California cops illegally shared license plate details, violating privacy laws, grand jury says

YOLO COUNTY JUNE 13, 2024 - Looking East is the highway leading to the capitol, in back, a 3-mile causeway over Yolo wildlife area, which has become a test about the future of highway expansion in the Golden state. For years a stretch of the I-80 connecting the college town of Davis to West Sacramento has bottlenecked and been a source of frustration for local transit agencies. After years of trying to get the state to expand it, local Caltrans officials took their project to a tiny local agency to get funded and built on Thursday, June 13, 2024 in Yolo County, Calif. (Paul Kuroda / For The Times)
Traffic is seen on the 5 Freeway leading to and from Sacramento. (Paul Kuroda / For The Times)

License plate information and perhaps even more sensitive material from Sacramento County’s 1.3 million registered vehicles and their drivers were improperly shared by law enforcement departments with out-of-state agencies, according to a grand jury report Wednesday.

Sacramento County’s Grand Jury, a 19-member team serving as a watchdog over city and county agencies, said the county Sheriff’s Office and the Sacramento Police Department either were unaware of state privacy protections or flouted them.

The jury released results from a seven-month investigation into the use of stationary and mobile cameras known as automated license plate readers, or ALPRs, across the county.

Foreperson Steve Caruso, who grew up in La Crescenta, said his group estimated that Sacramento law enforcement agencies use about 170 cameras that can each capture up to 1,800 license plates per minute. The Sheriff’s Office scanned 1.7 million plates in one week, according to the grand jury report.

“They’re often confused with red-light cameras in intersections, but they’re separate,” Caruso said. “They’re also not just in intersections, but all over the place.”

Read more: License plate readers and video cameras are coming to Orange to fight crime, officials say

Caruso said, like red-light cameras, the ALPRs take snapshots of license plate information as well as drivers and passengers in a vehicle and mark them with time and date stamps.

Although he “couldn’t say for certain” that police and sheriff’s officials were handing over more than just license plate info, Caruso said it was “safe to assume they were sharing all info.”

The grand jury said any such distribution of information to out-of-state agencies — including the federal government — violates Senate Bill 34, legislation that was signed into law in 2015.

Read more: Police in Pasadena, Long Beach pledged not to send license plate data to ICE. They shared it anyway

California Atty. Gen. Rob Bonta issued a pair of bulletins in October informing law enforcement of the responsibility “to safeguard this data and ensure its use is consistent with state law.”

“We subsequently learned that both the Sheriff’s Office and Sacramento Police Department have been lax in following state law regarding how ALPR data is shared with other law enforcement entities,” Caruso said in a statement.

A Sacramento police spokesperson said the department consulted with the city attorney’s office and the attorney general’s office and amended its policy “to no longer share data with agencies outside of California.”

Read more: Melrose Avenue neighborhood group to install license plate readers over crime worries

The spokesperson said the policy was updated on June 13 “in an interest to maintain transparency.”

But Caruso said the change happened only because of the grand jury’s investigation. The department had continued sharing ALPR data with agencies in Washington, Oregon, Nevada and Arizona until recently, he said.

Similarly, the Sheriff’s Office did not immediately change its policy when first alerted by the grand jury, Caruso said, but the agency eventually came around.

Former State Sen. Jerry Hill, author of SB 34, said he was concerned about possible misuse of the ALPR database in early 2015.

Curious to see what could be gleaned, Hill and his wife hired a private investigator to pull information from the database regarding Hill's spouse.

The private investigator obtained a photo of her car outside a Sacramento gym. The shot included his wife’s license plate number, vehicle make and mark, and the time, latitude and longitude of where she was, according to Hill.

“My wife is an ordinary citizen, and the database was used to track her down,” said Hill, who is retired. “Anybody could abuse the power too easily, and that’s the genesis behind SB 34. It’s too easy for bad actors to help themselves to data.”

The San Francisco-based Electronic Frontier Foundation, a nonprofit civil liberties watchdog, has pushed back against SB 34 violations.

EFF and the ACLU previously filed California Public Records Act requests against various agencies, including the Los Angeles police and sheriff's departments regarding usage and storage of ALPR data.

In 2019, EFF discovered that both departments collected about 3 million data points per week that are stored for years, with 99% of the car license plates not linked to a crime.

EFF senior investigative researcher Beryl Lipton said she "wasn't surprised" to hear about privacy violations in Sacramento County despite SB 34.

"You can pass a law that is supposed to protect privacy, but we're not going to see any positive outcomes if law enforcement is either unaware of their responsibilities or chooses to act against them," she said.

Lipton said what's particularly dangerous about the sharing of license plate information or other data across state lines is the broad potential usage by outside agencies.

She said that although the identification of stolen vehicles and Amber Alerts was common, other state agencies could potentially track abortions across state lines, hampering reproductive rights.

Lipton was also concerned about potential bad actors who now had access to and ease in searching databases.

"These databases are leaky and easily accessible, and the information is stored for a long time," she said.

In what the grand jury labeled as “another threat to data privacy protection,” users could access information through the Sheriff's Office database by entering random characters, without knowing specific case numbers. Sheriff’s officials acknowledged in an internal audit this was “a major flaw” in the agency’s database.

A sheriff’s spokesperson said the department “won’t have [a] comment on the Grand Jury report until we can look into it further.”

The camera system has worked to ferret out lawbreakers, though, with the Sheriff’s Office reporting the recovery of 495 stolen vehicles in the first 30 days of the system’s installation, according to the grand jury’s report.

Sign up for Essential California for news, features and recommendations from the L.A. Times and beyond in your inbox six days a week.

This story originally appeared in Los Angeles Times.