clock menu more-arrow no yes

Filed under:

California claims sanctuary status, but 80 state agencies still share license plate data widely

New, 20 comments

After California ICE raids, local departments face a hard choice

If you buy something from a Verge link, Vox Media may earn a commission. See our ethics statement.

Homeland Security Dep't Holds Press Conf. On Border Security And Nat'l Security Photo by Drew Angerer/Getty Images

This week, Immigration and Customs Enforcement (ICE) set its sights on California. In an operation dubbed Keep Safe, ICE detained more than 150 undocumented immigrants across the state, with an estimated 864 residents targeted but still at large. The raids sparked an outright feud with local governments, which scrambled to protect the targets in any way they could: on Saturday, Oakland mayor Libby Schaaf issued an alert warning citizens that ICE was planning arrests in the coming days, prompting acting ICE director Thomas Homan to compare her to “a gang lookout” in a subsequent appearance on Fox & Friends.

But while local municipalities like Oakland try to block ICE’s raids, the region may be cooperating in more ways than leaders realize. In January, ICE closed a contract for agency-wide access to a nationwide network of license plate readers controlled by Vigilant Solutions. Now, there’s reason to believe a number of local counties may have been contributing to that network, potentially feeding data back to ICE for use in deportations.

Vigilant documents reviewed by The Verge listed 86 separate California agencies sharing data through the Vigilant network, six of which represent some kind of sanctuary district. The list was incomplete, but it includes a number of Bay Area agencies like San Mateo, Marin, and Contra Costa counties. Given their close proximity, it’s likely that those agencies’ license plate data includes a number of San Francisco and Oakland residents. Without audit logs, it’s difficult to say whether any of those license plate reader systems directly contributed to this week’s raids.

Until recently, the list of counties sharing data with ICE included Alameda, where local law enforcement cut off direct sharing with ICE earlier this year. Because of the complexity of the Vigilant system, local ALPR data was directly accessible to ICE for months before the department became aware of the access.

For other Vigilant clients under sanctuary policy, the data can be even harder to track. The San Diego Sheriff’s Department has opted out of sharing directly with ICE, but it still shares data with a regional police network called ARJIS, which includes both ICE and local DHS offices.

Even when there isn’t a formal interagency agreement, ICE officers can sometimes view data informally at a specific department, a practice Electronic Frontier Foundation researcher Dave Maass has uncovered at departments like Long Beach. “Any of these agencies across the country could be giving access to almost anyone, depending on what their departmental policies are,” says Maass. “That’s the problem with the whole system. If one particular town decides to give an account to an ICE officer, then that ICE officer has access to everybody sharing data.”

Other data-sharing agreements are more indirect. Seattle is a sanctuary city, and while the local police there don’t appear to have a Vigilant contract, the region’s HIDTA program (high-intensity drug trafficking area) does. That program could serve as a bridge between ICE and the local license plate readers. Similarly, Dallas County is a sanctuary district, and while the sheriff’s department does not share data with Vigilant, the police department and Dallas-Fort Worth airport both do.

The data-sharing list reviewed by The Verge comes from Sacramento Sheriff’s Department, obtained by Maass through a public records request. Not every Vigilant client trades data with Sacramento, so the list is necessarily incomplete, but it still provides a glimpse into the vast reach even small departments can achieve through the network. The document lists 379 organizations that share plate reader data with Sacramento, including counties as far away as Florida and New York state. Major departments in Miami, Dallas, Atlanta, and Las Vegas are listed as data sources, as are federal agencies like the US Forest Service and US Postal Inspection Service. Sacramento does not share data with ICE on an agency-wide basis, although it does share with HSI-ICE field offices in Newark, Houston, and New Orleans.

The list (embedded below) also shows 752 different organizations receiving data from Sacramento, including Boston, Indianapolis, and Chicago. Many of those departments are closed systems and do not send ALPR data to any outside organizations. The “received” list includes a number of non-law enforcement clients, such as Yellowstone National Park and a Veterans Affairs hospital in Palo Alto.

Even Vigilant’s customers are sometimes unsure of how widely their data is shared. Vigilant’s broadest network is the National Vehicle Location Service, known as NVLS and available only to law enforcement agencies. But Vigilant has sent mixed messages on how widely data travels through NVLS. After the nationwide contract became public, Vigilant reminded clients that data shared with NVLS is effectively unrestricted among users —describing it as a “share to all” button — in an email obtained by Michael Katz-Lacabe of the Center for Human Rights and Privacy. It came as a surprise to some users, but nine days later, the company reversed course. The new email said ICE never actually had direct access to the NVLS database, even though it was a Vigilant client. Reached by The Verge, Vigilant declined to comment on the two emails, and it’s still unclear whether ICE might access NVLS in the future.

One of the challenges for sanctuary cities is a broader culture of data sharing between agencies built up in the years since the 9/11 commission. Even agencies that don’t share with NVLS likely share with a local fusion center, federally funded facilities designed to build bridges between national and local law enforcement orgs. Seven of those facilities have direct deals with Vigilant, although, much like local departments, their data-sharing policies are not publicly accessible.

For undocumented immigrants, the result is a terrible uncertainty. “These reports have caused a lot of fear among those communities,” says Vasudha Talla, a staff attorney for immigration issues at the ACLU of Northern California. “People are afraid to leave their homes. They’re afraid to pick up their kids from school or receive essential services like healthcare.”

California has passed a number of state-wide bills to address that fear, both the recent statewide sanctuary resolution and an earlier measure that lets undocumented immigrants apply for a driver’s license. But as long as data-sharing networks stay open, it will be hard to make sure federal agencies can’t pick up where state agencies left off.

“It’s important for sanctuary districts to understand how license plate reader technology really works,” Talla says. “The system may have been purchased for one reason, but it can be repurposed to be used against immigrants.”