The CalGang Criminal
Intelligence System
As the Result of Its Weak Oversight Structure,
It Contains Questionable Information That May
Violate Individuals’ Privacy Rights
Report 2015-130
Doug Cordiner
Chief Deputy
Elaine M. Howle
State Auditor
621 Capitol Mall, Suite 1200 Sacramento, CA 95814 916.445.0255 916.327.0019 fax www.auditor.ca.gov
August 11, 2016
2015-130
The Governor of California
President pro Tempore of the Senate
Speaker of the Assembly
State Capitol
Sacramento, California 95814
Dear Governor and Legislative Leaders:
As requested by the Joint Legislative Audit Committee, the California State Auditor presents this audit report
concerning the CalGang database and how law enforcement has implemented requirements for adding juveniles
to CalGang.
This report concludes that CalGang’s current oversight structure does not ensure that law enforcement
agencies (user agencies) collect and maintain criminal intelligence in a manner that preserves individuals’
privacy rights. Although the California Department of Justice funds it, CalGang is not established in state
statute and consequently receives no state oversight. Instead, the CalGang Executive Board and the California
Gang Node Advisory Committee (CalGang’s governance) oversee CalGang and function independently from
the State and without transparency or meaningful opportunities for public input.
Inadequate oversight contributed to the numerous instances in which the four user agencies we examined
could not substantiate the validity of CalGang entries. Specifically, the agencies lacked adequate support for
13 of 100 people we reviewed in CalGang and for 131 of 563 (23 percent) of the CalGang criteria entries we
reviewed. Although a person’s CalGang record must be purged after five years unless updated with subsequent
criteria, we found more than 600 people in CalGang whose purge dates extended beyond the five-year limit,
many of which were more than 100 years in the future. Finally, the user agencies have poorly implemented a
2014 state law requiring notifications before adding a juvenile to CalGang. Two agencies we reviewed did not
provide juveniles and parents with enough information to reasonably contest the juveniles’ gang designations,
thereby denying many people their right to contest a juvenile’s gang designation.
Although it asserts compliance with federal regulations and state guidelines—standards designed to protect
privacy and other constitutional rights—little evidence exists that CalGang’s governance has ensured these
standards are met. As a result, user agencies are tracking some people in CalGang without adequate justification,
potentially violating their privacy rights. Further, by not reviewing information as required, CalGang’s
governance and user agencies have diminished the system’s crime-fighting value. Although CalGang is not to
be used for expert opinion or employment screenings, we found at least four appellate cases referencing expert
opinions based on CalGang and three agencies we surveyed confirmed they use CalGang for employment
screenings. Although these practices do not appear to be common place, they emphasize the effect CalGang
can have on a person’s life.
We believe that CalGang needs an oversight structure that ensures that information is reliable and that users
adhere to requirements that protect individuals’ rights. Thus, we recommend that the Legislature adopt state
law assigning Justice the responsibility for CalGang oversight and specifying that CalGang must operate under
defined requirements, such as supervisory and periodic record reviews.
Respectfully submitted,
ELAINE M. HOWLE, CPA
State Auditor
Blank page inserted for reproduction purposes only.
v
California State Auditor Report 2015-130
August 2016
Contents
Summary
1
Introduction
9
Audit Results
Due to an Inadequate Leadership Structure, CalGang Has Failed
to Comply With Requirements Designed to Protect Individuals’
Rights to Privacy
23
Law Enforcement Agencies Could Not Always Demonstrate That
They Had Established Reasonable Suspicion That Groups Were
Gangs Before Entering Them Into CalGang
28
Law Enforcement Agencies Do Not Have Adequate Support for
Some of the Individuals and Many of the Criteria They Entered
Into CalGang
31
Law Enforcement Agencies Lack Appropriate Safeguards to
Ensure the Accuracy and Security of CalGang Records
36
Law Enforcement Agencies Have Failed to Appropriately Notify
Necessary Parties Before Entering Juveniles Into CalGang
46
Governmental Oversight and Increased Public Participation
Could Strengthen CalGang’s Usefulness and Better Ensure It
Protects Individuals’ Rights
52
Recommendations 55
Appendix A
Summary of Selected CalGang Survey Responses
61
Appendix B
Demographics of Individuals in CalGang by Location, Type,
Gender, Age, and Race
65
Response to the Audit
California Department of Justice
69
Los Angeles Police Department
77
California State Auditor’s Comments on the Response
From the Los Angeles Police Department
81
California State Auditor Report 2015-130
August 2016
vi
Santa Ana Police Department
83
Santa Clara County Sheriff ’s Office
87
California State Auditor’s Comments on the Response
From the Santa Clara County Sheriff ’s Office
89
Sonoma County Sheriff ’s Office
91
California State Auditor’s Comments on the Response
From the Sonoma County Sheriff ’s Office
103
1
California State Auditor Report 2015-130
August 2016
Audit Highlights . . .
Our audit concerning the CalGang database
and how law enforcement agencies (user
agencies) have implemented requirements
for adding juveniles to CalGang revealed
the following:
»
CalGang’s current oversight structure
does not ensure that user agencies collect
and maintain criminal intelligence in a
manner that does not invade individuals’
privacy rights.
»
The CalGang Executive Board and the
California Gang Node Advisory
Committee act without statutory
authority, transparency, or meaningful
opportunities for public engagement.
»
The four user agencies we examined could
not substantiate numerous CalGang
entries they had made, demonstrating
weaknesses in the processes for entering,
evaluating, and auditing the data
in CalGang.
•
Three user agencies were unable to
adequately support that many of the
groups they entered into CalGang met
the criteria for inclusion.
•
All four user agencies lacked support
for CalGang entry criteria suggesting
they inappropriately included in
CalGang 13 of the 100 individuals
we reviewed.
•
More than 600 individuals in CalGang
had purge dates extending beyond the
five-year limit, many of which were
not scheduled to be purged for more
than 100 years.
continued on next page . . .
Summary
Results in Brief
CalGang is a shared criminal intelligence system that law
enforcement agencies (user agencies) throughout the State use
voluntarily. User agencies enter information into CalGang on
suspected gang members, including their names, associated
gangs, and the information that led law enforcement officers
to suspect they were gang members. User agencies have noted
that CalGang’s benefits include directing them to information
about gang members’ interactions with law enforcement officers
throughout the State and facilitating cross‑agency collaboration
when investigating and prosecuting gang‑related crimes. However,
CalGang’s weak leadership structure has been ineffective at
ensuring that the information the user agencies enter is accurate
and appropriate, thus lessening CalGang’s effectiveness as a tool
for fighting gang‑related crimes. Further, the inaccurate data
within CalGang may violate the privacy rights of individuals whose
information appears in CalGang records but who do not actually
meet the criteria for inclusion in the system.
Both the United States Constitution and the California
Constitution recognize the right to privacy—the former implicitly
and the latter explicitly. However, CalGang’s current oversight
structure does not ensure that user agencies collect and maintain
criminal intelligence in a manner that preserves individuals’
privacy rights. Specifically, although the California Department of
Justice (Justice) funds a contract to maintain CalGang, the system
is not established in state statute and consequently receives no
state oversight. Instead, CalGang’s user agencies elect their peers
to serve as members of two entities—the CalGang Executive Board
(board) and its technical subcommittee called the California
Gang Node Advisory Committee (committee)—that oversee
CalGang. These oversight entities function independently from
the State and without transparency or meaningful opportunities
for public engagement. When the committee and the board
established CalGang’s policies and procedures (CalGang policy),
they asserted CalGang’s voluntary compliance with two different
standards: the criminal intelligence requirements in Title 28, Code
of Federal Regulations, Part 23 (federal regulations) and Justice’s
Model Standards and Procedures for Maintaining Criminal
Intelligence Files and Criminal Intelligence Operational Activities
,
November 2007 (state guidelines)—which were promulgated
to protect privacy and other constitutional rights. However, in
practice, we found little evidence that the committee and the board
have ensured that user agencies comply with either the federal
regulations or the state guidelines.
California State Auditor Report 2015-130
August 2016
2
A lack of adequate oversight likely contributed to the numerous
instances we found in which the four user agencies we examined—
the Los Angeles Police Department (Los Angeles), the Santa Ana
Police Department (Santa Ana), the Santa Clara County Sheriff ’s
Office (Santa Clara), and the Sonoma County Sheriff ’s Office
(Sonoma)—could not substantiate CalGang entries they had made.
1
Specifically, Los Angeles, Santa Ana, and Sonoma, which add
gangs to the system, were able to demonstrate that only one of the
nine gangs we reviewed met the requirements of CalGang policy
before entry; Santa Clara does not add gangs to the system. We
also found that all four user agencies lacked adequate support for
including 13 of the 100 individuals we reviewed in CalGang. Further,
we reviewed more than 560 criteria related to these 100 individuals
and determined that the user agencies lacked adequate support
for 131, or 23 percent.
Our review uncovered numerous examples demonstrating
weaknesses in the user agencies’ approaches for entering
information into CalGang. For example, Sonoma included a person
in CalGang for allegedly admitting during his booking into county
jail that he was a gang member and for being “arrested for an
offense consistent with gang activity.” However, the supporting files
revealed that this person stated during his booking interview that
he was
not
a member of a gang and that he preferred to be housed
in the general jail population. Further, his arrest was for resisting
arrest, an offense that has no apparent connection to gang activity.
Throughout our audit, law enforcement officials offered their
perspective that inclusion in CalGang is of little impact to
individuals because CalGang only points to source documentation.
According to CalGang policy, information in the system itself
should not be the basis of expert opinion or statement of fact in
official reports, nor should it be used for any purposes unrelated
to law enforcement, such as employment screenings. However,
we found that these prohibitions are not always followed. In fact,
our search of California appellate cases that included the terms
CalGang
or
gang database
uncovered at least four unpublished
cases that referred to CalGang as support for expert opinions that
individuals were or were not gang members. Further, three law
enforcement agencies that responded to our statewide survey
admitted to using CalGang for employment or military‑related
screenings. These instances emphasize that inclusion in CalGang
has the potential to seriously affect an individual’s life; therefore,
each entry must be accurate and appropriate.
1
Because multiple law enforcement agencies can add information to a gang member’s CalGang
record, some of the deficiencies we found relate to information other law enforcement agencies
added to these CalGang records.
»
The user agencies have not fully
implemented state law requiring
notification to juveniles and their parents
or guardians before adding the juveniles
to CalGang.
»
CalGang needs an oversight structure
that better ensures that CalGang’s
information is reliable and that its users
adhere to the requirements that protect
individuals’ rights.
3
California State Auditor Report 2015-130
August 2016
The four user agencies we reviewed might have been able to avoid
making inappropriate CalGang entries had they fully followed the
federal regulations and state guidelines that the committee and
the board voluntarily adopted. For example, the state guidelines
require supervisory reviews of all information for CalGang
entries and annual reviews of all CalGang records to ensure
their accuracy and relevance. However, we found that none of
the four user agencies have the necessary processes in place to
perform these reviews. Further, by requiring only minimal audits
of the information in CalGang, the committee has limited its own
accountability in ensuring that user agencies comply with the
federal regulations and state guidelines. These self‑administered
audits review less than 1 percent of CalGang’s total records. The
committee does not document the audit results, which CalGang
administrators present orally at committee meetings. The limited
nature of these audits is especially concerning because they are the
committee’s only oversight tool, yet they are not robust enough
to ensure that user agencies are maintaining valid and accurate
criminal intelligence records, adhering to security protocols, and
upholding individuals’ rights to privacy.
In addition to the errors we found in the 100 records we reviewed,
our use of an electronic analysis of all CalGang records uncovered
a number of problems that highlight the importance of both
supervisory and ongoing reviews of CalGang information. For
example, we found 42 individuals in CalGang who were supposedly
younger than one year of age at the time of entry—28 of whom
were entered for “admitting to being gang members.” We also found
a significant number of individuals with illogical record purge
dates—the dates by which the individuals’ records must be deleted
from CalGang. Mirroring the federal regulations, CalGang policy
requires that individuals’ records be purged five years after their
dates of entry unless user agencies have entered subsequent criteria
which resets the five‑
year period. Nevertheless, we found more
than 600 individuals with purge dates that were well beyond the
five year limit; in fact, more than 250 individuals in CalGang had
purge dates more than 100 years in the future. By failing to review
information before and after its entry into CalGang, the committee
and user agencies diminish the system’s crime‑fighting value and do
not adequately protect the privacy of those who have been entered
into the system.
Further, the user agencies we reviewed have not fully implemented
a state law that took effect in January 2014 that generally requires
law enforcement agencies to notify juveniles and their parents
or guardians (parents) before adding the juveniles to a shared
gang database such as CalGang. As a result, many juveniles and
their parents were not afforded the right to contest the juveniles’
gang designations. Los Angeles and Santa Ana continued to add
California State Auditor Report 2015-130
August 2016
4
juveniles to CalGang after January 2014, but these two user agencies
failed to provide proper notification for more than 70 percent of
the 129 juvenile records we reviewed. Further, the two agencies
did not provide the juveniles and parents who were sent notices
with enough information to reasonably contest the juveniles’
gang designations. Possibly as a result of insufficient information,
we found that few juveniles or parents have contested juveniles’
inclusion in CalGang. The other two user agencies we reviewed—
Santa Clara and Sonoma—did not add juveniles to CalGang once
the notification law took effect.
Because of its potential to enhance public safety, CalGang needs
an oversight structure that better ensures that the information
entered into it is reliable and that its users adhere to requirements
that protect individuals’ rights. To this end, we believe the
Legislature should adopt state law that specifies that CalGang, or
any equivalent statewide shared gang database, must operate under
defined requirements that include the federal regulations and key
safeguards from the state guidelines, such as supervisory and
periodic record reviews. Further, we believe the Legislature
should assign Justice the responsibility for overseeing CalGang
and for ensuring that the law enforcement agencies that use
CalGang comply with the requirements. Establishing Justice as
a centralized oversight entity responsible for determining best
practices and holding user agencies accountable for implementing
such practices will help ensure CalGang’s accuracy and safeguard
individuals’ privacy protection. Moreover, we recommend that
the Legislature create a technical advisory committee to provide
Justice with information about database best practices, usage, and
needs to ensure that CalGang remains a useful law enforcement
tool. Figure 6 on page 54 illustrates what, in our view, would be a
stronger oversight structure for CalGang.
Recommendations
The Legislature
To ensure that CalGang, or any equivalent statewide shared gang
database, has an oversight structure that supports accountability
for proper database use and for protecting individuals’ rights, the
Legislature should do the following:
•
Designate Justice as the state agency responsible for
administering and overseeing CalGang or any equivalent
statewide shared gang database.
California State Auditor Report 2015-130
August 2016
6
Justice
As the Legislature considers creating a public program for shared
gang database oversight and accountability, Justice should guide the
board and the committee to identify and address the shortcomings
that exist in CalGang’s current operations and oversight. The
guidance Justice provides to the board and the committee should
address, but not be limited to, the following areas:
•
Developing best practices based on the requirements stated in
the federal regulations, the state guidelines and state law, and
advising user agencies on the implementation of those practices
by June 30, 2017.
•
Instructing user agencies to complete a comprehensive review
of all the gangs documented in CalGang to determine if they
meet the necessary requirements for inclusion and to purge from
CalGang any groups that do not meet the requirements. Justice
should guide the board and the committee to ensure that user
agencies complete this review in phases, with the final phase
completed by June 30, 2018.
•
Instructing user agencies to complete a comprehensive review
of the records in CalGang to determine if the user agencies
have adequate support for the criteria associated with all the
individuals they have entered as gang members. If the user
agencies do not have adequate support, they should immediately
purge the criteria—and, if necessary, the individuals—from
CalGang. In addition, the user agencies should ensure that all
the fields in each CalGang record are accurate. Justice should
guide the board and the committee to ensure that user agencies
complete this review in phases, with the final phase completed
by September 30, 2019.
To promote transparency and hold the board, the committee,
and user agencies accountable for implementing and adhering
to criminal intelligence safeguards, Justice should post quarterly
reports on its website beginning June 30, 2017, that summarize
how it has guided the board and the committee to implement and
adhere to criminal intelligence safeguards; the progress the board,
the committee, and the user agencies have made in implementing
and adhering to these safeguards; the steps these entities still must
take to implement these safeguards; and any barriers to the board’s
and the committee’s success.
7
California State Auditor Report 2015-130
August 2016
To promote transparency and encourage public participation in
CalGang’s meetings, Justice should post summary audit results,
meeting agendas, and meeting minutes to its website, unless doing
so would compromise criminal intelligence information or other
information that must be shielded from public release.
Law Enforcement Agencies
Until they receive further direction from the board, the committee,
or Justice, the law enforcement agencies we reviewed—Los Angeles,
Santa Ana, Santa Clara, and Sonoma—should address the specific
deficiencies we found by taking the following actions:
•
Begin reviewing the gangs they have entered into CalGang
to ensure the gangs meet reasonable suspicion requirements.
They should also begin reviewing the gang members they
have entered into CalGang to ensure the existence of proper
support for each criterion. They should purge from CalGang any
records for gangs or gang members that do not meet the criteria
for entry. Individuals who are independent from the ongoing
administration and use of CalGang should lead this review.
•
Develop or modify as necessary, and fully implement by
March 31, 2017, all their policies and procedures related to
CalGang to ensure they align with state law, CalGang policy,
the federal regulations, and the state guidelines.
Agency Comments
Justice responded to the audit stating that it agreed with all of
the recommendations. Justice expressed that it will work with the
board and the committee in various capacities to implement
the recommendations. However, Justice stated that it believes
it needs express authority and additional resources from the
Legislature to assume oversight of CalGang.
Los Angeles, Santa Ana and Santa Clara all indicated that they
agreed with the recommendations and would take the steps
necessary to implement them.
Sonoma disagreed with the audit’s findings and took exception to
the criteria the audit relied upon. Sonoma stated that it believes it
has met or exceeded the statutory guidelines for administering a
model criminal intelligence system. Sonoma also stated that if
it follows the report’s recommendations it will be forced to stop
operating as a node administrative agency.
8
California State Auditor Report 2015-130
August 2016
Blank page inserted for reproduction purposes only.
9
California State Auditor Report 2015-130
August 2016
Introduction
Background
Criminal street gangs in California commit a multitude of crimes
and employ violence to expand their criminal enterprises. The
Federal Bureau of Investigation’s 2011
National Gang Threat
Assessment
states that gang members are responsible for an average
of 48 percent of violent crime in most jurisdictions and up to
90 percent in others. According to a report the California Attorney
General released in 2014 titled
Gangs Beyond Borders
, gang
membership increased by 40 percent nationally between 2009 and
2011, leading to higher levels of violent crime within California—
particularly assault, extortion, home invasion, homicide,
intimidation, and shootings—as well as increases both in arrests
for human trafficking offenses and in seizures of drugs, weapons,
and cash. Although gang populations are heavily concentrated
in Southern California counties—Los Angeles, Orange, Riverside,
San Bernardino, and San Diego—gangs exist in communities across
the State, as Figure 1 on the following page shows.
The CalGang Criminal Intelligence System
With funding from the Office of Criminal Justice Planning, CSRA
International, Inc. (CSRA) developed the proprietary CalGang
software in 1997.
2
The system provides current gang information
to law enforcement agencies that choose to use it (user agencies),
ideally allowing those agencies to improve the efficiency of their
criminal investigations, enhance officer safety, and better protect
the public. Because CalGang allows user agencies to collect, store,
and share intelligence information about individuals suspected—
but not necessarily convicted—of being involved in criminal
activity, it qualifies as a criminal intelligence system under Title 28,
Code of Federal Regulations, Part 23 (federal regulations). These
federal regulations—which CalGang’s oversight entities voluntarily
choose to follow—state that criminal intelligence entries must
be supported by reasonable suspicion that an individual or
organization is involved in criminal conduct or activity and that
the information entered into the system must be relevant to
that criminal conduct or activity.
2
CalGang is also known as GangNet, a system that federal law enforcement agencies, other states,
and Canada use.
10
California State Auditor Report 2015-130
August 2016
Figure 1
CalGang Regional Nodes and California Counties’ Gang Member and Affiliate Populations
VENTURA
SANT
A BARBARA
SAN LUIS OBISPO
SAN BERNARDINO
RIVERSIDE
ORANGE
SANT
A CRUZ
SANT
A
CL
ARA
SAN
BENIT
O
MONTEREY
LOS
ANGELES
KERN
SAN DIEGO
IMPERIAL
TUOLUMNE
TUL
ARE
ST
ANISL
AUS
SAN
JOAQUIN
MONO
MERCED
MARIPOSA
MADERA
KINGS
INYO
FRESNO
CAL
AVERAS
AMADOR
ALPINE
YUBA
YOLO
TRINITY
TEHAMA
SUTTER
SONOMA
SOL
ANO
SISKIYOU
SIERRA
SHAST
A
SAN MA
TEO
SAN FRANCISCO
SACRAMENT
O
PLUMAS
PL
ACER
NEV
ADA
NAP
A
MODOC
MENDOCINO
LASSEN
LAKE
HUMBOLDT
GLENN
EL
DORADO
DEL
NOR
TE
CONTRA
COST
A
COLUSA
BUTTE
AL
AMEDA
More than 10,000
5,001–10,000
2,501–5,000
501–2,500
Less than 500
Node Administrator Agency
Number of
Gang Members and Affiliates
Sonoma County Sheriff’s Office
San Diego Police Department
San Jose Police Department
Santa Barbara Police Department
Fresno County Sheriff ’s Office
San Bernardino County Sheriff’s Office
Riverside County Sheriff ’s Department,
Riverside County District Attorney’s
Office, and Riverside Police Department
Kern County Sheriff ’s Office
Los Angeles County Sheriff ’s Department with
the Los Angeles Police Department
Orange County District Attorney’s Office
MARIN
Sources:
California State Auditor’s analysis of CalGang data obtained from the California Department of Justice as of November 23, 2015, and
documents obtained from the California Gang Node Advisory Committee.
Note:
We assigned gang members and affiliates based on the location of the law enforcement agency that initially entered them into CalGang.
We excluded 1,797 individuals for whom we did not have valid county information.
11
California State Auditor Report 2015-130
August 2016
A person can be entered into CalGang either as a documented
gang member or as an affiliate (an individual who is known to
associate with active gang members and whom a law enforcement
officer reasonably suspects may be involved in criminal activity
or enterprise). As of November 2015, more than 150,000 people
were in CalGang, and the average length of time they had been in
CalGang was five and a half years. Table 1 summarizes the number
of people that law enforcement agencies added and removed from
CalGang since January 2010 and shows that more people have been
removed from than added to CalGang since 2011.
Table 1
Number of Gang Members and Affiliates Added to and Removed From CalGang From 2010 Through 2015
2010
2011
2012
2013
2014
2015*
ADDITIONS
Affiliates
3,534
3,419
2,337
1,829
1,717
1,444
Gang members
26,518
21,269
18,209
15,331
15,890
13,490
Total additions
30,052
24,688
20,546
17,160
17,607
14,934
REMOVALS
Affiliates purged
2,946
3,238
4,142
4,617
4,043
3,801
Affiliates manually deleted
63
55
43
15
15
19
Gang members purged
16,790
23,102
25,391
28,275
30,695
29,461
Gang members manually deleted
769
374
221
152
184
150
Total removals
20,568
26,769
29,797
33,059
34,937
33,431
Source:
California State Auditor’s analysis of CalGang data obtained from the California Department of Justice as of November 23, 2015.
*
Our analysis for 2015 was limited to additions and removals that occurred as of November 23, 2015.
CalGang is what is called a
pointer
system; the records within it
point—or refer—to documents outside of CalGang that contain
information about suspected gang members and their affiliates,
such as arrest reports, reports of interactions with law enforcement
officers in the field, and booking photographs. Using those documents
and in‑person observations, law enforcement agency staff—generally
gang enforcement officers or administrative staff—record in CalGang
various data points about gang members, including their names,
birth dates, races, genders, known addresses, vehicles, physical
descriptors, and personal markings such as tattoos. CalGang also
captures information specific to gang culture, such as monikers,
aliases, gang symbols, gang colors, gang territories, weapons, drugs,
and gang affiliates. However, law enforcement agencies must use the
information contained in records external to CalGang as the bases for
any official actions, such as arrests or applications for search warrants,
rather than the entries in CalGang itself. Figure 2 on the following
page shows demographic information for individuals in CalGang by
race, gender, and age.
California State Auditor Report 2015-130
August 2016
12
Figure 2
Proportion of Gang Members and Affiliates in CalGang by Race, Gender, and Age
GENDER
6.
8
%
FEMALE
93 .1
%
MALE
0 .1
%
NOT IDENTIFIED
RACE
64.9
%
HISPANIC
20.5
%
BLACK
8.2
%
WHITE
0.6
%
OTHER*
3.5
%
NOT IDENTIFIED
2.3
%
ASIAN/PACIFIC ISLANDER
AGE
5 7. 3
%
18–30 years
33.6
%
31–45 years
1.7
%
Under 18 years
7. 4
%
Over 45 years
Source:
California State Auditor’s analysis of CalGang data obtained from the California Department
of Justice as of November 23, 2015.
*
Other
includes African, American Indian, and people of two or more races.
13
California State Auditor Report 2015-130
August 2016
CalGang is the primary shared gang database law enforcement
agencies use throughout the State. When we surveyed law
enforcement agencies statewide, 92 percent of respondents asserted
that CalGang was the only shared gang database their agencies
used. When we reviewed information provided by the remaining
8 percent of respondents, we were able to verify only one additional
shared gang database: the Sacramento County Known Persons File.
However, just one law enforcement agency reported that many
agencies within Sacramento County use this shared gang database.
We describe our survey approach and analyze selected responses in
Appendix A beginning on page 61.
CalGang’s Oversight Entities and Costs
Several different entities are responsible for aspects of CalGang’s
funding, operation, and oversight. Specifically, the CalGang
Executive Board (board) and the California Gang Node Advisory
Committee (committee) are the system’s two informal governing
bodies. These two governing bodies work with 10 local agencies
called
node administrator agencies
, as we discuss below. In addition,
the California Department of Justice (Justice) helps to administer
CalGang by funding its annual software maintenance contract with
CSRA and providing technology and infrastructure support.
CalGang’s board is composed of 15 total voting members representing
node administrator agencies, Justice, and three statewide law
enforcement associations.
3
According to the board’s bylaws, its
objectives and purposes include providing oversight and policy
direction, ensuring CalGang performs its intended functions,
facilitating funding, and ensuring compliance with local, state,
and federal standards. According to the board’s bylaws, the board
elects a chairperson annually from the 15 voting members, and that
chairperson appoints a vice chairperson. The board’s officers may
serve consecutive terms. The bylaws direct the board to meet in
conjunction with the committee or as needed.
Members of the committee act as CalGang operational subject
matter experts. The committee’s bylaws establish that each
node administrator agency can designate one voting committee
member and that the Justice representative also acts as a voting
committee member.
4
Only voting members may serve as
the committee’s chairperson, vice chairperson, and sergeant at
3
The Los Angeles node has two voting members—the Los Angeles County Sheriff ’s Department
and the Los Angeles Police Department.
4
California Emergency Management Agency (CalEMA) is listed as a voting member in the
committee’s bylaws. However, CalEMA has not been represented at committee meetings
since 2011, and the board voted to remove it as a voting member in 2014
15
California State Auditor Report 2015-130
August 2016
federal regulations and state guidelines.
5
The requirements include
node administrator agency and CalGang user agency training,
system audit and record purges, and information security and
dissemination. CalGang policy also states that only properly trained
individuals may access CalGang. We describe these requirements in
more detail in the Audit Results.
CalGang policy also specifies the criteria that individuals must meet
before user agencies can add them to CalGang. Before a CalGang
user can add an individual to CalGang as a gang member, a trained
law enforcement officer generally must affirm that the individual
meets at least two gang membership criteria. As shown in Table 2,
these criteria include admitting to gang membership, being affiliated
with known gang members, and exhibiting gang clothing or behavior.
As previously discussed, a user can also add an individual as a gang
affiliate if a law enforcement officer suspects the individual is involved
in criminal activity and he or she affiliates with a documented gang
member. According to CalGang policy, users must have sufficient
source documentation to support CalGang entries.
Table 2
The Frequency With Which Law Enforcement Agencies Used Criteria When
Initially Entering Individuals Into CalGang
CRITERIA
(REASONS FOR ENTERING AN INDIVIDUAL INTO CALGANG)
FREQUENCY OF USE
FOR INITIAL ENTRY
1.
Subject has admitted to being a gang member.
58%
2.
Subject has been seen associating with documented gang members.
44
3.
Subject is known to have gang tattoos.
43
4.
Subject has been seen frequenting gang areas.
30
5.
Subject has been seen wearing gang dress.
25
6.
In-custody classification interview.*
24
7.
Subject has been arrested for offenses consistent with usual gang activity.
11
8.
Subject has been seen displaying gang symbols and/or hand signs.
7
9.
Subject has been identified as a gang member by a reliable informant/source.
6
10.
Subject has been identified as a gang member by an untested informant.
1
Sources:
Policy and Procedures for the CalGang System, California Gang Node Advisory Committee;
and California State Auditor’s analysis of CalGang data obtained from the California Department of
Justice as of November 23, 2015.
*
Admission of gang membership during a custody classification interview is the one exception to
the two
-criteria requirement.
5
According to Los Angeles, at the May 2016 committee meeting, the committee voted to remove
the State guidelines from its requirements. However, as of July 28, 2016 the board had not voted
on this recommendation.
California State Auditor Report 2015-130
August 2016
16
Effective January 1, 2014, state law requires that if law enforcement
agencies wish to enter juveniles—defined as individuals younger
than 18 years of age—into a shared gang database such as CalGang,
the user agencies must first notify the juveniles and their parents
or guardians in writing. Because those who receive the letters
have a right to contest the gang designation, this notification
should explain the juveniles’ rights to contest the gang designation.
However, if the user agencies determine that notifications will
compromise active criminal investigations or the juveniles’ health
or safety, they are not required to provide the notifications or
supply information to juveniles or their parents or guardians. We
address the law’s requirements in more detail in the Audit Results.
Privacy Protections for Californians
Justice stated in the state guidelines that law enforcement agencies
can collect criminal intelligence information for legitimate law
enforcement purposes; the trade‑off, however, is that doing so
potentially violates individuals’ privacy and other constitutional
rights. The right to privacy is an implied constitutional right under
the United States Constitution and an express constitutional right
under the California Constitution. Therefore, both the federal
regulations and the state guidelines establish certain standards for
how law enforcement agencies may collect, maintain, and share
criminal intelligence in a way that protects the privacy rights
of the individuals in the intelligence files. Because the board
and committee adopted requirements indicating that CalGang
will comply with the federal regulations and state guidelines,
these two bodies have a responsibility to develop processes
to ensure CalGang operates according to those requirements.
In addition, CalGang user agencies have a responsibility to
thoroughly understand and follow the requirements.
Academics and citizen advocacy groups have expressed concerns
about how collecting and storing criminal intelligence in a database
such as CalGang can impinge on individuals’ rights. Many of
these concerns relate to the discretion law enforcement agencies
have in classifying groups of individuals as gangs and individuals
as gang members. In particular, academic literature suggests that
the broad criteria used to label gangs and gang members may
make it difficult for youth living in gang‑heavy communities to
avoid meeting the qualifying criteria and that gang labeling can
stigmatize minority, inner‑city youth, limiting their social and
economic opportunities. In addition, other critics have expressed
concerns that collecting and disseminating criminal intelligence
may infringe upon individuals’ constitutional rights, including the
rights to free speech, to peaceably assemble, to protection from
illegal search and seizure, and to equal protection under the law.
17
California State Auditor Report 2015-130
August 2016
Ultimately, California’s law enforcement agencies must balance
the need to protect individuals’ rights with the need to protect the
public from crime caused by gangs. The law enforcement agencies
can achieve this balance only through rigorous processes designed
to ensure the information they maintain in CalGang is accurate and
lawfully obtained.
Scope and Methodology
The Joint Legislative Audit Committee (Audit Committee)
directed the California State Auditor to conduct an audit to
understand the State’s adherence to relevant laws related
to protecting the rights of individuals for whom information
is entered into and removed from CalGang. It also asked us to
determine the extent to which agencies across the State use CalGang.
Table 3 on the following pages lists the 15 objectives that the Audit
Committee approved and the methods we used to address them.
Assessment of Data Reliability
In performing this audit, we obtained electronic data files extracted
from CalGang as of November 23, 2015. The U.S. Government
Accountability Office (GAO), whose standards we are statutorily
required to follow, requires us to assess the sufficiency and
appropriateness of computer‑processed information that we use
to support our findings, conclusions, or recommendations. To
accomplish this assessment, we performed data‑set verification and
electronic testing of key data elements and identified significant
issues. As we discuss in the Audit Results, we found many instances
of questionable data entries related to individuals’ birthdates,
criteria dates, purge dates, and individuals’ location information.
We also conducted accuracy testing for a selection of 563 criteria
entries pertaining to 100 individuals in the CalGang data and
found that 23 percent were not adequately supported. Moreover,
we identified concerns over the existing controls that safeguard
CalGang information from inappropriate access and man‑made
or natural disasters.
Due to these deficiencies, we did not perform further testing of
the CalGang data, such as completeness testing. Consequently,
additional weaknesses may exist that we did not identify during
our review. As a result of the pervasive deficiencies identified, we
determined that the CalGang data are not sufficiently reliable.
Although our determination may affect the precision of the numbers
we present, sufficient evidence in total exists to support our audit
findings, conclusions, and recommendations in this report.
18
California State Auditor Report 2015-130
August 2016
Table 3
Audit Objectives and the Methods Used to Address Them
AUDIT OBJECTIVE
METHOD
1
Review and evaluate the laws, rules,
and regulations significant to the
audit objectives.
We identified relevant federal regulations; state laws and guidelines; CalGang
agreements; CalGang Executive Board (board) bylaws; the California Gang Node
Advisory Committee (committee) bylaws; CalGang policies and procedures; and other
background materials.
2
Identify the number of gang database
systems that exist in California and the
extent to which they are used by agencies.
See
Method
related to Audit Objective 13.
3
Identify and evaluate the roles and
responsibilities of the California Department
of Justice (Justice), the committee, the
board, and any other agencies involved in
the management and oversight of CalGang,
including the level of training provided to
program administrators and operators
to implement the CalGang program and
ensure it complies with the law.
• We reviewed relevant federal regulations, state guidelines, CalGang agreements, the board’s
and the committee’s bylaws, and CalGang policies and procedures.
• We interviewed key officials with Justice, the board, the committee, and with the four law
enforcement agencies we selected for review—Los Angeles Police Department (Los Angeles),
Santa Ana Police Department (Santa Ana), Santa Clara County Sheriff ’s Office (Santa Clara), and
Sonoma County Sheriff ’s Office (Sonoma).
• In selecting the four law enforcement agencies, we considered the following factors: agency
location, number of gang members and CalGang users based on the CalGang data set
described in
Method
related to Audit Objective 4, and whether the agency responded to our
survey. The survey is described further in
Method
related to Audit Objective 13.
• We assessed CalGang’s oversight structure in relation to key requirements specified in the federal
regulations and in other pertinent requirements.
• We assessed whether the committee fulfilled its responsibilities related to training materials per
the CalGang policies and procedures.
• We determined whether two node administrator agencies—Los Angeles and Sonoma—fulfilled
their responsibilities related to training materials per the CalGang policies and procedures,
including reviewing their training materials to determine whether the materials covered all
required topics.
4
Assess whether and to what extent access
to and the release of data in CalGang
is tracked and monitored to ensure all
applicable laws, regulations, and policies
and procedures are consistently followed.
To the extent possible, determine
the following for the latest year such
information is available:
• We reviewed relevant federal regulations, state guidelines, and CalGang policies and
procedures. We interviewed key officials at Justice, the board, the committee, and the
four law enforcement agencies we selected for review.
• We reviewed requests for information Justice and the four law enforcement agencies
received and responded to generally between January 1, 2011, and early March 2016, to
determine whether they released CalGang data in accordance with applicable requirements.
• We obtained a filtered extract of data entered by California law enforcement entities into
CalGang as of November 23, 2015. We conducted all of the analyses of the CalGang data we
describe throughout this report using this limited data set.
• We identified individuals in CalGang data whose birthdates indicated that they were under
the age of 18 upon initial entry into the system.
• CalGang data does not track all juvenile notifications. For review purposes, we relied on
the notifications each law enforcement agency we reviewed had in its files. Also, as part of
our statewide survey, we asked law enforcement agencies to report the number of juvenile
notifications they made between January 1, 2014, and October 31, 2015.
• We calculated the average length of time individuals were in CalGang as of
November 23, 2015.
a.
The number of requests for information
and the purpose of each request.
b.
The number of juveniles added to the
system since January 1, 2014, and
the number of related notifications
made in accordance with Senate Bill 458
(Chapter 797, Statutes 2013) (SB458).
c.
The length of time each individual has
been in CalGang.
19
California State Auditor Report 2015-130
August 2016
AUDIT OBJECTIVE
METHOD
5
For the most recent five years that data
are available and to the extent possible,
determine the following:
• We calculated the number of individuals added to and removed from CalGang data annually
from January 1, 2010, through November 23, 2015.
• We reviewed relevant federal regulations, state guidelines, and CalGang policies and
procedures. We determined that no requirements pertaining to notifying adults added to or
removed from CalGang currently exist.
• We analyzed available demographics for individuals in the CalGang data.
• We reviewed policy and procedures as available from the four law enforcement agencies as
well as other pertinent documents.
• We interviewed key officials at the four law enforcement agencies and determined that
those agencies generally do not track or keep records of adult or juvenile requests for
removal from the CalGang system. Also, as part of our statewide survey, we asked law
enforcement agencies to report the number of requests for removal they received and the
outcome of each.
• We analyzed the frequency of the criterion used by law enforcement agencies to initially
enter individuals into CalGang.
a. The number of people added
to and removed from CalGang by year
and whether they were notified of
such action.
b.
Demographics of individuals in CalGang,
including age, gender, race, ethnicity,
and geographic location.
c.
Number of requests for removal from
CalGang received and the outcome
of each.
d.
Number of juvenile appeals for removal
received and the outcome of each.
e. The criteria used for adding each individual
to the system during this period.
6
Determine whether individuals are
removed from CalGang consistent with any
guidelines established in law, regulations,
and policies.
• We reviewed the relevant federal regulations, state guidelines, CalGang policies and
procedures, and policies and procedures of the law enforcement agencies, as well as other
pertinent documents.
• We interviewed key officials at the four law enforcement agencies.
• We assessed whether CalGang automatically removes individuals from CalGang after
five years if individuals do not meet additional entry criteria.
7
Review and assess any evaluations of
CalGang that have been conducted to
determine its effectiveness in achieving its
intended purpose.
• We reviewed the relevant federal regulations, state guidelines, CalGang policies and
procedures, and committee meeting minutes.
• We interviewed key officials at Justice, the board, the committee, and the four local law
enforcement agencies we selected for review and other key local officials.
• We performed web searches to determine whether CalGang studies, reviews, evaluations, or
audits have been performed and reported.
• We assessed committee audits and the committee’s audit processes to determine whether
the audits were effective.
• We reviewed committee meeting minutes to determine what information node
administrators reported and documented, including audit findings and how those findings
were resolved.
8
Determine the annual cost of CalGang and
identify the major categories of expenditure.
• We interviewed key officials at Justice.
• We reviewed CalGang contracts and project cost documentation for fiscal years 2012–13
through 2014–15.
• As part of our statewide survey, we asked law enforcement agencies to report their costs for
administering and using CalGang.
9
Determine whether policies and procedures
exist to prevent, detect, and address
possible conflicts of interest specific to
contracting and spending related to the
administration of CalGang.
• We reviewed the relevant federal regulations, state guidelines, CalGang policies and
procedures, and the
State Contracting Manual
. We also reviewed Justice’s purchasing
authority and pertinent documentation it maintained related to its contract with CSRA
International, Inc.
• We determined that Justice’s contract with CSRA International is low risk and that the
contract itself is over twenty years old.
continued on next page . . .
20
California State Auditor Report 2015-130
August 2016
AUDIT OBJECTIVE
METHOD
10
At a selection of law enforcement agencies,
evaluate law enforcement’s compliance with
relevant laws and policies governing gang
database systems.
• We reviewed the relevant federal regulations, state guidelines, and CalGang policies and
procedures, and other pertinent documents.
• We interviewed key officials with the four selected law enforcement agencies.
• At the law enforcement agencies we selected for review, we assessed their compliance with
selected administrative safeguards outlined in federal regulations, the state guidelines, and
other pertinent requirements.
• At Sonoma, Los Angeles, and the node administrators for Santa Clara and Santa Ana—
the San Jose Police Department and the Orange County District Attorney’s Office
respectively—we reviewed compliance with selected technical and physical safeguards
outlined in federal regulations.
• At the four law enforcement agencies, we reviewed a selection of gangs to determine
whether they met gang criteria when law enforcement entered them into CalGang
and whether they currently meet gang criteria.
11
At a selection of local law enforcement
agencies and for the most recent five years,
identify the criteria being used to designate
a person as a gang member for inclusion
in CalGang and determine if the criteria
align with the intended purpose of CalGang
and with the definition of gang or gang
member codified in Section 186.22 of
the California Penal Code. To the extent
possible, determine how frequently each
criterion has been used to identify someone
as a gang member.
• We reviewed the relevant federal regulations, state law, state guidelines, CalGang policies
and procedures, and policies and procedures of the law enforcement agencies, as well as
other pertinent documents.
• We interviewed key officials with the four selected law enforcement agencies and reviewed
pertinent documents to determine what criteria the agencies use for designating individuals
as gang members.
• We assessed whether CalGang criteria the four local law enforcement agencies use align
with CalGang’s purpose and with the definition of “criminal street gang.” We determined the
four local law enforcement agencies are not using additional criteria to enter individuals
into CalGang.
• We analyzed the frequency of the criteria used by law enforcement agencies to initially enter
individuals into CalGang.
12
Determine how those with oversight
responsibility ensure the following:
• We interviewed key officials with Justice, the board, and the committee.
• We reviewed the relevant federal regulations, state law, state guidelines, CalGang policies
and procedures, and board and committee meeting minutes.
• We evaluated CalGang’s oversight structure against common characteristics of
government programs.
• We assessed committee audits and the committee’s audit processes to determine whether
the audits were effective.
• We reviewed committee meeting minutes to determine what information node
administrators reported and documented, including audit findings and how those findings
were resolved.
a.
CalGang operates in compliance with all
relevant laws, regulations, and policies
and procedures.
b.
The information included in CalGang is
current, accurate, and reliable.
21
California State Auditor Report 2015-130
August 2016
AUDIT OBJECTIVE
METHOD
13
Survey local law enforcement agencies
and visit selected local law enforcement
agencies to determine the following:
• We surveyed 329 local and state law enforcement agencies, including county sheriff ’s offices,
city police departments, school district police departments, and selected state agencies.
Appendix A on page 61 further describes how we selected agencies to survey.
• The survey questions covered topics such as the extent of the agencies’ use of CalGang; their
training; their processes for adult and juvenile entry, notification, and removal from CalGang;
their information requests; and their use of other shared gang databases.
• We performed related analyses, including items a through d for this objective.
• The survey responses were self-reported, and, except as noted, we did not verify the
accuracy of the responses. We clarified survey responses agencies provided about shared
gang databases and information requests related to employment.
a.
Whether the law enforcement employees
who use CalGang are adequately trained
to implement the program and ensure
full compliance with the law.
b.
Whether the policies and procedures
local law enforcement agencies have
put in place are adequate for ensuring
compliance with SB 458 and other
applicable laws.
c.
How many requests for removal from
CalGang have been submitted over the
past five years and the outcomes of
these requests.
d.
How many juvenile appeals have been
made since the approval of SB458 and
how many names have been removed
through this appeal process.
14
To the extent possible, evaluate the
accuracy and completeness of the CalGang
data, as well as the types of documentation
maintained to support information entered
into CalGang.
We selected 100 individuals (25 from each of the local law enforcement agencies we reviewed)
recorded in CalGang and evaluated the accuracy of criteria entries by analyzing supporting
documentation. As we discuss in the Assessment of Data Reliability on page 17, we did not test
the completeness of CalGang.
15
Review and assess any other issues that are
significant to the audit.
We did not identify any other issues that were significant to the audit.
Sources:
California State Auditor’s analysis of Joint Legislative Audit Committee audit request number 2015-130, and information and documentation
identified in the Table column titled
Method
.
Audit Results
Due to an Inadequate Leadership Structure, CalGang Has Failed to
Comply With Requirements Designed to Protect Individuals’ Rights
to Privacy
The California Department of Justice (Justice) funds CalGang.
However, two bodies composed of law enforcement officials—the
CalGang Executive Board (board) and its technical subcommittee,
the California Gang Node Advisory Committee (committee)—are
responsible for overseeing the CalGang database. These bodies
operate free from the typical safeguards that are the foundation
of government programs. When the board and the committee
voluntarily adopted federal and state criminal intelligence
requirements, they expressed a commitment to protect individuals’
privacy rights and maintain a high‑quality tool for law enforcement
to use to suppress and solve gang crime. However, these entities
lack the organizational structure and processes necessary to
ensure that CalGang achieves these objectives.
Since state funding supports CalGang and law enforcement
agencies statewide use it, we expected to find in place a state
law establishing the powers, legal authority, and responsibilities
that would ensure CalGang’s leadership structure and processes
reflect the characteristics common to public programs. However,
CalGang was not created in statute, and Justice is not statutorily
required to oversee it. Thus, the board and the committee have
assumed responsibility for managing and overseeing CalGang
and its user agencies. Because of the value of CalGang to local
law enforcement agencies, Justice voluntarily funds it and
provides technical support as needed. Nonetheless, Justice’s
involvement with those bodies is inconsistent despite holding a
voting seat on both the board and the committee. For example,
since 2010 Justice has not been represented at one‑third of
the board’s meetings. We asked Justice about its not attending
certain board meetings, and Justice officials explained that it found
limited value in attending these meetings because board members
viewed Justice’s role narrowly and as limited to providing technical
support and funding for CalGang. Justice’s views on policy and
governance were not given meaningful consideration by the board
or the committee. Although Justice could have refused to renew
the CalGang maintenance contract, this was not viewed as a viable
option because it would likely have caused the program to shut down.
Justice told us that it did not at that time have any other leverage
over CalGang to ensure that its input was given any weight.
The board and the committee act without statutory authority,
transparency, or meaningful opportunities for public engagement.
Table 4 summarizes the characteristics common to government
24
California State Auditor Report 2015-130
August 2016
agencies and demonstrates the degree to which CalGang operates
outside of those characteristics. Government agencies exhibit these
characteristics as a means to gain the public’s trust and to engage
the public in their decision‑making processes. Because CalGang’s
oversight entities operate outside these parameters, their decisions
lack transparency and public input. Specifically, the board and the
committee do not conduct open meetings: They do not provide
public notice of their meetings, post agendas and minutes, or
accept public testimony. Thus, they limit the opportunity for public
understanding and input. For example, Justice posted some of the
board meetings’ minutes and agendas on its website, but the most
recent document is dated May 2014—more than two years ago,
despite there being more recent meetings.
Table 4
Common Characteristics of Government Entities Compared to CalGang’s Current Framework
COMMON CHARACTERISTICS OF GOVERNMENT ENTITIES
CALGANG’S FRAMEWORK
SCORECARD
Statutorily defined authority and responsibilities.
No responsibilities or authority defined in state law; CalGang is subject
only to rules the CalGang Executive Board (board) and the California Gang
Node Advisory Committee (committee) have adopted and established.
5
Transparency and opportunities for public participation.
Limited transparency and opportunities for public participation.
s
Direct reporting to a government agency or department
that has policy, operations, and administrative oversight.
Limited oversight of policies and operations. State government is a
participant with no decision-making authority.
s
Public input through elections, through an elected body,
or through the composition of governing bodies.
The board and the committee determine their own membership
and leadership.
5
Accountability established by clearly defining the roles
of oversight entities.
Individuals serve in multiple roles, creating situations in which they
oversee themselves.
5
Independently audited.
Not audited by an external, independent body. User agencies evaluate
their own records.
5
Specified revenue sources and, if appropriate, the ability
to collect fees.
No designated revenue source and no authority to collect fees from
user agencies.
5
Legal representation.
No legal representation.
5
Sources:
California State Auditor’s analysis of documentation from the Institute of Internal Auditors’
Public Sector Definition
, excerpts from
Strategic
Planning for Public and Nonprofit Organizations
by John Bryson, excerpts from
Understanding and Managing Public Organizations
by Hal Rainey, and
analysis of the board’s and the committee’s bylaws and minutes and the committee’s policies and procedures.
5
= CalGang’s framework does not meet this common characteristic of government entities.
s
= CalGang’s framework only partially meets this common characteristic of government entities.
In addition, CalGang’s leadership structure does not provide
adequate accountability or oversight. Because the board and
the committee determine which law enforcement agencies (also
referred to as
user agencies
) will be node administrator agencies,
they control the composition of their own membership: Once
the board approves a law enforcement agency to be a node
administrator agency, that agency designates individuals to sit
25
California State Auditor Report 2015-130
August 2016
on the board and the committee. Moreover, the members of the
board and the committee elect their own leadership. Thus, no
opportunities exist for public input through elections or elected
bodies. Accountability is further compromised because individuals
can serve many roles within the CalGang framework. Table 5
outlines selected responsibilities of these bodies and illustrates
how individuals can serve in multiple oversight roles. For example,
in the Sonoma County Sheriff ’s Office (Sonoma), the sergeant
who serves on the committee also acts as a node administrator
and as a CalGang user. In fact, the sergeant stated that he enters
approximately 95 percent of CalGang records for his agency,
yet this same sergeant is also responsible for conducting any
audits of CalGang records for the region because he is the node
administrator. The sergeant’s conflicting roles highlight the current
weaknesses in CalGang’s oversight framework.
Table 5
Selected Responsibilities of CalGang Oversight Entities and User Agencies
COMPOSITION
RESPONSIBILITIES
CalGang Executive
Board (board)
The chief executive or his or her designee from each
of the following: the 11 node administrator agencies,
the California Department of Justice, the California
District Attorneys Association, and the California State
Sheriff ’s Association.
• Pro
vide oversight and policy direction.
•
Approve the creation or abolition of a node.
• Elec
t a chairperson annually.
California Gang Node
Advisory Committee
(committee)
Full-time law enforcement officers or support staff
designated by node administrator agencies, usually
the node administrators.
•
Oversee the operations of law enforcement agencies
(user agencies).
•
Evaluate requests from agencies interested in becoming nodes.
•
Elect a chairperson, vice chairperson, and sergeant of arms
every other year.
Node administrator
agencies
Designated node administrator.
•
Ensure that all users in the node adhere to committee policies.
•
Conduct triannual audits.
•
Examine gangs before they are added to CalGang.
User agencies
Law enforcement or support staff who enter
CalGang data.
•
Comply with committee policies.
•
Ensure data are legal, relevant, accurate, timely, and complete.
Sources:
Board and committee bylaws, committee policies, and interviews with the committee chair.
Although the board and committee voluntarily committed to
adhere to Title 28, Code of Federal Regulations, Part 23 (federal
regulations), which establishes requirements to ensure the privacy
of those whose data is maintained in criminal intelligence systems
such as CalGang, their protocols for implementing the federal
regulations allude to stronger oversight than the entities actually
provide. Specifically, the federal regulations—which are viewed
as the national standard for protecting and handling criminal
intelligence systems—require rules and processes that implement
administrative, technical, and physical safeguards to protect
26
California State Auditor Report 2015-130
August 2016
criminal intelligence data and individuals’ rights. On the surface,
the committee’s policies and procedures (CalGang policy) appear
to address some of these requirements. However, the board
and the committee have not implemented or followed all of the
necessary processes, as summarized in Table 6. For example, federal
regulations require audits and inspections to ensure that the user
agencies have necessary processes in place to make key decisions,
such as determining that reasonable suspicion exists to support
CalGang entries. However, as we discuss later, we found that the
committee’s audits are neither independent nor robust and that
CalGang policy does not include a provision for on‑site inspections
of records or facilities.
Table 6
CalGang’s Oversight Entities’ Adherence to Federal Regulations for Protecting Criminal Intelligence
SELECTED REQUIREMENTS UNDER TITLE 28,
CODE OF FEDERAL REGULATIONS, PART 23
CALGANG’
S IMPLEMENTATION
SCORECARD
Administrative Safeguards
Audit and inspect properly trained participating agencies to
ensure that reasonable suspicion exists and that users are
following federal, state, and local laws.
Audits do not adequately review the establishment of reasonable
suspicion or compliance with laws. CalGang’s oversight entities do
not perform on-site inspections.
5
Adopt procedures to ensure that all information retained in
the database has relevancy and importance.
Procedures do not exist.
5
Develop rules to implement authority to remove personnel
authorized to access the system.
CalGang’s oversight entities have adopted rules to sanction users.
Technical Safeguards
Store information in a manner such that it cannot be accessed
without authorization.
At the time of our review, the four nodes lacked policies or
procedures for ensuring that user accounts are disabled when
employees transfer or separate from employment.*
5
‡
Physical Safeguards
Restrict access to its facilities.
The four nodes we reviewed stored the servers containing CalGang
information in locked buildings with limited physical access.
Institute procedures to protect criminal intelligence
information from fire, flood, or other disasters.
CalGang information is regularly backed up to protect from
data loss.
†
Sources:
California State Auditor’s analysis of Title 28, Code of Federal Regulations, Section 23; CalGang’s administrative, technical, and physical
oversight processes; and the California Gang Node Advisory Committee’s policies and procedures.
= No significant issues identified.
5
= Did not adhere to requirements.
*
We visited four law enforcement agencies—the Sonoma County Sheriff ’s Office (Sonoma), the Santa Clara County Sheriff ’s Office (Santa Clara),
the Los Angeles Police Department (Los Angeles), and the Santa Ana Police Department (Santa Ana). Two of these agencies—Sonoma and
Los Angeles—are node administrator agencies. The other two agencies—Santa Ana and Santa Clara—are part of the nodes overseen by the
Orange County District Attorney’s Office and the San Jose Police Department, respectively.
†
Although we did not identify any significant issues related to protecting criminal intelligence information from fire, flood, or other disasters, the
nodes we visited did not have adequate plans for restoring the information following a disaster.
‡
Subsequent to our review, Santa Ana’s node administrator provided us with a new procedure for evaluating the validity of its node’s CalGang
user accounts.
27
California State Auditor Report 2015-130
August 2016
Moreover, as Table 6 shows, we have concerns about the user
agencies’ compliance with federal regulations related to safeguarding
CalGang information from unauthorized access. At the node
administrator agencies for each of the four law enforcement agencies
that we reviewed—Sonoma, the Santa Clara County Sheriff ’s Office
(Santa Clara), the Los Angeles Police Department (Los Angeles),
and the Santa Ana Police Department (Santa Ana)—we attempted
to review the policies and procedures for removing or modifying
employee CalGang user accounts when the employees transfer or
separate from employment.
6
However, none of the node administrator
agencies had such policies or procedures at the time of our review.
We found 65 active user accounts across Santa Clara, Los Angeles,
and Sonoma for individuals who no longer worked for the agencies.
Two of these accounts may have been vulnerable to inappropriate
access for more than 11 years following the employees’ departures.
Subsequent to our review, Santa Ana’s node administrator provided us
with a new procedure for evaluating the validity of its node’s CalGang
user accounts.
In addition, although each of the node administrator agencies
we reviewed asserted that they protect their data against loss
by implementing practices such as performing regular backups
of data as federal regulations require, we found that none of the
node administrator agencies have fully documented plans for
restoring CalGang information after a man‑made or natural
disaster. Specifically, neither Santa Ana’s node administrator agency
nor Los Angeles has a contingency plan in place for restoring
CalGang information after a loss of this nature. In contrast,
the node administrators for Sonoma and Santa Clara provided
written agreements with service providers for restoring CalGang
information after a man‑made or natural disaster. However, these
service agreements did not specify how quickly the information
would need to be restored in order to minimize the impact of the
interruption. Industry best practices state that organizations should
develop contingency plans that identify maximum acceptable time
frames during which critical business applications can be inoperable.
Without sufficient planning, the node administrator agencies risk
losing the capability to process and retrieve CalGang information,
which could significantly affect user agencies’ timely access to
gang‑related intelligence information.
Ultimately, the board and the committee have not effectively
communicated the federal regulations and state guidelines to user
agencies. CalGang’s policies state that CalGang will comply with
federal regulations and Justice’s
Model Standards and Procedures
6
Two of the law enforcement agencies that we reviewed—Sonoma and Los Angeles—are node
administrator agencies. The other two agencies—Santa Ana and Santa Clara—are parts of
the nodes overseen by the Orange County District Attorney’s Office and the San Jose Police
Department, respectively, which both function as node administrator agencies.
We have concerns about how law
enforcement agencies safeguard
CalGang information from
unauthorized access. We found
65 active user accounts for former
employees; two accounts were left
open for more than 11 years.
California State Auditor Report 2015-130
August 2016
28
for Maintaining Criminal Intelligence Files and Criminal Intelligence
Operational Activities
, November 2007 (state guidelines). The state
guidelines provide similar safeguards as the federal regulations but
in certain areas are more restrictive. We expected that CalGang
policy or the agreements that user agencies and their respective node
administrator agencies sign would provide direction on implementing
the requirements for safeguarding data and ensuring they are reliable.
However, CalGang policy does not contain such guidance, and the user
agreements do not reference the specific requirements—in fact, the
agreements are very broad and simply state that user agencies must
comply with all applicable laws, rules, and regulations. Consequently,
the four law enforcement agencies we reviewed did not understand
these requirements. For example, the sergeant at Santa Clara who is
solely responsible for determining whether individuals meet the criteria
for entry into CalGang stated that he was not familiar with the state
guidelines. As we discuss later, we found that the four agencies had not
implemented many of the processes the state guidelines require. The
remainder of this report explores the many examples of broken and
fragmented processes we identified related to CalGang and how these
processes weaken the database and create opportunities for violations of
individuals’ rights.
Law Enforcement Agencies Could Not Always Demonstrate That They
Had Established Reasonable Suspicion That Groups Were Gangs Before
Entering Them Into CalGang
Although CalGang policy requires that all user agencies maintain
sufficient source documentation to support their CalGang entries,
we found that the law enforcement agencies we reviewed were unable
to demonstrate that many of the groups they entered into CalGang met
the criteria necessary for identification as gangs. The federal regulations
and the state guidelines require that law enforcement agencies analyze
legally obtained information to establish reasonable suspicion of
organizations’ criminal activity before adding those organizations to
criminal intelligence databases. To establish reasonable suspicion for
entry into CalGang, the committee requires that law enforcement
agencies ensure that groups meet the definition of a
gang
in CalGang
policy. Figure 3 illustrates in part the criteria a group of three individuals
must meet to be considered a gang. These criteria are important
because after entering a gang into CalGang, a user agency may add
individuals to that gang as gang members.
7
An individual’s right to
privacy is jeopardized if a law enforcement agency justifies collecting
personal information about that individual by stating that he or she is a
gang member when the agency has not yet established that such a gang
exists through a documented pattern of criminal activity.
7
Throughout this report, we use the term
gang member
to refer to both gang members and gang
affiliates unless specifically stated otherwise.
California State Auditor Report 2015-130
August 2016
30
We reviewed a total of nine gangs that Sonoma, Santa Ana, and
Los Angeles had entered into CalGang to determine whether
the user agencies had appropriately established reasonable
suspicion according to the criteria in CalGang policy when the law
enforcement agency entered them.
8
We identified problems with
Sonoma’s and Santa Ana’s processes for adding new gangs. We
expected that these two agencies would be able to direct us to the
records they analyzed to determine that the group of three or more
individuals had a common sign, symbol, or name and demonstrated
a pattern of criminal gang activity, as depicted in Figure 3. However,
we found that Sonoma and Santa Ana generally relied on summary
statements agency staff provided on forms or in emails that
described how groups met the reasonable suspicion requirements
for CalGang entry. Although through subsequent follow up we
found that these groups
currently
meet the definition of a gang,
neither agency was able to demonstrate which individuals—at
the time of the groups’ initial entry into CalGang—supported the
agencies’ conclusions that the groups met the necessary criteria.
Therefore, neither agency could prove that it performed the analysis
required to establish reasonable suspicion. In contrast, we found
that Los Angeles could support the gang we reviewed. Specifically,
before Los Angeles added the gang into CalGang, it supported that
reasonable suspicion existed by maintaining a list of individuals and
their associated arrests, which together established gang criteria.
Sonoma’s process for adding new gangs to CalGang is of particular
concern to us. The sergeant acting as Sonoma’s node administrator
is responsible for adding gangs for the 30 counties that make up
the Sonoma node, yet he does not collect or analyze the source
documents that support his gang entries. Moreover, he destroys
the summary documentation the agencies within those counties
provide after transferring the information into CalGang. Therefore,
the sergeant could not provide supporting documentation for
any of the four gangs we examined from Sonoma. This approach
increases the risk that he will add groups to CalGang even when
user agencies have not established reasonable suspicion according
to CalGang policy. Once a gang is added to CalGang, all user
agencies in the node, which encompasses Northern California, are
free to collect and share information about individuals they believe
are gang members, potentially violating those individuals’ rights.
Additionally, the committee has not ensured that user agencies
periodically assess gangs to determine whether they continue
to meet the criteria in CalGang policy. The minutes from board
and committee meetings show that nodes periodically query
8
Santa Clara does not add gangs to CalGang; rather, it links suspected gang members to gangs
already existing in the database. Consequently, it did not have a process for us to review.
Sonoma’s node administrator adds
gangs for 30 other counties, yet
he does not collect or analyze the
source documents that support his
gang entries.
31
California State Auditor Report 2015-130
August 2016
CalGang data to identify and remove gangs with fewer than
three members. However, this type of limited review does not
confirm that reasonable suspicion continues to exist for larger gangs,
creating the risk that CalGang contains information on individuals
who are alleged members of groups that no longer meet the gang
criteria. Guidance provided by the Institute for Intergovernmental
Research—the criminal intelligence training vendor with which
the federal government contracts—indicates that law enforcement
agencies should periodically validate that reasonable suspicion
exists for a gang within a specified time frame, called a retention
period. According to this guidance, the gang and its members should
generally be purged at the end of this retention period. However, no
retention period for gangs exists in CalGang if reasonable suspicion
can no longer be validated.
As a result, Los Angeles had no information since 2008 in its gang
history records demonstrating that one gang had engaged in a
pattern of criminal activity. To determine whether Los Angeles had
simply neglected to update its history for this gang, we analyzed
CalGang records for its members between 2010 and 2015 and
found Los Angeles’ officers documented only one arrest for offenses
consistent with gang activity. However, we determined through a
review of that individual’s criminal history records that he was not
arrested on the date documented in CalGang. As a result, based on our
review, Los Angeles no longer had sufficient reasonable suspicion in
its gang records or in CalGang to continue to categorize this group as
a gang and the node administrator would not have reviewed the gang
until its membership in CalGang fell below three members.
After we brought this problem to the attention of Los Angeles, its
node administrator researched the gang’s members and provided us
with records of arrests of gang members that law enforcement officers
did not include in the gang’s history or accurately enter into CalGang.
Although some of the offenses Los Angeles directed us to are consistent
with gang activity, we question why Los Angeles failed to enter this
information into CalGang and update its internal gang history. This
example demonstrates why it is important for CalGang user agencies
to establish a retention period and periodically assess whether a gang
continues to meet reasonable suspicion requirements in order to ensure
system accuracy and the protection of individuals’ rights.
Law Enforcement Agencies Do Not Have Adequate Support for Some of
the Individuals and Many of the Criteria They Entered Into CalGang
When law enforcement agencies cannot provide adequate support
for the inclusion of individuals in CalGang, documenting those
individuals’ whereabouts, appearance, and associates in a shared
database could constitute or lead to a violation of their privacy or
It is important for CalGang user
agencies to establish a retention
period and periodically assess
whether a gang continues to meet
reasonable suspicion requirements
in order to ensure system
accuracy and the protection of
individuals’ rights.
32
California State Auditor Report 2015-130
August 2016
other constitutional rights. Further, the inclusion of inaccurate or
unsupported information in CalGang reduces the system’s value
to law enforcement agencies. Nonetheless, when we reviewed a
selection of 100 people included in CalGang, we found that law
enforcement agencies did not have adequate support for inclusion of
13 of these individuals. Additionally, because user agencies can identify
numerous reasons, or criteria, for entering or retaining individuals in
CalGang, we reviewed more than 500 items of criteria associated with
these 100 individuals and found that the user agencies lacked adequate
supporting documentation, such as field notes or arrest report
narratives, for 23 percent of the criteria.
CalGang policy requires, with one exception, that a user agency
identify two documented criteria for initially entering a person into
CalGang.
9
For the individual to remain in CalGang longer than
five years from the date of original entry, a user agency must enter
subsequent criteria, which will reset the five‑year period from that
date. User agencies generally enter criteria when they have additional
contacts with the individuals. Because user agencies may have
entered numerous criteria for some individuals, those individuals’
inclusion in CalGang may be justifiable even if some of these
criteria are unsupported. As shown in Table 7, we found that 131 of
the 563 (23 percent) items of criteria we reviewed lacked support.
Ultimately, this led us to conclude that law enforcement agencies
did not have adequate support for inclusion in CalGang for 13 of the
100 individuals we reviewed.
Table 7
Four Law Enforcement Agencies’ Support for a Selection of 100 Individuals in CalGang
LAW ENFORCEMENT AGENCY
INDIVIDUALS
GANG CRITERIA
NUMBER
REVIEWED
NUMBER
ADEQUATELY
SUPPORTED
NUMBER NOT
ADEQUATELY
SUPPORTED
NUMBER
REVIEWED
NUMBER
ADEQUATELY
SUPPORTED
NUMBER NOT
ADEQUATELY
SUPPORTED
Los Angeles Police Department
25
23
2
213
165
48
Santa Ana Police Department
25
22
3
104
89
15
Santa Clara County Sheriff ’s Office and
the San Jose Police Department*
25
24
1
127
107
20
Sonoma County Sheriff ’s Office
†
25
18
7
119
71
48
Totals
100
87
13
563
432
131
Source:
California State Auditor’s review of four law enforcement agencies’ support for 100 people included in CalGang.
*
The San Jose Police Department is responsible for the majority of the entries we reviewed and the criteria we found to not be adequately supported.
†
Other agencies in the Sonoma County node—excluding Sonoma County Sheriff ’s Office—were responsible for nearly half of the criteria we found to
not be adequately supported.
9
The only exception to the two
-criteria requirement is when an individual admits to his or her gang
membership during an in-
custody classification interview for jail or prison housing.
33
California State Auditor Report 2015-130
August 2016
As indicated in Table 8, 31 of the unsupported criteria related to
the criterion “subject has admitted to being a gang member,” while
three related to “in‑custody classification interview,” which are
admissions of gang membership when individuals are brought
into custody and will be confined with other individuals. In these
instances, we found that the source documents either contained
no record of gang membership admissions or, in some instances,
indicated that the individuals said they were not—or not currently—
gang members. For example, Sonoma justified entering a person into
CalGang in part because he supposedly admitted to being a gang
member during a custody classification interview at the county jail.
However, when we obtained a record of this interview, we found that
the person said he was not currently a member of the gang to which
he was later connected in CalGang. In fact, he specifically requested
to not be housed with this gang. The only criterion for this individual’s
inclusion in CalGang for which we found support was that he had
been seen associating with documented gang members. However,
even that circumstance consisted of no more than an officer’s
observation that the individual was in the garage of a residence that
a documented gang member had left. Given that Sonoma did not
have adequate support for any other criteria for this individual, we
concluded that his inclusion in CalGang was inappropriate.
Table 8
Number and Types of CalGang Criteria Entries That Lacked Adequate Support
CRITERIA
NUMBER OF
CRITERIA NOT SUPPORTED
NUMBER OF
CRITERIA REVIEWED
Subject has admitted to being a gang member.
31
136
Subject has been arrested for offenses consistent with usual gang activity.
29
70
Subject has been seen associating with documented gang members.
28
98
Subject is known to have gang tattoos.
16
104
Subject has been identified as a gang member by a reliable informant/source.
8
11
Subject has been seen wearing gang dress.
7
33
Subject has been seen frequenting gang areas.
6
63
Subject has been seen displaying gang symbols and/or hand signs.
3
12
In-custody classification interview.
3
35
Subject has been identified as a gang member by an untested informant.
0
1
Totals
131
563
Source:
California State Auditor’s review of four law enforcement agencies’ support for 100 people included in CalGang, as listed in Table 7 on page 32.
When we asked about these admission‑related entries that did not
match source documents, representatives of the law enforcement
agencies often agreed that the criteria were not accurate and even
purged the information from CalGang. At times they explained that
34
California State Auditor Report 2015-130
August 2016
they could have used other field observations they did not record in
CalGang but that were present in the source documents to justify
the individuals’ inclusion in CalGang. However, admitting that they
could or should have entered other criteria into CalGang does not
negate the fact that the system inaccurately reflects individuals’
statements regarding gang membership. For CalGang to be
useful to law enforcement personnel, it should be both complete
and accurate.
We also found 29 instances in which user agencies
were unable to support the criterion “subject has
been arrested for offenses consistent with usual
gang activity.” In fact, in nine of these instances, we
could not find that the person had been arrested
for any offense—despite the use of this criterion to
justify putting the individual in CalGang. For the
remaining 20 entries, we found that the
individuals had been arrested for common crimes
that did not necessarily have any connection to
gang activity, such as probation violations and drug
possession. Although the committee established
the 10 criteria listed in Table 8 on page 33, it did
not implement any policies or procedures further
describing what offenses are consistent with gang
activity. However, the Penal Code contains a list of
offenses that can be used to determine that a group
is a criminal street gang for the purpose of
prosecuting its members, a selection of which are
listed in the text box. Absent any further definition
from the committee or from the user agencies we
reviewed, we used the Penal Code’s categories as a
benchmark for whether individuals’ offenses were,
in fact, consistent with gang activity.
In response to our concern regarding the offenses law enforcement
agencies used for this criterion, Santa Ana agreed to remove
one criteria entry related to loitering and two related to drug
possession. Conversely, the node administrator in Sonoma stated
that we misunderstood the concept of “subjective reasonable
suspicion” and maintained that some of the offenses we were
questioning—violating probation and resisting arrest—are common
among gang members. When we questioned a criteria entry
because the associated offense was the prohibited possession
of ammunition, which the Penal Code does not identify as a
gang‑related offense, the Sonoma node administrator responded
that “possession of ammunition by a gang member is a gang crime.”
The problem presented by both of these responses is that they
presuppose that the individuals in question are gang members and
therefore the offenses for which they were arrested are gang crimes.
Selection of Offenses Used to Establish
a Pattern of Criminal Gang Activity
•
Assault with deadly weapon.
•
Robbery, burglary, and carjacking.
•
Homicide and manslaughter.
•
Sale, or possession for sale, of a controlled substance.
•
Shooting at an inhabited dwelling or occupied
motor vehicle.
• Arson.
•
Rape, torture, and kidnapping.
•
Money laundering and counterfeiting.
•
Intimidation of witnesses and victims.
•
Prohibited possession of firearm.
•
Felony vandalism.
Source:
Penal Code 186.22, Section (e).
35
California State Auditor Report 2015-130
August 2016
In our view, offenses need to be indicative of gang activity for user
agencies to justify including individuals in CalGang. Although we
understand law enforcement officers must exercise judgment in
making certain criteria determinations, the results of our testing
suggest that the exercise of this judgment needs to be informed by
specific regulations.
The user agencies were also frequently unable to support the
criterion “subject has been seen associating with documented gang
members.” Specifically, we found 28 criteria entries in which the law
enforcement agencies did not document that the people with whom
the individuals in question were associating were gang members. In
fact, at times we found no record of anyone else even being present
during the events leading to the particular field observations.
In regard to the other unsupported criteria listed in Table 8 on
page 33, we did not question the validity of the law enforcement
officers’ field observations but rather only identified criteria as
unsupported if the source documents lacked such observations
altogether.
10
For example, if the law enforcement officers indicated
in source documents that geographical locations, tattoos,
symbols, or manner of dress were gang‑related, we accepted these
statements. However, we identified criteria entries as unsupported
if no such statements were present. For example, Los Angeles used
the criterion “subject has been identified as a gang member by a
reliable informant/source” to justify the inclusion of an individual
in CalGang. Upon hearing our concern that the source document
made no mention of an informant or other source, the node
administrator for Los Angeles responded that the “reliable source
would be the officer making the determination.” This interpretation
of what constitutes a “reliable informant/source” is inappropriately
broad and would allow officers to enter this criterion absent
any evidence other than their own views that individuals are
gang members.
We found two primary causes for the inaccurate criteria entries we
identified. Based on their descriptions of their processes for
entering information into CalGang, the user agencies we reviewed
often have administrative staff or other designated officers enter
information into CalGang rather than the officers who made the
field observations. CalGang policy does not prohibit this approach
and we recognize that it can be efficient. However, it may also be
the cause of some of the discrepancies between CalGang entries
and the corresponding source documents. Another contributing
10
For the criterion “subject has been seen frequenting gang areas,” we accepted the judgment
of those administering CalGang even when the field officers did not specifically record this
observation. Given their unique position of regularly recording or observing CalGang entries,
these administrators are likely to know the geographical locations that gangs frequent.
Although law enforcement officers
must exercise judgment in making
certain criteria determinations,
the results of our testing suggest
that the exercise of this judgment
needs to be informed by
specific regulations.
California State Auditor Report 2015-130
August 2016
36
factor to the deficiencies we found is the lack of strong oversight
of CalGang. No independent party regularly scrutinizes CalGang
criteria—a condition we detail later in the report.
As a result of these inaccurate criteria entries, law enforcement
agencies are tracking people in CalGang who do not appear to
justifiably belong in the system. Further, the inaccuracies weaken
its value to law enforcement because many of the descriptions in
CalGang do not match the support to which the system is pointing.
If law enforcement agencies later attempt to use this support as
evidence in convictions or
sentencing enhancements
—years added
to a prison term when an individual commits a crime to promote or
assist a gang—they will find that the information was not worth the
time and resources they used to locate and analyze it.
Throughout the audit, law enforcement officials offered their
perspective that inclusion in CalGang is of little impact to an
individual because CalGang only points to source documentation.
CalGang policy prohibits using the system as the basis for expert
opinion or statements of fact in official reports or for non‑law
enforcement purposes, such as employment screenings. However,
we found that neither of these prohibitions is always followed.
In fact, when we searched California appellate cases that
contained the terms
CalGang
or
gang database
, we found at least
four unpublished cases that referred to CalGang as support for
expert opinions or conclusions in official reports that individuals
were or were not gang members. Further, we found one case
in which a CalGang printout was apparently provided to a jury.
We found numerous other instances in which the unpublished
decisions by the appellate courts cited or otherwise contained
references to CalGang or a gang database. As we discuss later in
this report, three user agencies admitted that they use CalGang
for employment or military‑related screenings. These examples
emphasize that inclusion in CalGang has the potential to seriously
affect a person’s life and therefore the accuracy and appropriate use
of CalGang is of critical importance.
Law Enforcement Agencies Lack Appropriate Safeguards to Ensure
the Accuracy and Security of CalGang Records
Law enforcement agencies have failed to ensure that CalGang
records are added, removed, and shared in a way that maintains
the accuracy of the system and safeguards individuals’ rights.
We found that the agencies we examined did not review records
before and after entering them in CalGang and that committee
audits of the information within CalGang lacked independence
and transparency. Moreover, flaws in CalGang’s controls caused
many individuals to remain in the system longer than federal
Inclusion in CalGang has the
potential to seriously affect a
person’s life and therefore the
accuracy and appropriate use of
CalGang is of critical importance.
37
California State Auditor Report 2015-130
August 2016
regulations allow; in fact, some individuals are currently scheduled
to remain in CalGang for hundreds of years. Finally, in response to
our survey, three agencies reported using CalGang for employment
or military
‑related screenings, which represent an inappropriate
use of the system. We believe that the committee’s failure to
implement standardized training has contributed to user agencies’
inappropriate and inconsistent use of CalGang. In addition, the
committee’s lack of oversight and the user agencies’ lack of sound
processes has increased the risk of inaccuracies in CalGang, which
could jeopardize the effectiveness of investigations and lead to
violations of individuals’ privacy rights.
Law Enforcement Agencies Have Not Established Necessary Processes
for Reviewing and Purging Records
The federal regulations and state guidelines that CalGang
adopted outline the requirements for maintaining individuals’
criminal intelligence records. The requirements that relate to
reviewing records accomplish two objectives: They ensure that the
information in CalGang is accurate, which helps make CalGang
a valuable tool for solving and preventing crimes, and they help
ensure that inaccurate information is not added and that unreliable
and unnecessary information is purged, which protects individuals’
rights. As Figure 3 on page 29 indicates, the federal regulations and
state guidelines require that law enforcement agency supervisors
review and approve criminal intelligence data before entry. The
state guidelines also recommend periodic quality control reviews of
such data and permanently removing data from CalGang if they are
misleading, obsolete, or otherwise unreliable.
However, as Table 9 on the following page shows, the four law
enforcement agencies we reviewed did not have processes in place
to ensure that agency supervisors and quality control reviewers
evaluated records before their entry into CalGang. In fact, three
of the four agencies followed a practice of allowing one law
enforcement officer or analyst to decide unilaterally which suspected
gang members to add to CalGang. In contrast, Los Angeles has
established and generally followed a process requiring that a
supervisor review records before their entry. However, none of
the four agencies annually assessed CalGang records as the state
guidelines require. The Sonoma node administrator explained
that his agency had not implemented these requirements because
they would add unnecessary levels of review that would delay the
entry of information into CalGang. He further stated that until
the agency enters the information, it is not usable intelligence.
However, if Sonoma or other agencies believed that the safeguards
in the state guidelines were too onerous, they should have at least
established other, compensating processes that would ensure the
39
California State Auditor Report 2015-130
August 2016
Specifically, the audits are limited in focus and it is difficult
to determine if any change resulted. Board meeting minutes
dated January 2006 indicate that the board directed each node
administrator agency to audit 30 records a year, resulting in the
annual review of 330 records statewide. However, this level of
review appears inadequate given that CalGang contains in excess
of 150,000 individuals’ records. Further, the minutes from the
committee’s meetings document that the node administrator
agencies report on the results of their audits, but the minutes lack
sufficient detail of how the agencies addressed the problems they
uncovered. Thus, for the majority of its audits, the committee was
unable to demonstrate the value of its audit process and the related
outcomes. The limited focus of these audits is especially concerning
because they are the only oversight tool that the committee uses,
yet the audits are self‑reported with no independent verification
of the results, resulting in a process that is not robust enough
to ensure that user agencies are maintaining valid and accurate
criminal intelligence records, adhering to security protocols,
and upholding individuals’ rights to privacy. The lack of an
appropriate audit process potentially weakens CalGang’s value
as a law enforcement tool and may contribute to the public’s
concern that law enforcement agencies are mishandling private,
sensitive information.
Our review of CalGang records statewide identified a significant
number of errors that demonstrate the need for stronger controls
over the processes for entering, evaluating, and auditing the data
in CalGang. For example, we found 42 individuals in CalGang
whose birthdates indicated that they were less than one year old at
the time their information was entered, 28 of whom were entered
into the system in part because they admitted to being gang
members. CalGang also contained information that was unusable
for meaningful data analysis, such as telephone numbers, zip codes,
or random characters in the data field intended to capture a city
name. Additionally, we found instances in which city names were
misspelled or abbreviated in inconsistent ways. For example, we
identified more than 100 variations for Los Angeles, including
“Los Angels” and “Los Angeleses.”
We expected that the law enforcement agencies we examined
would be familiar with the state guidelines that the committee
adopted and have the necessary safeguards in place to implement
the related requirements. However, key officials and CalGang
users from Los Angeles, Santa Ana, and Santa Clara were all
unaware of the state guidelines and the requirements therein. At
Sonoma, the sergeant who functions as the node administrator
stated that the processes the state guidelines outline were either
not applicable to CalGang, did not have value, or would be too
resource‑intensive to fully implement. We disagree with the
Our review of CalGang records
statewide identified a significant
number of errors that demonstrate
the need for stronger controls
over the processes for entering,
evaluating, and auditing the data
in CalGang.
California State Auditor Report 2015-130
August 2016
40
sergeant’s assertions because CalGang policy explicitly requires
user agencies to follow the state guidelines. Further, if Sonoma or
other agencies had concerns regarding the processes in the state
guidelines, they should have reconciled them with processes that
were similarly robust but more efficient to implement. Disregarding
the guidelines designed to enhance CalGang’s accuracy and to
preserve individuals’ rights degrades the database and calls into
question user agencies’ commitment to CalGang’s mission—
to provide an accurate resource for law enforcement.
The programming underlying CalGang also may jeopardize
individuals’ privacy rights because it did not purge all records
within the required time frames. User agencies rely upon CalGang’s
automatic purge function to comply with the requirement in
the federal regulations to remove criminal intelligence records if
user agencies have not added new information indicating gang
membership within five years. However, when we searched
104 records for individuals in CalGang to ensure that they had
been purged on schedule, we found that 12 remained in CalGang
even though they did not contain new information that would have
warranted extending their purge dates. In fact, these 12 records
reflected purge dates that should have taken effect in the past.
Santa Clara, which is within the San Jose node, had created all
12 records, but neither Santa Clara’s gang sergeant nor the sergeant
in the gang investigations unit at the San Jose node could offer an
explanation as to why the automatic purge function had exhibited
this operational deficiency. When we checked CalGang again
about three weeks later, the 12 records had been purged. CSRA
International, Inc. (CSRA)—the company that developed the
proprietary CalGang software—indicated that errors with
the San Jose node’s server caused the automatic purge function to
run improperly for approximately two months. CSRA asserted that
it resolved this error and has implemented procedures to quickly
identify similar issues in the future.
Further, as of November 2015, we identified records for
three additional individuals who should have been purged in 2002,
2003, and 2008, respectively. When we asked CSRA why these
individuals were still in CalGang, it identified a programming
error that caused the automated purge process to overlook the
three individuals. Consequently, these individuals’ records remained
in CalGang from seven to 13 years beyond when they should have
been purged. CSRA asserted that it subsequently corrected this
error and would report these three individuals to the appropriate
law enforcement agency for review. As of June 2016, CSRA reported
that these individuals were no longer in CalGang.
The programming underlying
CalGang may jeopardize
individuals’ privacy rights because
it did not purge all records within
the required time frames.
41
California State Auditor Report 2015-130
August 2016
Finally, CalGang’s programming has not at times had sufficient
controls to prevent future dating of entries related to gang
membership or affiliation. This lack of controls—coupled with
law enforcement’s failure to establish a thorough review process
to ensure the accuracy of data entries—could cause individuals to
inappropriately remain in CalGang for several decades, or even
centuries. Specifically, we identified 628 individuals whose records
had purge dates beyond the standard five‑year time period,
including 257 whose records were not scheduled to be purged
for more than 100 years. When we inspected these individuals’
criteria dates—which is the information CalGang software uses to
calculate purge dates—we found that the entries were future‑dated.
For example, one individual had a criteria entry dated in the year
9992, which resulted in a purge date in the year 9997, or nearly
8,000 years from now. Although these future dates are most likely
the result of data entry errors, an incorrect entry has significant
implications for the timely removal of the individual from CalGang.
When we asked CSRA how such errors could occur, it stated that
before 2009, and then again between 2011 and 2014, CalGang
user agencies could enter future‑dated criteria. CSRA asserted
that it implemented controls in 2014 designed to prevent users
from future‑dating criteria. In addition, CSRA indicated that it
would report the individuals we identified to the appropriate node
administrators for review and possible deletion. However, as of
June 2016, CSRA stated that 115 individuals with future‑dated
criteria remained in CalGang.
Absent a robust review process, the committee has relied
completely on the CalGang software to remove individuals within
the time frames federal regulations specify. Software deficiencies
have allowed some records to remain in CalGang and accessible to
law enforcement agencies far beyond their purge dates. Retaining
records in CalGang for longer than the federal regulations allow
potentially violates individuals’ rights and pollutes CalGang with
outdated information that may hinder law enforcement agencies’
efforts to suppress gang activity.
Law Enforcement Agencies Lack Processes to Ensure They Share
CalGang Information Properly and Limit CalGang Access as CalGang
Policy Requires
To preserve individuals’ privacy rights, numerous requirements
contained in the federal regulations, the state guidelines and
CalGang policy exist around sharing CalGang information. These
requirements are generally rooted in the concept that CalGang
information should be shared only for a law enforcement purpose
and only with requesters that have a “need and right to know.”
We identified 628 individuals whose
records had purge dates beyond
the standard five-year time period,
including 257 whose records were
not scheduled to be purged for
more than 100 years.
California State Auditor Report 2015-130
August 2016
42
Nevertheless, we found that CalGang’s oversight entities and user
agencies have not taken all the steps necessary to ensure CalGang
information is shared only when appropriate. Specifically, the four
local law enforcement agencies we reviewed each lack necessary
policies and procedures for sharing CalGang information. Further,
responses to our statewide survey suggest that at least three law
enforcement agencies may have inappropriately used CalGang as an
employment screening tool.
The information‑sharing policies of all four user agencies we
reviewed omit some of the safeguards that CalGang policy requires.
Requests for CalGang information can come either from within
user agencies or from external parties, such as law enforcement
agencies that do not use CalGang, media outlets, and researchers.
CalGang policy requires that each user agency establish written
policies and procedures for accessing CalGang information
that ensure that they only share information in accordance with
existing laws, regulations, and guidelines. However, we identified
weaknesses in the policies of each of the four law enforcement
agencies we reviewed. For example, Los Angeles’s policy addresses
releasing information for discovery motions and requests for
records, and it also specifies the parties that must approve
information releases. Nonetheless, it is silent about documenting
the requestors’ need and right to know and tracking to whom it
releases criminal intelligence—both of which are requirements
in federal regulations and state guidelines. As a result of similar
types of omissions at all four user agencies, the users at the
agencies lack the guidance necessary to ensure they share criminal
intelligence only with authorized recipients and only for law
enforcement purposes.
We attempted to assess Justice’s and the four user agencies’ past
decisions to share information, but we have little assurance
that they identified all of the CalGang requests they received.
Specifically, Justice and the four agencies could identify requests
for CalGang information made pursuant to the Public Records
Act, but none of these law enforcement agencies had processes to
capture internal requests or requests from other law enforcement
agencies. Justice, Los Angeles, Santa Clara, and Santa Ana identified
a combined total of 16 information requests they received between
January 2011 and early March 2016; in contrast, the sergeant who
functions as the Sonoma node administrator asserted that Sonoma
did not receive any requests for information during that time frame.
Table 10 shows the information requests categorized by requestor
type and by the nature of the CalGang information requested. We
found that requestors sought criminal intelligence information
in four instances and that the agencies declined to provide the
information because the requestors did not have a right to know it.
The four local law enforcement
agencies we reviewed each lack
necessary policies and procedures
for sharing CalGang information.
43
California State Auditor Report 2015-130
August 2016
Table 10
Summary of CalGang Information Requests Received Between
January 2011 and March 2016 by Requestor Type and the Nature of the
Information Requested
NATURE OF INFORMATION REQUEST
REQUESTOR
CRIMINAL
INTELLIGENCE RECORDS
CALGANG STATISTICS
POLICY AND PROCEDURES/
OPERATIONAL INFORMATION
Media
0
5
3
Researchers
2
3
3
Legal counsel
2
1
1
Private party
0
1
1
Totals
4
10
8
Source:
California State Auditor’s analysis of public records requests received by the California
Department of Justice, Santa Ana Police Department, Santa Clara County Sheriff ’s Office, and
Los Angeles Police Department.
Note:
The Table reflects the nature of all the information the requests specified. Requests may have
covered more than one category of information; thus, the nature of the requests will not correlate
with the 16 total requests the four agencies asserted they received.
Conversely, our statewide survey revealed that, of the 190 law
enforcement agencies that responded to this question, three may
have inappropriately shared information because they used
CalGang to screen for employment or military recruitment
purposes. Screenings of these types are not apparent law
enforcement activities—they are not related to preventing or
solving crimes—and thus do not meet the standard of need
or right to know for a law enforcement purpose. Specifically, an
administrative aide from Ventura County Sheriff ’s Department
(Ventura) asserted that she reviewed CalGang to determine if
individuals who applied for employment with Ventura were listed
as gang members. Similarly, a sergeant from Thousand Oaks Police
Department (Thousand Oaks) asserted that the agency reviewed
CalGang to assist the military in determining whether a candidate
was a gang member. Finally, a detective from Santa Barbara County
Sheriff ’s Office (Santa Barbara) reported using CalGang to screen
for employment and to assist the military.
Although each of the three agency officials asserted that they
did not print or distribute any hard‑copy CalGang information
resulting from their searches, using the system in this manner
does not appear appropriate. On three separate occasions dating
back to 2006, the board or the committee determined that user
agencies should not use CalGang for employment background
checks or in response to requests from the military. The board
established that military recruiters do not have the need or right
to know CalGang information and therefore users should not fill
those information requests. Nevertheless, based on our review
44
California State Auditor Report 2015-130
August 2016
of their respective minutes, neither the board nor the committee
disseminated these decisions to the CalGang users. Moreover,
the committee did not clarify in CalGang policy that these uses
are prohibited. Consequently, two of the three agencies asserted
that using CalGang to screen employment or military candidates
was appropriate. For example, according to a Thousand Oaks
sergeant, using CalGang to respond to requests from military
recruiters is appropriate because the military does not want to
train gang members in the use of weapons and tactics, thus making
those individuals more dangerous to the public. Alternatively,
the Santa Barbara detective agreed that using CalGang to
screen candidates for internal positions or for the military was
inappropriate and planned to suggest the agency change its
practices. The mix of interpretations is concerning to us and
suggests that user agencies need better, and perhaps more frequent,
training, as we describe in the next section.
The Committee and Node Administrators Cannot Demonstrate They
Follow CalGang Training Policy or Best Practices
As previously discussed, the board and the committee delegate
important tasks to user agencies, such as determining whether
reasonable suspicion of criminal activity exists to warrant entering
individuals into CalGang. However, the agencies’
abilities to effectively perform these tasks
depends in large part on the training their staff
receives. Consequently, CalGang policy states
that the committee will develop, review, and
approve standardized trainings for the staff at
user agencies. Although the text box shows the
committee’s required training topics for user
agencies, neither the committee nor the two node
administrator agencies we reviewed could
demonstrate that the committee had developed
or approved standardized training materials for
statewide use. Instead, each node administrator
agency develops its own materials. In addition, we
expected to find that the committee had processes
in place to identify needed changes and updates to
the content of the training materials. For example,
changes to state law that took effect in 2014
regarding notifying juveniles and their parents or
guardians before entering juveniles into CalGang
presented the committee with an opportunity to
update CalGang training materials, but we found
no evidence that the committee had done so.
Training Topics for CalGang User Agencies
The CalGang Node Advisory Committee requires that
training for user agencies must address the following topics,
at a minimum:
• The definition of a
criminal street gang
.
• The accepted criteria for identifying gang members,
affiliates, and adding photos.
• The definition of
criminal predicate
and
reasonable suspicion
.
• Local, state, and federal statutes and policies regarding
criminal intelligence information.
• Physical and technical security.
• Data dissemination protocols.
• Practical, hands‑on database use.
Source:
California Gang Node Advisory Committee Policy and
Procedures for the CalGang System (2007).
45
California State Auditor Report 2015-130
August 2016
The lack of standardized training may have created inconsistencies
in how user agencies apply the criminal intelligence requirements
the committee has adopted. Specifically, as discussed previously,
we found that law enforcement agencies we reviewed did not have
adequate support for including 13 individuals within CalGang.
Moreover, three agencies responded to our survey that they used
CalGang to screen for potential employment, even though this use
does not appear to meet the standard of need and right to know for
a law enforcement purpose. The appropriate adding to and sharing
of information in CalGang is critical to protecting individuals’ right
to privacy, yet the committee has failed to fulfill its responsibility to
ensure user agencies are effectively trained in those two functions.
We also found deficiencies with the committee’s approval of
training content for instructors. CalGang policy requires potential
instructors to attend a committee‑approved, train‑the‑trainer course
and requires node administrators to verify potential instructors’
experience using CalGang. However, neither the committee nor
Sonoma and Los Angeles—which are both node administrator
agencies—could demonstrate that the committee had approved
an instructor training course. In fact, the committee chair—who is
also the Los Angeles node administrator—stated that a formalized
train‑the‑trainer course does not exist. CalGang policy further
states that instructors must complete the 24‑hour user course in
addition to a train‑the‑trainer course. However, CalGang instructors
cannot obtain the requisite number of training hours because the
user training the nodes provide is just 16 hours in length, not
the required 24.
Finally, the committee has not required users to take periodic
refresher trainings so that their skills remain up to date. The
committee does not require such trainings, regardless of how
long users have maintained CalGang access. In our statewide
survey, 86 (46 percent) of the 186 CalGang user agencies that
responded to this question indicated that their users could benefit
from periodic refresher training. Further, a separate analysis we
performed revealed that half of CalGang’s users have had accounts
allowing their access to CalGang for six years or more. The full
distribution of the length of time users have maintained their
accounts is depicted in Figure 4 on the following page. By requiring
only an initial training for users, the committee risks that users’
knowledge of CalGang policy will fade over time or not keep pace
with changes, thereby jeopardizing the integrity and accuracy of
CalGang’s information.
CalGang instructors cannot obtain
the requisite number of training
hours because the user training the
nodes provide is just 16 hours in
length, not the required 24.
California State Auditor Report 2015-130
August 2016
46
Figure 4
Age of Users’ CalGang Accounts
USER
ACCOUNT
AGE
0–2 years
2.01–4 years
4.01–6 years
>
6.01 years
50
%
21
%
14
%
15
%
Source:
California State Auditor’s analysis of CalGang data obtained from the California Department of
Justice as of November 23, 2015.
Note:
Because CalGang did not capture user account creation dates until 2009, we were unable to
determine the exact age of user accounts older than six years.
Law Enforcement Agencies Have Failed to Appropriately Notify
Necessary Parties Before Entering Juveniles Into CalGang
Because two of the four law enforcement agencies we reviewed did
not send all legally required notices before entering juveniles into
CalGang, many juveniles and their parents or guardians (parents)
were not afforded the right to contest the juveniles’ gang designations.
Further, the two agencies that sent the necessary notifications did not
provide the juveniles and their parents with adequate information to
contest the designations. In fact, responses to our statewide survey of
law enforcement agencies revealed that less than 3 percent of juveniles
or their parents contested these designations, possibly as a result of
their notification letters not containing adequate information. Because
the two law enforcement agencies have not complied with state law
related to these notifications, they have limited the effectiveness of the
juvenile notification process as a means to identify juveniles whom
they may have mistakenly added to CalGang as gang members.
State law effective January 1, 2014, generally requires law enforcement
agencies to send juveniles and their parents notices before adding
juveniles to a shared gang database, such as CalGang. Figure 5 depicts
the juvenile notification process the state law established. This process
requires notifying juveniles and parents or guardians of the basis for
the juveniles’ gang designations and of their right to contest the gang
designations. The process also describes the limited circumstances in
which law enforcement agencies do not have to notify the juveniles
and the parents.
Figure 5
The Required Juvenile Notification and Contestation Process as Applied to CalGang
The agency agrees
with contestation.
Juvenile’s record
remains in CalGang.
Juvenile’s record
deleted from CalGang.
The agency disagrees
with contestation.
A law enforcement officer
determines a juvenile meets
the minimum criteria required
to be designated as a gang
member (designation).*
The law enforcement agency
(agency) sends written notice
of the designation to the
juvenile and his/her parent or
guardian (parent).
A juvenile or parent contests in
writing the juvenile’s designation.
The agency has 60 days to
review the contestation and
respond to the juvenile and parent
with written verification of the
agency’s decision.
The agency does not send a
written notice because the
notice would do one of
the following:
• Compromise an ongoing
criminal investigation.
• Compromise the juvenile’s
health or safety.
DOES AN
EXCEPTION
EXIST?
The agency adds the juvenile
to CalGang and the law
enforcement officer affirms
that the notice was sent or
an exception applied.
†
Sources:
California State Auditor’s analysis of the Penal Code and the CalGang juvenile-notification process.
*
A juvenile is defined as an individual who is under 18 years of age. A juvenile can be designated as a gang member or gang affiliate.
†
If a law enforcement officer indicates in CalGang that the agency did not send a notification because of an exception, the officer must document a
detailed reason for the exception.
Between January 1, 2014, and November 23, 2015, user agencies added
more than 2,200 juveniles to CalGang. Following January 2014, the
number of juveniles that user agencies added to CalGang dropped
significantly; from 2013 to 2014, the number decreased by 1,134, or
48 percent. In fact, the number of juveniles Sonoma and Santa Clara
each added dropped to zero. Officers at each agency asserted that they
48
California State Auditor Report 2015-130
August 2016
stopped adding juveniles to CalGang in direct response to the new
notification requirements. Specifically, the Sonoma gang enforcement
sergeant asserted that Sonoma stopped adding juveniles for reasons
that included the administrative burden and his perception that parents
frequently refuse to believe their children are associated with a gang and
would attack the agency’s motives. On the other hand, Santa Clara’s gang
sergeant asserted that his agency no longer adds juveniles to CalGang
because it does not have a notification process in place and wants to
learn from the processes other agencies have established. However, when
user agencies choose not to add juveniles to CalGang to avoid notifying
juveniles and their parents or to wait and learn from other agencies’
processes, CalGang becomes a less useful tool for protecting the public
from gang violence.
As indicated in Table 11, the two user agencies we reviewed—which were
limited to Los Angeles and Santa Ana for the reasons just described—
were unable to demonstrate that they properly sent letters before adding
juveniles to CalGang for all but 35 of the 129 records we reviewed.
Specifically, we found that Santa Ana did not send letters to juveniles,
but rather only to their parents. Based on interviews with a number
of officials, we determined that Santa Ana misinterpreted the law’s
requirements. In contrast, Los Angeles has a policy that describes a
process that meets the law’s notification requirement, but we found that
officers in the five divisions we reviewed—Los Angeles has 21 divisions
in total—did not follow the policy. Consequently, Los Angeles could
not demonstrate that it sent letters to 29 juveniles and their parents.
Moreover, Los Angeles sent notices for 50 juveniles after entering them
into CalGang instead of before, as required; in fact, in several instances,
it did not send the letters for more than a month after entering the
juveniles into CalGang. As reasons for not following state law, officials
for Los Angeles cited turnover in officer and administrative staff
positions as well as agency staff misunderstanding the requirements.
Table 11
Rates of Adherence to State Law Requiring Juvenile Gang Designation From January 2014 Through November 2015
TOTAL NUMBER OF
JUVENILES’ RECORDS
REVIEWED
RECORDS FOR WHICH
NOTIFICATION
REQUIREMENTS WERE MET
RECORDS FOR WHICH
NOTIFICATION LETTERS
WERE NOT SENT [JUVENILE
AND/OR THEIR PARENTS*]
RECORDS FOR WHICH
NOTIFICATION LETTERS
WERE SENT AFTER
CALGANG ENTRY [JUVENILE
OR THE PARENTS]
Santa Ana Police Department
15
0
15
0
Los Angeles Police Department
114
35
29
50
Totals
129
35
44
50
Percent of total juveniles’ records reviewed
————————
>
27%
34%
39%
73%
Sources:
California State Auditor’s analysis of juvenile notification letters and other documents for the law enforcement agencies listed.
*
Because state law requires law enforcement agencies to send notification letters to the juvenile and their parents or guardians (parents), this column
represents instances in which law enforcement agencies did not send letters to either party and both parties.
49
California State Auditor Report 2015-130
August 2016
We also determined that Los Angeles’s and
Santa Ana’s notices were inadequate because they
did not provide the bases the agencies used for the
juveniles’ gang designations. Although state law
requires law enforcement agencies to provide the
bases for gang designations, the law does not specify
what information the agencies need to include to
fulfill that requirement. A bill analysis on the
juvenile notification law states that the basis for a
gang designation would be source documents, such
as arrest reports and field interview cards, indicating
that the person met the criteria for being considered
a gang member. However, the notification letters
Los Angeles and Santa Ana sent offered only
conclusory language that was so vague it did not
fully inform the juveniles and parents of the contacts
or analyses that led to the designations. The text box
cites the relevant language the agencies included in
their letters to parents. Although the Los Angeles
letters invite juveniles and parents to contact an
officer with their questions, neither letter cites the
specific criteria the agency used for identifying
juveniles as members of gangs.
Without knowing law enforcement agencies’ bases
for suspecting gang membership, juveniles and
their parents do not have sufficient information
to meaningfully challenge those agencies’ decisions to add the
juveniles to CalGang. Part of the Legislature’s intent in developing
the notification process was to ensure that user agencies did not
incorrectly enter juveniles into CalGang. However, parents and
juveniles cannot contest juvenile gang designations effectively, if
at all, without knowing the criteria user agencies determined the
juveniles met. Because of the lack of information in the juvenile
notification letters, parents sometimes submitted letters that simply
stated that their children were not gang members. Other parents
submitted character references from school principals and church
leaders or descriptions of their own efforts to keep their children
away from gangs. These types of responses—which are the result
of the lack of information the user agencies provided—do not
help the agencies identify mistakes they may have made when
concluding that juveniles met the criteria for entry into CalGang.
Thus, the insufficient notification letters have disadvantaged the
law enforcement agencies, juveniles, and parents.
We found that few juveniles and parents contested gang designations
and that—contrary to state law—the two user agencies generally
responded only to the party that contested the designation which
only partially fulfilled the law. Table 12 on the following page
Excerpts From Juvenile Notification Letters Law
Enforcement Agencies Sent to Parents
Los Angeles Police Department (Los Angeles)
On __[date]__, your son/daughter, __[name]_, was involved
in a field contact by officers from the Los Angeles Police
Department. As a result, information relative to __[name]___
participation in or association with an active street gang was
discovered. The contact met the minimum criteria required
by state law to identify him/her as an active gang member
or active affiliate gang member. Therefore, his/her name
and gang affiliation will be entered into the department’s
computerized shared gang database.
Santa Ana Police Department (Santa Ana)
On __[date]__, your son/daughter, __[name]__, was
contacted by Officers from the Santa Ana Police Department.
As a result of a law enforcement officer’s investigation, your
child’s participation in or association with an active criminal
street gang has been included in our files based upon two or
more of the following criteria, including but not limited to:
arrest and/or associating with criminal street gang members,
frequenting gang area, gang indicia, statements made by a
contacted individual.
Sources:
Los Angeles’s and Santa Ana’s juvenile notification
letter templates.
California State Auditor Report 2015-130
August 2016
50
summarizes the number and rate of contested juvenile gang
designations for Los Angeles and Santa Ana, as well as the results
from our survey of 329 law enforcement agencies. Santa Ana’s higher
rate of contestations may be the result of its notification process.
Specifically, it sends notices to parents each time a contact with a
law enforcement officer results in an update to a juvenile’s CalGang
record. This process, which results in multiple letters to parents,
exceeds the requirements of state law. Although the law requires
that agencies inform both juveniles and parents of their decisions
in response to contestations, we found that the two user agencies
generally responded only to the party that contested the designation.
Table 12
Contestations of Juvenile Gang Designations at Two Law Enforcement
Agencies and Statewide From January 1, 2014, Through October 31, 2015
LOS ANGELES POLICE
DEPARTMENT
(LOS ANGELES)
SANTA ANA POLICE
DEPARTMENT
(SANTA ANA)
STATEWIDE
SURVEY
RESULTS*
Number of juveniles
381
140
1,705
Number of contestations received
5
19
†
47
Contestation rate
1%
14%
†
3%
Number of juveniles removed from
CalGang in response to a contestation
0
7
15
Sources:
California State Auditor’s analysis of Los Angeles’s and Santa Ana’s juvenile notification
records and other documents, and unaudited statewide survey results.
*
These numbers represent self-reported data from our statewide survey.
†
Santa Ana’s process requires it to send a letter to a juvenile’s parents for each law enforcement
contact the juvenile has that results in it creating or updating a CalGang record. Sending multiple
letters to parents likely contributed to the higher contestation rate in Santa Ana.
Although the law provides two reasons to justify law enforcement
agencies’ decisions not to notify juveniles and their parents before
adding the juveniles into CalGang, we found that the user agencies
rarely use these options. Specifically, as Figure 5 on page 47 illustrates,
law enforcement agencies can choose not to notify juveniles and
their parents if they believe doing so will compromise either ongoing
criminal investigations or the juveniles’ health or safety. However,
based on our reviews of Santa Ana and Los Angeles, as well as
the responses from our statewide survey, we determined that law
enforcement agencies rarely choose not to send notices for these
two reasons. In fact, Santa Ana has not used either option since the
law went into effect in 2014, and Los Angeles documented using
these options for just five juveniles. Further, the responses from
our survey suggest that user agencies statewide documented only
10 additional instances in which the agencies justified not sending
notices for the exceptions provided in law.
51
California State Auditor Report 2015-130
August 2016
In response to our concerns about their juvenile notification
practices, officials with Los Angeles and Santa Ana asserted
they would take corrective actions. A detective who serves as
the Los Angeles node administrator is working to implement a
juvenile notification review process in which staff will review
all juveniles Los Angeles officers entered since January 1, 2014 and
document whether officers fulfilled the requirements of state law.
If juveniles do not meet the law’s requirements, the detective’s plan
is to delete the juvenile, send proper notification, and reenter the
juvenile into CalGang. The detective is also planning to implement
a process in which he will review some juveniles each month to
ensure adherence to the law’s requirements.
Similarly, a commander from Santa Ana provided updated letter
templates for both juveniles and their parents. However, the letters’
text still does not provide the bases for the juvenile’s designation as
a gang member. According to the commander, Santa Ana chose not
to include more specific information because it believes the letter
gives parents and juveniles a sense of the behavior that led to the
juveniles’ contacts with the law enforcement officers. He also stated
that providing specifics about contacts would focus arguments on
the contacts or incentivize juveniles to stop certain behaviors purely
to prevent police detection, which are outcomes he does not believe
would be productive. He stated that the benefit of the juvenile
notification law is the conversations it can initiate among parents,
juveniles, and law enforcement officers related to the resources
the agency may provide to keep the juveniles away from and out
of gangs. However, we believe that for these conversations to be
productive, parents need specific information about the nature of
their children’s contacts with law enforcement officers.
Notwithstanding Los Angeles’s and Santa Ana’s failures to properly
implement state law, we recognize that both agencies have
demonstrated a commitment to the juveniles they suspect
are gang members. Los Angeles has contacted parents about
juveniles’ gang designations through letters, calls, or in‑person
meetings since at least 1998. Moreover, the letters Los Angeles
currently sends to parents and juveniles invite them to contact
officers about questions and to learn about community programs.
Similarly, since about 1989 Santa Ana has notified juveniles that
their involvement with gangs could subject them to criminal
prosecution. Although this notice does not reference CalGang, it
makes very clear that the agency has determined the juveniles are
a part of or associated with specific gangs; in fact, the agency uses
documentation from these notices to add individuals to CalGang.
After the implementation of the juvenile notification law in 2014,
Santa Ana exceeded the law’s requirements by notifying parents after
each contact juveniles had with police that resulted in updates to
their records.
In response to our concerns about
their juvenile notification practices,
officials with Los Angeles and
Santa Ana asserted they would take
corrective actions.
CalGang instructors cannot obtain
the requisite number of training
hours because the user training the
nodes provide is just 16 hours in
length, not the required 24.
California State Auditor Report 2015-130
August 2016
52
Moreover, Santa Ana’s process when it receives a contestation
letter represents a best practice that we believe could be the
basis for statewide standards. Specifically, at Santa Ana a police
investigator assembles background information on the juvenile’s
case, and a corporal calls the family to discuss the juvenile’s entry
into CalGang. Following the review and conversation, the corporal
decides whether the juvenile should remain in CalGang. Santa Ana’s
approach has resulted in it removing from CalGang more than a
third of the juveniles who were the subject of contestations by the
juveniles or their parents. This approach establishes relationships
that can lead to a better understanding of juveniles’ situations for
both the officers and the families, and it also achieves greater data
accuracy for the law enforcement agencies using CalGang.
Governmental Oversight and Increased Public Participation Could
Strengthen CalGang’s Usefulness and Better Ensure It Protects
Individuals’ Rights
State and local law enforcement officials assert that CalGang is an
important tool because it helps them to quickly identify information
necessary to solve or prosecute gang crimes. User agencies’ success
stories chronicle how they used CalGang to identify homicide
victims and suspects through physical descriptions, like their
tattoos, and to link local crimes to suspects or to crimes in other
communities. For example, an officer in Salinas posted a testimonial
in CalGang noting that he used CalGang to identify a murder
suspect using a name, physical description, and believed gang
affiliation. Witnesses then verified the suspect in a photo lineup,
leading to his arrest for murder. Upon conviction, the courts
sentenced the man with gang enhancements—years added to a
prison term when an individual commits a crime to promote or
assist a gang. The officer praised CalGang and encouraged other
CalGang users to provide as much information as possible in
their CalGang entries because even a minor gang contact could
help solve a murder.
However, because of its potential to enhance public safety, CalGang
needs an oversight structure that better ensures that the data entered
into it are reliable and that its users adhere to the requirements that
protect individuals’ rights. To this end, we believe the Legislature
should adopt state law that specifies that CalGang, or any equivalent
statewide shared gang database, must operate under defined
requirements.
We believe these requirements should encompass the
federal regulations and key safeguards from the state guidelines,
including supervisory and periodic record reviews. Further, we
believe state law should assign Justice the responsibility for overseeing
CalGang and for ensuring user agencies meet all the relevant
requirements. Establishing Justice as a centralized oversight entity
We believe state law should be
adopted that assigns Justice the
responsibility for overseeing
CalGang and for ensuring
user agencies meet all the
relevant requirements.
53
California State Auditor Report 2015-130
August 2016
responsible for establishing best practices and holding user agencies
accountable for implementing these practices will help ensure
CalGang’s accuracy and safeguard individuals’ privacy protections.
Moreover, we believe state law should create a technical advisory
committee to provide Justice information about CalGang’s use and
user agencies’ needs. Figure 6 on the following page illustrates what, in
our view, would be a stronger oversight structure for CalGang.
The Legislature also has an opportunity to set standards for
transparency and public participation where none currently
exist. Generally, CalGang’s current operations are outside of
public view. As previously discussed, we found that the CalGang
users self‑administer the committee’s audits and that they do not
meaningfully report the results to the board, the committee, or the
public. Further, CalGang’s governance does not meet in public, and
neither the board nor the committee invites public participation by
posting meeting dates, agendas, or reports about CalGang.
Increased transparency in CalGang’s governance and operations
could strengthen the public’s confidence in the system. For example,
although the proposed technical advisory committee would likely
need to close parts of its meetings to protect criminal intelligence
information, we believe other parts of its meetings should be open
and should comply with open‑meeting requirements. Further,
requiring Justice either to conduct or to hire an external entity to
conduct periodic audits would shed light on aspects of CalGang’s
privacy safeguards that do not operate effectively and should help
lead to necessary corrective actions. In addition, we recommend
that the Legislature require Justice to develop annual reports that
include CalGang statistics and summary‑level audit results. Justice
should make these reports available for public comment and, in
subsequent annual reports, summarize public concerns and the
actions Justice has taken to address them.
Finally, establishing CalGang as a public program would create
opportunities for public participation through the legislative and
regulatory processes. As the Legislature drafts the bill that will
provide for CalGang’s new oversight structure and framework,
law enforcement officials and the public will have opportunities to
express their concerns and needs. Using the regulatory process
to establish requirements for user agencies will provide the public
and law enforcement agencies an opportunity to comment on and
help guide how the requirements are developed.
Increased transparency in CalGang’s
governance and operations could
strengthen the public’s confidence
in the system.
54
California State Auditor Report 2015-130
August 2016
Figure 6
A Model for More Transparent and Accountable Oversight for a Shared Gang Database
THE LEGISLATURE
Key Legislative Actions
Establish requirements for CalGang, or any equivalent statewide
shared gang database, in state law as detailed below.
Require the database to comply with federal regulations and
important safeguards from the state guidelines.*
Public process
Non-public process
Oversee
Collaborate
Key Requirements to be Specified in Law
JUSTICE
Engage in a regulatory process to define important
requirements like gang member criteria.
Conduct or hire an external entity to conduct
periodic audits.
Standardize training and ensure it is periodically
provided to all end users.
Publish an annual report with key statistics and
summary audit results. Invite, assess, and act on
public comments.
USERS
Implement supervisory review procedures.
Implement periodic record reviews and
report the results to Justice.
Key Requirements to be Specified in Law
TECHNICAL
ADVISORY COMMITTEE
Advise Justice of best practices, database use,
and database needs.
Periodically review policies and procedures to
provide suggestions to Justice for their
improvement.
Obtain public input when appropriate.
Key Requirements to be Specified in Law
Make the California Department of
Justice (Justice) responsible for the database
Create a technical
advisory committee
LAW
Voluntarily
participate
Source:
Based on the California State Auditor’s recommendations to the Legislature.
*
State guidelines refers to Justice’s
Model Standards and Procedures for Maintaining Cri