Surveillance infrastructure walking tour

Introduction

In this tour of downtown Seattle, we'll practice spotting some of the layers of the "smart" city that are hidden in plain sight, collecting and storing data about our lives, as well as the kinds of thinking that justify their existence.

The surveillance tools/sites that we will explore during this walking tour are:

  1. Surveillance Cameras
  2. Automated License Plate Reader
  3. Acyclica Installation
  4. Amazon Go
  5. Washington State Fusion Center
  6. AT&T Peering Site (NSA Wiretap Site)
  7. Traffic Camera

An organizer holds a copy of the People's Field Guide to Spotting Surveillance in front of a stop on the walking tour.

Resources

As we walk around downtown Seattle, we'll refer to this field guide.

Here's a map of the tour stops and route:


Click on each stop to pop up its location, and feel free to explore it on Google Maps, e.g. with Street View. The route spans 1.3 miles.

The full MyMaps can be found here.

Here's a picture of the tour route with a legend:


Below, we outline each of the surveillance tools/sites listed above, with some bonus material in the last section:

  1. Bluetooth Beacon
  2. The Westin Building Exchange
  3. Small Cell Antenna

To understand this tour in context, check out our blog post on the pilot countersurveillance workshop.

Surveillance cameras

As we walk around downtown, we'll see many surveillance cameras—and they'll see us.

(Note to facilitator: Along the first leg of the tour, before arriving at the first stop, point out the surveillance cameras that the tour participants pass.)

A surveillance camera on 3rd Street, watching the AT&T peering site (NSA wiretap site).

Stills from live feeds of Internet-connected surveillance cameras that Insecam advertises to be in Seattle.

Overview

How do you think a surveillance camera sees you?

It's not hard to get a sense of how a person sees you. The more you get to know a person, the more you get a sense of how they feel about you through what they do and say. If they like you personally, or they hold a prejudice against some part of who you are, it'll likely come out in conversation.

A surveillance camera, though an unblinking and unbreathing machine, also sees you in a certain way. All the hardware and software of the camera, as well as the people "inside" the camera, together encode a certain kind of gaze. Based on what they see, they might act toward you in some way. But unlike a person, there's no two-way flow of information, and no explanation for something that happens.

Cameras have always seen some people better. More broadly, sensors have always been built by certain groups of people to sense certain groups of people better than others.1 In her book "Darkness Matters," Simone Browne argues that biometric technology privileges whiteness and is troubled by "dark matter":

Dark matter being those bodies and body parts that trouble some biometric technology, like dark irises or cameras that "can't see black people" or that ask some Asian users, "Did someone blink?" When particular surveillance technologies, in their development and design, leave out some subjects and communities for optimum usage, this leaves open the possibility of reproducing existing inequalities. (163)

And seeing and sensing have always been used as forms of control, especially over black and brown bodies. As Browne writes, "some light shines more brightly on some than on others... [and some] technologies of seeing [seek] to render the subject outside of the category of the human, un-visible." (68)

Question: How do you think a surveillance camera sees you? What have you experienced in Seattle?

Just walking around, we've been spotted by many surveillance cameras watching us. But again, a surveillance camera is not a person.

Question: How does a surveillance camera differ from an eye? How does a surveillance camera differ from a random passerby looking at you?

Let's get specific about the hardware, software, and people operating it. (several answers included below)

Question: Now that we've broken down why a camera is not an eye, what do you all think is a better way to understand a street-level video surveillance system?

To understand surveillance, we also need to watch. Let's try and get a sense of that.

Question: Who's watching? What's it like on the other side? Has anyone here worked as a security guard? Can you tell us about your experience? What can a camera see, and what did you see?

The people who are watching can see a lot. Often data is piped to centers in cities called "real-time crime centers" to be displayed and analyzed. (Possible activity: You're the voyeur)

"The biggest thing I've come across over the years working security is how much people think they can get away with things, or operate under the assumption that there aren't cameras in an area, or the cameras aren't recording. Which, to be fair, that's sometimes the case. But 99 percent of the time, if they've done something stupid, it's probably on camera. A control center operator has probably seen it or has been asked to look into it and found it."

One recent example of seeing as a form of control was when the Seattle Police Department installed a SkyWatch tower in a parking lot in a Safeway in South Seattle, a heavily Japanese neighborhood. According to Stanley Shikuma, a board member of the Japanese American Citizens League's Seattle chapter, this tower sends a clear message: "You are being watched. We have you in our sights. And like [at] the [Japanese internment] camps, the intent is to intimidate rather than protect."

Coverage of this tower pointed out the police's use of surveillance, which they justified by pointing to high crime rates, was just a band-aid on symptoms that arose from the underlying issue of a destruction of community.

The Silver Fork was a place to get hot links, grits, a middling cup of coffee and the company, mostly Black, of your neighbors and community leaders. It made the space feel activated, vibrant and safe, the kind of place you wouldn't mess with because it was familial.

But Safeway replaced the restaurant with a gas station and convenience kiosk.

This story shows how we can resist the way of thinking that props up the practice of surveillance. Justifications like "crime" are really symptoms of deeper causes that only will only be exacerbated by imposing coercive technologies from the top down. Instead, we can imagine and build futures that decenter control and center community.

In general, widespread video surveillance systems threaten individuals' privacy, anonymity, and freedom of movement, and they're vulnerable to abuse by people and institutions. They're expensive systems that aren't proven to "stop crime" or make people feel safer. The risks far outweigh the benefits!

One way that activists have resisted these systems is by "watching the watchers." Groups in cities including NYC, LA, Chicago, and Seattle have worked on photographing surveillance cameras and mapping their locations, to make a usually opaque system more transparent to the public. We could join in that action right now as well. (Possible activity: Spy v. Spy)

Activities

Spy v. Spy: First, discuss the field guide to spotting surveillance cameras, which gives more concrete details on kinds of cameras, how to spot them, and where they are usually found. Next, split up into pairs. Each pair competes to find, photograph, and map the most surveillance cameras in downtown. (Of course, be aware of your surroundings, be safe, be prepared for questions, and only photograph cameras in outdoor public space. Yes, what we're doing is legal.)

Discussion

You're the voyeur: Look at unsecured security cameras in Seattle on Insecam.

Discussion

Discussion

Further reading

Seattle-specific

Overviews

Other references

Automated license plate reader

Visit an automated license plate reader (ALPR) at 699 Spring Street, poised on the ramp onto the I-5 Express highway that cuts vertically through downtown Seattle.

An automated license plate reader at 699 Spring Street.

Video approaching an automated license plate reader mounted above an onramp to a highway.

A map view of the ALPR showing the surrounding neighborhood and proximity to the highway.

Overview

Automatic License Plate Readers (ALPR), unsurprisingly, capture the license plates of cars that drive by. License plates are important because they uniquely identify a person—the government can look up who a license plate belongs to at a DMV. They are posted in street corners around Seattle. There is no public map, since the city doesn't want to lose money from people evading speeding tickets.

Well, if you're not speeding, so what? First, ALPRs take pictures of your license plate even when there are no traffic violations. According to the city of Seattle, this is to keep track of traffic congestion. Second, with ALPRs located in many places around the city, the government could conceivably track your location, or the location history of any given person. Where you go can reveal a lot about you and can be used against you—for example, the NYPD collected license plates of people parked at mosques, in an "unapologetic approach to protecting the city from terrorism." Third, who gets access to this data, and how is it stored? Although Dept. of Transportation employees receive "training" to use the system, what prevents a malicious user from tracking their ex-partner, and is there any oversight? Currently, there is no legal requirement to audit or delete this data.

Discussion

Further reading

Acyclica installation

Visit the Acylica installations + Skywave antennas at Spring & 5th and Spring & 4th.

An Acyclica installation at Spring & 4th.

Video approaching the Acyclica at Spring & 4th, also showing nearby pole-mounted traffic camera.

Overview

The writer Heinrich Boll tells the story of a veteran who becomes injured in the war and is assigned a job counting people for the city government:

They have patched up my legs and given me a job I can do sitting down: I count the people crossing the bridge. They get such a kick out of it, documenting their efficiency with figures; ... my soundless mouth ticks away like clockwork, piling number on number, just so I can present them each evening with the triumph of a figure.

They beam delightedly when I hand over the results of my day's labors, the higher the figure the broader their smiles, and they have every reason to hug themselves when they climb into bed, for many thousands of pedestrians cross their new bridge every day...

Horse-drawn vehicles are, of course, a piece of cake. There's nothing to it. There are never more than a couple of dozen horse-drawn vehicles a day, and to tick over the next number in your brain once every half hour—what a cinch!

This is how "smart cities" used to work before people invented technologies to track and sense other people. Fast-forward thirty years, and the Acylica system is the latest step in the trend of private companies selling smart technologies to knowledge-hungry cities. What the veteran does is basically what Acyclica does: it counts people and cars so people in the city government can know more about flows of traffic and pedestrians, and maybe try and alleviate traffic. The Crosscut article reports:

The new system will provide a much more detailed picture [of traffic]: while Bluetooth readers capture 5-7 percent of cars passing intersections, the Wi-Fi readers capture nearly 50 percent from cars with smartphones or tablets with Wi-Fi turned on.

As the car passes more readers, algorithms are run to calculate speed, distance, time and general behavior.

The way that Acyclica tracks people is a really souped-up way of assigning a soldier to make tally marks on paper whenever a horse-drawn carriage passes by. It counts cars by exploiting the poor design of the Wi-fi protocol (the protocol that governs how devices connect to networks wirelessly). The Acyclica device is a little gray box with an antenna that casts a fake Wi-fi network and tracks the phones and computers that try to join the network as they pass by in passing cars. Different Acyclica installations can track your devices' unique identifiers as you pass them in the city.

Why is Acyclica able to do this? Well, you ever wonder how your phone or laptop auto-connects to Wi-fi networks? To do this, your device is shouting to the world a ton of your personal information in something called a probe packet. A probe packet contains the unique name of your device (called a MAC address—which is kind of like your Social Security Number, but for a device), as well as the list of all the past Wi-fi networks that your device has tried to join before. The Wi-fi protocol design is widely recognized to be a privacy disaster, and not only is Acyclica exploiting it, but many other advertising and surveillance firms have built similar devices, for example sticking devices in trash cans to track shoppers as they walk around a mall:

The marketing materials don't say this, but it might also be possible to attach specific attributes to the MAC addresses that are collected. A phone that goes into the women's room probably belongs to a female, for instance, while a MAC address entering the Big and Tall clothing retailer probably belongs to a person of large carriage.

So yes, while we are standing here right now, this little box is collecting your phones' names, and as we pass different boxes, the system will gather our data and collate our movements. The simple but ungainly way to protect yourself is to turn off wifi on your smart device, or to not carry a smart device. However, that doesn't scrub your data or protect others.

Question: How do people feel about how Acyclica is collecting their data? What could go wrong? What does the process of coercive data collection "feel" like—a mosquito bite? a highway robbery?

This technology raises many questions around data privacy and consent. How long is data stored? How is data transmitted? Who has access to view this data? How is the data anonymized? Acyclica collects incredibly sensitive information at a high detail of granularity about people's movements around the city. Were members of the public asked for consent before the system was installed? No. As one citizen commented during a Seattle Surveillance Ordinance hearing:

I certainly have not agreed for the city of Seattle or any vendors to track the position of my phone as it moves throughout the city whether or not that data is properly anonymized.

One big issue is data escaping scope. The Seattle city government may promise certain things about the data, but data that govermnment agencies collect historically has a funny way of being stored for longer than promised and shared with other agencies (like ICE or law enforcement) or quasi-private entities (like Palantir) and used to circumscribe the movements of members of marginalized communities.

We need to question the surveillance thinking that props up this Acyclica installation. The Crosscut article finishes with one prime example:

In this case, the ultimate question may be what concerns people more: the specter of overly surveillant law enforcement, or the prospect of spending yet another hour stuck in traffic?

We can resist the assumption that there's a tradeoff, that without the current surveillance technology which is assumed to work perfectly and already "waiting in the wings," we will suffer a terrible loss of convenience, a return to the "bad old days." This is false. Where is the proof that the tech works? Do we need to count in the first place? And don't we have the imagination to propose a way to count cars without gathering granular location data? We can resist the slow erosion of privacy in the name of convenience and intelligence.

Discussion

See inline questions above.

Further reading

Directly Acyclica-related:

Related references on how Acyclica works by exploiting the Wi-fi protocol:

Other

Amazon Go

Visit Amazon Go, a surveillance-powered convenience store at 2131 7th Ave.

Outside the Amazon Go store at 2131 7th Ave. (Source: Google Maps)

Inside the Amazon Go store. Notice the ceiling consisting of cameras. (Source: Google Maps)

Overview (longform)

Amazon Go is a convenience store without cashiers. Instead, cameras track your every move inside the store to determine what objects you've taken from the shelf, as well as your browsing habits, such as how long you hesitated before taking an item or whether you put an item back.

Is it a big deal if Amazon knows that you like bagels over waffles? Well, maybe not in and of itself. But be aware of a few things. First, Amazon is probably combining your data from the physical Amazon Go store with data about your online purchases. Say you've bought an item that reveals your political or religious beliefs—Hillary Clinton's book, a Hanukkah decoration—and you also get a coffee every day at 8am. Now Amazon knows about your beliefs and where to reliably find you. What happens if those beliefs become persecuted? [e.g., raids on Muslim-Americans].

Second, once Amazon has your data, you've implicitly consented to whatever they want to do with that data. One way data is often used is to draw conclusions for advertisements. Ads have the power to shape individual beliefs and behavior—think about how teenage girls are affected by ads depicting impossible beauty standards. Targeted ads, which show ads based on your purchases and behavior, has an echo chamber effect, where the things you see reinforce your beliefs, which reinforces what Amazon shows you.

We don't necessarily know how else data is being used, because there is little legal oversight. Can Amazon sell this data to the government? Can Amazon track your location, based on what stores you go to? What if Amazon is accidentally storing your data insecurely, and an employee can access it? Can Amazon use the photo of your face to generate other face photos? All of these situations have happened in the past.

Amazon Go is a tradeoff between convenience and surveillance. Day-to-day, surveillance is a mostly invisible price to pay, but it has the power to shape individual behavior as well as society.

Breakdown (for facilitator)

What is Amazon Go?

Why does it matter if Amazon knows that you like bagels over waffles?

What’s so bad about patterns?

What does this mean for you?

Discussion

Further reading

Washington State Fusion Center (WSFC)

Visit the Washington State Fusion Center (WSFC), in the Abraham Lincoln Building at 1110 3rd Ave in Seattle. Just a floor above, you’ll also find the FBI’s local headquarters.

The outside of 1110 3rd Avenue. (Source: Google Maps)

Video walking by the front of the Washington State Fusion Center (right).

Note to facilitator: This stop is not yet present in the People's Field Guide zine.

Note to facilitator: You should walk past the WSFC and 1122 3rd Ave (which will be both be on your right) and take a right, around the corner, to go up a slight hill, then turn around. On your left, you'll see the side of the AT&T building depicted in the second photo below. In front of you, at the street corner, you'll see the traffic camera in the last stop.

Overview

The location of this fusion center represents a focal point of infrastructure and power. What is being melded together at these fusion centers?

Fusion centers popped up in the years after 9/11, particularly from 2003-2007, from an infusion of homeland security grants. This fusion center's location downtown is no coincidence – the office represents a portal linking local, state, federal governments with private companies and civilian reports, all in the name of broad public safety.

This marriage between federal agencies including the CIA, FBI, Homeland Security and other federal bureaus brings a level of national scrutiny to the local level, with individual reporting made possible through the Nationwide Suspicious Activity Reporting (SAR) initiative.

Seattle's fusion center seats a team of 15-30, with full time intelligence officers from the Seattle Police, County Sheriff, state investigators and analysts. These center employees are linked through the State Intelligence Network to every law enforcement agency in the state, and have access to the FBI both through their computer systems as well as through a security corridor linking them to the FBI's own Field Intelligence Group office on the floor above as well as the Puget Sound Joint Terrorism Task Force.

It might seem strange to have such a concentration of investigators in downtown Seattle, but fusion centers are also typically located in urban centers to put them in the center of multiple agencies that administer public safety needs, fire, emergency response, public health providers, and private sector security agencies.

These fusion centers have emerged as the physical manifestation of a long history of turning a watchful eye on state external threats domestically. Many of the Center's success stories involve blanketing private and local partner information databases and in order to apprehend targets.

In 2007, photos of two Arab-appearing men on a Washington State ferry were flagged to the FBI and fusion center employees as "looking suspicious." After nine months of investigation, the men identified had to go to a U.S. embassy in Europe to make clear that they were in fact just European business consultants who took a ride on the ferry in their visit to Seattle.

Seattle's most famous case involves the arrest of anti-war Port protestor Phil Chinn, a student at Evergreen State College who was arrested during an anti-war protest in May 2007, organized by a coalition of anti-war activists in the Olympia and Tacoma areas – Students for a Democratic Society (SDS), the Wobblies, and others. The activists had been infiltrated by an army intelligence officer who disseminated protestor information through the fusion center.

Chinn's civil lawsuit of false arrest was settled with state patrol and Grays Harbor County and city of Aberdeen, with implications of a violation of First Amendment rights to free speech. Additionally, the direct involvement between military and local law enforcement, enabled through the intel-sharing of the Fusion Center, violated the Posse Comitatus Act.

Though the history of monitoring activists and racial profiling is not new, this center represents an "information superhighway" that makes such activity easier than ever.

Discussion

Further reading

View from the inside

AT&T peering site (NSA wiretap site)

Right next to the Washington State Fusion Center, you'll find 1122 3rd Avenue, a site for AT&T peering and one of the NSA's eight wiretap rooms in the FAIRVIEW surveillance program.

A group of tour participants walks away from the AT&T peering site, which is also an NSA wiretapping site in the FAIRVIEW program.

1122 3rd Ave, a nearly windowless building, looms high at night.

Video walking by the front of the AT&T peering site (NSA wiretap site) and taking a right to look up at the building's facade.

Overview

This stop on the tour highlights surveillance at the federal level, how surveillance relies on cooperation between the private and public sectors, and the dragnet quality of digital surveillance.

AT&T handles a lot of data. According to The Intercept, "As of March 2018, some 197 petabytes of data – the equivalent of more than 49 trillion pages of text, or 60 billion average-sized mp3 files – traveled across [AT&T]'s networks every business day." Because AT&T's so big, it's called a Tier 1 provider, so other networks exchange their network capacity with AT&T (called "peering") or pay AT&T to transmit traffic on its network (called "transit"). The way that two networks peer is that their infrastructure physically meets in a building, often via an Ethernet switch in a carrier hotel or a "meet-me room," so data can be exchanged between the networks. That's what's happening in this building and in the Westin Exchange.

So, even if your Internet service provider isn't AT&T and you don't live in the US, if your provider peers with AT&T anywhere in the chain, your emails and Facebook messages might enter AT&T's network, onto US soil, into one of the AT&T peering hubs, where NSA equipment can siphon it off to Maryland to be stored, processed, collated against your profile and that of people you know.

The NSA is able to spy on massive amounts of Internet traffic passing through the US because of its partnership with AT&T, even lauding AT&T's "extreme willingness to help." The NSA can read non-US citizens' communications with impunity. For example, the NSA has used its wiretap hub in NYC (called Titanpointe) to eavesdrop on the phone communications of the United Nations, the World Bank, and at least 38 countries, including allies like Germany, Japan, and France. However, there are regulations against reading US citizens' communications.

The eight NSA hubs, or AT&T peering rooms, for FAIRVIEW are in Seattle, San Francisco, New York, Chicago, Dallas, Los Angeles, Dallas, DC, and Atlanta. Is NSA equipment still in this building, intercepting communications that pass through Seattle and funneling it to Maryland for NSA analysts to look at? Yeah, probably. Incidentally, this location is very close to both the FBI Seattle office and the Pacific-1 intercontinental undersea cable.

Discussion

Further reading

Traffic camera

Visit the traffic camera at 3rd Ave & Seneca Street.

The traffic camera as it observes this intersection in downtown Seattle at night.

A traffic camera on 5th St.

A traffic camera on 3rd St.

Video approaching a traffic camera on 3rd St.

Seattle Department of Transportation's map of traffic camera locations in Seattle.

Overview

See automated license plate reader.

Discussion

Other surveillance infrastructure

How to use this guide

This guide can be used as a reference for a self-guided tour or as a playbook for a facilitator leading a tour.

If you're using this as a self-guided tour:

If you're using this as a facilitator:

Bluetooth beacon

We will visit Bluetooth beacons at a commercial location (TBD).

If a personal investigator were to follow you on a shopping trip, here's what they might write down about you:

At 3:31pm today, you entered the local Target. You walked past a display of Chips Ahoy and ever-so-briefly paused (noted). You saw a display of black shirts (noted) and spent 5.5 minutes examining them, spending 90% more time near the medium-sized rack (noted).

Bluetooth beacons are like a personal spy for stores. Beacons can know exactly where you are in a store—not just "you are at Target" but "you are in the center of snacks aisle, standing next to the applesauce."

Knowing your exact location is really useful if you're a spy (or a marketer)! When you walk past the applesauce, the Target app can offer you a deal to motivate you to make a purchase. If you paused next to chips but then continued on, Target might send you a coupon to sway you to get the chips next time. The data from the beacons might also be used by other people—either Target rented them out, or the beacons were not secured—so you don't really know who is collecting your data, or what they're doing with it.

Question: Why is it necessary to know someone's exact location? How would life be different if this capability was taken away?

Personalized ads, like offering you a deal when you pause next to an item, is only possible if the location is very granular - up to a few inches. Otherwise, the app might end up offering you a deal for cat food when you're looking at dog beds! The fine-grain ability is what sets bluetooth beacons apart from other location tracking, which is usually on the order of several yards. (See the below section 'How are Bluetooth Beacons different from other types of location surveillance?').

Below is a clip from the movie Minority Report illustrating a world with real-time personalized ads in stores. This is what's already happening, but the ads are push notifications your phone instead of a talking face on a big screen!

Video


Question: What motivates the developers of apps to make the app compatible with Bluetooth? Who exactly are these app developers?

Big Tech in Beacons: Apple, Google, Facebook and other big tech companies have had a large role in developing Bluetooth beacons. All three companies have their own beacon products. Apple developed iBeacon, the technological standard for communication between apps and the beacon. Google and Facebook have both mailed beacons to stores and small businesses for free and created their own developer tools for easy usage.

Why would Big Tech get involved? For one, the beacons may be integrated with another product. For example, Facebook's Bluetooth Beacons automatically push notifications containing Facebook Place Tips, including prompts to like the business's page on Facebook or to check in on Facebook (source). Big Tech companies may also be eager to "join" the beacon data with other data they already have about you.

Bluetooth beacons really are in Target and Walmart, and other stores you know. The top retailers include McDonald's, Macy's, Rite Aid, and Urban Outfitters.

Activity: Beacon Hide and Seek - Are there beacons in this store?

Download an app like Beacon Scanner on your phone and scan for beacons when you enter a store.

Bluetooth beacons gather data about you by pinging a compatible app on your phone when you walk past. The app could be the Target app, or an innocuous-seeming news or weather app that also has Bluetooth location function. (If you have no such app, you're safe.)

Activity: Phone Checkup

  • Turn off bluetooth on your phone. (Note that it is separate from location tracking! See [here] (https://qz.com/1169760/phone-data/).
  • Check what apps currently have Bluetooth abilities in your phone.
  • On Android: Go to settings. Security and privacy, then Permissions, then Turn Bluetooth on, Access_fine_location

Beacons are in stores and malls, and also in places like airports, public transit, gyms, museums, and more. Do you remember consenting to having your location exactly tracked, or having this data sold to… whoever? Would you be surprised if a personal investigator followed you to these places?

Question: What rights do people have in public places (like subway stations)? What rights do companies have in public places? Is it different if you're in a store? What is the current status of regulation?

The most recent applicable laws were written in the 1980s, for a very different world.

First, it may not even be illegal to hack a Bluetooth beacon. The most relevant law might be the 1984 Computer Fraud and Abuse Act, which is used to prosecute hackers and prevent unauthorized access to computers. But do beacons count as computers? It's unlikely, since even smartphones are a gray area - "It is possible that a court of law would consider a smartphone to be a type of computer." (Privacy Rights Clearinghouse)

What about the actual location data, which is sensitive? With a few exceptions, it's not regulated.

"Federal law does not directly regulate location tracking or the collection, sale, or use of personal location data." (Business Law Today)

Even when location tracking is regulated, the requirements "generally apply only to the initial data collector," - in our case, the app that initially connects with the Bluetooth beacons. The data that the beacons collect is regularly resold or used for some opaque purpose, but there's no regulation around this:

"(1) identified location data is regularly acquired and used by third parties with whom the individual has no direct relationship, and (2) de-identified or anonymized location data is regularly combined with identified personal data and used by third parties with whom the individual has no direct relationship to compile comprehensive profiles of the individual. These secondary-market practices are not currently addressed by U.S. law." (Business Law Today)

A new law in California, to go into effect in 2020, is the first to tackle "Security of Connected Devices," requiring devices such as Bluetooth Beacons to have "reasonable security features." (source). However, it's not specified in the law what security features would count.

What if location tracking was opt-in? Currently, in the EU, websites with cookies are mandated to alert users of their cookie usage, and provide a "opt-in" button to explicitly click. Perhaps a similar law could take effect for location tracking:

"If the sellers of mobile phone applications are obliged to use similar pop-up windows when collecting location data, users would be aware of the fact that their location data is being collected. The screenshot below displays a sample pop-up window that can be used for obtaining users' consent to collect location data from beacons." (Infosec Institute)

Expansions - Additional Info for Facilitators

Below are some additional topics, FAQs, and responses to discussion questions, for facilitators to read through. It's intended to help the facilitator prepare, and which sections to be incorporated is up to them.

FAQs

How do Bluetooth Beacons really work?

Here's a great succinct explanation and image from a beacon manufacturer (source):

"Let's assume beacons are deployed at the entrance of a coffee shop.

  1. These beacons transmit signals in its range. [Ed: Beacons are constantly transmitting small packets of information, waiting for a phone to pick it up. You can think of the beacon as a bat making echolocation noises every so often to see if there are prey (the phones) around.] The range of beacons vary from 20m to 300m.
  2. Smartphones in the range of beacons is itself indicating that the smartphones are nearby.
  3. The smartphone then sends the ID number attached to the signal to the cloud server. [Ed: You can think of the cloud server as "facebook.com" or "target.com", some central faraway place that is gathering and processing information.]
  4. The server responds with the action linked to the beacon ID. It could be a notification introducing a new appetizer in the cafe, combo deals, video of coffee making or a feedback form!
  5. These notifications drive customers to a webpage, a form, a phone number or whatever you plan to do."

How are Bluetooth Beacons different from other types of location surveillance?

Here's a great succinct explanation and image from a beacon manufacturer (source):

Great question! Bluetooth may seem similar to Acyclica in that they both use small devices in public places to track people. It may even seem similar to apps on your phone that use GPS, since they both end up tracking location.

What sets Bluetooth beacons apart is its granularity - it can work well indoors. GPS is accurate up to a few meters, making it only useful for outdoor location; Bluetooth is accurate on the order of centimeters. GPS can know whether you are at the mall; Bluetooth can know which store in the mall you're in and even which clothing display you are next to.

Next, Bluetooth beacons are efficient and easy for stores to adopt. Beacons are really cheap - a beacon costs less than 25 dollars, and many big tech companies give them away for free. They don't require an internet connection, and they can run on a few batteries for a long time.

Additional Discussion Questions

Further reading

Small cell antenna

Along the way, we will have passed many burgundy antennas installed on utility poles. Those are small cell installations for 5G.

Discussion

The Westin Building Exchange

Visit the Westin Building Exchange, a carrier hotel in downtown Seattle that also houses a meet-me room and the Seattle Internet Exchange.

Discussion

Surveillance infrastructure in other American cities

Overall discussion

After taking participants through the walking tour, it's good to bring folks back to a room and have a group discussion of what folks just experienced. Some possible questions are:


  1. For an example in another medium, see: A Century of "Shrill": How Bias in Technology Has Hurt Women's Voices