Technology used by law enforcement in California will come under increased scrutiny after a request by the Joint Legislative Audit Committee this week. The committee voted late Wednesday to order California State Auditor Elaine Howle to investigate how police are using automated license plate readers, with particular focus on how the data they collect is shared with other law enforcement agencies, including federal entities like Immigration and Customs Enforcement.
The push for the audit was brought about in part by what the Electronic Frontier Foundation, a privacy-rights group, calls a failure by police departments to comply with a 2015 state law requiring them to provide public documentation of the readers’ use and to keep detailed logs of when associated databases are accessed.
“We have filed [Freedom Of Information Act] requests [with police departments] to find documentation, and time and again there isn’t a policy,” Dave Maass, an EFF senior researcher, told StateScoop. “Some are sharing data with 800 other entities and not keeping records. Searches are supposed to be logged.”
Maass said that in some cases, his group’s efforts to uncover information has been stymied by agencies’ non-disclosure agreements with Vigilant Solutions, a surveillance technology company that is the leading vendor of license plate readers to police in California. Many of those agreements, he said, are written to preclude law enforcement from complying with a public records request without the vendor’s approval.
EFF has also argued that police agencies are overly permissive in creating accounts for other jurisdictions, allowing them to search license-plate databases at will, raising the chances for data exposure or outright abuse.
Transparency advocates anticipate Howle’s audit will be more forceful than EFF’s public records requests. Howle’s office will send a questionnaire to every police agency in California, asking them to describe if they use automated license plate readers and, if so, how the data is collected and shared with other organizations. The audit will also include detailed examinations of the Los Angeles Police Department; Fresno Police Department; Sacramento County’s Sheriff’s Office and Department of Human Assistance; and the Marin County Sheriff’s Office and San Rafael Police Department, which share a license plate reader system.
Maass said that along with being the state’s largest police force, the LAPD is also one of the worst offenders of the 2015 disclosure law.
“They have not had a policy on their website,” he said. “They have not been upfront.”
The LAPD feeds information collected by its license plate readers into its predictive analytics system, he said, technology operated with minimal oversight and that has been criticized for increasing the racial bias of police activity. The department said earlier this year it plans to phase out its use of the predictive system.
Maass said EFF found that officials in Sacramento have shared license plate information with 800 other agencies as far-flung as Honolulu. While he said he doesn’t doubt the need of law enforcement agencies in nearby jurisdictions to help each other out on investigations — or cooperate with the FBI in federal operations — Maass questioned why a police department an ocean away from California would need access to Sacramento County’s license-plate database.
“No one should have access to that data who doesn’t need access,” he said. “Every time you add new a user, that’s another potential source of abuse.”
But police officers testifying before the audit committee defended their use of the readers, calling them one of their favorite investigative tools.
“Our officers and investigators love the service and the information it provides,” Fresno Police Sgt. Steve Casto told lawmakers. “Our information that we collect is kept for one year unless it becomes part of a criminal investigation, and at that time it’s purged.”
Casto said his department’s devices scan about 1.8 million license plates annually, though it also has access to readings from around the country that are fed into a national database maintained by Vigilant.
Federal law enforcement’s use of automated license plate readers also came under scrutiny this year after a company that supplies U.S. Customs and Border Protection with the technology was the target of a cyberattack that led to CBP data being posted on the dark web. Maass said the CBP vendor, Perceptics, does not appear to be used in California.
Howle told lawmakers at Wednesday’s hearing that the audit will take about seven months to complete and cost $370,000.