Privacy and your Seattle commute: Potential dark side to city data monitoring

Surveillance devices are collecting data from cell phones throughout the city of Seattle. These devices sit on top of utility boxes, and are so unremarkable that you probably don't notice them.

This data is collected as part of the city's effort to analyze traffic patterns. But the company that collects all this data — Oregon-based FLIR Systems — has a troubled past.

Seattle Times Senior Investigative Reporter Patrick Malone has been looking into FLIR’s background, and why it's raising concerns for privacy advocates. He spoke with KUOW's Kim Malcom.

This interview has been edited for clarity.

There are about 300 of these devices. Most of them are downtown. Some are scattered elsewhere in the city. What do they do?

Patrick Malone: These are designed to collect individual movement information from cell phones and tablets. Its benefit to the city is to recognize established traffic patterns and find ways to adjust streetlights that ease people's commutes during peak travel times.

How long have they been around?

They first came in around 2014, early 2015. There have been some ownership changes and a lot of developments, one of them being that the city says this technology has reduced commute times during peak evening hours, downtown, from about 34 minutes in delays per day to about 17 minutes. The city views it as an effective technology for its purpose.

FLIR Systems and the city have said the data will not be sold. Still, privacy advocates are concerned.

Privacy advocates, who really closely examine both this technology and Seattle's approach to privacy and technology, are very concerned that this data could be hoarded by FLIR and sold at a later date. There is evidence of a significant market for geolocation data from cell phones. Standing right at the front of the line is the federal government. We have examples from 2017 in San Diego, where ICE bought cell phone location data for the purpose of executing deportation raids.

And the IRS more recently acknowledged to Senator Ron Wyden, and shared the documents with us, that they've relied on 19 different unnamed tech companies to get geolocation data for IRS criminal investigations into individual taxpayers. The fear among these privacy advocates is that that's the future of Seattle's data.

You were curious about this company and you started looking into it. What did you find?

As an investigative reporter, we get an assignment and we run the subject through a number of traps, as it were. These are generally federal, state, and local regulations. What does oversight look like of this company? I found some eye-popping things about FLIR. Even in my past life covering national security, I rarely saw this many violations of this nature.

What I found was that FLIR was facing federal enforcement actions that are still active at this point for a bribery case involving a world tour that was provided to Saudi Arabian officials in hopes of selling them millions of dollars in infrared cameras. And also the sale of multitudes of prohibited technologies to nations that the U.S. State Department has designated either as human rights abusers, supporters of terror, or threats to the U.S. and its allies.

And this isn’t just in the past. You've reported that FLIR is still undergoing some strict federal monitoring.

They are still under monitoring and paying fines through April of 2022. This carries potential implications for their ability to continue as a federal contractor, where most of their work comes from. Another mistake and they could face debarment. Now, they seem to be performing fairly well on this probation as it hasn't been revoked, and it's been going on for three years now.

How has the city of Seattle reacted to this information?

FLIR entered the picture in 2018, just before the city undertook its privacy-impact review of this technology. There is a moment in time right now in the final months of that process where the city could take a look at the history of this company, but to this point, the city has chosen to ignore it.

Their statement to me was that they were not aware of FLIR’s transgressions when they initiated the privacy-impact report process and that the discovery of it since then does not change the Department of Transportation's position that despite the significance of these infractions, the city views them as irrelevant to the matter of data care and security.

Listen to the interview by clicking the play button above.