Category Archives: Politics

Open Letter re: Hennepin Avenue Redesign

I attended the second public meeting regarding the reconstruction of Hennepin Avenue last night (April 25th) and was quite happy with the way the planning is coming along. I’m excited that Hennepin Avenue has a chance at a makeover, as it’s one of the most important streets in our downtown core.

Personally, I’d like to see some traffic-calming features on Hennepin, such as narrower lanes and bump-outs at the intersections (to make a shorter crossing distance when walking on Hennepin). I also think we should look closely at lowering the speed limit on Hennepin so make this street more appealing to pedestrians, cyclists, and businesses like cafes and bars that want a more pleasant street for outdoor seating.

I’d also like to see physical protection for cyclists in the protected bike lanes, perhaps in the form of rectangular planters on either side, which would help prevent pedestrians from wandering into the bike lane and provide better protection for cyclists from motor vehicles. I like the idea of gradual curbs, but am worried cars or delivery vehicles will climb up on them for short-term parking and block the bike lane. I’d rather not have the ugly “plastic sticks” that seem to be synonymous with protected bike lanes in our city, especially on an important street like Hennepin.

Come to think of it, the protected bike lane design for the 3-lane proposal on 3rd Avenue South (which did not pass city council) would be something that I would support. That design called for planters to protect the bike lanes.

I’d also like some assurance that what happened with the 3rd Avenue design process will not happen to Hennepin Avenue. Plans were developed for a 3-lane design on 3rd Avenue, presented to the Bicycle and Pedestrian Advisory Committees, then it seems that city staff was directed to push forward a 4-lane design plan at the last moment by CM Lisa Goodman. Is that going to happen here as well?

I’m cc’ing CM Goodman on this email to remind her that this has been the second public meeting regarding Hennepin Avenue that has taken place, and that local business owners are welcome to provide feedback. The feedback I have heard at both meetings indicates that the community is supportive of cycling, pedestrian, and transit improvements in this corridor. I want to make sure businesses are part of this process too, as past experience tells me that they haven’t always been “engaged” early enough in the process.

If the plan is to create a “feel-good” design experience for the community only to have the plans altered at the last second by the unknown demands of local businesses, please let me know so I don’t waste my time with this process. Thank you,

Anton Schieffer

CISA is a terrible cybersecurity law

In what has become an annual tradition, Congress has renewed their efforts to pass some type of cybersecurity legislation. For the past four years, privacy advocates and security experts have consistently opposed these bills due to inadequate protections of American civil liberties, and this year’s offering, the Cybersecurity Information Sharing Act (CISA), is no exception.

CISA greatly expands the scope of government surveillance at the expense of American civil liberties. The bill would allow private companies to share any data they’ve created and collected with the government, who could then use it for their own purposes.

Data sharing can be useful, of course. To combat cyberthreats, private companies already share data with each other, and refer to this type of sharing as “threat intelligence.” Threat intelligence isn’t perfect, but helps companies identify dangers online in order to mitigate risks and secure their networks.

But this bill goes much further than that. CISA makes all information-sharing easier between the private sector and the government, not just for information relating to threats. For example, the federal government could use data collected from Google or Facebook during a criminal investigation. This violates the principle of due process, which suggests that courts should have oversight into how government agencies conduct investigations.

In this sense, CISA provides a clear way for the government to get around warrant requirements.

In exchange for providing this information, the bill grants legal immunity to private companies who break the law or who have poor network security. Thanks to this provision, it’s no surprise that industry groups like the Chamber of Commerce and the Financial Services Roundtable have been lobbying for this bill. CISA would also create a new exemption to Freedom of Information laws, preventing Americans from discovering what data about them is being shared with the government.

This immunity means that the government will be unable to prosecute companies who do not adequately protect their customers’ data. This is likely to lead to fewer resources being dedicated to cybersecurity threats, as the threat of a fine or lawsuit is reduced.

The growing volume of data that private companies gather on Americans makes this legislation more problematic. Google knows the contents of your email, as well as your search history, videos you’ve watched, and even where you’ve been. Facebook knows who your friends are, what type of articles you like, and whose profile you’re most likely to click on. To grant the government access to this information with no oversight on how it is used is not only unconstitutional, but also morally objectionable.

CISA advocates claim that there are adequate privacy protections to “scrub” personal data before it reaches the FBI or NSA. But included in the bill are loopholes which allow for unfettered access to this personal data at the discretion of these same government agencies.

If Congress is serious about addressing the evolving threats posed by criminals online, there are a number of proactive steps that should be taken. The Computer Fraud and Abuse Act of 1986 is in need of an overhaul. It’s ridiculous that our primary law written to stop computer crimes was written when the chief threat to the United States was the Soviet Union. As currently written, the law prevents security researchers from doing their jobs, such as building tools that help mitigate threats before the bad guys exploit them.

Second, Congress needs to get serious about the threat posed by the ‘Internet of Things. We know that Volkswagen intentionally evaded emissions testing by writing a few extra lines of computer code. We need to know that our self-driving cars, voting machines, and medical devices are working properly and securely, and cannot do so without being able to audit the code that powers them. We shouldn’t wait until a criminal takes control of these devices to begin properly securing our infrastructure.

We need legislation that addresses current and future threats. There are few, if any, cybersecurity experts that believe this bill will improve overall security. Nothing in the bill would have prevented major data breaches like what occurred at the Office of Personnel Management, which exposed the personal details of millions of innocent Americans, some at the highest levels of government. To the contrary, this bill would put even more data on the same insecure government servers that have already been exploited by criminals.

PostScript

I was hoping to have an edited version of the above published somewhere, but with the vote being likely to happen tomorrow, there isn’t enough time. That said, below are some accompanying notes for those who want to dig a bit deeper.

The first glaring hole with this bill are the lack of cybersecurity professionals who support this bill. I actually scoured the Internet to find someone respected within the industry who thought this was a good bill, and was unable to find a single one. On most other security-related issues, such as the potential regulation of 0day markets, there are a few different camps that security experts fall into. There is no such pro-CISA camp.

While I often side with the EFF on Internet-related issues, even experts that I usually disagree with politically are opposed to this. This letter in opposition to CISA features many respected information security experts (including Bruce Schneier), and Brian Krebs has also commented on why the bill is misguided:

So when experts are opposed to such a bill, who exactly is supporting it? As I mentioned above, the Chamber of Commerce and Financial Services Roundtable are two of the industry groups that support it, and the reasoning is obvious. Companies and banks that have poor information security practices become immune to cybersecurity-related lawsuits, provided they share their data with the government.

This incentive also makes data-sharing for companies less than the “voluntary” proposition that advocates claim. Instead of securing their networks, CISA creates a perverse incentive to reduce the impact of network security when doing a cost-benefit analysis. If this bill passes, there are two important ways to reduce the risk of a cybersecurity-related lawsuit: secure your network OR share your data with the government. While some companies like Facebook and Google will never share *all* their data with the government, they would be foolish to not share *just enough* data to keep themselves immune from lawsuits.

While often the backing of the financial industry is enough to pass legislation, they have a powerful ally in the intelligence community. Here’s some good reading on the intelligence community‘s potentially changed role if CISA passes.

But to me, the key reason I dislike this bill is deception. I don’t like that this is called a “cybersecurity” bill. It’s a surveillance bill. Snowden’s revelations have shifted the political landscape to largely oppose state surveillance, which makes it amazing that a bill which hands over large amounts of data to the state is close to passage.

As I briefly mentioned at the outset of my initial piece some of this has to do with issue fatigue. After witnessing the eventual passage of this bill (I consider it the successor of CISPA, first introduced in 2011), I am much more pessimistic about the future of American politics. The voice of industry professionals and civil liberties groups will never be as loud and sustained as those of industry groups who represent clients who all stand to benefit.

But the other reason I hate this bill is that it confuses real security with a false sense of security. The classic misdirectional dialogue applies:

“The situation is bleak, something must be done.”

“This is something, therefore this must be done!”

The Internet of Things presents an entirely new, and more immediate problem. We’re living in a world where new devices are not only running more code than ever, but are also reliant upon internet connections in new ways. Why does my thermostat need to be connected to the internet in order to keep my house’s temperature steady? Dick Cheney’s doctor disabled the WiFi on his patient’s pacemaker due to the threat posed by hackers, so why do the rest of American citizens accept such a risk?

They don’t, they’re just unaware of the reality of the threat. These threats will only increase as we push towards “modernization” without any thought for the consequences. I’ll write a bit more on the problems with the security of the Internet of Things in the coming months on my blog.

And finally, I’ve linked to her blog multiple times in this post, but there was another good post over at emptywheel which sums up why this is a bad bill.

A tiny project

So last weekend I realized that the City of Minneapolis maintains a lot of email lists (I think you need to enter an email address to see them after following that link, but it’s quite a few). I was curious to learn more about what was on them, but there wasn’t an obvious way to read the archives of each mailing list. And I surely wasn’t going to sign up for over 100 mailing lists just to get a taste of what they were sending out.

So I made a new website and twitter account in order to get a better sense of what’s going on in the city. Each email sent out by the city to any of their mailing lists is published online in a new post, and a link to that post is tweeted out. Simple!

I apologize for the Geocities-esque aesthetics of the website, but the emails don’t use consistent HTML and my email parsing utility was pulling some crazy shenanigans with nesting and CSS, so this is the best I cold make it look in about an hour’s worth of time. (I work in infosec, not web design.) Got a better idea? Tweet me or send an email.

Obviously in the future I’d love to have a calendar, and the ability to only see messages from one particular mailing list. Even better, I’ve asked the city to look into doing this for me. Hopefully the folks at GovDelivery can get this simple problem taken care of and increase online engagement between the City of Minneapolis and its residents.

National Security Letters and the USA Freedom Act

Several sections of the Patriot Act were allowed to expire at midnight on May 31, 2015, including the controversial Section 215, which allowed for government collection of bulk phone records, among other things. All indications are that the collection of bulk records will resume under the USA FREEDOM Act, but with slightly different verbiage which should allow for greater oversight. It’s not a perfect solution, but making small steps in the right direction is progress, especially in a politically-charged legislative environment (seems like things get done when Presidential Hopefuls take an interest in showcasing their “leadership” skills on certain issues).

Other reforms which are unrelated to Section 215 have also been introduced by the USA FREEDOM Act. One overlooked reform effort relates to the use of National Security Letters (NSLs) during government investigations.

In the past, when a government agency such as the FBI has requested documents or information from a person or entity, the request is accompanied by a gag order which prevent the person who received the letter from disclosing its existence. Over 300,000 NSLs have been issued since 2004, making them a powerful investigative tool which can be used without any judicial oversight. Nick Merrill was the recipient of one such NSL, and he was technically not allowed to tell anyone, even his lawyer, about it (he did anyway and successfully sued the US government). A group of librarians also sued the US government after receiving requests for information on library patrons with such a gag order attached.

The new provision still allows for these gag orders, but opens the door slightly wider for a challenge, as recipients are now allowed to share their existence with their lawyer. It’s disappointing to admit that a law which allows sharing information with a lawyer is considered progress, but it’s a reminder of how backwards some Patriot Act provisions are.

Of course, the USA FREEDOM Act does not solve the actual problem, which is that the FBI can still issue NSLs without any judicial oversight. Police are required to go to judges with evidence before they are issued a warrant. If the FBI is not held to a similar standard, NSLs essentially act as unsigned warrants which allow for unchecked power and the abuse that comes with it. I believe we should continue to fight for the abolition of NSLs, as all law enforcement actions need to be accountable. Even the President’s Review Group on Intelligence and Communications Technologies suggested that NSLs be subject to more stringent oversight (p. 89).

Letter to NY Times public editor

I’m trying to get in the habit of cc’ing the internet when I write to institutions, so here’s an email I sent to the New York Times public editor.  I’ll update with any response I receive.

To the Public Editor,

I am writing today about “Eyes Everywhere”, a Sunday Book Review of Glenn Greenwald’s recent memoir.  I found it on the web and am unclear on whether it has been published in the paper or not.
My primary criticism, which I will keep brief, boils down to the fact that this writer is clearly biased against Mr. Greenwald.  While I appreciate the candor of the reviewer – no attempt to conceal the bias is made – perhaps there is someone else who could review the book who doesn’t have such an axe to grind?  His sweeping generalizations (“Greenwald quotes any person or publication taking his side in any argument”), defense of weak journalism practices (“It seems clear, at least to me, that the private companies that own newspapers, and their employees, should not have the final say over the release of government secrets, and a free pass to make them public with no legal consequences. In a democracy (which, pace Greenwald, we still are), that decision must ultimately be made by the government.”), and assertions that Greenwald has been reckless with his reporting are all examples of a lazy review.
For the record, I’m currently a little over halfway through the book, and while it’s just a memoir and might only be interesting to a small group of people, I don’t think a book review is an appropriate place for the New York Times to continue its criticisms of Mr. Greenwald.  Furthermore, I hope that the editors of theNew York Times do not share Mr. Kinsley’s views regarding the role of journalism in modern society.  Expecting transparency from government institutions without the ability for journalists to publish government documents is a hopelessly naive position to take.

Open Letter to Katie Sieben on Ranked-Choice Voting (RCV)

I wrote an email to Senate Subcommittee Chair on Elections Katie Sieben (sen.katie.sieben at senate dot mn), and I encourage you to do the same if you want to encourage the possibility of ranked-choice voting in cities across Minnesota:

I was disappointed to read your quote in the Star Tribune editorial about ranked-choice voting.  Obviously your position means more than more others, as you are the Chair of the Senate Subcommittee on Elections.  Ranking preferences of candidates is not “too complicated” for voters.  In fact, it’s much easier than deciding whether to vote for the candidate I really want, or to vote for the candidate who is most likely to defeat someone I want out of office.  *That* creates a much more complicated scenario than it needs to be!

All cities in Minnesota should at least have the option of exploring whether RCV would work for them.  There must be a stronger argument against RCV than “it’s too complicated” and I would like to hear it.  Even grade schoolers know how to rank things.

One reason I am writing this letter today is the dismal turnout (six percent) at yesterday’s primary for Hennepin County Commissioner.  While it will always be challenging to encourage turnout at off-year primaries for special elections, RCV would eliminate the primary and allow Minnesotans to vote just once for important positions.  Minneapolis proved last year that RCV is a smart way to handle elections when many candidates are seeking office.

Please reconsider your position on ranked-choice voting.

Hennepin-Lyndale repaving project

After reviewing some of the preliminary plans for the upcoming Hennepin-Lyndale Reconstruction Project, it seems like this is going to be primarily a road paving project.  I was hoping that more improvements would be made for those of us who walk, bike, and use mass transit in this corridor.  I’m honestly a bit skeptical about what can be done to lessen the bellyaches of everyone who travels through this area, regardless of vehicle choice.  (Personally, I’m in favor of something inspired by the Walker – maybe something avant-garde like removing all the stripes on the road and replacing road signage with Kandinsky paintings)

However, a few rather simple changes could make some intersections much more safe and friendly for cyclists and pedestrians.  I live in the Whittier neighborhood, but I have stayed away from biking north or south along Hennepin due to safety concerns, and it’s one of the only stretches of “protected” cycletracks that I tell novice cyclists to avoid.  Let’s look at some problems and (more importantly) some solutions…

Hennepin & Oak Grove:

LyndaleOakGrove-300x230

As a cyclist, there are a few dangerous circumstances here that can be mitigated through smarter street design.  The first is west-facing traffic on Oak Grove attempting to turn north.  While there is both a “No Turn on Red” sign as well as a bright swath of day-glo paint, cars still meander into the bike lane, even if they don’t intend to break the law by turning on red.  This can cause accidents as well as prevent cyclists from entering or exiting Loring Park safely due to the placement and necessity of a curb ramp.

This problem is easier to solve than you’d think, and we can use how drivers interact with the road to our advantage.  One way to do this is to supplement the signal marked at (1) with an additional signal marked at (2).  Cars tend not to move past where they can see all traffic signals which apply to them, so by moving a light closer to where traffic should actually stop (and maybe complementing it with a “Stop Here On Red” sign), it gives an indication that they should not proceed past that point.   One example of this behavior occurs further south, at this intersection where traffic from 94 can get to Lyndale or Hennepin:

94LyndaleSouth

While this intersection isn’t perfect either, cars tend to not stray into sidewalks or bike lanes largely due to signal placement and signage.  (Of course, these cars are exiting off a freeway and into an urban setting, which may lead to more malleable behavior, but I digress)

Looking back at the picture of Hennepin and Oak Grove, another major problem is the combined cyclist/pedestrian lane.  It’s inconvenient and dangerous for a number of reasons, partially due to the fact that it’s on a hill.  As northbound cyclists gain speed on the hill, they must pass groups of pedestrians (whose behavior can be erratic) while monitoring any southbound cyclists who may be also avoiding pedestrians or overtaking one another as they climb the hill.  In addition, before you get to Oak Grove, try to figure out which northbound right-turning cars will yield to you and which ones will cut right in front of you; something that can only be ascertained by observing whether a driver is looking at their mirrors.  (plus there are always the drivers who turn without signaling, which is always a fun surprise) That’s a lot of things to pay attention to!

But we can improve safety by limiting the things a cyclist needs to be aware of.  Removing the area where pedestrians and cyclists share a single lane and extending the sidewalk between Groveland to Oak Grove would accomplish this.  Yes, it means asking St. Marks to give up some space, and that might be an unpleasant conversation, but it’s one that needs to be had if this city is serious about improving alternative transportation infrastructure.   The problem of northbound traffic turning onto Oak Grove is a challenge that I don’t have a better solution for (though I’m open to suggestions).

Hennepin & Groveland:

HennepinGroveland

For cyclists, this intersection sometimes feels more safe than Hennepin & Oak Grove, due to fewer moving parts.  But the near-misses I witnessed here were the ones that caused me to rethink using this stretch altogether.  Each instance played out exactly the same – a southbound cyclist in front of me would approach the intersection and a driver would pull into the intersection completely oblivious of all activity on their right side.  The driver was so intent on figuring out how to turn right into those 4 lanes of oncoming traffic that they completely ignored the green paint and the cyclists they nearly ran over.

The best fix for this is to forbid right turns on red and to implement the same types of traffic signals that I mentioned earlier which discourage turning.  Add a signal prior to the bike path and make a clear “Stop Here on Red” sign to keep the prospect of turning out of the driver’s mind.  As long as I’m making demands, why not push westbound-facing drivers back 5-10 feet, both here and on Oak Grove?

Even if moving the west-facing drivers back isn’t an option, can we at least move the median at Groveland back or make it more friendly to pedestrians?  Pedestrians don’t want to climb over that thing, and instead they walk in the green painted area, and when the light changes it’s hard to find enough room for pedestrians and cyclists going both ways.  Again, this is also a problem that could be solved by extending that sidewalk down the hill to Loring Park.

Franklin & Lyndale:

And while it’s outside the scope of this project, it would be really nice to address that stretch from where the bike lane ends at the 94 ramp to Franklin Avenue.  I know in an ideal world we’d all ride on that cool bridge to our single-family homes in LHENA, but some bike-loving folks live in Whittier too.  To stay law-abiding, these cyclists are encouraged to go out of their way by taking the bridge and then biking down a giant hill on Franklin Ave, through the intersection with Lyndale (an intersection of two county roads – what could possibly go wrong?), then back up a giant hill.

As someone who has lived near this intersection for years, this is encouraging unsafe behavior.  The safe alternative is to illegally ride on the sidewalk past Rudolph’s – so why not come up with a way to make safe cycling legal?  One possibility would be to remove the street-level parking between 94 and Franklin and add a short protected cycle track.

Anyway, those are a few thoughts on how to improve bike and pedestrian experiences with a minimal investment in infrastructure. Once this repaving project is completed, it may be the last time we have an opportunity to address these issues for awhile.