Board Meeting January 16, 2020

Hey there Makers!

Our next board meeting will be this Thursday January16th at 7pm at 1500 Douglas!

All are welcome to sit in with the new board as we go thru the agenda.

We will be discussing:

  1. CCTV Policy
  2. Bingo Volunteers
  3. Help needed at Booth

The agenda for Thursday can be found on the wiki under the following link:
http://makeict.org/wiki/January_16_2020

If you think something is missing from the agenda or just needs to be added, please contact the Secretary at Secretary@makeict.org or reply to this post.

3 Likes

Here’s the proposed new camera policy:

Security handles all camera related issues.
Before divulging any footage outside of the security team, IT or Board of Directors, security must have it approved by the Board of Directors.

Is there any more to the CCTV policy? Is there a policy draft I can read? Is there any oversight or restrictions of the security team’s use of the cameras? What about live-viewing on-site and off-site?

What is the rationale for discarding our existing policy? What problems are you trying to solve here?

We asked other makerspaces what their policy are and most just put up signs letting their membership know cameras are in use. I looked at Dallas, Nova Labs, and Hammer Space none of them have a camera policy. I googled makerspace policy everything that came up was for libraries and didn’t cover cameras.
Here’s the link to the current policy.
http://makeict.org/wiki/CCTV_Policy
@alysajaunice is this in addition to the current policy or replacing it?

1 Like

I think if we put some signs up that say like “for your security we use cameras and death lazers” then underneath a sign that says “death lasers are temporary out of service” we should be good.

2 Likes

Yes, Malissa, this is to replace the current policy. Several members brought it to the board’s attention that our current policy wasnt quite suiting our needs.

No one goes and spends their days deleting footage to maintain the 10 day rule, they just let it auto-delete the oldest footage as it fills up, and frankly, we don’t have anyone referring to it unless there is an issue brought to the attention of security which is maybe a couple times a year. Security mentioned that many times issues arent discovered within 10 days, anyway, and they don’t feel it makes sense to limit it if we have the ability to just let the data auto-delete the oldest footage as it fills up. It makes sense to let them do the unpaid job we entrusted them to do and use the security systems we have in place to the best of their ability.

Security under the new policy will be able to defer to IT when needed for help setting things up, troubleshooting and fixing things to keep our space protected from theft, damage and other such things. This is something IT voiced concerns about with the current policy, because only 3 people are allowed access to the system- which isn’t even ideal in our current location because people have day jobs and IT and security both need to be able to access the system at times. Limiting to 3 severely limits security from allowing their group to share the burden and with the new location we are expecting to expand our membership significantly which means there’s likely going to be a need to expand how many people are helping in each area, including with security.

Also, it expressly states that the policy is for our current location which means it doesn’t cover the new building, so it seemed like a good time to have another look at the policy since needs will be different at the new building even when just considering the scale alone.

I got very minimal input from the admin email, and one tip was to do something we do often- ask other makerspaces what they do!

So, I did just that. I asked other makerspaces for a link to their camera policies and input and every single one said they don’t even have a camera policy. They have signs posted saying “smile, you’re on camera” or something to a similar effect and they let their security team do their job from there.

I brought these findings up at breakfast with the board and we agreed that that made a good deal of sense for our space as well (with the caveat that if footage is to be shared beyond the security team, approval was needed by the board.)

5 Likes

I appreciate the fact-finding you did, and agree with some of your conclusions such as the 10-day limit is not a useful restriction. I saw the facebook post you made on the NOM group and thoughtfully read the replies from other makerspaces.

I disagree with this new policy. It sounds like Security chafed at the existing restrictions, some of which could reasonably stand to be updated, and it was easier to say “lets gut the policy and let them handle it.” I recognize the sentiment to “let them do the unpaid job we entrusted them to do” but part of being in an oversight position is saying no when appropriate. We don’t let people use a laser cutter without a detailed access policy, why should access to a powerful security system be any different?

I am particularly concerned there is no statement of when it is and isn’t appropriate to access live-viewing, especially off-site viewing of the cameras. When a security lead has free time and is bored, only when an alarm goes off, when, why?

There isn’t any oversight over who accesses the cameras, one security lead can just hand-off access to another, no reporting to the board is needed. Just a blank check to do whatever, whenever, with whoever.

I presented a few scenarios in the admin list of how this system could be abused, chiefly that a man could use the system to spy on a woman in the makerspace without her knowledge. The issue of background checks was brought up a few years ago, to my knowledge we are not performing those on either general members or members of security. We also learned that our insurance does not cover sexual offenses committed by a member at MakeICT.

Take a look at this article by the ACLU about abuses of CCTV. The arguments here are about government abuses, but most carry-over to the private world as well, particularly about voyeurism, personal abuses, and discriminatory targeting.

The escalation of power of one group of members, without any oversight whatsoever, is deeply troubling. I would remind you why the three nerd rule exists, because entrusting one person or small group to dispose of small-change property wasn’t feasible and was abused. We have a detailed policy to get rid of a ping-pong table, but not to protect our members from abuse of a powerful tool.

This policy is an abdication of oversight and would be a mistake to enact.

Remember we are volunteers (IT, Board, and Security) and this takes effort to go over this type of stuff. I understand that @Logan is passionate about this due to his own experiences.

@alysajaunice Thank you for taking the time to research things.

My opinion is writing a large policy will mostly be a waste of time. People that read and try to follow them it won’t be needed. I happen to read everything, and try to follow the rules. That is why I brought up the original issues with the past CCTV policy that started this. Sorry, but I will respond.

The policy as written has structural issues from the IT point of view as implemented at Booth currently, and only applies to 1500 E Douglas as noted by @alysajaunice.

@logan I think there is some merit to what you are saying. Simple language could spell out what is required and acceptable could be useful.

If I were writing things I would add this. (Sorry @alysajaunice for not getting back with you to help with this policy).

  1. Camera system should be secured and NOT publicly view able. (It is)
  2. No casual viewing without cause.
    • I would leave this up to Security to define it. (I think the original list was to limited to be fully useful).
  3. Simple reporting requirement to board when searches are done.
  • Maybe just have the system sent a login notification to the board when someone logs into the camera system. There are logs now.
  1. Each person is given separate logins. (They are)
    A) Security Members ( I would allow the security group to speak to this)
    B) IT members people should have access to the system when related to IT work to verify system is functioning properly.
    • Any use outside verifying system functionality is not authorized.
      • Any requirement to get access to do maintenance would be a burden on both sides for volunteer time.
  2. Board approval to release footage (sure)

I would like to drop the 10 day requirement because I think it is very short. I think 30-60 days would better, or none at all. It will delete recording when it needs space.

@Logan
I think your arguments about governmental surveillance has any relation to MakeICT is a stretch. The only part of your linked article that would apply here “Voyeurism”, the others don’t apply, and can be stopped by a policy.

  • If you are saying that if you open your system up to the world or general membership with very detailed ways of tracking someone by external bad actors, then I agree with you.

  • If you are saying that no policy will lead to possible bad actions by Security/IT then I think your argument is simplistic and a waste of time. Any bad actor would in general ignore the rules when committing something that is strongly against our rules and/or illegal.

@Logan I hope you have facts to make such a statment. If not I think you are out of line to baseless assertions and should apologize. It is hard enough to spend your personal time when things are going well and harder to do it when like this are said.

The best I could say is that this policy is a simple CYA exercise.

2 Likes

Logan,

I have heard this discussed at two different Coffee with the Board mornings. I have heard discussion and a deferred decision at the last Board meeting.

  1. Comparing a voluntary organization with a government is ridiculous.
  2. Not trusting a small group of volunteers that have an extensive list of volunteer jobs in addition to looking at Security Video borders on absurd. Which small group would you choose to trust in a voluntary membership organization? The Board? A separate Video team? Or perhaps we should put a display out front with feeds from all cameras looped for showing over the next week, and allow everyone to watch? Who do you trust? I find it easier to mind my own behavior and trust others to do the same; until they demonstrate otherwise. In my 6 months, I have met and worked with all members of the Security Team, they have not demonstrating that trust is lacking or even questionable. If you have info otherwise, you should present it to the Security Lead and President. If not why the concerns? Handle future concerns about specific people at the time they get into a position of trust that causes you heartburn.
  3. If you don’t want to be on video, don’t remain a member. Don’t walk down the street, you will get recorded by a Door Bell Camera. Don’t drive around Old Two on Friday or Saturday night. Don’t walk into a store or a mall or even some churches. Certainly, do not enter your building.
  4. Video surveillance is a fact of life in the 21st Century. The KISS principle works. The proposed policy is a great example of the KISS principle at work. The Board has used this before.
2 Likes

I don’t really know where the “Security chafed at the existing restrictions” came from as I don’t believe security started this discussion. That said, the only part of the existing 1500 E Douglas policy, I strongly disagree with is the 10 day retention. Several times in the last couple years, security received indirect reports of alleged member misconduct a week after the incident which leaves small time frame to recover any relevant video evidence. It isn’t practical make volunteers jump through hoops over an artificial, self-imposed limitation. As a matter of storage disk space, I would recommend designing toward data retention of 60 days of footage.
I don’t feel the need to pick apart the rest of the existing policy although it appears to a selection of solutions looking for a problem. When possible we need to keep things a simple as possible.
I am fine with the very abridged policy has been proposed with a single caveat regarding release to support criminal investigation. It would be inappropriate to require a board vote to release evidence pursuant to a law enforcement investigation. I suggest the verbiage, “Lead Security Officer may release video footage as deemed necessary to support law enforcement investigations. In all other cases, release of video footage is only authorized by board vote.”

1 Like

Logan, to be honest, I consider you an outlier in regards to camera policy. I think that you aren’t representative of the vast majority of the membership. From those I’ve talked to, all of them consider restriction on release of video to the public to be reasonable, and they expect that we’d have good coverage of video to protect our organization and its members from criminal acts and civil liability. The video is very helpful for reviewing accidents and other incidents, and a camera does not lie or color the truth. Many consider being on our cameras no different than being on camera in Old Town, at WalMart, or in any other place frequented by people. I understand that you may have good reason to feel the way you do about our proposed camera policy, but your experience isn’t typical of our membership at all. Most of our members want our makerspace to have good security cameras in use, and trust that those we put in charge (Security) are reasonable and circumspect in carrying out their duties. If at some point down the road, we find that there is a case of misuse of recorded video, it would certainly be addressed.

2 Likes

Thank you for more feedback this go-around, everyone! With the original incredibly simplified proposed policy, my goal was to more closely follow suit with other makerspaces. I do not have any issues with adding:

And

So, a new policy with those edits looks like this:

Security and IT handle all camera related issues relevant to their title.
•The Lead Security Officer may release video footage as deemed necessary to support law enforcement investigations. In all other cases release of video footage is only authorized by board vote.
•Each person with access to the footage must have individual log-ins. A log must be kept and be accessible to the board.

1 Like

I probably came off as more aggressive than I needed to be. To Security and others, I’m sorry I resorted to speculation. I was frustrated by this whole process and lack of information. Also, I hope that nobody thought I was calling them out specifically, or alleging malfeasance, as I have no reason to believe that has occurred.

My opinions and thoughts are colored by my experience building and then living under a CCTV surveillance system that was abused. I don’t want to see something like that happen again. When I realized that I and the other tenants in my apartment were under surveillance by a creep, it gave me a really cold gross feeling.

I am glad to finally hear from security the actual problems they had with the old policy. I was limited to speculation of the reasons why there was a desire for a change, now I know. Ken wants a longer retention time, and I agree 100% that is something we can change, no problem. I also endorse Tom’s points that there should be no casual viewing without cause, and that a report to the board be made when a search is done.

I agree with the fundamental need for CCTV recording at the makerspace. I actually installed the first DVR and some of the first cameras at the makerspace, and helped review footage from time to time when requested. I also donated a DVR and cameras to be used at Booth, recognizing that we do in fact need them there.

I make a big distinction between reviewing recordings (the past) and live view (surveillance). I see little risk in reviewing recordings but a much larger risk with live view because that information is actionable in real time. I don’t think that distinction has been made clear. Recording does not equal surveillance.

I realize that a policy will not stop determined people from doing what they want, the same as laws don’t stop people from doing bad things, but it sets an expectation and standard to follow and communicates ideals.

1 Like

Not to get into the philosophical weeds too much here, but there are a lot are people here that don’t seem to understand the purpose of a rule. Since the Hammurabi Code, rules have not been intended to prevent bad actors from doing bad things. Never have, never will. That is not and never will be a reason for just not having rules. The purpose of a rule is to prevent good actors from doing bad things by informing them of the expected correct behavior and to provide a mechanism for identifying and removing bad actors.

Also, if you think that comparing the government to a non-profit is what Logan was doing, you missed the point, its about power, not paychecks. The abuse of power does not depend on a paycheck. The point is: people who are in power and given powerful tools can abuse that power, intentionally or inadvertently. Full stop. If you want to discuss other points like how we’re a small organization that’s big on community building, we trust each other, and (mostly) know each other, those are valid points and good justification for a simple policy.

I’m not on one side of big policy/small policy/no policy or the other because I fall into the category of members David describes that aren’t concerned about the cameras. If we DO have a policy, I think the line “Security footage is only to be accessed in the event of an incident that needs to be investigated” covers a lot of concerns. It’s flexible because what an “incident that needs to be investigated” is up to reasonable interpretation, and it specifically designating “security” footage allows us to set up public-facing 3D printer time-lapse cameras if we feel like it without violating security policy.

1 Like

I, too, had very little concern about what a camera policy should look like before being directly asked to devise a policy for Booth. With very little initial input, I defaulted to doing what we quite often do which is to see what other makerspaces are doing - Dallas being our most common reference. In doing this, I wasn’t able to even find a policy to refer to and many other spaces directly announced that they don’t have one at all. With that knowledge, I backpedaled a bit and came to the realization that perhaps we are overthinking and over-worrying about it. This led to the initial very simplified policy. I really don’t have strong feelings about the issue, however, and I am not bothered by adding a few caveats or specifications, though I would like to still keep it simple and minimal as we’re already outliers for even having a policy in the first place and other sucessful makerspaces are usually our bar for which we tend to measure ourselves on issues such as this.

With that being said, you make a good point about specifying security cameras in the policy. So, a new policy with that added specification looks like this:

Security and IT handle all SECURITY camera related issues relevant to their title.
•The Lead Security Officer may release video footage as deemed necessary to support law enforcement investigations. In all other cases, release of video footage is only authorized by board vote.
•Each person with access to the security footage must have individual log-ins. A log OF FOOTAGE ACCESS must be kept and be accessible to the board.

The reason the final statement is in there is because this allows the board to note any suspicious use of viewing and investigate and handle it accordingly which offers a checks and balances for the security and IT teams but still allows them access to handle their job without any delay which might be vital in certain situations.

2 Likes

There is no way that if, for example, the alarm monitoring company calls Ken because of an alarm, and Ken runs up his phone for a quick look at the building in the middle of the night, he’s going to be amenable to logging and reporting that to the Board or anyone else. I’m still in favor of giving Security the ability to do their job without constant interference from the Board. They have always been responsible with their access, and I don’t expect that to change. If it does, then we change Security personnel. What we don’t need is paperwork.

Some rules in the wood shop are not everyone’s first choice, but since Doug has the responsiblity, he has the authority, and vice versa. I see absolutely no reason to apply that principle differently to Security. General rules about releasing video, sure. Reporting every time they have to look a recording, no way. You won’t have any Security people left.

This policy needs to be maybe two lines.

The access logging would (presumably) be automatic in the software and available for review if needed.

3 Likes

Okay, three lines.

Of course, now we need a policy on when the Board can request access to the log of footage access, and we need to log that for review.

Board members should be able to view logs at any time for any reason. Would the log show which cameras and what time of recording were reviewed or just the time of the review?

I read the policy regarding law enforcement access is not requiring a subpoena. I am fine with that, just a clarification.