by Marilyn Fidler. Originally posted on LawFare

In late November, a California state court issued a final decision interpreting a 2015 California state law regulating government agency use of cell site simulators, devices that can be used to locate and track cell phones. The devices are commonly known as “stingrays.” The challenge—the first brought under this law—argued that the City of Vallejo was not in compliance with the law’s requirement that a local public body approve, at a public meeting, both police acquisition of the technology and a policy determining how and when these devices can be used. The court upheld this view of the law, providing an important victory for transparency.

Stingray devices present serious privacy risks because they allow law enforcement to track the physical location of anyone with a cell phone in real time. Originally billed as anti-terrorism tools, police often use them in routine investigations of nonviolent crimes. Furthermore, stingray devices can access data about all phones in an area, ranging from a few hundred yards to about 2 miles, even if the police are interested in only one device. Because of these “dragnet” capabilities, I and others have argued that localities should have the opportunity to decide if and how stingray and similar devices should be used in their communities. The California state law mandates this local decision-making process, providing an opportunity for needed transparency and democratic oversight.

The law was untested in court, allowing localities to interpret the law to their benefit, which, for city governments, often means the least resource-intensive view. Vallejo, for example, argued that as long as someone in the city government created a usage and privacy policy, it was in compliance with the law. The court’s ruling reaffirmed that a public decision-making process about when and how these devices are used is required by law.

by Nadia Lopez. Originally published in the Fresno Bee

The Fresno County Sheriff’s Office is being sued for failing to release records about its use of surveillance equipment, location tracking technologies and data collection operations, according to a lawsuit filed last month.

The Aaron Swartz Day Police Surveillance Project, a watchdog group named after the late computer programmer and hacker, filed the lawsuit in November with the Fresno County Superior Court after more than two years of attempting to retrieve documents.

According to the lawsuit, the group made six public records requests between December 2018 and January 2019 over the agency’s use of unarmed drones, license plate readers, thermal cameras, social media monitoring and predictive algorithmic software as well as any potential contracts with federal law enforcement agencies.

Originally published at BlackAgendaReport.org

The US remains wholly incapable of tracing Covid-19 contagion, but if it tried, we might wind up with “the worst of both worlds” – a horror of coercion and confusion that still failed to stop the epidemic.

“Communities have reasonable fears that at least some law enforcement agencies might use access to contact tracing data to harass low income communities.”

Ann Garrison spoke to Bay Area privacy activist Tracy Rosenberg about the danger that data contact tracing to track the spread of COVID-19 will become available to the surveillance state.

Ann Garrison:Many fear that digital contact tracing to stop the spread of COVID-19 will expand surveillance states’ ability to curtail privacy and control their populations. Can you explain what contact tracing is?

Tracy Rosenberg: Contact tracing is the process of creating a map of a person’s movements and associations in order to identify the possible spread of infectious disease. Before the age of digital technology, it was an onerous process of paper surveys, which while they contained very personal information, had some practical limitations on any additional use. In the age of digital technology, the ability to retain, repurpose and search large data chains is greater than it has ever been in human history. Contact tracing data, when performed by government public health agencies, is medical health data and is protected by the same laws that protect other health data.

AG: What dangers does it pose?

TR: Well, there are quite a few. One is emergency protocols. A large tracing program set up under emergency conditions can often lead to incomplete frameworks and poorly trained personnel, including some with relatively little or no familiarity with health data protections. When data protections, storage and access protocols are not well-planned, leaks, hacks and unauthorized access sometimes occur.