At street corners across downtown Seattle, eye-catching public art dresses up drab metal boxes full of the electronic guts that operate traffic signals. But there’s something more to these gussied-up casings.
Across the top of hundreds of them are flat black discs the size of a short stack of fluffy pancakes — so unobtrusive that someone would need to be looking for one to notice it.
When a cellphone passes within Wi-Fi range, sensors atop traffic signals detect it and in a flash send its digital fingerprint to the little dish — an antenna. Instantaneously, the data is piped through Ethernet cables to a hub where Seattle city traffic planners can track movements in real-time, sifting massive tranches of data to analyze traffic patterns.
A web of more than 300 of these sensors spans the city, mostly downtown, along the Mercer Street corridor and in South Lake Union. Their data helped Seattle’s traffic planners to cut average delays during peak evening commuting hours through downtown in half between 2017 and late 2019, through simple adjustments to traffic signal times, according to the city.
But the data comes with a cost beyond this year’s $300,000 expense to the city. The data collection raises civil liberties questions for anyone who passes through Seattle’s core with a cellphone, and concerns about the city’s association with a company with a troubling history.
A group of privacy advocates from a Seattle nonprofit who’ve studied the technology worry the city’s contractor, Acyclica, could resell data to law enforcement and federal agencies, exposing individuals’ movements and personal associations.
Acyclica’s parent company, Oregon-based FLIR Systems, denies the data it collects in Seattle is for sale. And a company spokesperson said the privacy invasions that critics have pondered are not possible because of the privacy standards FLIR adheres to. The city of Seattle, through a spokesperson, said FLIR couldn’t sell the data without permission.
Privacy advocates nonetheless have urged the city to verify those claims through an independent audit, tracing what happens to Seattleites’ data after the company collects it. Instead, Seattle recently announced plans to vastly expand its use, replacing the existing license-plate reader technology that tracks traffic.
FLIR’s previously unreported history of serious violations through international technology sales added new concerns. FLIR settled federal regulatory charges for illegally selling restricted military technology to nations that were under sanctions for human-rights abuses and threats to the U.S. and its allies, according to a Seattle Times review of federal records.
FLIR also pleaded to charges of bribing Saudi Arabian officials to sweeten a business deal, according to U.S. Securities and Exchange Commission (SEC) records. The company has been fined $40 million over the past six years, and is on strict federal monitoring as a result.
However, when Seattle issued a “privacy impact report” of the Acyclica technology in 2019, it omitted this troubling history. The review was required by a city ordinance that assesses the implications of city-deployed surveillance.
The omission, according to a Seattle city spokesperson, is because the violations did not involve mishandling data or privacy concerns and were judged to be irrelevant to the review’s focus on civil liberties.
The ACLU of Washington has praised Seattle’s privacy ordinance, but Jennifer Lee, who manages the group’s Technology and Liberty project, said the omission was an oversight.
“It’s definitely concerning that FLIR has multiple (arms sales) violations, and I definitely think that information is pertinent to a surveillance impact report,” said Lee, a member of the city’s advisory group that assesses privacy and civil liberties implications of the city’s technology.
“It’s important that the company that a Seattle government agency is contracting with has a history of these violations. It’s relevant to whether this company is able to store and manage people’s information.”
Seattle’s Department of Transportation (SDOT) began using the Acyclica system to measure travel times and traffic intervals downtown beginning in 2015, two years before the City Council adopted its privacy ordinance.
The aggregate data helps city engineers adjust traffic signals to optimize commute times, and feeds alerts to drivers via overhead signs about accidents. The city referred to the data collection as the “backbone of SDOT’s response to the ‘Seattle Squeeze,’” a pre-pandemic convergence of downtown megaprojects that snarled traffic.
SDOT has become so reliant on Acyclica technology that it questioned its ability to carry out core functions without it. “No other real-time data sources for arterial travel times are as accurate as those gathered via these technologies,” according to the city ‘s privacy review. “SDOT would not be able to provide real-time travel times to the public, as they would not be sufficiently reliable.”
Other cities also rely on the Acyclica technology, including Los Angeles and Denver.
When a smartphone passes within Wi-Fi range of an Acyclica sensor, it immediately vacuums up the phone’s media access control (MAC) address, a unique chain of numbers and letters equivalent to a phone’s digital thumbprint.
Under its agreement with the city, Acyclica sends a scrambled version of the digital thumbprint to traffic planners, who only see an anonymized number. A city audit in 2015, three years before FLIR bought Acyclica, concluded the digital thumbprint could not be tied to an individual cellphone user.
FLIR acknowledged to The Seattle Times it retains a copy of the data with altered but unencrypted MAC addresses. “No raw MAC addresses can be accessed at any point within the system,” FLIR spokesman Keith Metz-Porozni said.
But a digital privacy nonprofit, the Critical Platform Studies Group, created by researchers from the University of Washington’s celebrated Information School, has studied the Acyclica technology, and is skeptical that the data remains private.
The advocates’ foremost worry is that the data could be shared with law enforcement or sold on the open market by FLIR.
“The city really just has to be sure they know where that data is going,” said Peaks Krafft, a former UW researcher who is now a senior lecturer at the Creative Computing Institute at the University of the Arts London. So far, Krafft said, the city hasn’t been able to answer this question to the satisfaction of privacy advocates.
Speculative data hoarding in hopes that a market for it develops is increasingly common among tech firms that have access to troves of it, said Michael Katell, a postdoctoral research associate at the Alan Turing Institute in London, the UK’s national study center for data science and artificial intelligence.
“The model is to collect as much data as possible and judge its value later,” he said. “It’s an asset. We’ll figure out if we can use it later.”
Seattle is supplying FLIR with precisely that asset, and paying the company to collect it, according to Meg Young, a postdoctoral researcher at Cornell University’s New York City campus who earned her doctorate at the University of Washington, where her research focused on the intersection of technology and public policy.
“The reason that it’s wrong isn’t because (the data) is being abused now or definitely will be abused in the future, but because the city is paying for this data to exist,” she said. “There’s an obligation it has to the public to make sure that the funds the public is spending on this data don’t endanger the public.”
Sen. Ron Wyden, D-Oregon, recently raised alarms about the purchase of geolocation data plucked from cellphones by another company that the IRS purchased to conduct investigations into individual taxpayers.
A report last month by the Internal Revenue Service’s Inspector General obtained by Wyden and shared with The Seattle Times demonstrates that a robust market for location data gathered from cellphones exists — and the federal government is the first customer in line. In it, the IRS admits buying access to cellphone data from 19 unnamed services to use in criminal investigations, but claims it “did not produce useful results.”
In 2017, U.S. Immigration and Customs Enforcement was found to have bought cellphone data in San Diego to use in deportation roundups, noted Katell.
“Where people live, where people work, when they go to the abortionist …” Katell said, “to the extent that a federal agency like (ICE) might try to affix MAC addresses to immigrants, there’s real obvious value.”
FLIR’s history of ethics breaches only adds to those concerns.
Bribes, illegal sales
By the time it became a vendor to Seattle by acquiring Acyclica in September 2018, FLIR already had a tarnished record of bribing foreign leaders and violating federal laws designed to keep potentially dangerous technology from nations known to commit human rights abuses, support terror or pose threats to the U.S. or its allies.
FLIR negotiated a settlement with the SEC over charges that the company violated the Foreign Corrupt Practices Act during a multimillion-dollar sale of security cameras to Saudi Arabia.
It included the gift of expensive watches to Saudi officials and a free 2009 world-hopping junket, including stops in Casablanca, Paris, Dubai, Beirut, New York and a week in Boston, where the contingent spent about 10 hours visiting FLIR’s equipment facility.
“In total, the (Ministry of Interior) officials traveled for 20 nights on their ‘world tour,’ with airfare and luxury hotel accommodations paid by FLIR,” according to an SEC cease and desist order in April 2015. “There was no business purpose for the stops outside of Boston.”
The situation was made worse when the FLIR representatives, with cooperation from the company’s finance department, doctored records and created false invoices to make it appear as if Saudi officials had paid their own way, according to SEC records.
FLIR’s settlement with the SEC also acknowledged spending $40,000 to woo prospective customers from Saudi Arabia, including paying for two New Year celebrations in Dubai. And FLIR paid $43,000 in 2011 for Egyptian defense officials to travel to Paris and Stockholm as part of a 14-day world tour. “Officials only participated in legitimate business activities on four of those days,” according to SEC records.
FLIR ultimately agreed to pay $9.5 million in fines for violating the Foreign Corrupt Practices Act.
But its troubles didn’t end there. In April 2018 FLIR agreed to pay $30 million in fines to settle 347 violations of the Arms Export Control Act and the International Traffic of Arms Regulations that occurred over the course of a decade, pleading to 18 of them. The U.S. State Department waived half the fine, but FLIR remains on probation until next April, and it must open its books to federal auditors.
The arms sales charges against FLIR resulted from technology deals with citizens of 15 restricted nations, including Iran, Iraq, Lebanon, Cuba and Vietnam. The State Department’s review of FLIR export licenses between 2007 and 2013 “concluded that one or more violations occurred in all 32 licenses reviewed.” Between 2012 and 2017, the State Department approved export licenses for FLIR products totaling $9.9 billion in sales.
FLIR is also the subject of an active investigation by the U.S. Department of Commerce into the sale of infrared cameras, a prohibited technology, to China, the company noted in a recent report to shareholders.
Seattle spokesperson Megan Erb said this history “had no impact on operations or data for the Acyclica traffic system …”
“FLIR’s sanctions did not involve data privacy or data management violations or concerns that would have been relevant to a privacy review,” she said.
Asked by The Seattle Times about the past infractions, Metz-Porozni, a company spokesperson, said it has “a world-class compliance program” for privacy. “FLIR has and continues to be in compliance with prevailing privacy laws, providing greater protection than is legally required,” he said.
Katell, the tech ethics expert, said vetting the corporate responsibility of contractors is an essential step that’s missing from Seattle’s process of reviewing surveillance technology.
“It is crucial that municipalities take seriously the behavior of firms. It’s like hiring a person,” he said. “You wouldn’t hire a person who’s been convicted of fraud or espionage to be your county auditor because they have a propensity to break trust.”
Seattle’s commitment to Acyclica technology is growing. A low-key announcement at a Jan. 20 City Council committee meeting revealed Department of Transportation plans to replace its network of license-plate reader technology with Acyclica sensors within the year.
The license plate readers, a network of cameras that snap photos of passing automobiles, help traffic planners gauge travel times. The information is shared with the Washington state Department of Transportation.
The Georgetown and International District neighborhoods hold 42 percent of the license plate readers that the city plans to swap with Acyclica sensors, and are home to a high “proportion of disadvantaged residents,” according to the city’s presentation.
Councilmember Alex Pedersen, chair of the transportation committee, said the city is finalizing a privacy review of Acyclica, expected to be finished in the next few months.
“Our City Council Committee will need to receive a full assessment not only of the technology itself but also of any troubling reports about their parent company, so that we make sure city government is working with only trusted and reliable vendors,” he said in an email.
Seattle had been doing business with Acyclica for three years when it was acquired by FLIR in September 2018, just four months after settling its bribery case. Yet the change in ownership did not get included in the city’s privacy review.
FLIR now is in the midst of a merger with another tech firm, Teledyne. The consolidation is expected to be completed this summer.
Young, of Cornell, doesn’t believe Seattle needs to abandon its relationship with FLIR, given the investment Seattle has already made in the technology. But the city must review its contractors as stridently as it reviews itself during privacy analysis, she said, and should add assurances and oversight mechanisms in the contract to ensure Seattleites’ data is not resold.
“We’re up against this tension where civil servants are taking vendors at their word and don’t always have the tools to push back,” Young said.