Grand jury: Cops illegally shared license plate data
Report finds sheriff, police in Sacramento gave information to out-of-state agencies.
License plate information and perhaps even more sensitive material from Sacramento County’s 1.3 million registered vehicles and their drivers were improperly shared by law enforcement departments with out-ofstate agencies, according to a grand jury report Wednesday.
The Sacramento County Grand Jury, a 19-member team serving as a watchdog over city and county agencies, said the county Sheriff’s Office and the Sacramento Police Department either were unaware of state privacy protections or flouted them.
The jury released results from a seven-month investigation into the use of stationary and mobile cameras known as automated license plate readers across the county.
Foreperson Steve Caruso, who grew up in La Crescenta, said his group estimated that Sacramento law enforcement agencies use about 170 cameras that can each capture up to 1,800 license plates per minute. The Sheriff ’s Office scanned 1.7 million plates in one week, according to the grand jury report.
“They’re often confused with red-light cameras in intersections, but they’re separate,” Caruso said. “They’re also not just in intersections, but all over the place.”
Caruso said, like redlight cameras, the readers take snapshots of license plate information as well as drivers and passengers in a vehicle and mark them with time and date stamps.
Although he “couldn’t say for certain” that police and sheriff’s officials were handing over more than just license plate info, Caruso said it was “safe to assume they were sharing all info.”
The grand jury said any such distribution of information to out-of-state agencies — including the federal government — violates state Senate Bill 34, which was signed into law in 2015.
California Atty. Gen. Rob Bonta issued a pair of bulletins in October informing law enforcement of the responsibility “to safeguard this data and ensure its use is consistent with state law.”
“We subsequently learned that both the Sheriff’s Office and Sacramento Police Department have been lax in following state law regarding how [license plate readers’] data is shared with other law enforcement entities,” Caruso said in a statement.
A Sacramento police spokesperson said the department consulted with the city attorney’s office and the attorney general’s office and amended its policy “to no longer share data with agencies outside of California.”
The spokesperson said the policy was updated June 13 “in an interest to maintain transparency.”
But Caruso said the change happened only because of the grand jury’s investigation. The department had continued sharing data with agencies in Washington, Oregon, Nevada and Arizona until recently, he said.
Similarly, the Sheriff’s Office did not immediately change its policy when first alerted by the grand jury, Caruso said, but the agency eventually came around.
Former state Sen. Jerry Hill (D-San Mateo), author of SB 34, said he was concerned about possible misuse of the license plate database in early 2015.
Curious to see what could be gleaned, Hill and his wife hired a private investigator to pull information from the database regarding Hill’s spouse.
The private investigator obtained a photo of her car outside a Sacramento gym. The shot included his wife’s license plate number, vehicle make and model, and the time, latitude and longitude of where she was, Hill said.
“My wife is an ordinary citizen, and the database was used to track her down,” said Hill, who is retired. “Anybody could abuse the power too easily, and that’s the genesis behind SB 34. It’s too easy for bad actors to help themselves to data.”
The San Franciscothe based Electronic Frontier Foundation, a nonprofit civil liberties watchdog, has pushed back against SB 34 violations.
The foundation and the ACLU previously filed California Public Records Act requests against various agencies, including the Los Angeles Police Department and the L.A. County Sheriff’s Department regarding usage and storage of license plate data.
In 2019, the foundation found that both departments collected about 3 million data points per week that are stored for years, with 99% of the car license plates not linked to a crime.
A senior investigative researcher at the foundation, Beryl Lipton, said she “wasn’t surprised” to hear about privacy violations in Sacramento County despite SB 34.
“You can pass a law that is supposed to protect privacy, but we’re not going to see any positive outcomes if law enforcement is either unaware of their responsibilities or chooses to act against them,” she said.
Lipton said what’s particularly dangerous about sharing of license plate information or other data across state lines is the broad potential usage by outside agencies.
She said that although the identification of stolen vehicles and Amber Alerts was common, other state agencies could potentially track abortions across state lines, hampering reproductive rights.
Lipton also was concerned about potential bad actors who now had access to databases. “These databases are leaky and easily accessible, and the information is stored for a long time,” she said.
In what the grand jury labeled as “another threat to data privacy protection,” users could access information through the Sacramento County Sheriff ’s Office database by entering random characters, without knowing specific case numbers. Sheriff’s officials acknowledged in an internal audit that this was “a major flaw” in the database.
A sheriff ’s spokesperson said the department “won’t have [a] comment on the Grand Jury report until we can look into it further.”