Clearly frustrated, Brian Hofer took a breath. His colleagues on the Oakland Privacy Advisory Commission sat quietly as Hofer, who chairs the board, questioned Oakland Police Department representatives attending a commission meeting over Zoom in August.
Months earlier, in May, the City Council’s Public Safety Committee had ordered OPD to give the privacy commission reports and audits showing how the department’s automated license plate reader technology was being used, and which law enforcement agencies had access to the information.
OPD had, again, failed to produce all the documents the commission wanted to review as part of its assessment of whether or not the technology’s benefits outweigh its potential harms. As with other surveillance tools used by various city departments, the privacy commission is tasked with making a recommendation to the City Council about whether or not OPD should be allowed to continue using license plate readers. Hofer had been seeking the records since 2019 to no avail. The department told him that even though he chaired an official city commission, he had to file a public records request; he did, but the OPD never handed over all of the information.
The records the department did provide for the commission’s August hearing had clear red flags, Hofer said. For one, the reports showed for the first time that OPD was allowing the FBI unfettered access to license plate reader scans outside the limits established in the department’s 2016 policy. Once such data is shared and ends up in a federal database, the police department loses control of the information, privacy advocates have warned.
That came on top of OPD’s acknowledgement that it was retaining scan data for two years, in violation of the department’s own policy, which says it is supposed to delete data that’s older than six months.
But Hofer’s frustration was mostly over what was not being shared, and that OPD officials appeared to have a different understanding of what the City Council committee had asked them to do.
“I think everyone knows we are heading toward litigation,” Hofer said at the August meeting. “I don’t feel comfortable asking some of these questions, which I have to dance around.”
Indeed, Hofer sued the city, OPD, and the City Attorney’s Office in September. It was an unusual legal move for the chair of a city commission. But a provision of the city’s surveillance ordinance allows for anyone to take the city to court. Hofer clarified that he filed the suit as an individual and executive director of the nonprofit civil rights and technology group Secure Justice, not on behalf of the commission he chairs, even though OPD would be forced to hand over records the commission has sought.
The lawsuit alleges the City Attorney’s Office and Oakland Police Department have violated the city’s surveillance technology vetting ordinance and the state Public Records Act by failing to provide the documents Hofer asked for two years ago, and that the two departments “have obstructed, practically thwarting, [privacy commission] from doing its job.”
The case is pending before an Alameda County Superior Court judge who will decide whether or not to force OPD to hand over the records. Hofer is also asking that the court compel the police department to destroy license plate scan data that’s older than six months, and enforce other portions of the Surveillance Technology Ordinance.
Hofer, who advocated for the creation of the Privacy Advisory Commission and has served on it since it was established, said the conflict between the commission and OPD has revealed some limits of Oakland’s model of civilian oversight of police surveillance technologies.
The Oakland Police Department’s media relations unit and the Oakland City Attorney’s Office, declined to comment for this story, citing the active lawsuit.
A uniquely powerful civilian oversight board
Since its inception in 2016, the Oakland Privacy Advisory Commission has served as a national model for civilian oversight of municipal technology and surveillance. Its origins can be traced back to 2013, when Oakland quietly planned to expand a surveillance network from the Port of Oakland and Oakland Airport to city streets.
The federally funded citywide surveillance system, known as the Domain Awareness Center, was proposed to be a central hub for data collected from OPD’s automated license plate readers and gunfire detection system, facial recognition software, and more than 700 cameras throughout the city, including at schools and public housing complexes.
What’s the role of the Privacy Advisory Commission?
- If a city department wants to acquire and use new surveillance equipment—for example, cameras to catch people illegally dumping—the privacy commission must first review the technology’s pros and cons. The commission then advises the department and City Council on the technology’s impacts and recommends whether or not the city should use it.
- Surveillance technologies that are already used by the city, such as automated license plate readers, are also reviewed by the privacy commission to ensure departments are adhering to rules around how they’re employed, what kinds of data is retained, who has access to the data, and more.
- The commission can only make recommendations. It’s ultimately up to the City Council to decide what kinds of surveillance technologies city departments can acquire and use, and usage the rules.
- More details about the commission’s role and powers are spelled out in the city’s Surveillance Technology Ordinance.
The DAC ignited a debate about privacy and data collection on a local level, around the same time Edward Snowden burst on the international scene with revelations of massive illegal data collection by federal spy agencies.
Pushback from activists, residents, and the ACLU of Northern California concerned over threats to civil liberties ultimately resulted in Oakland City Council dramatically scaling back the project and limiting the DAC to the port and airport. City Council also created an ad hoc citizens committee to draft a privacy policy that would set rules for the use of the DAC to prevent its powerful systems from being misused. In January 2016, council members approved an ordinance establishing a permanent nine-member Privacy Advisory Commission.
Today, the Oakland privacy commission remains unique. In most cities, when new technology is obtained and used by city departments like the police or transportation, it is up to the city council or officials like the city manager and police chief to consider privacy implications. But in Oakland, the commission helps shape policy, looking at matters through a privacy lens at the earliest stage possible. No other U.S. city has a civilian advisory board with such broad powers.
At its second ever commission meeting in 2016, an OPD deputy chief publicly presented for the first time how the department uses cell-site simulators, a device that tricks cellphones into thinking it’s a cellphone tower in order to scoop up data and determine the geographic location of phones. OPD had been using these devices, commonly called Stingrays, since 2006 to track the locations of people suspected of crimes. The privacy commission drafted a new policy that was adopted by the City Council, requiring OPD to obtain warrants for deploying the Stingray, and to compile yearly reports on its use.
The commission’s investigation of OPD’s assistance in a 2017 West Oakland ICE raid uncovered a little-known agreement with ICE, which the City Council later terminated. And in 2019, Oakland became the third U.S. city to ban facial recognition software, which can be used to conduct mass surveillance and identify people in large crowds or in public areas. Researchers have shown that the software is less accurate when trying to identify people of color, which could lead to greater civil rights abuses.
Tracy Rosenberg of Oakland Privacy, a citizens’ coalition that advocates for privacy rights and oversight of government surveillance, said Oakland’s privacy model is “heads and tails” above other local jurisdictions.
“It is being watched on a national basis,” Rosenberg said. “The commission has done amazing, back-breaking work. There is no doubt the surveillance impacts on citizens have been greatly mitigated. That said, they occasionally run into some wrinkles. That is because they are doing things that essentially have never been done before.”
Police say license plate readers are a key public safety tool, but privacy advocates warn of its risks
Perhaps the biggest wrinkle has been in the police department’s use of automated license plate readers, which led to Hofer’s lawsuit.
OPD has 35 license plate readers mounted on police vehicles which constantly scan plates throughout Oakland and feed them into a database that can tell if a car is stolen, or has been flagged because it was associated with crimes. This information is then automatically provided to officers. The department also stores scanned plate numbers in a database that can be accessed by investigators long after a crime has been committed. Using this data, police can track when and where vehicles traveled.
Oakland police say the cameras have been a useful investigative tool. The cameras have helped in human trafficking cases, track down missing persons, including a homicide victim found in the trunk of a car, and led to the arrests of two homicide suspects, according to OPD’s reports to the commission.
But in some cases, police have pulled over innocent people due to license plate cameras incorrectly scanning a plate. Two Contra Costa sheriff’s deputies in 2019 pulled Hofer and his brother over in San Pablo, drew their guns and detained them after a camera on Interstate 80 erroneously identified their rental car as stolen. Hofer sued Contra Costa over the incident.
A 2015 state law, SB 34, requires police agencies using license plate readers to develop a use policy and track how and when the data is accessed. OPD’s 2016 use policy, according to Hofer’s lawsuit, “includes a representation that OPD would perform audits of its surveillance technology use.”
Citing failures by OPD to comply with these state and city reporting requirements, the commission in February recommended to the City Council that OPD’s use of license plate scanners be suspended for a two-year period. The decision came after commissioners said OPD had not produced the annual audits, and had not fulfilled public records requests Hofer filed in 2019 seeking the information.
Rather than suspend OPD’s use of the scanners, the Public Safety Committee in May directed OPD to supply the requested documents to the commission, in hopes the department and privacy commission could sort out the problem. OPD returned to the PAC’s August meeting with ALPR reports for 2019 and 2020. However, OPD did not produce audits for 2016, 2017 or 2018, and admitted no audits had been completed for those years.
To help settle the issue, Joe Devries, the city’s chief privacy officer, suggested at the meeting that the commission form an ad hoc committee to work closely with OPD. Hofer, in response, said he had polled members to see if anyone wanted to serve on such a committee. No hands were raised, he said. Commission members had grown tired of asking repeatedly for records that weren’t handed over by OPD.
“I am getting the impression some folks have checked out a bit,” Hofer said at the meeting in August. “They didn’t think they were going to have to chase people this hard.”
A volunteer commission stretched thin by complex issues
While Oakland’s privacy commission is perhaps the most robust in the country, Hofer’s lawsuit argues the oversight model is failing to work because of a growing lack of trust. Unsure they’re getting all of the information they need from city departments like OPD to make decisions, the commissioners also don’t have a lot of free time or resources of their own to do their own research.
The amount of work before the volunteer commissioners has taken its toll, and fatigue appeared to set in at the August meeting. Privately, two commissioners asked Hofer whether they should resign in protest.
“It’s really hard when you can’t trust that you are getting the full picture,” said Commissioner Reem Suleiman, who was appointed to the commission in 2016 to represent District 1, including North Oakland, Temescal, and Rockridge,.
“None of us have the bandwidth to investigate and try and track down the facts. I worry a lot,” said Suleiman. “What happens when Brian (Hofer) resigns or he’s termed out? I just don’t know if this body can fulfill its purpose without having some extreme overhaul and rectifying the trust and the harm. In order for us to advise, the information has to be accurate. If we are making judgments on inaccurate or incomplete information, what good is this body at all?”
Disputes with city departments have led commissioners to wonder if, in order to continue their work, additional staff for the commission is needed. Like Hofer, most of the nine members of the commission have experience with privacy and technology issues through their day jobs. Heather Patterson, reappointed in 2020, works as Facebook’s responsible innovation manager, and Gina Tomlinson was the chief technology officer for San Francisco before becoming an executive at the tech company yondr. But as volunteers, they can only spend so much time studying the issues coming before the commission, and they have to rely on the information city staff are presenting them. Unlike the city’s Police Commission, the privacy board does not have an attorney at its disposal, or someone like an inspector general to help review documents and advise commissioners. There is no dedicated city employee other than Devries, who also works in other capacities in the City Administrator’s Office.
Seattle established its Privacy Program in 2015, following concerns about waterfront surveillance cameras, wireless mesh networks used to track people’s phones, and an increasing amount of drones flying near homes. In one instance, a woman spotted a drone outside the window of her high-rise apartment.
Under Seattle’s Information Technology Department, Chief Privacy Officer Ginger Armbruster said there is a staff of 18, with three full-time employees working on issues related to the city’s surveillance ordinance. “It’s a slog,” Armbruster, a former senior privacy manager for Microsoft, said.
Devries doesn’t think OPD or other city departments are purposefully trying to thwart the Privacy Commission.
“The frustration for Brian and the commission is real. Any department that needs to use surveillance technology has to come through the commission. There’s an education process for those staff members,” Devries said in an interview. “There were some missteps and misunderstandings about what needed to come to the commission and when it needed to come. I think it created a level of mistrust. It’s really easy to go to intent, but I really don’t think that’s the case. Everyone is giving their best effort and it’s a heavy lift.”
Oakland’s privacy commission has served as an inspiration for other cities. Santa Clara County, Los Angeles, and New York each have their own chief privacy officer. In 2019, the city council in Portland, Oregon unanimously passed a privacy protection principles resolution to ensure non-discriminatory use of data.
Hofer, who has consulted with activists and officials in other cities to help them set up their privacy oversight systems, said that while Oakland has certainly been an inspiration for others, it’s limits are increasingly clear. “The more I’ve seen this model in other jurisdictions, I don’t think it can work at all without an inspector general.” Civilians, he said, should not have access to raw data but need full-time staffers on their side who can access data and information and deal with city officials from the departments the commission is meant to hold accountable.
“I’m not giving up,” he said. “Have we had any positive impact? Have we changed the culture at all? Have I wasted six years of my life? I don’t think so and I hope not.”
