within range, the sensor generates a one-way hash code from the detected device’s MAC address (using a SHA-256 algorithm). Only the hash codes are transmitted to their cloud server, and there is no way to reverse this process and access addresses of the original devices. From the aggregated data, Acyclica can extract and provide actionable traffic related information to SDOT.

> generates a one-way hash code from the detected device’s MAC address (using a SHA-256 algorithm)

This does not sound truly "no way to reverse" if they are using plain or some simple variants of SHA-256. There are only up to 2^48 possible MAC addresses (way less in practice), which is a very realistic number for rainbow tables.

That said, this might be less relevant quickly as more and more devices are going to use randomized MAC addresses for probing Wi-Fi networks.

Also, (typical) MAC addresses are not random; the upper 24 bits are constrained to a given smaller set of manufacturer codes, so you can reduce the search space considerably.

Unless they purposefully produced hash collisions by truncating the hash, they've just traded one unique identifier for another one. The information they throw away is not very hard to recreate, you just need to discover an individual person again (provided that the MAC hasn't changed), hash it, and now you've got the hash->MAC mapping for that individual, and you can look at their location history.

It's always the race for more and more telemetry that seems to justify an increase in general data collection. Can't we just accept a certain level of blindness/primitiveness?

More specifically I wonder, how has the addition of this collection approach improved whatever it's used for over the previous approach? Is that improvement worth it? Or is it, as is often the case, data for data's sake that makes them feel better about decisions than whether the decisions are actually any better?

"there is no way to reverse this process and access addresses of the original devices"

That doesn't mean you can't abuse this data! If you know a MAC addresses (say of your ex-spouse's cellphone) and the algorithm you can calculate the hash and then use that hash to track their phone.

this is one of the reasons why the wifi button in the ios control center slide-in sheet is so infuriating. at the very least, that button should be tri-mode, so i can turn the wifi radio off rather than just disconnecting from the current wifi ap. otherwise, it leaks location data all over the place.

In this particular case, I believe you don't need to worry too much. iOS (since iOS8, I think?) randomizes WiFI MAC addresses to avoid this kind of tracking.

Android doesn't.

Very cool! I feel like the behavior that'd match iOS is the developer switch variant, no?

Still happy to be corrected. :)

No. It matches iOS without the developer switch. iOS never use randomized MAC address when joining network.

Using randomized MAC address per SSID may break some well-established authentication scheme base on client MAC address. And it is not marginally stronger than only randomize when scanning, because the randomized MAC address is pinned to ESSID instead of BSSID.

ah yes, i dimly remember hearing about that but forgot. do you know the parameters around this feature? for instance, how often the mac is rotated and what triggers rotation?

It's automatic for every WiFi connection, I believe.

Someone pointed out to me on Twitter that there's probably still more fingerprinting happening behind the scenes here, so worth noting as well.

Enter something like..

>> while true; do rotate_mac_random.sh; done

Running on hundreds of devices with their radios turned up to maximum power.

All this data, but yet most traffic lights don't have sensors and are still on timers.


See the original post, it lists all Seattle's current surveillance tech.

As someone who was raised in the south I find the competence of Seattle's city government absolutely amazing. It's night-and-day different from the learned helplessness of city governments elsewhere in the US.

I'm not entirely sure what I'd call it, but competent is not the word. Seattle has a history of attempting to push constitutionally-questionable and ill-thought legislation.

0: https://www.seattletimes.com/seattle-news/politics/seattle-p...

1: https://q13fox.com/2018/05/08/seattles-proposed-employee-tax...

2: https://patch.com/washington/seattle/seattle-residents-jolte...

3: https://www.seattletimes.com/seattle-news/politics/seattle-t...

and so on.

I get that you don't like taxes, but policy disagreement is not evidence of incompetence.

There's much more that's not just not liking taxes.

- https://www.seattletimes.com/seattle-news/politics/12-millio...

- https://www.seattletimes.com/seattle-news/politics/like-terr...

Or see the city council's total failure at dealing with homelessness. Or their 180 on the head tax.

I drove a stiffened up sports car in the area for years and the idea that Seattle has bad roads is ludicrous. The city of Seattle literally has an app where you can report potholes. I reported one on my street and it was fixed 2 days later with no further interaction from me.

For comparison, my parents' road in South Carolina is less than 5 miles from a major downtown and has a pothole in it that disabled an ambulance a few years ago. The pothole has been there for at least a decade.

People who live here have no idea how good they have it.

Yeah, I think many Seattleites do not understand the sheer ineptitude of many local governments, even large ones such as Chicago or LA that have budget. God help you if you want the city of Chicago to provide you with any kind of basic service in a reasonable amount of time.

I think the reason that we think our government is incompetent is the reason it works. We're constantly angry and trying to fix it, and electing reformers that shake things up.

Although I would say is that Seattle does elect a few activists and others to the council that aren't competent administrators but push the right electoral buttons. Kshama Sawant comes to mind. That progressive spirit is a double edged sword.

This isn't a statement against your other critiques of Seattle's government. In fact, I have no standing to speak on them given I've never been to the city.

But I'm be quite weary of criticisms against city's handling of their homeless populations, given the issue is a box of hand grenades, all with different timing mechanisms that must be diffused the moment it's opened.

The most vocal political actors around the issue are generally highly empathetic activists averse to almost any form of outcome oriented case management, metric collection or conditional aid policies; and those that vociferously oppose all forms of state-driven social aid.

Cities that pander to the first, compassion-oriented constituency tend to risk becoming a dumping ground for the region's less compassionate actors, and cities that pander to the other tend to dump their homeless populations on the more compassionate ones. This means that whoever tries to solve the issue first inevitably finds their public/private resources strained beyond reason.

Attempts to reconcile the two perspectives usually satisfy no one, and more often than not seem to produce counterproductive and Byzantine bureacratic mazes that ultimately produce little to no positive outcomes and lack the flexibility to adapt their social services on a case by case basis.

With the head tax, it was hard to say there was not incompetence or at least gross miscalculation. The city council passed the tax, the mayor signed it, and then less than a month later it was repealed.


How about them buying new trains that don't fit the tracks and maintenance barns?


and a wikipedia page dedicated to its slow and inefficient methods of deliberation https://en.wikipedia.org/wiki/Seattle_process

Keep in mind that most people in Seattle think those are features, not bugs. Fast and efficient does not mean a system you want to live in.

I’m in Atlanta and specifically in DeKalb County. The politicians are extremely corrupt and only care about themeselves. The former City of Atlanta mayor will hopefully face charges soon[1], someone in his office was indicted for taking bribes.

A former Dekalb sheriff is in jail for hiring a hit man to kill the guy who was running against him[2]. Not to mention former CEOs of Dekalb county are in jail. Yes a county with a CEO, that tells you a lot. Alothught the current CEO appears to be different and is cracking down on corruption, time will tell.




The thing about Atlanta has always been how screwed up our metro counties are [1].

Unincorporated DeKalb is a prime example of this -- a lot of money, and county politics is the easiest way to get ahold of it.

That said, Atlanta as a whole has also managed to mostly teeter its way through racism and economic inequality better than other large southern cities, largely through economic-political compromises [2].

So there's something to be said for a little political corruption.

[1] https://southernspaces.org/sites/default/files/images/2015/p...

[2] Initially the turn-of-the-century Atlanta compromise, in which African Americans submitted to white political rule, in exchange for economic and some educational opportunities. And then the 1970s+ compromise, whereby white businesses agreed to cede political power to African Americans as long as businesses weren't overly interfered with by government.

For whatever it's worth, it's not just the South. I live in Wisconsin and a lot of our city governments are not even half as competent as the city governments you probably have in the South. (Of course, I guess I don't really know how bad it gets down there so I shouldn't say that? But it's pretty bad up here is my point.)

That said, yeah, Seattle is something else altogether in terms of governance. What's funny is that people from Seattle would probably complain about their city government...

until they tried to live somewhere else for a little while.

Chiming in as a seattelite having spent significant time in Baltimore, Philly, and Colorado:

We do some things rather well (Transparency, not entirely atrophied ability to enact infrastructure progress, reasonable decent levels of participation without rampant nimbyism, govt. not entirely compromised by special interest groups/corruption)

and some things much less well. (Transit/road funding, communication with our constituencies (Although this could just be my own experiences), growth planning, Marijuana legalization, cryptocurrency policy)

I don't think you should sell short the people who would complain about their govts, "there are worse elsewhere" always struck me as vacuous as the "Starving children in africa" argument; the fact that places like Flint exist doesn't make me happier at seeing building firms lobby for reduced contributions to e.g. sewage costs. In politics I've found there's usually something worth complaining about, and it's our impetus as citizens to be attentive and stay on top of it :)

(I optimistically hope we complain because we, or at least I, am never going to think "well I can't improve it more." If we complained and never did anything about it, _THEN_ I think we'd deserve the jab)

Lack of transit funding no longer rings true. The area just funded $50 billion in one of the most ambitious public transit expansion projects in the country, with heavy expansion of the train network. This is after an expansion still completing to grow its rail network. (Granted, it should have happened earlier, but this criticism seems less valid now than 20 years ago.)

And SPD stopped enforcing marijuana laws well before the state legalized it. It was classified as "the lowest possible enforcement priority". And then, last year, Seattle vacated all misdemeanor marijuana charges from prior to legalization.

Seattle, overall, seems reasonably well-managed. I think City Council gets up to antics now and then - they nearly lost $12 million in federal funds because of some political grandstanding in December - but the staff who actually run the city seem to do a good job.

Sometimes the level of effort to communicate and involve citizens slows down needed progress, such as the upzoning efforts designed to increase density, but they would get criticized for not doing that too.

"Lack of transit funding no longer rings true."

I can only address this for the Duvall area, but I can't agree with this statement. According to the latest city council meetings I was at, we're slated for >11% YoY growth in population (mandated at a higher level of govt, to my understanding, and without commensurate increases in funding), but have consumed our road repair funding for the next 5 years. This not including regular shutdown of the only two roads across the river, for which we have to beg Redmond to fund repairs for if issues happen, not even getting INTO the boondoggle that was the novelty hill switchback being built at half bandwidth due to legal/contractor malfeasance. (I'm also frankly, as you say, still bitter that the train buildout didn't start years ago, going back home to philly and being able to easily get into center city from >hour out via train is _such a relief_)

Enforcement was actually less my issue than how they've handled licencing. There was IIRC a lottery for licensing and they didn't take into account actual grower realized capacity, which alongside some very high tax levels, puts it non-competitive with the black market, has lowered quality and availability, and makes it very difficult to create new businesses.

I'd certainly agree with "Reasonably well managed" and would hope my complaints don't paint over the successes that I also mentioned. As you say with the city council grandstanding (and I'd mention some of the corruption in the ports prior) there are some pockets of issues, and that's why I try to "stay hungry" as it were for being on my local govts to improve themselves.

I don't understand. Duvall is a separate city from Seattle. Is there some tie-in on road funding I'm not aware of?

That's the understanding they communicated to us. Basically, the inter-township roads are funded in large part by the larger funding pools (redmond+seattle) and oftentimes "Growth funding" has to trickle down from federal, state and county levels.

Apologies in advance if I'm totally off base, I'm trying to repeat near-verbatim what I heard in township/county meetings on this topic. (congestion and growth)

I called around a bit and it sounds to me like Duvall basically built half its allocated growth housing for 20 years in about a year and a half and spent a ton of money on roads along the way, and now wants the PSRC to double both growth targets and funding for roads.

Building lots of housing seems pretty reasonable to me, but I'm not sure I can blame Redmond or Seattle for not writing blank checks on this kind of thing.

To be perfectly clear, I don't necessarily _blame_ redmond or seattle. I just think the convolution around "who funds what and who deals with the pragmatic result" is both unnecessarily opaque in this situation, and not a question I've heard any good answers to. This is why I handwaved at this problem as "things we're less good at." Going to years of township meetings and getting effectively shrugs and "we know this is a problem but no plan to address it outside of waiting for more upper tier funding" doesn't really engender much faith in this category, unfortunately.

(also, I was under the impression that the allocated growth targets were "set on high by the powers that be" and handed down to the townships?)

Good to know I'm not _totally_ in left field with my remembering of those meetings though... (I'm fascinated how you "Called around a bit" though, civ-e/govt work? I wish I could get those sort of answers as a resident :P)

Honestly, I'm not super well connected so I'm not sure what to make of the comment that the process is opaque.

For example, the PSRC is just one of the groups involved in this kind of funding but it's probably the one most at loggerheads with Duvall on this issue as far as I can tell after an hour or so of looking into it. They have a website and it really is super clear as to what they're doing and where the money is going. They publish the agendas for meetings on a nice calendar with links to minutes and presentations going back several years, and for more recent years have full audio and video recordings of meetings. You literally wouldn't have to step outside of your door to know everything that happened at one of those. To me, that's unbelievable transparency.

Regarding "the powers that be", I'm sure they are. Duvall is pretty small potatoes in the grand scheme of things, and while it does vote on the PSRC it's just one vote of 80-- and that's not even thinking about the myriad other planning bodies involved with roadworks or civil planning in King County. How much say in them Duvall has I can't guess, but if I had to I wouldn't assume that it ran the show.

Regarding calling around, it wasn't very backroom-- I just called the office of my rep on the city council and they emailed me back about two hours later with a bunch of information, most of which was useless and some of which was on point. In the meantime I called a friend who does property development and got the basic lay of the land. Between the two perspectives I got the general sense I've conveyed in these messages and not much else, since I haven't had much cause to think about the roadworks in that area before. I hope that doesn't sound dismissive-- I just don't live there and so haven't thought that much about it.

No not dismissive at all, everything you've said sounds quite sane, thanks for indulging my dumb questions :)

I've just had different experiences when interacting with local govt, so this is in part the self-reflective "what am I doing wrong" question. (I've emailed reps before and gotten what amounts to form letters back, if even that.) And similarly, the transparency you mention from the PSRC site, I simply never got from our local transit meetings. Bluntly, they've never even mentioned that acronym to us, insofar as what little notes I have say. May simply be that I'm asking the wrong questions or the wrong people.

I've never gotten anything but a form letter from my rep either. I usually just call their office and say I have a general question about X, could you please help me find who to ask. The staff seem helpful and knowledgeable as long as you're sensitive to their limits and position-- they can't actually do anything themselves generally. It can take time, although in this case it didn't for whatever reason.

Forward Thrust was almost built, but was doomed due to both an overly ambitious plan requiring a 60% threshold, and misfiring targeting (convincing skeptical suburbanites who lived in the middle of farmland vs. turning out urban minorities already using transit). They had a majority but not 60%.

> "there are worse elsewhere" always struck me as vacuous [...]

There's a suggestion that when discussing design objectives with a client, it's better to provide multiple prototypes than one, as their differences then become vocabulary for the discussion.

I wonder if public dialog might be served by having a richer set of such landmarks. Instead of abstractions like "transparency is good", perhaps more concrete comparison and competition like "look at that transparency in city A - let's aspire to that". And negative exemplars like "we are sooo much better than city B - yay us", and cautionary tales "but let's not get too cocky, given how fast city C declined", and peer pressure "wait, a few years ago we were ahead of city D, but now look at them - we've got to get moving here". Policy choices are currently discussed as "that might tend to have these effects" and whistles, rather than as "that would make us more like cities E or F and less like G or H - is that what we want?"

So I wonder if one could have a nuanced, specific, and helpful use of "that is done better/worse in some other place"?

Did the city have much power over marijuana policy? It seems like that was mostly the state legislature, no?

You're entirely right. I was, laxly, overlapping county/city/state legislature, since they all have some amount of impact on your day to day. (Transportation, another of my example, at least in my county, is largely being hamstrung due to a trickle down of "lack of fed funding so lack of state funding so lack of city funding so ...")

My life took me from Wisconsin to South Carolina to Texas to San Francisco, as well as abroad, so I've seen the gamut.

Government in places like Wisconsin, SC, rural Texas are so comically incompetent it's no wonder there's so much anti-government or libertarian sentiment out there. When you have to dig your own well because the muni can't sort getting clean water piped to you, you may not realize that that's precisely what taxes are supposed to be paying for. When you have to homeschool your kids cause the local schools aren't even good enough to be classified as day care, you may wonder what the purpose of the Department of Education is.

God damn am I glad I got the fuck out of those places. I wish I could be more patriotic but as an ex rural-american, I confidently say rural America is fucked and hopeless. Feel free to argue otherwise because I'd love to be able to cling to hope again.

>God damn am I glad I got the fuck out of those places. I wish I could be more patriotic but as an ex rural-american, I confidently say rural America is fucked and hopeless. Feel free to argue otherwise because I'd love to be able to cling to hope again.

If it makes you feel any better, most of the cities are fucked as well if you aren't rich enough to get into good school districts. Rural areas just throw it in your face because there is no bypass for rich/upper middle-class people.

It seems these places prove the old saying about groups that claim that government is incompetent and when they come in power, they prove it.

Speaking as another southerner, I can't agree more. Looking at how Seattle is doing it vs how it works down here made me jealous.

The place I live is under intense investigation for its confidential informant practices that are leading to people being framed and convicted for crimes they didn't commit. The use of surveillance here is something we should be worried about as it could and probably is being used in this process.

That said, I have had family in multiple southern states who were law enforcement officers for generations and I can say that transparency will come here last due to an ingrained culture within many law enforcement agencies here. Sadly, we probably need it more than anywhere.

Really? People who run the city with the third largest homeless population in the US are "competent"?

This public review isn't be accident. For several years, an advocacy group that I was involved with briefly helped with achieving important milestones like a getting a chief privacy officer and a privacy advisory committee.

Great idea. I wish more local governments had this. Lots of cities are acquiring surveillance without pols even knowing.

As the page notes, this is a result of a surveillance transparency ordinance adopted in 2017. Some other cities are considering these; readers could advocate for them elsewhere too.

Another city that forces private companies to provide them surveillance data is menlo park.

Applications are open for YC Summer 2019

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact