Architecture Overview
A robust rapid response network requires:
- Public Layer - Static website (GitHub Pages)
- Private Layer - Local server for sensitive operations
- Alert System - SMS/Signal notifications
- Data Aggregation - Flight tracking, facility monitoring
┌─────────────────────────────────────────────────┐
│ PUBLIC LAYER │
│ (GitHub Pages / Static Site) │
│ - Know Your Rights content │
│ - Facility directory │
│ - Resource guides │
└─────────────────────────────────────────────────┘
│
▼
┌─────────────────────────────────────────────────┐
│ PRIVATE LAYER │
│ (Local Express Server) │
│ - ADS-B API queries │
│ - Alert dispatch │
│ - Sensitive data handling │
└─────────────────────────────────────────────────┘
│
▼
┌─────────────────────────────────────────────────┐
│ ALERT SYSTEMS │
│ - Twilio SMS │
│ - Signal webhooks │
│ - Email notifications │
└─────────────────────────────────────────────────┘
Public Layer: Static Site
Why Static?
- No database vulnerabilities - Immune to SQL injection
- High availability - Survives traffic spikes during raids
- Fast delivery - Edge-cached globally
- Free hosting - GitHub Pages, Netlify, Cloudflare Pages
Technology Stack
11ty (Eleventy) - Static site generator
SCSS/BEM - Styling architecture
GitHub Actions - CI/CD deployment
GitHub Pages - Hosting
Deployment
# Build and deploy
npm run build
git push origin main # Triggers GitHub Actions
Private Layer: Local Server
Purpose
Handle operations that require:
- API credentials (ADS-B, Twilio)
- Real-time data processing
- Sensitive report intake
- Alert dispatch
Basic Setup
// server.js - Express server
const express = require('express');
const app = express();
// ADS-B monitoring endpoint
app.get('/api/monitor-flights', async (req, res) => {
// Query ADS-B Exchange
// Filter for known ICE contractors
// Return relevant flights
});
// Alert dispatch endpoint
app.post('/api/send-alert', async (req, res) => {
// Validate request
// Send via Twilio/Signal
// Log (without PII)
});
app.listen(3000);
Cron Jobs
# Check flights every 5 minutes
*/5 * * * * /usr/bin/node /path/to/flight-check.js
Alert System Integration
Twilio SMS
const twilio = require('twilio');
const client = twilio(ACCOUNT_SID, AUTH_TOKEN);
async function sendAlert(message, recipients) {
for (const phone of recipients) {
await client.messages.create({
body: message,
from: TWILIO_NUMBER,
to: phone
});
}
}
Signal Integration
Use Signal CLI or Signald for automated messaging:
# Send to Signal group
signal-cli -u +1YOURNUMBER send -g GROUP_ID -m "Alert message"
Alert Triggers
| Trigger | Action |
|---|---|
| Charter flight approaching local airport | SMS to legal observers |
| New facility transfer detected | Signal to attorney network |
| Report submitted | Notify rapid response coordinator |
Data Aggregation
ADS-B Exchange API
const axios = require('axios');
async function checkFlights(icaoHex) {
const response = await axios.get(
`https://api.adsbexchange.com/v2/hex/${icaoHex}/`
);
return response.data;
}
// Known ICE contractor hex codes
const contractors = [
// GlobalX, iAero, Eastern, etc.
];
EOIR Docket Monitoring
Cautiously monitor court dockets for case changes (respect ToS):
// Check for docket location changes
// Indicates facility transfer
Facility Data
Maintain local database of:
- Facility contact information
- Visitation schedules
- Known issues
- Last update timestamps
Privacy & Security
Protecting Reporters
const ExifParser = require('exif-parser');
function stripMetadata(imageBuffer) {
// Remove GPS, timestamp, device info
// Before storing uploaded images
}
Data Handling
| Data Type | Retention | Storage |
|---|---|---|
| A-Numbers | Delete after case resolved | AES-256 encrypted |
| Medical info | Minimum necessary | Encrypted, access logged |
| Reports | Aggregate, anonymize | Purge PII regularly |
| Flight data | Public, can retain | No special handling |
Communication Security
Required for field operations:
- Signal for all coordination
- VPN for network protection
- Full-disk encryption on devices
- No location services during observations
IP Protection
// Don't log reporter IPs
app.use((req, res, next) => {
// Disable IP logging for report endpoints
if (req.path.startsWith('/api/report')) {
req.ip = 'REDACTED';
}
next();
});
Mapping & Visualization
Leaflet.js Integration
const map = L.map('facility-map').setView([39.8, -98.5], 4);
// Add facility markers
facilities.forEach(facility => {
L.marker([facility.lat, facility.lng])
.bindPopup(`
<strong>${facility.name}</strong><br>
Operator: ${facility.operator}<br>
Capacity: ${facility.capacity}
`)
.addTo(map);
});
Flight Path Visualization
// Plot historical flight paths
const flightPath = L.polyline(coordinates, {
color: 'red',
weight: 2,
opacity: 0.7
}).addTo(map);
Deployment Checklist
Server Setup
- [ ] Secure VPS or local server
- [ ] SSL certificates configured
- [ ] Firewall rules in place
- [ ] Regular security updates
- [ ] Backup procedures
API Credentials
- [ ] ADS-B Exchange access
- [ ] Twilio account
- [ ] Signal CLI configured
- [ ] All credentials in environment variables (not code)
Monitoring
- [ ] Server uptime monitoring
- [ ] Alert system testing
- [ ] Regular security audits
- [ ] Incident response plan
Operational Security Reminders
- Assume surveillance - Act accordingly
- Compartmentalize - Limit who knows what
- Verify identities - Before sharing sensitive info
- Secure communications - Signal, not SMS/email
- Physical security - Protect devices and documents
- Legal support - Have attorney on standby