OFF THE WIRE
CA - Reports tally internal misuse of powerful police data network
State law enforcement agencies have access to troves of data through a
computer network, but state records show employees often improperly use
it , resulting in some losing their jobs...
http://www.sandiegouniontribune.com/sdut-greg-moran-staff.h…
For decades, law enforcement officials across California have had
access to a powerful computer network that, with a few keystrokes from a
desk terminal or patrol car, can access information on any Californian
with a drivers license, registered car, parking ticket, restraining
order or dozens of other digital records.
The sprawling
California Law Enforcement Telecommunications System, or CLETS, also
gives police access to national databases maintained by the FBI and the
neighboring state of Oregon. It’s a little known and widely used police
tool — officials estimated it’s used by law enforcement about 2.8
million times every day.
But sometimes law enforcement workers tap
into the vast trove of information improperly, breaking the rules about
when the detailed information can be properly accessed, according to a
batch of records of CLETS misuse held by the state Attorney General and
collected by a privacy rights group.
In 2017, the San Diego
County Sheriff’s Department investigated 19 suspected incidents of
misuse of the network by department employees. Records show four were
determined to have violated CLETS-use policies: two people received
reprimands, one was suspended, and one resigned over the misuse. The
other 15 cases resulted in no administrative action taken.
That
wasn’t an unusual year. In 2015, there were 22 investigations that
resulted in one termination and one suspension. And in 2014, there were
28 investigations that found four violations. Three people resigned; one
was fired that year.
The department annually has the largest
number of investigations into CLETS misuse of any agency in San Diego,
and is one of the highest in the state, the records show.
But
exactly what the violations entailed isn’t known: both the one-page form
that agencies are required to turn in don’t detail the violations, and
the Sheriff’s Department — citing confidentiality of police personnel
records — declined to provide details.
In an email response to
questions, spokeswoman Lt. Karen Stubkjaer said the department takes
CLETS abuse seriously and has a “robust” auditing system that in turn
triggers many investigations.
“We stand behind our aggressive
approach to monitoring and auditing CLETS use,” she wrote. “The
Department is prohibited by law from releasing specific and confidential
details of personnel investigations. However, when there is the
appearance of misuse, we investigate it.”
The accounting of
misuse of the powerful network is the result of a years-long effort by
the Electronic Frontier Foundation, a digital privacy rights
organization based on the Bay Area. The organization through annual
Public Records Act requests to the state Attorney General has collected
misuse reports that every agency that taps into CLETS is required to
fill out and submit annually.
The problem was that for years many
agencies did not comply. In 2016, for instance, barely more than half
of the required agencies submitted reports, according to the foundation.
But earlier this year the Attorney General’s office put its foot down.
In April, a bulletin went out that lamented “the increasingly low
submissions of misuse reporting” and warning that in the future agencies
that don’t file the reports will be subject to sanctions.
The warning worked. This year 98 percent of the roughly 1,500 agencies with access to CLETS filed reports.
And while some employees have been fired or resigned and a handful have
been prosecuted, records show that many violations don’t result in any
formal action taken against the employee.
Misusing the system can
take a variety of forms. It’s broadly defined as obtaining information
outside the normal course of police business. Law enforcement are
allowed to access the information if it’s required “for the performance
of official duties or functions” and if it is okay to do so under state
law.
Examples of misuse are things like getting information on a
family member, friend or ex-wife, or querying the system to get home
address or vehicle registration information for personal use. Other
examples of misuse given by the Attorney General include “querying a
firearm to determine if it is stolen prior to purchase” and “querying
high profile individuals in the media.”
Dave Maass, an
investigative researcher with the Electronic Frontier Foundation, said
the higher compliance was a welcome step but more information about how
the system was misused was needed.
“For police departments this is like Google,” he said. “It’s what they interact with every day.”
The relatively high number of investigations by the San Diego County
sheriff may show a department that is diligent, or one with a chronic
problem.
“Is it that there are more things going on in the San
Diego Sheriff’s Department? Or are they actually doing a better job of
investigating and reporting?” Maass said. “If that’s the case, if San
Diego Sheriff’s department is doing a good job, what does that say about
the other agencies in San Diego?”
Last year, the San Diego
Police Department reported three investigations into misuse, one of
which resulted in an administrative action defined only as “Other” — not
a resignation, termination, suspension or counseling.
The county
Probation Department had three investigations that resulted in one
termination. Oceanside Police Department reported a single investigation
that resulted in termination. And the San Diego Community College
District Police Department reported four investigations, none of which
resulted in resignation or termination.
The majority of agencies
in the county said they had no instances of misuse of the system in
2017, the records show. And that has been true for nearly every year
since 2010.
There have been exceptions, however. In 2012, for
example, San Diego Unified School District Police reported 15 misuse
investigations. All were closed with no official finding of misuse.
Statewide in 2017 there were 143 violations of the rules for using the
system reported by the agencies, Electronic Frontier Foundation records
show. From that 22 law enforcement employees were either terminated or
resigned as a result of CLETS misuse.