February 14, 2017 Meeting – Seattle Community Technology Advisory Board
Topics covered included: Update from CTO Michael Mattmiller; Future of Privacy Forum public from Omer Tene; public comment; by-law clean up project and CTAB handbook creation; strategic planning update; and reports from the Cable and Broadband Committee, E-Government Committee, and the Digital Inclusion Committee.
This meeting was held: February 14, 2017; 6:00-7:30 p.m., Seattle Municipal Tower, 700 Fifth Avenue, Suite 2750
Podcasts available at: http://www.seattle.gov/Documents/Departments/CTTAB/podcast/cttab.xml
Attending:
Board Members: Jose Vasquez, Amy Hirotaka, Heather Lewis, Karia Wong, Chris Alejano, Mark DeLoura, Eliab Sisay,
Public: Dorene Cornwell, Dan Moulton, Matt Torgie Madison, Riley Petersen, Kelsey Finch, Ann Summy, Vanessa Ingram, Becky Yost (Library), Olga Rocheeva, Lloyd Douglas, Omer Tene, Arash Oliaei, Becky Yoose, Bardia Mchaba, Harte Daniels,
Staff: Michael Mattmiller, Jim Loter, Virginia Gleason, David Keyes, David Doyle, Cass Magnuski
28 In Attendance
Meeting was called to order by Jose Vasquez.
Introductions
Jose Vasquez: We do have a sign-up sheet. If you haven’t signed up yet, please do.
Amy Hirotaka: I move to approve last month’s minutes.
Chris Alejandro: I second.
Jose Vasquez: Discussion? All in favor? Opposed/ Abstainers? January minutes approved.
Minutes from January CTAB meeting approved.
Jose Vasquez: Do we have a motion to approve the agenda? Heather so moves. Chris Alejandro seconds. Discussion? All in favor? All opposed? Motion passes. First we have an update from Michael Mattmiller.
Agenda approved.
CTO REPORT
Michael Mattmiller: I’ll try to keep my update short because I unfortunately have to leave in a little bit. I can’t wait to hear the FTF presentation. Since the last time we met, not a whole of new updates, but a couple of things I wanted to talk about. First and foremost, thank you to the Seattle Privacy Coalition. I don’t know if anyone is here tonight. I don’t see Christopher Sheats–for having me at their meeting the week before last. It was great. We had a two-hour open conversation about what’s going on in the City related to privacy and surveillance, and various different activities. I really appreciate the engagement, and the willingness of everybody in that room to be so honest about their concerns. Hopefully, we got some good questions asked for our department. We will follow up on answers.
Speaking of surveillance, I know there was conversation at the last CTAB meeting about the ordinance that’s making its way through Council right now. And I’m going to be meeting with Councilmember Gonzalez for an update tomorrow to find out her thoughts on timeline as well as some of the provisions we requested. And I know that the Privacy Subcommittee had some thoughts about the legislation, primarily from the City’s perspective on what we care about, or the definitions of what fall into the ordinance. As you heard me share, that the current ordinance is perhaps challenging because the City code meets the definition of surveillance equipment that should have been approved by Council before we bought it, so we want to make sure that we have real good clarity on the definitions so that we as a City can make it workable, and we also make sure that the community is getting what they expected out of the ordinance. The other part is simply from process perspective, making sure that the ordinance is structured such that City staff wants to comply and can comply in a consistent manner. when we produce something onerous that is perceived as not workable, you can say on one hand it prevents the acquisition of anything that might meet the definition of surveillance ordinance. But as you see, I still have my City cellphone, so we tend to work around it. We want to make sure that doesn’t happen. So I will have an update for you at the next CTAB meeting on how that’s going.
Also, at the last meeting, I promised you an invitation to the launch party for our new City of Seattle technology strategic agenda. I promise you have not missed it. We are a little delayed in getting that scheduled, for the most interesting of reasons for a group of good technologists. We are having problems getting the document printed. So new media meets old media and we’re Adobe in design and bleed lines become problematic. We are going to get that scheduled. I look forward to celebrating with you. Everyone’s contributions to that great project.
Those are just top of mind things for me. We’re still in the mode right now kicking off some really great new initiatives in the City. Some of them of more internal significance like an identity management project for the City, consolidating our active directory for us, gearing up for our Windows 10 deployment, moving up the stack a little bit on some of our transformational efforts around IT consolidation, where we’re getting ready to kick off the process by which we will build our single applications division with 250 staff, put together under Jim Loter’s division, all of our professionals and digital engagement professionals. And then also the policy side, where many of you have read about the RFI, who recently released to identify private partners who want to build free public Wi-Fi in 12 opportunity zones within our City. so those are all very exciting projects that we’re not quite ready to come and bring you an update on yet, but we look forward to doing it in the near future. In particular, on the public Wi-Fi, just so that you know, I have been talking to Councilmembers and the Mayor’s Office about what’s going to happen with that effort. We’re going to ask for all of these ideas about how you can make free Wi-Fi available to our community. One of the immediate next steps after we get that information will be to come to CTAB and get your input and feedback. So I really look forward to getting your thoughts on the types of models that we learn about. Any questions for me?
Heather Lewis: Do you have any sense of when the party might be?
Michael Mattmiller: The key question, yes. I am out of the office on March 3rd, so potentially the week of the 28th, but definitely not the 3rd. Or the following week. Thank you. If I could just put in one more comment, I am so excited tonight to have FTF to talk with us about the privacy work for our open data program. My love, before coming to this City, was related to all things privacy and governance. What an amazing opportunity we have in this City to invest time and resources with support of the Mayor and Council and our great community. The thinking about the kinds of harm we can affect unintentionally as we seek to become a more open and transparent government. When we first started working on the Mayor’s executive order related to open data, the questions we got were not, ‘Gee, should we be open?’ That was a given. Everyone believes firmly in this City that we have an obligation to be transparent, but we have an obligation to the community what the City assets can enable in terms of creativity, entrepreneurship and improving our quality of life. But the first question that came up was what about potential privacy harm. What is in the data that we don’t know about, and not just first name, last name, but the mosaic effect. What is the risk that we put out a data element that will bump up against another data set, or King County, or the State that something could happen. So we are very focused on how to mitigate that risk. In talking with the team, we know that there’s going to be some things we find in the risk assessment of the open data platform, and we’re going to be open and transparent with those risks for you. And as for your continued support and thoughtfulness about how we fix forward. It’s not all going to be fixed in one day. But, with the work going on in this journey, we look forward to having you with us on that. So thank you for being here.
Jose Vasquez: Thank you. Before we get started with Omer, we had a few people walk in. Would you mind introducing yourselves? (More introductions) Thanks, everyone. Now we have the Future of Privacy Forum.
FUTURE OF PRIVACY FORUM–OPEN DATA PRIVACY RISK ASSESSMENT
Omer Tene: Thanks a lot. Thank you Michael Mattmiller and David Keyes for inviting us here. I started this because the idea that brakes were added to cars actually not as a way to slow cars down, but in order to allow them to accelerate. This goes back to a law that was enacted in 1865, I think, called the Red Flags Act, which required a person to hold a red flag and walk before a cart in order to warn the pedestrians that it’s coming. And once brakes were added to the cart, the cart could accelerate and, of course, there wasn’t a need for the red flag person anymore. And the analogy here is that we need to introduce privacy and also security controls to these new technologies and to open data portals in order to facilitate better use of data. So, with more privacy, we actually ensure greater trust and buy-in and just facilitate access to all these great benefits that data can provide.
Michael Mattmiller: Can I just interrupt for just one second in order to help credentialize. Omer is vice president of an organization called IAPP.
Omer Tene: International Association of Privacy Professionals.
Michael Mattmiller: So when you see email addresses with a little tag on them, CIPP (Certified Information Privacy Professionals) program, that’s Omer’s organization, where he leads a tremendous amount of research into how people think about privacy, how to effect position privacy protections, as well as how businesses and governments and others can comply with privacy-related laws. Kelsey is with the Policy Council for the Future of Privacy Forum, a great organization that thinks about how to meet the public’s expectation when it comes to privacy, and helps businesses, governments, and others be more successful. And the reason they are here is that in the open data executive order that Mayor Murray signed just about a year ago, there was a requirement that we complete a privacy risk assessment of the open data program. So, rather than just hire some accounting firm to come in and do a check list review, we said we want to go to the leaders in the space. And certainly having Omer and his hat, both with FTF and as the world’s leading privacy organization, and Kelsey Finch, and FTF are a pretty darn good set of people to have come do this work with us.
Omer Tene: Thanks a lot for that, Michael. I can also say that Kelsey used to be the Westin Fellow at IPP, and I am also Senior Fellow of the Future of Privacy Forum. And I’m speaking here under my hat as the Future of Privacy Forum fellow. And this sort of describes crosses that we have for this risk assessment of the open data program. We are assessing the current practices already in place, developing a risk assessment framework, and testing it, applying it against some high risk data sets, and then proposing recommendations for any improvements, publishing our final report, which means actually publishing. It will be public this summer.
You all know by now that the Mayor issued the open data policy by executive order, and the stance is open by preference. So there is a disposition to push data out, to make it open. However, it should be balanced with screening for privacy security and quality considerations. And maybe, just adding to that, you all know that Washington State’s public records act is very broad and tends to prefer data to be accessible, as opposed to putting obstacles, including privacy protections. There are some, but in general, it’s a broad public records act.
On the benefits of open data, again, I’m assuming you’ve heard this before, but the benefits are first and foremost I think transparency and accountability of the government–municipal government in this case–and also just creating the government as a data platform. So allowing developers–I heard there was a hack-a-thon a couple of weeks or months ago allowing developers to access the data to develop the applications and use services, and in general to improve efficiencies in government performance. However, open data inevitably raises privacy risks. I’ll just catalog the risks quickly, and then dive into a couple of them.
One risk concerns reidentification. We’ve seen real life examples in municipal context, but also in other contexts, of data that were purportedly deidentified or anonymized actually being reidentified and tied to specific individuals. So that’s a privacy risk. Another is the risk of data being out there being inaccurate or incomplete, and therefore leading to decisions that are not optimal. And I’ll give a couple of examples for that. Lack of transparency and choice: Individuals and citizens might not be aware that information that they are sharing will be openly and publicly distributed. I’m sure distribution of data benefits and risks–open data can perversely sometimes re-enforce societal biases or discrimination. And finally, public backlash: Just negative sentiment about the open data program, or more generally, about data collection by the City.
Looking first to reidentification risks, we have a real life example of a Freedom of Information Act (FOIA) request–so this is public record–in New York City, where a person summoned the records of a New York City Taxi and Limousine Commission, a very heavy file documenting the pick-up and drop-off points for taxis for a long period of time, a couple of years. The data were apparently anonymized, so the only direct identified there was the medallion number for the taxi drivers and the numbers were hashed, through a one-way hash that can’t be reversed. And the city thought that it complied with its Freedom of Information obligations, and also tried to maintain privacy. However, researchers demonstrated that with relative ease and a couple of hours, they were able to crack the deidentification hash in this case. And the reason here is that essentially they had all of the raw data of the potential medallion numbers and could just track one by one the original numbers to the hash, and recreate the same data set with the actual medallion numbers. So, that clearly invaded the privacy of the taxi drivers, because you could actually summon data showing their whereabouts on a map for long periods of time. But also, more controversially, infringe on the privacy of some of the passengers, and it was demonstrated with respect to a couple of celebrities–so, these are people who frequently have their photo taken–and in some of these photos you can see them take a cab and you can see the medallion number, and therefore the researchers could tie the rides specifically to these celebrities. So it’s proof of concept that’s a demonstration, but you can see how this is done by essentially adding on a layer of additional data that comes from an external source, in this case the celebrity photos. Another twist on that same story is this map, which was created by researchers showing drop-off locations of all taxi rides that started outside Larry Flint’s Hustler Club between midnight and 6:00 a.m. during a whole year. And you can zoom in to actual street address locations, seeing where the folks who took taxis there during those times. The yellow dots denote sort of frequent fliers, frequent visitors. And again, you can see that this is problematic. In New York, a lot of people might live in the same address, but once you see some isolated location points outside of New York, and that might be outside somebody’s house.
Just to generalize this point, examples I’ve shown are from open data city databases, but we have seen risks of reidentification of anonymized data by multiple contexts. The foundational research goes back to Latanya Sweeney’s articles in the late 1900s, early 2000s, and she demonstrated that with just three indirect identifiers, zip code, gender, and date of birth, you can uniquely identify 87 percent of the U.S. population. Think of it as almost 300 million people who can be identified with just three details which seem mundane and not very sensitive. This slide refers to research from MIT, and they demonstrated that it’s enough to have four specific spatial, temporal points, so specific geo-location, time stamp points, to uniquely identify 95 percent of the population. In other words, you can create–think of it as fingerprints–from indirect identifiers without having to resort to use of names or social security numbers or street addresses. And this demonstrates the risk that’s inherent in any data release even if you scrub those direct and obvious identifiers from the data set by keeping some indirect identifiers that can then be overlaid by other publicly available information that might not even be available now but will become available at some point in the future.
Talking about some of the other privacy risks, I mention data quality and risk of having data that’s inaccurate or biased or skewed in some way. So this is another municipal example. It’s not an open data example, but Boston launched an app called Street Bump, which allowed users to just keep the app on their phones, and when their car would hit a pothole in the road, the app would automatically report it to the municipality of Boston, and they sent the crews to the potholes. It sounds like a good thing, right, a win-win. However, in retrospect, it turned out that the app had the effect of diverting resources in a regressive way, from poorer neighborhoods to more affluent neighborhoods. And the reason was that, as a matter of fact, more people in affluent neighborhoods used the app than people in the poorer neighborhoods. This app, which was based on true data but not complete created the perverse socio-economic result in Boston.
Risks around transparency: This is an infographic that the Future of Privacy Forum created for Smart City Technologies, and the point here is that, increasingly, cities are being wired or wireless, are being connected to various technologies and devices–think drones and cameras and Wi-Fi hotspots and different censors that collect information that could be personally identifiable. And if that data finds itself in the public domain through an open data portal, individuals could be upset. There could be a backlash that might impact the roll-out of some of these technologies that can be very beneficial for different purposes in the city.
Finally, Equity and Fairness: The Street Bump example already shows how data can create results that perverts socio-economic implications, but data that’s being put out through open data portals can lead to discrimination or bias. If you think of the body cams worn by officers, obviously police officers aren’t distributed evenly throughout the city and the populations. There are populations where they are more present and more footage on, especially in circumstances that can be privacy invasive, and that compromising information is being posted without any screen. There can be privacy implications.
Getting now to our risk assessment, the heart of the project. I want to first point out that there is an inevitable trade-off between privacy and data utility. In a way, there’s a tension here that can’t be completely eliminated. If you want to have complete privacy, you probably can’t have an open data policy. And vice versa. If everything is posted publicly, as we’ve seen in some of these examples, there will be privacy implications. What we need to do, what we strive to do, isn’t to completely eliminate the privacy race, because by doing that we would destroy the utility of the data. But we are putting in place a framework for risk mitigation to try to reach some optimal point on this curve, where we minimize the privacy risk to the possible extent, while also preserving the value of the data benefits. I want to also point out that we are focusing here on data release. That’s the point of open data, sharing the data publicly. But privacy controls in mitigation is something that as privacy professionals, we preach has to be integrated throughout the data life cycle. So don’t collect data unless you need to collect data. We call it data minimization. That’s the best way to avoid the security breaches and privacy invasion. Only collect what you need. Don’t retain data for periods that exceed those periods that are necessary to achieve the purpose of the data collected. Don’t just hold data for whatever purpose that might arise sometime in the future. Again, it just creates a security risk and a privacy vulnerability.
We are focusing on data release now, but for any organization, cities included, that think about privacy management, it’s important to think about privacy throughout the life cycle. When we do a risk assessment, it’s important to recognize that you weigh not only the risks, but also the benefits. And this is something that we frequently see privacy professionals forget to do, so there is the privacy regulatory frameworks are really focused on privacy risks and assessments trying to minimize the privacy vulnerabilities. Putting in a plug here for another white paper that we’ve published the Future of Privacy Forum, we suggest also doing a benefit analysis, because, I think clearly and intuitively the benefits of improving ROI on the click-through rate of an ad are smaller than the benefits of curing the lethal disease. The degree of privacy risk that a system will take, will tolerate, has to be commensurate with the data benefits that are offered. So, I think it’s important when doing a risk analysis to think first what is the purpose of the data collection or the data release. What will it be used for? Who is going to benefit? Is it going to benefit the specific individuals who are the data subjects? Who the data is about? Will it benefit the companies or the municipality that collect and share the data? Will it benefit the community, or society at-large? Who bears the cost to facilitate those benefits? What is the likelihood of the benefit? Is it a sure thing or is there a one in a million chance that you will cure the lethal disease. Chances are that you’re just invading peoples’ privacy. Those are things that we think about when we look at data benefits.
On the risk side, two of the big buckets for data privacy risks are identifiability and sensitivity. Identifiability meaning how identifiable are the data. How How likely is it that the data can be tied to specific individuals. Sensitivity concerns the impact that tying data to specific individuals will have. Is it sensitive data? Is it going to be life-altering? Or is it pretty mundane and not a big deal even if the data are out.
Looking first at the identifiability risks, I gave a few examples of reidentification. As I said, reidentification is a risk that we deal with in any data collection system. At the Future of Privacy Forum, we suggest not looking at identifiability as a bipolar phenomenon, with data being either identifiable or anonymous, but rather as a spectrum. We actually called the paper we published this infographic in Fifty Shades of Grey. So, it’s not just black and white. There are many shades of identifiability or of relative pseudo-anonymity or anonymity. So this is an infographic that neatly lays out some of the categories that we see. Another good resource for this is Special Publication 800-188. This is something that was put out just last month, January 2017. And it goes through the science of de-identification. so as a first matter, it’s important to delete direct identifiers from a data set. Clearly, if there are direct identifiers there, if a data set has names and social security numbers or address, the data are not de-identified. The link to specific individuals–I just remind you, remember the New York City taxi medallion hash problems. They did try to eliminate the direct identifiers. They masked them, but it was reversible, so you have to do it right. Second, with respect to indirect identifiers, and here it gets much more complicated, because remember that it is difficult to know what auxiliary data, what additional data that exists now, or will even exist some time in the future will be linkable to information that is in the data set that is not directly identifiable. Some people call it quasi-identifiers, like the color of my hair, or I’m six foot two, and my date of birth is whatever. I won’t tell you which year. I used to say, but now I’m embarrassed. Clearly you see–Michael mentioned the mosaic effect. There’s a mosaic effect here, because if you say six foot two, balding guy in a suit, I think this is it. At some point, an additional increment of data singles me out in the crowd. That additional data might come from an additional data set.
Specific items that we need to give special attention to are dates that can be extremely revealing geo-location. You saw just four pinpoints of location plus date/time can identify an individual in a crowd. And there are various ways to deal with it. You can mask them. You can inject noise into the data set. You can aggregate, for example only showing year of birth, as opposed to specific date of birth, or vice versa, only showing the date without the year. Aggregating geo-location to a zip code, or a hundred block, to more than just a specific pinpoint location. Beware of unstructured data fields. Unstructured data fields often have clues or hints that can lead to identities. So, the leading direct identifiers masking, aggregating, perturbing the indirect identifiers and then deploying a motivated intruder test. So this is like penetration testing in data security, trying to actually have someone with some degree of expertise reidentify the data.
So those are some of the strategies that we can use to push data further down the de-identification scale.
Sensitivity is another axis that we look at to judge how risky a data release is. Some information might be life-threatening, if you think of domestic violence calls or stuff in the criminal procedure system. Other information might be life-altering if it affects the ability of individuals to get loans or health insurance, or housing, or jobs. Other types of data might be less significant and more minor. If you think of the taxi rides to places that are not Larry Flynt’s Hustler Club.
After assessing data benefits and privacy risks, we can apply controls. Controls can be technical or administrative in nature. So, some of the technical controls–we talked about de-identification based on heuristics, taking identifiers out, masking indirect identifiers. Those methods don’t provide formal proof of privacy. There will inevitably be re-identification residual risks because we don’t know all of the additional data out there that might, ostensibly at some point be linked to a given data set. I just want to say that in the scientific field, specifically statistics and mathematics, there are new developments that actually bear promise of formal privacy proofs. Differential privacy is one of them. It’s an area is mathematics enabling data release that preserves data utility and impact privacy in a negligible way that can actually be measured. It’s called Epsilon in this framework. The idea is that there is formal proof of privacy. Generally it’s by injecting noise into the response to queries to the data set that don’t destroy the utility, but are just enough to cast doubt as to whether some individual’s data is or isn’t part of the data set. There are other technologies like multi-party computations and fully home-morphic encryptions. All of these exist, but for the time being, difficult to operationalize and implement. They are applicable, but with constraints. The U.S. Census Bureau has used differential privacy. And on the map, the services applications. Apple has–I don’t remember–opt in or opt out for reporting issues to Apple with differential privacy controls. This is a budding field. And there are a lot of scientists at Harvard and MIT and Stanford to work on it, but it’s not fully operational.
Administrative controls: These aren’t technical, but to the extent that we judge in a risk assessment, the residual risk, given the benefits, and the risks, and the de-identification controls that we put in place, to still be significant or unacceptable, then we can add additional controls. For example, limited release. Releasing only aggregate statistics, or visualization, a graph or a map demonstrating data trends. This isn’t open data full on because you don’t provide the raw data to researchers but you still do provide some benefit.
I’ll end here because I don’t want to go too much over my time, but I’ll just suggest this is a grid from a framework that a team at Harvard Berkman put in place four privacy aware government releases. It has identifiability, on the ‘y’ axis reduced by de-identification measures, sensitivity of the ‘x’ axis, and then mapping those risk zones to additional administrative controls and methods.
Sorry if I went over. Thank you.
Jose Vasquez: Thank you! This is very informative. We do have time for maybe two or three questions, depending on how quick they are. Does anybody have comments? Questions?
Chris Alejandro: I think that I’m just glad that you and other organizations are tackling that, because my mind is just … There are these really subtle things about how data information is being transmitted or not knowingly, so I guess I just applaud the work that you’re doing and continue to encourage that.
Dan Moulton: Do you do any of your modeling off of what the health care industry does, and the high privacy issues that they have?
Omer Tene: Yes. HIPAA has two standards for de-identification and the safe harbor, which requires elimination of 18 fields, or the expert statistician method. One of the technical experts we work with, who is a professor in Canada, is actually one of the most well-known experts in implementing HIPAA controls to health care systems.
Dan Moulton: {unintelligible}
Heather Lewis: Omer, thank you so much for coming to speak to us today. Would it be possible to get a copy of your presentation?
Omer Tene: Oh, absolutely! David Keyes has it. We are happy for it to be distributed.
David Keyes: Okay.
Jose Vasquez: What is the status of the assessment of the City’s privacy policy?
Omer Tene: We are here not just to meet you, but of course, it’s the highlight of our visit, but also to meet folks in different departments of the City. We’ve done it all day today, and we’ll continue to do it tomorrow, to actually assess their current practices and test how our framework will work in the real world.
Jose Vasquez: Will there be a final report that you could possibly share?
Omer Tene: Yes. Absolutely. So, at the end of July, I think, we’re scheduled to issue the report, and it will be publicly available.
Jose Vasquez: We’ll be sure to send it out to our mailing list as soon as it’s publicly available. Thank you for coming. Now it’s time for public comment, so if you do want to continue this conversation, do it during the break. We have nine minutes left for public comment. That’s also open to anybody who wants to give any announcements, upcoming events, opportunities or resources, if you want to share with the group.
Omer Tene: These are our email addresses. If anyone in the room wants to share concerns or information, or ask for additional resources, we’re happy to engage.
PUBLIC COMMENT
Vanessa Ingram: The YMCA program is a technology education program that teaches middle school and high school students about computer programming, social media campaigns, game app development. Basically, we’re trying to get kids interested in tech news. So we have a tech career day. It’s Tuesday, March 28, from 4:00 p.m. to 5:30 p.m. It’s going to be a meet-up between middle school and high school students during our after school program. We want to invite tech professionals. Anyone in this room, or if you know anyone, who might like to volunteer with kids? We have a few people lined up, but if you’re interested, you can contact me. We are looking for a group of tech professionals who want to come and talk to students, even for a few minutes. You don’t have to stay an hour and a half. And just say, ‘This is effectively my job. We would even make time to come to your work, and you could show kids what it’s like to work at your job. If anyone is interested in that, you could contact me at vingram@seattleymca.org. Thank you.
Jose Vasquez: I will say that I had a chance to talk to the students last year, and they were amazing. The questions that they asked me were very engaging and I was pleasantly surprised at how interested they were in my background in technology.
Heather Lewis: Would you mind putting your email address on the board? Thank you so much.
Vanessa Ingram: Yes! Of course.
Jose Vasquez: Any other public comments?
Dan Moulton: So, I participated in the swarm last weekend, and the team that I was on came up with a very viable solution for the request that I made to the CTO last July. I will probably be talking to Michael Mattmiller soon. I sent out to the chair and Virginia Gleason an overview of that. If anybody knows [unintelligible]…. Again, I’ve been going to the King County Library quite a bit, and I could put this down for your benefit. [unintelligible] Some of it is financial planning [unintelligible] …. I find it a little more difficult to find things in the Seattle Public Library, and I thought that these were interesting programs existing inside the City limits.
Jose Vasquez: Thank you. To recap, first you’re looking for volunteers, correct? Would you mind putting your email up on the board?
Dan Moulton: The business model already uses Washington State resources that are available.
Jose Vasquez: Are you or are you not looking for volunteers?
Dan Moulton: Not yet. But if anybody is interested in learning about it, and possibly joining in on the design.
Jose Vasquez: And then the second one was you had some recommendations for the Seattle Public Library. Do you have a contact at the Seattle Public Library yet?
Dan Moulton: These are from the King County Public Library, and I was wondering about the equivalency inside the City limits because some of them are very valuable.
Jose Vasquez: Maybe we can follow up during the networking break.
Dan Moulton: Yes. And I said I’ll just throw this out there on the table and people can look at it.
Jose Vasquez: Thank you. Any other public comments? Moving on to the networking break. We have ten minutes. We’ll reconvene at 7:05-ish.
BREAK
Virginia Gleason: Please make sure that you sign in for our records.
Jose Vasquez: Thanks, everybody. Welcome back. Looks like we lost some people. Great networking, everybody. Now we’ll go to Bylaws Clean-up.
BY-LAW CLEAN-UP PROJECT AND CREATION OF CTAB HANDBOOK
Virginia Gleason: We had started doing a little by-law clean-up and we didn’t get very far with it. Probably doing it at the board meeting is the best way to do it. So, if there are a couple of people who want to help get those cleaned up, I am happy to either host them here or I can be the repository of the sections and come back with drafts. I’m happy to facilitate that part of it, if there are a couple of folks who are willing to spend a couple of hours. Maybe a couple of hours before a board meeting. the next one, or any other time. It would just be good to get those cleaned up and in shape maybe in the next month or so. You don’t have to decide now. Send an email or whatever, and we can set a time together.
Jose Vasquez: And then the CTAB handbook?
Virginia Gleason: Another idea was, I was meeting with Jose, and we thought it might be helpful if we had a CTAB handbook that can be electronic, but it would be good to have a couple of hard copies of it that have some historical information that we can pass along. I think Karia had brought up the desire. When you’re a new board, either as a new board member or you’re taking over a committee, it would be helpful if you didn’t have to start over. Because I think you were feeling that you might have duplicated some previous work. So, if that’s something you want, I was going to put together a set of what I think the sections should be, and then we can talk about how to fill those, if that’s something you think would be helpful to the board members.
Jose Vasquez: Maybe we could have a virtual drive so when a new board member takes over a committee, they would have that.
Karia Wong: It would be a source of information that we could pass on.
Virginia Gleason: These are things that we don’t necessarily need to have on the web site. And then just one other thing. If you want to have a new picture or you want to add something to your bio, send it to me and I’ll make sure it gets updated. I know some of you have some new things going on, and we’d like to post that.
Jose Vasquez: Thanks, Virginia. Now we’ll move on to the strategic planning update.
STRATEGIC PLANNING UPDATE
Heather Lewis: The CTAB board and the very gracious Seattle staff have met with us. Thank you, David Keyes for meeting with us. We’ve had a couple of conversations about our goals for 2017. And we will be refining a very large white board, and taking it back to the group. So I expect that we will have something more substantial to put out and ask for input in March.
Jose Vasquez: Thank you. And I want to officially thank Heather Lewis for helping to facilitate. It’s been a really good conversation. Next, we’ll move on to committee updates. Cable and Broadband Committee?
CABLE AND BROADBAND COMMITTEE UPDATE
Karia Wong: We met on the last Monday of January. Basically, we talked about the swarm event that happened at Galvanize. Also, we have identified the main focus area for the Wave franchise renewal. And they are four areas. The first one is affordable or low income programs. We have to create a definition for low income or affordable. What they should look like. The other one would be customer service. Customer experience. And the third one is community partnership and support. The last one is access to total program. Right now I don’t think we have a lot of cultural programming. Given the population make-up of Seattle, there should be more voices without adding too much cost for the residents. We also have the issues of the Lifeline renewal or application. Basically, what happened is it’s really messy and chaotic. When you submit an application, there’s no way you can follow up. And when you get removed from the Lifeline program, you will not get any notice. The only thing you know is the next time when you get the bill, you need to pay the regular price, which is about $40. We had a discussion on that. We might get a response on recent incidents in the committee. The next meeting will be on February 27. We haven’t decided on the location. Usually, it will be on the sixth floor of this building. But it depends, because if we have no City staff us, the building actually closes to the public at 7:00 p.m. And we meet at 6:30. So we need to figure it out. I don’t know if any City staff will be joining. If not, we will meet in another location.
Jose Vasquez: In reference to this committee, I forgot to mention in pubic comment: I don’t know if you’re aware of the updates from the FCC regarding broadband and net neutrality, I just want to mention that CTAB and I don’t know if it’s appropriate to include it in the Broadband Committee. The City hasn’t made an official statement or position on this. As a board, do we want to come up with an official statement or persuade or motivate the City to make an official statement on behalf of Seattle regarding those upcoming changes?
Amy Hirotaka: We should also see if there’s an opportunity to submit comments. Back when they were deciding whether to include broadband in the Lifeline program, we submitted a pretty lengthy support document that followed all of the things that you’re supposed. I honestly don’t know whether that’s more effective, or to come out swinging with an open letter.
Jose Vasquez: Why not both?
Karia Wong: I’m not sure if everyone knows what is the impact for the new regulations. Basically, what happens is if I am on Lifeline, that means that if I have bought internet at the same time from the same company, what happens is if my speed is over ten megabites, then my Lifeline is automatically going to my broadband. But the thing is, if you look at the low income broadband program, if you pay full price and then deduct $10, it’s still a lot of money. It’s still more expensive than Internet Basics or Internet Essentials at Comcast.
Jose Vasquez: If anybody’s interested in the appropriate committee, join the February 27 committee. Thanks, Karia. E-Government Committee?
E-GOV COMMITTEE UPDATE
Heather Lewis: The E-Gov Committee members were asked last month at our meeting to come up with projects they will be pitching at our next meeting, which will be two Tuesdays from now, the 28th of February from 6:30 to 7:30 p.m. It will be held at the Westlake Microsoft location, which I will put on the board.
Jose Vasquez: Great. Short and sweet. Digital Inclusion Committee?
DIGITAL INCLUSION COMMITTEE UPDATE
Chris Alejano: We met and we talked a little Tech Matching Fund action. We actually got–Eliab Sisay and myself, Jose Vasquez, Delia Burke and David Keyes–we were able to go to the Refugees from Burma parenting class that was held at Bailey Gatzert. So it was a really great way to start the day and to see some of the work in action. Beyond that, the Tech Matching Fund. We had a separate meeting to just go over the timeline of when we are going to launch the RFP, and all of the nitty-gritty details of getting the Tech Matching Fund opportunity out and available to folks. Delia had shared a general timeline that she is in the process of redrafting and providing back to the committee to finalize. But other than that, in short order we’re just trying to finalize the membership make-up of the review committee, and then, soon thereafter, identify folks who want to participate in the screening and selection process. I think when we had met, all of us wanted to be a part of the screening process, but I thought it would be good to have other members of the community be part, or others that might also want to push into that process. So, more on that soon. We also had discussed the idea of a digital literacy coalition. There is some interesting work that’s happening in Austin around that sort of initiative. So, David Keyes was suggesting that we set up a phone call of some sort to learn more about what that work is like, or even go down there. Just kidding. But I think that would be cool, to just learn more and see how that might inform the work of the board or the committee. We are meeting next Wednesday, February 22, at the Porch.com office. I’ll put that information on the board.
Jose Vasquez: Regarding the timeline on TMF, we don’t have specific dates, but April is the actual review process, in May, the decisions are made, and we’re scheduled to announce them at the May CTAB meeting. And then, June is the official presentation, right? To Council.
Virginia Gleason: Vin Tang contacted me and I let him know that Amy Hirotaka had a meeting with him a week or so ago, and that we were doing a year-on schedule. He wanted to know when we would be there, so I’ll start working on specific dates, because they are actually filling in the specific committee dates now. So, we’ll have plenty of advance notice.
Jose Vasquez: Great. Thank you. Privacy Committee?
Virginia Gleason: Christopher Sheats is not here today.
Jose Vasquez: Okay, that’s it. Wrap-up summary?
WRAP-UP SUMMARY
Jose Vasquez: We had a really good presentation from the Future of Privacy Forum. As far as follow-ups and next steps, what I have written down is we’ll get an update from Michael Mattmiller, the CTO, about the surveillance ordinance; we’ll get an update on the Strategic Planning Report; if anybody is interested in being part of the bylaw review, please reach out to Virginia Gleason. And then the CTAB handbook: We’ll get something in the works. Anything else?
Cass Magnuski: Just a question. When will the new members be voted on?
Virginia Gleason: Next month. Part of it was there are a couple of issues in transferring over all of David Keyes’ stuff. We finally got it transferred. We have the information about the candidates. I don’t know if I gave Vin Tang your information, and others, because he wants to sit and talk with you as you are prioritizing. We have great applicants.
Jose Vasquez: Excellent. Maybe part of the bylaw review is having a discussion as to whether we want to expand the board membership number.
Virginia Gleason: The other thing is, part of why I think it would be helpful to have a handbook is a 12-month calendar that says here is the month that we want to start working on when the board positions expire, the TMF calendar, so you just have a month by month calendar where we can see the kinks. Especially as committee chairs change. It just helps you out to remember what you did last year.
Jose Vasquez: Thank you, everybody. We all get to go home a little bit early. Happy Valentines Day. Meeting adjourned.