Week 6 discussion

Just thinking through some of the things that came up in today’s discussion…

it overwhelms me to think about the level of surveillance that undocumented people face. this Tuesday, when we have Franklin Bynum come and speak, I’m going to ask him about his experience as an attorney for undocumented people and how he’s seen surveillance data used against them directly in their cases. from what he’s told me, it has a lot to do with building minor criminal charges against them, then using that to begin deportation proceedings.

Someone asked if Signal is resistant to cell site simulators. Dia answered that partly, but just to expand – one of the features of a cell site simulator is that it can listen to unencrypted calls in real time and also can intercept unencrypted data. Signal beats both of these with both encrypted calls and texts. iMessage and FaceTime are also encrypted so would likewise be resistant. But cell site simulators may still be able to intercept the metadata. We’ll talk more about that with Freddy Martinez next week.

Here is some more info on some of the tech Dia mentioned (Freddy will cover these more next week too):

Dia mentioned the activists John and Bonnie Raines, who were part of the Citizens Commission to Investigation the FBI that revealed the COINTELPRO program in the early 1970s. I highly recommend the documentary 1971 about this operation!

Lastly, in the midst of all the recent ALA nonsense, I’m thinking about the case studies from this week about how immigrants’ rights activists are being targeted for deportation FOR THEIR SPEECH. Where’s ALA on that, I wonder?

@alison The readings from each week are all building upon each other, so it’s a little difficult to remember which specific article went with which week, but I was thinking more about some of the readings and discussion about hidden tracking apps that domestic abusers (or others) sometimes install on their victims’ phones–specifically the ones that have invisible icons so it wouldn’t be obvious to the user that it’s there. Do you know of a diagnostic tool that one can use to see if such a thing is installed? What do you think you would recommend to a patron who suspects something like that?

@clobdell I don’t know about any diagnostic tools like that except for maybe some anti-malware app like MalwareBytes. What I’d recommend to a patron who suspects something like that is this resource: https://hackblossom.org/domestic-violence/threats/monitoring.html

Basically, if they think it’s happening they should wipe their phone and reinstall their operating system. They can probably safely back up contacts and photos, unless they think their abuser has access to their cloud data, but that resource has information about what to do in those scenarios too.

1 Like

@alison, as I’m thinking about the questions for this week, I actually find myself wondering about the open forum that we have. Like, I would love to talk more concretely about some of the concerns we are working through for undocumented folks in our community, but I have real reservations about doing that with any specificity on this totally public forum. When should the learning that we are doing – or maybe, the problems we are working through, be private?

Which is also to say:

Ditto that, so hard.

@kellymce we can make private threads that only members of the cohort can see! I will make a new private thread to demonstrate.

The idea of holistic security has me thinking. Kayyali said they avoided digital security tutorials because it separates the physical and psychosocial security from digital security.

Community agreements reminded me of the need to have a plan in the place on how to deal with warrants / subpoenas at your library. That way when someone comes and asks for something, you know how to respond.

I’m thinking back to the spectrum of threats from clandestine data mining > to abusive personal relationships > killings. I’m thinking about XKCD comic “oh my crypto is so good” but they just hit you with a pipe until give up your passwords. Library equivalent: we teach people all these privacy tools, we work to institute policy and praxis about patron PII, and then all it takes is one racist staff member to call ICE. Would this be an example of digital security being separate from physical security. (Related: is ALA explicitly saying “hate groups” have a right to meeting spaces a threat to physical and psychosocial security while ALA touts pages of digital security guidelines?) Those are two examples but really an open question for me is how to make digital security trainings more holistic.

Kayyali dropped the term sousveillance. I had to look that up. Interesting concept with a lot of implications. One avenue: best way to deal with guns is more guns. Best way to deal with cameras is more cameras? That’s only one avenue. I’m keep running up against thoughts about when transparency is required vs when privacy is required. Who and when should these obligations be applied?

For everyone else’s reference: https://www.xkcd.com/538/

What you bring up here gets back to threat modeling, which if done well, considers security/privacy holistically just like how Dia described. Your example is a great one. How would we threat model for a situation where a staff member calls ICE on patrons? You can’t easily predict whether or not that hostile staff member exists (in most library environments, staff are not exactly going around sharing their vile xenophonic opinions right?). So that means you have to act in order to minimize the possible harm that such a staff member could cause. Let’s think this through. Is there any data that the library collects that could possibly reveal a patron’s immigration status? Well, then the library should cease collecting that information, and destroy all such existing records. Or maybe this is a place where community agreements could come into play, although community agreements require a high measure of trust. I’d like to hear what others think about this too.

yuppppppppppppppppp you nailed it.

You’ve shown here how easily sousveillance can cut both ways. I think often about the surveillance implications of police body cameras, and I oppose them because they create new privacy violations in communities. WITNESS (Dia’s organization) addresses this conflict pretty well I think, helping people use sousveillance without creating new unintended consequences.

For me it’s privacy for individuals, transparency for institutions, and I consider individuals within powerful institutions to count as part of those institutions. Like politicians. But there are always grey areas, and that’s why we should talk it through!

Baltimore has, like many places, had increased ICE raids but I must admit that I haven’t kept myself terribly well-informed. It’s also not something that has come up visibly at work, though I’m sure we have patrons who are undocumented. (But I wouldn’t really have a way of knowing unless someone stated it, which of course is unlikely to happen.)

A couple of things in the readings this week stood out for me.

  • The article about Trump expanding immigration officers’ power struck me. In it, lawyers “said that the enforcement provisions likely couldn’t be challenged in court simply for how they are written,” but may be able to be challenged if they result in racial profiling. …It just seems pretty absurd that we have to wait to see the racial profiling that is very obviously going to come out of this before it can be challenged.
  • From the WITNESS info about Facebook mentions that DHS uses “some level of automated analysis of data” but that “the full extent is unclear” - this could mean so many things, and I want to know more! I know that we’ll talk more about law enforcement surveillance in coming weeks, and I hope this is part of it.

It’s also EXTREMELY hard to bring a civil rights case forward with a racial profiling challenge. Michelle Alexander talks about this in The New Jim Crow. Basically the issue is that you have to show racist intent, which is nearly impossible to do. You can have the most blatantly obviously racist action, but if you can’t prove what the person was thinking at the time, you can’t mount the challenge.

We will, and if it doesn’t come up please make sure to bring it up with Freddy on Wednesday (or with Franklin tomorrow). There’s so much opacity to what law enforcement does with surveillance tech because they’re shielded from disclosure by things like national security provisions (meaning that when they say “oh we’re doing this for national security reasons” they don’t have to disclose their actions). It’s why leaks are so important in this realm, because otherwise we’d never know what was really happening. Thanks, Snowden (and many others)!