Seattle Police and ALPR

Last week I saw a post on Twitter from the Seattle Department of Transportation (SDOT) announcing a series of meetings by SDOT, the Seattle Fire Department (SFD) and the Seattle Police Department (SPD) seeking public feedback on surveillance technologies already in use by the city agencies. In particular, they were to review the use of automatic license plate reader (ALPR) technology.

Interestingly, SPD did not promote these meetings on either their blog, SPD Blotter, or their Twitter feed. Also, all the meetings started right at 5 pm on weekdays. This is not the outreach of an agency that is really seeking public input. These are the actions of an agency that is going through the motions. The meeting I attended on 29 Oct 2018 had in attendance only three members of the public as well as a few other folks who perhaps were from the ACLU or other organizations. During the “small group discussion” only three of us participated.

The ALPR programs in use by SPD are PIPS (link) and Autovu (link). PIPS is used for automatic reading and storage of license plate data by the SPD Patrol division, as well as a few “boot vans” used by parking enforcement for “booting” vehicles that have 4 or more unpaid tickets. Autovu is used by their parking enforcement vehicles for “digital chalking”.

Briefly, PIPS cameras on patrol cars capture the license plate information, location, and time for as many cars as possible as the patrol cars drive around the city. A hot list is loaded into the system periodically, and if a license plate matches one on the hotlist, the officer is alerted and, after confirming with dispatch, may take action based on the match. All the data on licenses plates that have been read (the “read data”) are additionally “uploaded to a secure server” where trained officers may search for and retrieve data for up to 90 days after it has been captured. After 90 days, the data is to be deleted.

Autovu similarly records license plates, times, and locations. If, on a later drive by the same location, the vehicle is noted by the system to have exceeded the time limitations for parking, the parking enforcement officer is alerted and they may take action, such as ticketing the vehicle. The license plate data, other than what triggered a ticket, is discarded at the end of the day.

I had a number of concerns about the PIPS program, and after asking some questions at the meeting, they are intensified. I have submitted them to SPD for this review, but I wanted to write them out publicly as well. Some of my concerns about PIPS may also apply to Autovu, particularly those regarding the collection of the data, but because it does not retain read data I am less worried about that program. Keep in mind that while I am relatively savvy technically speaking, I am not a security professional nor have I studied ALPR systems in particular. That means that my worries may be somewhat uninformed. Nevertheless…


My first concern is that nowhere in the program description was there any description of their threat models. I asked SPD’s Director of Transparency and Privacy what threat modeling had been done with respect to the ALPR technology and programs, and she did not think any had been done. If an organization hasn’t modeled their threats, we have no idea if we’re protecting against the right things if we’re protecting anything at all. And given the tenor of the meeting, I suspect SPD isn’t protecting against anything at all. The department is focused about 99.8% on the benefits it gives them in chasing down crimes, particularly stolen cars.

Here’s where me not being a security professional is apparent. I do not know how to do any formal threat modeling. But I tried too look at various categories of possibly malevolent actors and review the program description for ways it might be misused. Some of these came from other people at the meeting.


SPD’s use of the system for its intended purposes

This is where the program is used by SPD for finding cars or investigating crimes but through bad policy the system infringes on the liberty of the people. In this category of concern, I asked the SPD representatives if the agency had used a racial equity toolkit (RET) to analyze the impact of the program on marginalized communities in Seattle. They had not yet. Looking at the process outlined in the description, most of the RET is completed after public feedback. Some of the first portions that they have indicated are affected are obviously wrong. For instance, to the question “Which of the following inclusion criteria apply to this technology?” they left unchecked the following:

  • The technology disparately impacts disadvantaged groups.
  • There is a high likelihood that personally identifiable information will be shared with non-City entities that will use the data for a purpose other than providing the City with a contractually agreed-upon service.
  • The technology raises reasonable concerns about impacts to civil liberty, freedom of speech or association, racial equity, or social justice.

To the first unchecked item, SPD simply doesn’t know because they haven’t studied the information. And they later state “An additional potential civil liberties concern is that the SPD would over-surveil vulnerable or historically targeted communities, deploying ALPR to diverse neighborhoods more often than to other areas of the City.”

Additionally, we give heightened protection to political speech. But deploying ALPR cars around protests, rallies, and other such “free speech activities” SPD has the possibility of criminal pretexts being used as fishing expeditions against opponents. SPD would have 90 days to fish through location data. These are just a couple of possibilities that I can think of off the top of my head. The technology obviously has reasonable concerns about impacts to freedom of speech.

Out of policy use by SPD officers

This is where SPD officers use the system for purposes outside what is allowed. Officers are required to undergo training and of course they are all sworn and background checked. The program administrator is supposed to approve all searches of stored read data, and the system automatically logs the officer, the terms searched for, the case number and the purpose for which the search is conducted. The SPD Inspector General (theoretically independent of SPD) can audit the system for misuse, as can the program administrator. When I asked SPD command staff how many instances of misuse of the system had been found during the 10 years the program has been in use, they answered “none to our knowledge”. It is unlikely in the extreme that not one officer has ever misused the system. Possibilities include officers tracking vehicles of girlfriends or rivals, locals that they want to keep tabs on, take bribes or favors to feed read hits to outside people, or simply get fed up with onerous requirements for logging and do things like re-use case numbers. An audit system that has uncovered no instances of misuse is either not recording the right information or is not being conducted thoroughly.

Out of policy use by other agencies

Agencies such as King County, the Washington State Patrol, the FBI or Immigration and Customs Enforcement (ICE) do not have direct access to the system. However, they may submit requests for information to SPD which send them responsive data. Such requests and responses are memorialized, but it’s unclear how and whether that is part of the same audit trail. Additionally, SPD did not articulate how they vet such requests, particularly with respect to Seattle’s policy of non-cooperation on immigration enforcement. ICE may be making direct requests for ALPR read data with nominally within policy reasons (e.g., for customs investigations) that are really for deportation reasons. Or they may be routing such requests through other agencies. Or there may be no issue at all. We have no way of knowing. This concern was brought to my attention by another attendee at the meeting.

Misuse of the data by the public

According to SPD, ALPR read data is subject to public records requests. There is nothing to stop me from submitting a request every 90 days for a CD of all ALPR read data, circumventing any protection we have by SPD erasing the data they hold after 90 days. While there may be restrictions on the legal use of such data, once it leaves SPD hands, we’ve lost effective control of it.

Misuse of the data by the vendor

According to the staff present, no security review of the software has ever been performed to make sure the software does what it’s supposed to do by the vendor, Neology. The software is closed source as well. Are there backdoors for support? Are there security vulnerabilities that allow exfiltration of the data?

Misuse of the data by IT

The City of Seattle consolidated almost all IT within a central department. The technical staff are not sworn officers, though they are background checked. According to staff present, as well as some hints in the program description, ALPR read data is stored in a SQL system. Which suggests to me that the data is both unencrypted and can be reviewed outside of the audit system that is used by SPD personnel.


Most of my privacy concerns could be mitigated by a policy of discarding all read data when it does not match a hit list and/or much stronger audit processes. That would not eliminate all concerns however. Additionally, I have some other concerns that I am giving a lower priority and not including here because this is already long and some of them verge on movie-plot threat type of issues.

I hope SPD takes all of these concerns seriously.

Featured image “Street-level Surveillance” created by the Electronic Frontier Foundation and used under a Creative Commons Attribution license.

Swedish billing screws up

This afternoon I got a call from Swedish hospital’s billing office saying that I hadn’t payed my bill for my CT scan in March. I am working from a coffee shop.

I couldn’t get First Tech CU’s bill pay system to show me my detailed bill payment history, but I could see that there was a payment to Swedish. He looked around and found that payment on another account, and said he would transfer it over to the correct one. The call ended.

Two minutes later, I figured out the trick to get the bill payment system to show detailed history. And I found the payment. It wasn’t the one he found that he said he was going to transfer.

So I called back and got someone else. Talked to some other lady, and told her what I’d found. Told her to stop the first guy from doing whatever it was he was doing to transfer the other payment. I don’t think that happened.

Then I told her I have my bill payer up, and read off the payment amount and address. She tells me it’s the wrong address (provider office instead of billing office). I am wondering how I screwed that up, but it’s possible I think. She’ll track it down, she says. Phone call ends.

I am home for the night, and pull up my scanned bills. Huh. I have the address correct. Now I’m concerned that they really don’t know what the fuck they are talking about, because they ought to know the correct address.

It’s 12:30 in the morning, and I can’t sleep because this fucking screwup is occupying my brain. This is our fucking health care system. It’s not just the insurance. It’s that whenever you do anything, there’s a minimum of three bills. Each of the doctor, the facility, and the electric company at a minimum. Probably a few others too. Each of them has a pretty good chance of screwing something up. This isn’t the first time.

I want a goddamn case manager to deal with all this shit. I want the medical industry to do something about it. I want the government to do something about it.
There’s no goddamn good reason for this to be so complicated.

Adventures in medical insurance enrollment

When I put in my notice at the last job, I assumed my insurance would carry through to the end of the month. I had an MRI scheduled for my last day (a Friday), and the related oncologist appointment for the following Tuesday. In my exit interview at 1 pm on that Friday, I was informed that my insurance got cut off at midnight. I hadn’t read the documentation I was sent two days earlier closely enough.

So I scrambled to apply for insurance that day, rather than do it the following Monday as I’d planned. Got on WAHealthPlanFinder, put in my info, including that my last day of coverage was 3/24. Picked a plan. Got confirmation that night that I was approved and that I should call the insurance company (Regence) or go to their web site to pay. Start date 4/1.

Called the oncologist on Monday and delayed my appointment for a week. Called Regence to find out how to pay. They had no record of me. CSR said it took a couple of days to get in the system. That’s fine. I expect these things.

I get “secure email” from Regence on 4/3 saying they need a letter from my employer before they can approve my insurance, deadline 4/10. I submit it online the same day. Within the hour. On 4/5, having heard nothing, I emailed Regence asking what’s up. I get a non-committal response. There’ll be a new deadline if that doesn’t suffice.

On 4/10, having heard nothing I call my oncologist and delay the appointment until May.

On 4/11, I get a request for a document from my previous insurance, deadline for submission 4/25. Letter from the employer wasn’t good enough. Note that this is the day after the previous deadline. I immediately call Cigna, the previous insurance. The document from them arrives on 4/17, and I submit it online that day.

On 4/26 (the day after the deadline), having not heard from them and starting to worry, I call the underwriting department. They say they’ve approved it and I need to call the exchange to arrange payment. Payment goes through Regence anyway. So I call the exchange, they have no record of the approval and as far as they are concerned, it was approved on 3/25. I need to talk to Regence. So I call Regence again, the regular line this time thinking it’s out of underwriting’s hands. But the CSR just transfers me to underwriting. This time the underwriting person tells me the application was approved this morning at 10:36, but that there’s nothing they can do on their end to speed of processing any more. Later in the call, she tells me because it’s an exchange based policy, it will take 4 days to get the paperwork transmitted back to the exchange, rather than the normal two. This means that the earliest I would actually have insurance is the last day of the fucking month, but I’d have to pay for the entire month. But even that’s unlikely because after the exchange gets it the information has to be put back into Regence’ system for payment and then to send me my insurance card. So I won’t be insured until May at least, but I’ll have to pay for April.

And no guarantee that all this paperwork will be processed before my appointment.

So, frustrated, I file a complaint with the Washington Insurance Commissioner, explaining all this. Total delay that I’m responsible for is a few hours. Total delay due to Cigna is 6 days. Total delay due to Regence (and possibly some due to the Washington insurance exchange) is 27 days. So far. I request:

  • A refund of any premiums I have to pay for April.
  • That Regence word its document requests so that everything can be submitted in one shot, with requirements understandable to people who aren’t insurance terminology geeks.
  • That Regence staff its underwriting department sufficient that paperwork processing happens in a timely fashion rather than the day after deadlines.
  • A pony

I tweet the previous bit out too, tagging the Regence Twitter handle. That person wants my info and I’m reluctant to give it, having been on the phone for an hour today already. However, about an hour later she’s on the line with me and with the exchange at the same time, and the exchange is putting in a ticket to change my start date to 5/1. With the Regence person on the line, she doesn’t think there will be any problem approving it. It would have required me putting a request in to Regence and paperwork being sent back and forth without that. I also recorded all this portion. Thank you Google Voice! It’ll probably mean I get one set of insurance cards for a start date of 4/1, and a second set with a start date of 5/1.

I’d rather have gotten the insurance processed in a timely fashion, and my oncologist appointment not delayed for a month. But it’s better than nothing. And I still want them to rewrite their requests and staff the hell up. I doubt the insurance commissioner will order that however. Still, I hope Regence has to at least spend some cycles on responding to those parts of the request.

Anne Falconer (1926-2014)

I started working on my family history in 2010 at the request of my grandparents. I poked around for a while at my father’s side of the family. No one alive knew about our history before my great grandfather, Joseph Weiss. His father, Anton Weiss, died in 1910, and his mother, Clara Voigt, died in 1915. She had moved to California to reside with her children there.

That was family that none of us knew about any more.

I researched Anton and then began working on his descendants. Through that work and a little bit of serendipity, I got in contact with Anne Falconer. She is a great grandchild of Anton and Clara. Because Clara had gone to live with the California children, Anne had her photo album.

After emailing a few times, Anne very kindly made copies of the photos and mailed them to me. She even sent a 150 year old print of a photo of Joseph Weiss as a very young boy. The photos she sent were the first visual depiction of many of my family that I’d ever seen. The following was taken at Anton and Clara’s 50th wedding anniversary.

Anton and Clara Weiss 50th wedding anniversary group photo
Anton and Clara Weiss 50th wedding anniversary

I was browsing Find A Grave this morning and came across a memorial for Anne. She died a year ago. I never met her, but she was a help and inspiration for me early on in this pastime.

I was wrong: Droid 4 edition

Last year I my Droid 4 stopped working, and Verizon replaced it. The replacement Droid 4 was a refurbished phone, and the battery would not last me a full day. Righteously ticked off, I took the bus downtown to the Verizon store. In the 28 minutes it took me to get there, the phone’s battery dropped from 100% charge to 90%. I didn’t even turn the screen on. There was no reason it should use that much battery so quickly. At the Verizon store, rather than get my third Droid 4 in a year, I angrily paid full price for a Droid Maxx. Which I love, other than having paid an arm and a leg for it.

In December, I bought myself a Kobo Aura H2O e-book reader. I love the thing for lots of reasons. I got the bright idea to take the SD card out of my old Droid 4 phone and stick it in my Kobo so I could hold like a billion e-books. As I don’t use the reader daily, I didn’t notice something right away. The battery on the Kobo would last only several days. That baffled me for a time, until I Googled&reg battery issues with Kobos and SD card issues popped up as a possibility. After removing the SD card, the Kobo battery takes weeks to work through a full charge, even with frequent reading.

It wasn’t until several weeks afterward when I remembered where the SD card had been. So I charged up the Droid 4 still sitting unused on my shelf. It’s now been running 5½ days on that charge and is at 30%, albeit without any use except to periodically check the charge.

Droid 4
Droid 4

So now the Droid 4 is going to become a fancy alarm clock with a few useful internet capabilities like playing some podcasts I listen to in the evening.

Cleo as Colgate

My grandfather Cleo saved packets for many of his trips. He and my grandmother Vera were frequent cruisers. They are going to be awesome additions to the stories I can tell about them with genealogy. For instance, in June 1986, Cleo and Vera took a cruise through the Panama Canal on Sitmar Cruises T.S.S. Fairsea. The best part of this packet is the three photos of my grandfather from the cruise’ masquerade party. I never would have thought of costuming as Colgate toothpaste.

Colgate toothpaste costume front
Cleo ready for masquerade night
Colgate toothpaste costume back
Squeeze from the bottom
Colgate toothpaste costume in action
Wearing the costume at the masquerade

Update: Turns out my grandparents tried out the idea on an earlier cruise, in January 1983. That time my grandmother donned the toothpaste:

Vera wears a Crest toothpaste costume
Vera as Crest

Cleaning out

My desk is in a walk-in closet, which I use as an office. However, until January it still functioned as a cluttered closet in addition to being an office. A friend designed a shelving system for me and did the remodel work. That’s still not quite finished, as I need to replace the ceiling light. Photos once I do that.

As part of decluttering and reorganizing, I’ve been purging stuff so I can make better use of my space.

I reached a big milestone today. I have a four drawer filing cabinet (photo on left), three drawers of which were completely filled with old paperwork of mine. Over the last month, I’ve looked through every piece of paper in those three drawers. What I needed, I scanned. What I didn’t, got tossed straight away. Removing what I didn’t need to keep in physical form turned 75 linear inches of paperwork into 5 (photo on right). Half of that is for the purchase of my condo, which includes a voluminous resale certificate.

Old Filing Cabinet

New Filing Cabinet

I still have purging to do, but this was huge. I cleared away over 25 years of accumulated junk paperwork that I no longer need to protect or make space for.

401(k) expense ratios

It’s been years since I got to participate in a 401(k) retirement plan. Last time was when I worked at Expedia. I put the amount in that would maximize the employer contribution and didn’t pay much more attention.

The first thing I looked at this time was which investment options were index funds. There’s one index fund option for large-cap funds and one for small-cap funds. Out of 24 options, only two are index funds. That’s deplorable. To illustrate why, I dug around to find the expense ratios for the fund options. It wasn’t as easy to find as I would like, but when I did Fidelity showed it quite nicely.

Name Category Gross Expense Ratio Shareholder Fees
COMPANY STOCK Company Stock Commission on stock trades: $0.029 per share
MAINSTAY LGCP GR R1 (MLRRX) Large Cap 0.87% No additional fees apply.
MFS VALUE R4 (MEIJX) Large Cap 0.68% No additional fees apply.
SPTN 500 INDEX INST (FXSIX) Large Cap 0.05% No additional fees apply.
ARTISAN MID CAP INST (APHMX) Mid-Cap 1.03% No additional fees apply.
ARTISAN SM CAP VALUE (ARTVX) Small Cap 1.24% No additional fees apply.
VANG SM GR IDX INST (VSGIX) Small Cap 0.08% No additional fees apply.
FID DIVERSIFD INTL K (FDIKX) International 0.81% Short term trading fees of 1% for shares held less than 30 days.
DODGE & COX BALANCED (DODBX) Blended Fund 0.53% No additional fees apply.
FID FREEDOM K 2005 (FFKVX) Blended Fund 0.50% No additional fees apply.
FID FREEDOM K 2010 (FFKCX) Blended Fund 0.54% No additional fees apply.
FID FREEDOM K 2015 (FKVFX) Blended Fund 0.57% No additional fees apply.
FID FREEDOM K 2020 (FFKDX) Blended Fund 0.59% No additional fees apply.
FID FREEDOM K 2025 (FKTWX) Blended Fund 0.62% No additional fees apply.
FID FREEDOM K 2030 (FFKEX) Blended Fund 0.67% No additional fees apply.
FID FREEDOM K 2035 (FKTHX) Blended Fund 0.68% No additional fees apply.
FID FREEDOM K 2040 (FFKFX) Blended Fund 0.68% No additional fees apply.
FID FREEDOM K 2045 (FFKGX) Blended Fund 0.69% No additional fees apply.
FID FREEDOM K 2050 (FFKHX) Blended Fund 0.69% No additional fees apply.
FID FREEDOM K 2055 (FDENX) Blended Fund 0.69% No additional fees apply.
FID FREEDOM K INCOME (FFKAX) Blended Fund 0.45% No additional fees apply.
MIP II CL 1 Bond Investments 0.56% No additional fees apply.
PIM TOTAL RT INST (PTTRX) Bond Investments 0.46% No additional fees apply.

I’ve highlighted the index fund for large-cap and the option with the next lowest expense ratio, and the same for the small-cap index fund. Those percentages indicate the amount the fund managers skim off the top every year. As a retirement saver, you never even see it because they don’t list this percentage in how much you make. They could do this (examples use a 1% expense ratio for arithmetic convenience):

Investment    $10,000
Increase $500
Fee -$105
Total $10,395

Instead, they do this:

Investment    $10,000
Increase $395
Total $10,395

Notice in my example, the fee is a percentage of the total, not of the increase. An average fund manager might make the investor $500. An extraordinary fund manager might make $700. The average fund manager charges $105. The extra-ordinary one charges $107. Now, you might think you are getting a steal of $200 for only $2 more, but the real travesty is that the average manager gets $100 for very little work. To see that, look at an index fund.

The small-cap index fund I highlighted uses CRSP US Small Cap Growth Index to benchmark. Compared against their own benchmark, they lose over the last three months but just barely: return of 1.58% vs. the benchmark return of 1.6%. They compare very closely because all an index fund does is buy exactly what’s in the index.

For comparison, the actively managed fund uses Russell 2000 Value as it’s benchmark index. Compared against that, the managers lost 0.28% vs. the index’s gain of 1.78%. These managers are trying to beat the index by picking better investments than the index, charging for their “expertise”, and losing.

Now, that’s a short period of time and perhaps at other times the actively managed fund does better. But over time, index funds have better returns than actively managed funds. There are exceptions, but those options aren’t pertinent to the broad market investments that are available in a 401(k).

So basically, those investment options I have? I’m giving away $60 (for the large cap fund) to $115 (on the small cap fund) every year for nothing (on a baseline portfolio of $10,000). If I’m saving money every year for retirement, that amount grows every year, and cuts into the compounded interest every year.

All of this stuff is pretty well written about all over, but regular people don’t pay attention for a variety of reasons. I’m not naming my employer here, but they really should be doing better by their employees.

Genealogy and Family History: Class #2

A gave myself a couple of tasks to accomplish yesterday before the second session of my genealogy class. The first was to pick up the class packet from the copy center. The second was to pick up a Husky Card for access to the U.W. libraries. Both went swimmingly, so I got to my class early, hung out and read the text book.

The class was taught by James Rigali today. He’s the instructor for the history portions of the class. Topic was Organizing Historical Research Projects. After an overly long and fairly unimportant discussion of what is history? he delved into a basic method he wanted us to follow:

  • Pick a subject. At this point, I’m thinking of doing my project on either or both of my third great grandparents, Patrick Parker and Mary Murphy. (I’ve written about them on the blog before.)
  • Create an annotated chronology
  • Develop research questions, both historical and genealogical
  • Develop a bibliography. His overview included the following types of sources:
    • General books, including textbooks.
    • Scholarly articles (JSTOR)
    • Encyclopedias (he didn’t cover this one too much)
    • Historical books and magazines published at the time
    • Local histories
    • Historical maps
    • Historical photographs.
    • Newspapers of the time
    • History web sites
  • Sample Research Journal
    Sample Research Journal

    Keep a research journal. He didn’t really cover what to record on this, other than keeping what he called a two-sided journal. In other words, record what you are searching and reading on one side, and notes and thoughts on the other. He didn’t really seem like he’s embraced computer technology like I do.

Genealogy and Family History: Class #1

Tonight was the first session of my Genealogy and Family History class through the Continuing Education office at U.W. I don’t have a whole lot to report about the experience, as we did not cover any academic material today. The first half of the class the instructors reviewed the syllabus and their expectations. None of the work appears to be particularly difficult. Assignments include things like retrieving and printing a page from the census and requesting a vital record.

Wright County Iowa
Wright County Iowa

The second half of the class was dedicated to student introductions. Not so much tell us a little bit about yourself as tell us a little bit about your family. Throughout the introductions, whenever someone mentioned Iowa the genealogy instructor (the other instructor focuses on history) asked what part of Iowa. She mentioned she had a lot of interest in one county. About the 4th time she asked about Iowa, I realized that her name has been ringing a bell in the back of my head, and I realized why. She runs the GenWeb site for Wright County, Iowa. As I’ve documented here, my third great grandparents Patrick Parker and Mary Murphy Parker appeared to have ended up in Iowa. Four or five of their children were in Wright County Iowa, two others in Franklin County, the next county over.

I’m being taught by a person who has expertise in the genealogy and history of a specific county I’m interested in.