Hacker News new | past | comments | ask | show | jobs | submit login
San Diego Awarded GE Mass Surveillance Contract Without Oversight (californiaglobe.com)
212 points by vinniejames 40 days ago | hide | past | web | favorite | 56 comments

> "General Electric has already made more than $1 billion dollars selling San Diego residents’ data to Wall Street"

Where does this figure come from? Is it even accurate at all? If this is actually true I'd be interested in seeing what kind of data they sell and who buys it. I'm really questioning the reliability of the article just because of this figure that seemingly just comes from nowhere.

Also, I live in San Diego, so I'm a little freaked out. This literally sounds like something out of 1984.

edit: I think they might be talking about Current, a GE subsidary that they sold to a wall street firm. Theres no financial figure disclosed. But it seems like they mainly do large-scale energy efficient lighting for commerical purposes. I would not classify that as 'selling data'.


Yes, the links in the article point a GE Current site where the data was made available for hackathon projects: https://developer.gecurrent.com/cityiq/innovation-apps-cente...

Someone was even kind enough to hardcode the API access token in their open source project https://github.com/jonnjonny/WhereIsEveryone/blob/master/Whe...

A bit dated, but it seems that current has about a $1B total revenue overall (circa 2015). In my very cursorily search, I couldn't find any more specific data, but $1B total revenue from SD resident data seems a bit high to me (kudos to anyone however that can find more current data). Pure speculation, but perhaps the above article was talking about overall revenue and not only SD data revenue?

[1]. https://peprofessional.com/2019/04/aip-acquires-current-ge/

[2]. https://www.bizjournals.com/boston/news/2018/11/06/ge-to-sel...

This stuff is basically gold for Wall St. I don't do it anymore but when I worked in investment management, people were starting to look at counting footfall manually at scale (in retrospect, the edge ended up being huge). You can get similar data from other sources (e.g. credit card, satellite, etc.) but to be able to automate footfall counts would be pretty special (I know where I am, there were issues with automating this because no-one was interested in selling data and there was a possibility some data could count as non-public/material...a city doing this is pretty unique...that wouldn't happen here, city govt collecting data for HFs, wow).

It's a little difficult to parse meaning out of this article... a hit piece by a candidate for municipal office attempting to smear an incumbent with willful distortions.

If GE made $1B here (which I think is a total guess, stemming from American Industrial Partner's self-described focus on the middle market), it was from selling "corporation" not "data". "Wall St" in this case means PE not HF. There's a hand-wavy attempt to link this transaction to California DMV's sale of data, but the two cases aren't remotely similar.

The interesting part is actually the PDF of the San Diego "intelligent lighting" contract embedded in the article; they've highlighted the main points. Section 7 of the contract says that San Diego owns the raw data, while the vendor owns the processed data free & clear to do with as they please.

So this in no sense represents San Diego selling "footfall data" to HF, but it is somewhat eyebrow raising.

I also live in San Diego and see these cameras everywhere. I understand the reason for "safety" and other tech related improvements (I think they mention real time parking availability), but at what cost to private data. What I really want is data to back up all these claims.

Observation is useless if police aren't keen to taking effective action in the first place.

1 in a million crimes it is probably super useful, but for the 999,999 other times some people get into a fight, something gets stolen, two people get stabbed in a grocery store with many cameras and security guards and dozens of witnesses (using an example from my neighborhood in LA this past September), nothing happens because the perpetrators are long gone and will never be found by the time the cops show up, if they do at all. You can't effectively keep 500 square miles safe with only 9000 cops.

Interesting. Just doing the math let's say whomever bought it assumed they could it roll it out to 20 more cities. And they paid 2x revenue for it. That's 25M of implied revenue out of San Diego.

I guess you could divide by resident but multiple firms could purchase the same data, so hard to say how to think about it.

A company like Enron would probably love knowing detailed information about energy usage patterns.

That would be in the ballpark of $1000 per resident. Possible?

Good time for a reminder that the surveillance state isn't going to come in because anyone has bad intentions. It happens because the technology is dirt cheap and will undoubtedly reduce crime.

The risk is that as the government gains more control it will go rogue and do real damage. Racial, religious and nationalist panics happen from time to time; sooner or later there will be perfect records of who is going to what Church/Mosque/Synagogue/etc that are going to cause a lot of harm.

The debate is going to centre around intentions and the fact that capability is the problem will be ignored. As is customary on issues where it hasn't killed millions of people in this century in this country and the people last century or different countries are different because ... well, something must have changed otherwise all this surveillance would be a concern.

I disagree because intentions and capabilities both play a part, often to different degrees from different parties, and duplicity in both are often hidden, and therefore saying it's just because tech is cheap is a very superficial analysis of the issue at hand. To me that just seems like an easily planned plausible deniability strategy by those involved. Of course hyperfocusing on one isn't the right way, but neither is going the other directional extreme.

One of the biggest problems with issues like this is that there would be a mixture of logical methods used to draw conclusions and lots of people forget the difference between inductive and deductive logic. (Intentions being more inductive and capabilities being more deductive)

The vagueness of your comment makes it difficult to understand what you mean. Can you rephrase with shorter words and sentences?

Intentions (potentially malicious, etc) matter and play a big part, but are harder to prove. I reject the idea that the deployment of surveillance tech is simply because certain leaders just are convinced it's cheap. Any kind of large city like San Diego has all kinds of military industrial complex actors pushing it in directions for all kinds of obvious reasons that are commonly connected to surveillance.

tldr; In general, increases in surveillance are almost always about control, and not protection.

A potential fall-out: the travel patterns and occupants of all cars in San Diego is stored in perpetuity, later to be hacked into, so that many common citizens can be later compromised.

To the perpetual excuse that I don't have anything to fear, since I am not doing anything wrong - first, any information that you give to someone is potential power they have over you. The apocryphal quote by Cardinal Richelieu on finding enough to hang a man in six innocuous sentences is worthy of keeping in mind.

Second, in an era of easily manipulated videos, it is easy to "manufacture" cam footage. If there are no such cams, such fakes have no legal validity. With the proliferation of such cams, there is currently no defense against such an attack.

>To the perpetual excuse that I don't have anything to fear, since I am not doing anything wrong

If I have access to your daily whereabouts, I have strong priors with which to predict a host otherwise private characteristics and/or affiliations. Frequenting gay bars? Likely homosexual. Church every Sunday and shooting range a few times a year? Good chance you might be a republican. Volunteering at planned Parenthood events? Not a bad bet that you're a liberal.

And these are just the obvious patterns - imagine how much you could predict with some basic statistical analysis, or modern ML. This is a very dangerous concentration of power and it's no surprise that people are willing to pay good money for it.

What happens if you go to a shooting rage a few times a year and volunteer at Planned Parenthood?

>>>Now we have learned Elliott owns between $10,000 and $100,000 in GE stock, according to her FPPC Form 700.

The city attorney that approved the GE contract owns significant GE stock. This whole thing should be null and void.

As the law quoted in the original article says, it's not considered significant amount if:

> The ownership of less than 3 percent of the shares of a corporation for profit, provided that the total annual income to him or her from dividends, including the value of stock dividends, from the corporation does not exceed 5 percent of his or her total annual income, and any other payments made to him or her by the corporation do not exceed 5 percent of his or her total annual income.

It's quite plausible that $10k-$100k does not meet that criteria.

> It's quite plausible that $10k-$100k does not meet that criteria.

GE's dividend yield is currently about 0.34% [0], which means that an investment of $100k would pay about $340 annually.

[0] https://www.nasdaq.com/market-activity/stocks/ge/dividend-hi...

Note that GE used to pay a solid, dependable ~4% dividend--prior to the stock's contemporaneous slide from ~$30 to ~$10.

Here's why San Diego is so corrupt. On 12/16/16, when this contract was approved by the City Attorney and Council, she was in violation of the city charter, which says any elected official cannot own stock in a company if that transaction is before them. If they do she should have forfeite her office and the contract void.

On 12/19/16, the charter language was changed to state law, that brings a 3% ownership threshold allowing her to be within the law.


So with my back of the envelope calculation at a 100 billion dollar market cap you would need to invest 3 billion dollars into GE, any less would be considered insignificant. I'm assuming my math is absolutely wrong, as this law seems wildly and completely corrupt.

> The city attorney that approved the GE contract

I do not understand making the city attorney the scapegoat. Here, this GE contract was entered into by the city because of an ordinance passed by the city council and signed into law by the mayor. The attorney's job in "approving" the contract is probably limited to reviewing it for form and making sure that its provisions are aligned with the city's interests and goals. The people to blame here are the city council and the mayor.

Reading it, it seemed that the prior city attorney (Briggs) was pushing this narrative while tooting their own horn.

The City Attorney never alerted the Mayor or City Council of the surveillance capabilities of the contract, at least not publicly.

"Should"? According to the San Diego charter, article 7, it is. From the article,

>... no officers of the City, whether elected or appointed, financially interested in any contract made by them in their official capacity... contracts entered into in violation of this Section shall be void and shall not be enforceable

This is weird. The exact sentence in the article is:

> Pursuant to state law, no officers of the City, whether elected or appointed, financially interested in any contract made by them in their official capacity.

That's not a complete sentence. It either needs something inserter before "financially" or after "capacity".

Thinking the article just misquoted, I looked at copy of the Charter that is shown in the embedded viewer later in the article...but that's got the same incomplete sentence.

Searching for that section online, I found a PDS copy at sandiego.gov [1]. In that, the sentence is complete with "shall be" in front of "financially":

> Pursuant to state law, no officers of the City, whether elected or appointed, shall be financially interested in any contract made by them in their official capacity.

[1] https://www.sandiego.gov/sites/default/files/articlevii_2.pd...

A sibling comment already pointed this out, but technically it may not be in violation. I don't particularly care about this, because I agree with the sentiment that the appearance of impropriety is almost as important as actual impropriety. Without that, confidence in leadership and the systems that govern us are eroded significantly.

Depending on timing, this may fall under insider trading. But for non sec violations, kickbacks are the name of the game in government contracts. Look no further than the senate launch system (SLS rocket).

This is proof that government should never get involved in business or the free market. It engenders cronyism and inept government bureaucrats getting rich off of unnecessary regulation.

Nobody is getting rich from GE stock.

Besides, this article is an manifesto/editorial. Some person running for city attorney did a document dump of mostly irrelevant stuff.

Lots of ranting, but very little actual content. What data has been collected from a partially implemented streetlight program in San Diego that was sold to “Wall St” for a billion dollars? Who is “Wall St” exactly? Lighting systems like this are administered by a NOC maintained by the vendor. Is that the data in question

There isn’t enough information to form an opinion about the “inept bureaucrats”. City attorneys don’t enter contracts, they advise those who do. It’s fair to critique the terms of the contract, but ignorant to accuse someone of violating the law without any merit.

That's, frankly, impossible. This is one of those things that government has to buy -- streetlights and standards for them. Either the government creates government-owned companies for everything public or it participates in the market. If this were just handed to a private contractor, the same problem would be likely to occur, although the private contractor might be smarter about getting their cut of selling surveillance data.

Most large companies depend on government contracts for a substantial part of their business. The government is after all the single biggest consumer in many markets. This, and revolving doors between businesses and government, probably means that corruption of this kind is hard to eliminate.

The rationale for the cameras has been covered before. It appears city leaders were lead to believe the cameras were for energy conservation only:

> In December 2016, San Diego’s Environmental Services Department presented the City Council with a way to bring down its energy costs. General Electric had been looking for a place to test out new sensor-controlled technologies that could brighten or dim lights from afar and collect anonymized data, and a pilot program had been initiated in East Village two years prior. The company was now offering to finance the installation of that technology across the city with a $30 million loan that could be paid back over 13 years through its own energy savings.


Later, law enforcement got its hooks into the new toys:

> Since August, the San Diego Police Department has been accessing the raw video footage with permission from City Hall and using its contents in dozens of criminal investigations, as the U-T reported. Some of that footage could appear at a trial scheduled to begin later this month, according to police.

The notion that law enforcement will somehow be excluded in any way from the video/audio feeds from these devices strains credulity. If history since 2013 has taught us anything, it's that if you give law enforcement an inch of surveillance, they'll take a yard.

On a related note, the idea that these feeds will somehow not end up on some dark market or surveillance capitalism venture business plans is equally ludicrous.

Modern history seems more "give law enforcement none of surveillance, and they'll take it all anyway." If the surveillance exists they will (ab)use it.

There is a developers guide that shows all the information that is collected [1]. It doesn't look good. There is also full API documentation here which outlines what data is returned [2].

[1] https://developer.gecurrent.com/cityiq/developers-guide

[2] https://docs.cityiq.io/#05-Media%20Planning%20API/API%20Maps...

I would be more concerned about how Law Enforcement is using the data.

I am also baffled by people not being concerned about Law Enforcement Surveillance but they are always up in arms about "corporations" spying on them.

Last time I checked it was only law enforcement that has the power, authority, and legal cover to kill me, or put me in a metal cage.

I suppose they believe "I have done nothing wrong so i have nothing to fear" but that has been proven time and time again to be a fallacy of epic proportions

It is because they don't decide with logic or thinking but feelings. They fall for the soldier cult or lies to chhildren quaint notions of friendly local police officer and the generic corporations always bad and you get that moronic result.

That or way too much faith in the democratic process without extensive oversight and power. Either way it is the result of taking lies to heart when we are up to our necks in them at best.

> The City paid $30 million for the contract. But the larger issue is that General Electric has already made more than $1 billion dollars selling San Diego residents’ data to Wall Street.

Where are they getting this billion dollars figure from?

What is the ‘data’ mentioned in the article and related docs? License plate data? Street light efficiency data? It’s not super clear what is being shared or sold in this case


Looks like GE advertises that the product can collect traffic, pedestrian and parking location data via Bluetooth and WiFi sniffing.

The iOS 13 upgrade was very telling. Suddenly every app is requesting blutooth access. Why does the reddit app need access to the blutooth radio? Because not doing so is leaving money on the table, and shareholders know it. I'll stick with the mobile website for now.

All things that have been done for many years.

Where do you think the road speed indicators came from on online maps? (Cell phone carrier data sold to state transportation departments)

How do you think water and sewer meters are read? (Pole or car mounted RF readers)

I thought google's estimates at least came from tracking android phones and ios users of their ecosystem apps, not from the carrier?

I doubt LA at least is advanced enough to have these RF meters in every parcel. Plenty of houses are literally sitting unanchored on a pile of stones/dirt/random 80 year old rotting wood scraps as a foundation and would blow over in the wind or any earthquake. LA metro's timelines for rail projects are regularly dragged out, not by the usual blame of graft and bureaucratic inefficiency, but by the fact that there are so many undisclosed utilities buried under the city in a half-assed, cheap as possible, attempt to fool the building inspector manner for 100 years straight. You hit a 100 year old wooden water main that wasn't on any map while boring and you need to replace the entire pipe as it is due to rot away yesterday. San Diego seems much more like a first world country, though.

That’s how it works now, but that tech appeared 20 years ago.

No idea about LA, but if you have a water meter, they get replaced every 12-15 years. New meters all have remote read because they save a ton of money, and are often cheaper to install.

I understand it to be video and audio feeds from 4000 street locations

Well, GE's engineering presentations of full system attestation and integrity analysis/measurement suddenly seem so much more relevant and scary - if those techniques are implemented in these surveillance networks. They presented this in the context of energy infrastructure - but surveillance works too I guess. It seems they've been working on software/hardware to make subverting these things much more difficult in the open for a while now:


Could someone theoretically go around with a high powered laser and burn the sensors of surveillance cameras?

Far easier to throw a rock.

LOL. Yeah, knock out the camera and win the Cy Young award.

So this is what stage 2 of privacy erosion looks like. Stage 1 was of course traffic/red light cameras. How they spun installing cameras and microphones (!) with a data sharing agreement as "an energy efficiency upgrade for street lights" is beyond me.

I think sousvailence is the only way to combat mass surveillance. Observe and report all that you hear and see. Let everyone know what's going on in your neck of the woods.

Even if you're aware they're recording you, they're still recording you.

"Oversight" sounds like some sort of dystopian surveillance system.

Maybe it's confirmation bias because I live in San Diego, but it seems like San Diego is 2nd most talked about city on this forum to SF

Applications are open for YC Summer 2020

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact