Tuesday, November 12, 2019

CA - CLETS - Reports tally internal misuse of powerful police data network

OFF THE WIRE
CA - Reports tally internal misuse of powerful police data network
State law enforcement agencies have access to troves of data through a computer network, but state records show employees often improperly use it , resulting in some losing their jobs...
http://www.sandiegouniontribune.com/sdut-greg-moran-staff.h…
For decades, law enforcement officials across California have had access to a powerful computer network that, with a few keystrokes from a desk terminal or patrol car, can access information on any Californian with a drivers license, registered car, parking ticket, restraining order or dozens of other digital records.
The sprawling California Law Enforcement Telecommunications System, or CLETS, also gives police access to national databases maintained by the FBI and the neighboring state of Oregon. It’s a little known and widely used police tool — officials estimated it’s used by law enforcement about 2.8 million times every day.
But sometimes law enforcement workers tap into the vast trove of information improperly, breaking the rules about when the detailed information can be properly accessed, according to a batch of records of CLETS misuse held by the state Attorney General and collected by a privacy rights group.
In 2017, the San Diego County Sheriff’s Department investigated 19 suspected incidents of misuse of the network by department employees. Records show four were determined to have violated CLETS-use policies: two people received reprimands, one was suspended, and one resigned over the misuse. The other 15 cases resulted in no administrative action taken.
That wasn’t an unusual year. In 2015, there were 22 investigations that resulted in one termination and one suspension. And in 2014, there were 28 investigations that found four violations. Three people resigned; one was fired that year.
The department annually has the largest number of investigations into CLETS misuse of any agency in San Diego, and is one of the highest in the state, the records show.
But exactly what the violations entailed isn’t known: both the one-page form that agencies are required to turn in don’t detail the violations, and the Sheriff’s Department — citing confidentiality of police personnel records — declined to provide details.
In an email response to questions, spokeswoman Lt. Karen Stubkjaer said the department takes CLETS abuse seriously and has a “robust” auditing system that in turn triggers many investigations.
“We stand behind our aggressive approach to monitoring and auditing CLETS use,” she wrote. “The Department is prohibited by law from releasing specific and confidential details of personnel investigations. However, when there is the appearance of misuse, we investigate it.”
The accounting of misuse of the powerful network is the result of a years-long effort by the Electronic Frontier Foundation, a digital privacy rights organization based on the Bay Area. The organization through annual Public Records Act requests to the state Attorney General has collected misuse reports that every agency that taps into CLETS is required to fill out and submit annually.
The problem was that for years many agencies did not comply. In 2016, for instance, barely more than half of the required agencies submitted reports, according to the foundation.
But earlier this year the Attorney General’s office put its foot down. In April, a bulletin went out that lamented “the increasingly low submissions of misuse reporting” and warning that in the future agencies that don’t file the reports will be subject to sanctions.
The warning worked. This year 98 percent of the roughly 1,500 agencies with access to CLETS filed reports.
And while some employees have been fired or resigned and a handful have been prosecuted, records show that many violations don’t result in any formal action taken against the employee.
Misusing the system can take a variety of forms. It’s broadly defined as obtaining information outside the normal course of police business. Law enforcement are allowed to access the information if it’s required “for the performance of official duties or functions” and if it is okay to do so under state law.
Examples of misuse are things like getting information on a family member, friend or ex-wife, or querying the system to get home address or vehicle registration information for personal use. Other examples of misuse given by the Attorney General include “querying a firearm to determine if it is stolen prior to purchase” and “querying high profile individuals in the media.”
Dave Maass, an investigative researcher with the Electronic Frontier Foundation, said the higher compliance was a welcome step but more information about how the system was misused was needed.
“For police departments this is like Google,” he said. “It’s what they interact with every day.”
The relatively high number of investigations by the San Diego County sheriff may show a department that is diligent, or one with a chronic problem.
“Is it that there are more things going on in the San Diego Sheriff’s Department? Or are they actually doing a better job of investigating and reporting?” Maass said. “If that’s the case, if San Diego Sheriff’s department is doing a good job, what does that say about the other agencies in San Diego?”
Last year, the San Diego Police Department reported three investigations into misuse, one of which resulted in an administrative action defined only as “Other” — not a resignation, termination, suspension or counseling.
The county Probation Department had three investigations that resulted in one termination. Oceanside Police Department reported a single investigation that resulted in termination. And the San Diego Community College District Police Department reported four investigations, none of which resulted in resignation or termination.
The majority of agencies in the county said they had no instances of misuse of the system in 2017, the records show. And that has been true for nearly every year since 2010.
There have been exceptions, however. In 2012, for example, San Diego Unified School District Police reported 15 misuse investigations. All were closed with no official finding of misuse.
Statewide in 2017 there were 143 violations of the rules for using the system reported by the agencies, Electronic Frontier Foundation records show. From that 22 law enforcement employees were either terminated or resigned as a result of CLETS misuse.