Los Angeles must ‘do better’ on data privacy, controller says
Los Angeles city officials need to do more to show that new “smart” technology isn’t being used to spy or store information on residents, according to a new report from city Controller Ron Galperin.
Residents should be “absolutely sure” that the city isn’t collecting data on them with technologies like police body cameras, license plate readers, drones and surveillance cameras, Galperin said in a press release Wednesday. But the city’s “scattered” privacy programs make it difficult to ensure that departments are held accountable, he said.
The city collected 847,077 hours of police body camera footage in 2020, for example, and scanned license plates 3.6 million times, but “no single City entity is responsible for evaluating the privacy implications created by using surveillance technologies,” Galperin wrote in a letter to Mayor Eric Garcetti and the city council.
The privacy risks around government-owned, internet-connected technologies have been well documented over the last several years by civil-rights groups and concerned residents. Residents criticized Los Angeles last September for selecting Citizen to develop its COVID-19 contact-tracing app, citing concerns the app would store personal information. The city also ran aground of privacy advocates’ privacy concerns last year for using Signal, an encrypted messaging app, to discuss technology that would allow the city to track the location of its dockless bikes, scooters, mopeds and ride-hailing vehicles in near real time.
Los Angeles’ decentralized approach to internal privacy oversight also means there’s no inventory of surveillance tools, leaving agencies open to falling short of the city’s current privacy policy, which was written by the ITA, the Office of the Mayor, and the Information Technology Policy Committee, a steering committee of IT specialists from around the city. The Los Angeles Police Department, for example, Galperin wrote, published documents describing their license plate reader program, but didn’t actually have a privacy policy for the technology as required by state law. Additionally, all 13,000 LAPD staff computers had access to the license plate reader program, regardless of their position within the agency.
That particular privacy issue at LAPD has since been addressed, Galperin said, but there’s still no citywide standard to prevent similar problems from occurring as new technologies are adopted. A good first step, Galperin suggests in the report, is to establish a privacy advisory board to support future policy standardization, including defining “surveillance technology” and building an inventory of the city’s current surveillance ecosystem.
Galperin said the privacy board could also require departments to publish reports for the public explaining why and how they’ll use new surveillance tools, along with steps that could minimize privacy risks.
“Los Angeles can and must do better managing the smart technologies it uses to monitor traffic flow and bolster public safety while also protecting residents’ privacy,” Galperin said in a press release. “Real oversight and a unified approach to identifying and addressing privacy issues will both safeguard sensitive information and engender greater public trust.”
