License plate information and perhaps even more sensitive material on Sacramento County's 1.3 million registered vehicles and their drivers was improperly shared by police departments with out-of-state agencies. According to a grand jury report on Wednesday.
The Sacramento County Grand Jury, a 19-member team that serves as a watchdog for city and county agencies, said the county Sheriff's Office and Sacramento Police Department were unaware of the privacy protections of the state or violated them.
The jury released the results of a seven-month investigation into the use of fixed and mobile cameras known as automatic license plate readers, or ALPRs, throughout the county.
Foreman Steve Caruso, who grew up in La Crescenta, said his group estimated that Sacramento police agencies use about 170 cameras that can each capture up to 1,800 license plates per minute. The Sheriff's Office scanned 1.7 million license plates in one week, according to the grand jury report.
“They are often confused with red light cameras at intersections, but they are separate,” Caruso said. “Plus, they're not just at intersections, they're everywhere.”
Caruso said that like red-light cameras, ALPRs take snapshots of a vehicle's license plate information, as well as drivers and passengers, and stamp them with date and time stamps.
While he “couldn't say for sure” that law enforcement and sheriff's officials were handing over more than just license plate information, Caruso said it was “safe to assume they were sharing all information.”
The grand jury said any distribution of such information to agencies outside the state, including the federal government, violates Senate Bill 34, legislation that was signed into law in 2015.
California Attorney General Rob Bonta issued a couple of newsletters in October inform law enforcement authorities of the responsibility to “safeguard this data and ensure that its use is consistent with state law.”
“We subsequently learned that both the Sheriff's Office and the Sacramento Police Department have been negligent in following state law regarding how ALPR data is shared with other law enforcement entities,” Caruso said in a release.
A Sacramento police spokesperson said the department consulted with the city attorney's office and the attorney general's office and changed its policy “to no longer share data with agencies outside of California.”
The spokesperson said the policy was updated on June 13 “in order to maintain transparency.”
But Caruso said the change came only because of the grand jury investigation. The department had continued to share ALPR data with agencies in Washington, Oregon, Nevada and Arizona until recently, he said.
Similarly, the Sheriff's Office did not immediately change its policy when it was first alerted by the grand jury, Caruso said, but the agency eventually changed its mind.
The San Francisco-based Electronic Frontier Foundation, a nonprofit civil liberties watchdog, has denounced violations of SB 34.
The EFF and ACLU previously filed California Public Records Act requests with the Los Angeles police and sheriff's departments regarding the use and storage of ALPR data.
In 2019, the EFF found that both departments collected about 3 million data points per week that were stored for years and that 99% of license plates were not linked to a crime.
Beryl Lipton, senior investigator for the EFF, said she was “not surprised” to hear about privacy violations in Sacramento County despite SB 34.
“You can pass a law that is supposed to protect privacy, but we are not going to see any positive results if police authorities are unaware of their responsibilities or decide to act against them,” he said.
Lipton said what's particularly dangerous about sharing license plate information or other data across state lines is the broad potential use by outside agencies.
She said that while stolen vehicle identification and Amber Alerts were common, Lipton added that other state agencies could potentially track abortions across state lines, hindering reproductive rights.
Lipton was also concerned about potential bad actors who now had access and ease of searching databases.
“These databases are prone to information leaks and are easily accessible, and the information is stored for a long time,” he explained.
In what the grand jury called “another threat to data privacy protection,” users could access information through the Sheriff's Office database by entering random characters, without knowing the numbers. specific case. Sheriff's officials acknowledged in an internal audit that this was “a significant flaw” in the agency's database.
A sheriff's spokesman said the department “will not have [a] comment on the Grand Jury report until we can investigate it further.”
However, the camera system has worked to catch lawbreakers, and the Sheriff's Office reported recovering 495 stolen vehicles in the first 30 days of the system's installation, according to the grand jury report.