ACLU Joins EFF and Reporter’s Committee In Support of FFFF

ACLU, EFF, RCFP, ACLU SoCal
The ACLU, ACLU of SoCal, EFF & RCFP Join FFFF

Yesterday the American Civil Liberties Union (ACLU), the ACLU of Southern California & the Electronic Freedom Foundation (EFF) filed a joint amicus brief in support of us here at Friend’s for Fullerton’s Future in our ongoing legal battle with the City of Fullerton. Here’s a sample:

“Rather than accept responsibility for its own failure to limit public access to information, the City instead is attempting to stretch computer crime laws to punish those journalists—first, for uncovering unflattering information and, later, for publishing it.”

Likewise, The Reporter’s Committee for Freedom of the Press filed a separate amicus brief supporting FFFF against the City of Fullerton. Here’s a sample:

“Amicus is not aware of any case where a federal or state anti-hacking law has been misused so brazenly to target routine newsgathering—namely, the collection of government information available to any internet user.”

On the City’s side of the ledger is an amicus filed by the League of California Cities – a group the City PAYS to belong to with your tax money and they managed to argue nothing relevant to the case. Here’s a sample:

“However, hosting this information electronically presents a variety of cybersecurity issues for local governments, many of whom have limited budgets for network and security systems, outdated technology, and limited IT staff to implement organizational safeguards to protect against cybersecurity breaches and/or human error.”

They’re arguing that the City has a limited budget and it’s gosh darn tough to “implement organizational safeguards to protect against… human error”. I can’t laugh hard enough at that premise knowing their payroll and the gross negligence the city itself is claiming.

They’re all fascinating reads in different aspects.

Ultimately you know the City messed up big and that Jones & Mayer gave terrible legal advice when the ACLU et al are siding with us on the merits. The Fullerton City Council might want to consider taking a hard look at these new briefs before just blithely listening to Kim Barlow and The Other Dick Jones™ again.

I’d like to personally thank the ACLU, ACLU of SoCal, the EFF & the RCFP for their support in this exhausting case. Without their support, and the support you friends, this would be a much harder fight on all of us here at FFFF. It’s nice to have real allies when the other “journalism” outfit here in Fullerton enlisted a hack to fight against us.

Let’s Talk More about Privacy

Big Brother Watching

Tonight our City Council is going to allow the Fullerton Police Department to use asset forfeiture money to purchase two automated license plate readers or ALPRs.

According to the paperwork these devices are used to allow police to drive around and scan the license plate of all cars on both sides of a street at up to 160mph. Tonight this is being sold as a way to enforce parking as part of the Downtown Parking Pilot Program as recommended by staff and the vendor SP+.

But these devices have a dark big brother side to them in how the data is shared and stored.

Apparently Fullerton has had these types of devices since 2008 (as referenced in my earlier post) despite the staff report tonight alluding to their newness. I’m betting the devices are currently being used for covertly tracking specific criminals in the same way that FPD uses the cellphone data capturing “Stingray” that they borrow from Anaheim.

Regardless of how the ALPRs are currently being used,  they aren’t a new concept as far as I can tell for the city or police department owing to our involvement in the UASI.

Urban Area Security Initiative

In the staff report, as a way to sell these ALPRs, it is mentioned that the city currently “chalks” tires to check for parking violations.

Why are our parking enforcers “chalking” tires when they have electronic equipment to do that for them? Does that equipment no longer function? Was there a problem with the implementation of the previous “digital chalking”. Nobody knows because no data, details or explanations are being provided by staff – yet again.

The big issue here, according to the ACLU and others, is that these devices are also used to keep track of where people go and how long they stay at those locations. The police department can track your movements and build a pattern of your activities and then share that data with other agencies.

Do the police really need a record of what church everybody goes to? What about who goes to the local AA/NA meetings? Local clinic? Political rallies/events/protests? Do you want the police to have a record of every time you visited your lover or possible mistress/paramour for the politicians in the room?

Caught Cheating

All of your activities are now that much easier to track and store with this technology and there needs to be safeguards against abuse and misuse.

This giant privacy concern is why the ACLU, EFF, 10th Amendment Center and others are against the use of these devices without strict controls. Surprisingly enough the CA State Legislature mostly agrees with them.

According to the Electronic Freedom Foundation, CA law, in effect since 2016, requires agencies deploying automated license plate readers to divulge:

  • The authorized purposes for using the ALPR system and collecting ALPR information.
  • A description of the job title or other designation of the employees and independent contractors who are authorized to use or access the ALPR system, or to collect ALPR information. The policy shall identify the training requirements necessary for those authorized employees and independent contractors.
  • A description of how the ALPR system will be monitored to ensure the security of the information and compliance with applicable privacy laws.
  • The purposes of, process for, and restrictions on, the sale, sharing, or transfer of ALPR information to other persons.
  • The title of the official custodian, or owner, of the ALPR system responsible for implementing this section.
  • A description of the reasonable measures that will be used to ensure the accuracy of ALPR information and correct data errors.
  • The length of time ALPR information will be retained, and the process the ALPR operator will utilize to determine if and when to destroy retained ALPR information.

Sadly you can scour tonight’s staff report and you won’t find any of this information. You also won’t find these requirements on the website or city archive which begs a question of legal compliance.

But it’s more irritating than that. If this was an issue of non-compliance by virtue of the law changing AFTER we already had the equipment (purchase in 2008, law change in 2016) it would be one thing. It would be illegal but an issue chalked up to oversight and city attorney incompetence. But no. Two years ago our city agreed to remain in what is known as the Urban Areas Security Initiative and we’re in clear violation of that grant process as well:

UASI PII Requirement

I’ve looked for this “publicly-available policy” to no-avail on the city servers. Honestly though I shouldn’t have to look for such information when staff is asking the council to address the license plate readers tonight – the policy in question should have been included and explained in the staff report.

An example of compliance with the law regarding your privacy and how the city handles it related to ALPRs can be seen with the city of Cypress’s Police Department Manual. This is what should have been included tonight before council votes upon such the ALPR issue.

Fullerton, however, gives us this:

FPD Policy Manual

If you look at the top of that page you’ll it was put up back when David Hendricks was Chief of Police.

Chief Hendricks went on admin leave back on 25 August of last year before resigning. So our Police Department hasn’t had a publicly available policy manual for AT LEAST 7 months & 22 days. The best I can find is a policy manual from 2012 on archive.org and the section of ALPRs (page 322) is not compliant with the 2016 state law.

Way to go team. Way to be transparent and compliant with the law. Way be ahead of the curve and to put the interests of the people first. Oh wait. Nevermind on all counts.

Why does staff, let alone council, not care about your privacy? Why do they think it’s okay to violate CA law and their own grant agreements regarding your privacy & transparency? Why is the hunt for more downtown money more important than addressing such fundamental concerns?

I’d tell you to find out tonight but we all know that they’re going to gloss over this issue with some allusions to trust, heroes and the like after being called on their nonsense.

Regardless of who’s on council this is just the Fullerton way I suppose.