California law enforcement misused state databases more than 7k times in 2023
137 comments
·January 30, 2025simonw
siltcakes
I was at a party with an early FB employee once and he was bragging about how they would spy on people to see who's profiles they were looking at. He thought it was hilarious, I never used FB again. I think his exact quote was "Hot girls are like celebrities, we watch people refresh their profiles all day long LOL".
hipadev23
I see you also have met zuck
nxobject
Of course, this applies mass data collection by private entities too [1], and entities seeking to cross-reference commercially-available data sources together – even governments (thanks, Palantir!). There are plenty of ways to harass people without misusing your privileges as law enforcement.
[1] https://www.theguardian.com/technology/2016/dec/13/uber-empl...
TriangleEdge
Ex Palantir here: Palantir provides tools for data analysis and operations. The tools don't collect data. It's like saying: Thanks PostgreSQL for allowing this specific data misuse case. When I was at Palantir, the tools came with a robust ACL solution.
I'm not advocating for the company, but the statement in the comment is shallow. I was a̶b̶u̶s̶e̶d̶ assaulted while employed there, which is why I left, but my comment stands.
int_19h
Everybody knows what purpose those tools are made for in practice simply by looking at who buys them and how they're used. So, no, Palantir does not get to claim some kind of neutrality here. It is a company knowingly enabling mass government surveillance and the associated abuses for the sake of profit.
mbesto
> Palantir provides tools for data analysis and operations.
Potato potato. Palantir explicitly provides tools for data analysis and operations for government and enforcement agencies. Postgres is a database used for virtually anything that needs a database. The two aren't the same.
For the record - Palantir isn't 100% culpable of a government resource abusing its capabilities, but it sure unlocked a whole bunch of capabilities that were either too expensive or too difficult to do previously (for example, storing records in an RDMS).
> Palantir, the tools came with a robust ACL solution.
ACLs require humans to configure them. Uber also has a robust ACL. It doesn't stop someone in the org from using and abusing its God-mode.
jakelazaroff
> It's like saying: Thanks PostgreSQL for allowing this specific data misuse case.
Sure, if PostgreSQL were specifically selling their tools to organizations known to commit those sort of abuses.
NikolaNovak
I appreciate your comment, and it takes courage to post an unpopular opinion, but I'm not convinced about the analogy - Is Palantir used for myriad varied and lovely other cases? Or is it less like Postgres and more like napalm and ICBMs in that sure, it takes a human being to use it for its very much intended purpose?
sweeter
I agree in the sense that it is directly the fault of the people doing the surveillance but this sounds like "guns dont kill people, people kill people..." which is true semantically, but not in spirit.
Palantir for example works directly with the government on State and Federal levels, and know damn well what they are doing, what their tools are used for, and answer directly to the requests of the government in regards to contracted work (all at the cost of the taxpayer mind you). These are mass surveillance tools, they have one purpose.
I also don't think its insignificant to recognize the backroom deals here that have created this vicious cycle of:
working as a govt official and giving kickbacks and heavily inflated contracts to contractors, and forming laws favorable to those contractors -> then getting a consulting job at those same defense contractors or lobbying groups -> and then moving back into politics
we can't just strip away the context here, a database has a purpose, what purpose does mass surveillance tools have? I'd argue that there is no proper use case for these tools against Americans, other than authoritarianism.
bigiain
"We just make and sell bone saws, it's not us that murder journalists by dismembering them while they're still alive. I mean, sure, our only customers are Saudi military and intelligence forces, but how could we possibly predict they'd misuse the tools we make?"
gosub100
You weren't abused. You were just talked to in a way that caused an elevated emotional response.
That said, I do find your argument interesting as it parallels the "guns don't kill people" argument. An I am a gun rights advocate yet am against Palantir's product usage on US citizens. Good food for thought.
starluz
[dead]
NoMoreNicksLeft
>this is the exact kind of edge-case I always think about.
I think you're overly generous in calling this an "edge case". I do not think it uncommon at all, what we hear about are those who are too stupid to remain uncaught.
schainks
Reminds me of this: https://www.theguardian.com/technology/2016/dec/13/uber-empl...
bttrpll
Also reminds me of Amazon being sued for giving employees access to Ring data: https://www.washingtonpost.com/technology/2020/01/08/ring-ha...
ToucanLoucan
The biggest problem with police is it's the sort of job where the more a given person wants that job, the less they should probably have it. For their sake and others.
pc86
Another huge problem is that law allows union bargaining agreements to dictate what happens to disciplinary records, that officers are allowed to resign when there are investigations happening that effectively kills them, etc. Once an investigation starts you shouldn't be allowed to resign, or at the very least the investigation should still continue and you should still be able to be punished after. Any union contract requiring the deletion/obfuscation of any disciplinary records for any reason other than clerical error or pardon should be illegal.
aidenn0
> Another huge problem is that law allows union bargaining agreements to dictate what happens to disciplinary records, that officers are allowed to resign when there are investigations happening that effectively kills them, etc. Once an investigation starts you shouldn't be allowed to resign, or at the very least the investigation should still continue and you should still be able to be punished after.
I don't think requires any union pressure; the department is happy to be both rid of a problem officer and not have to put it in the public record just how bad the problem officer was.
I have a friend who is a cop in Indiana (a "right to work" state), and after talking with him, I've realized that the department, as an organization, can largely be modeled as an entity that takes action to minimize its liability (individual officers are mostly shielded from civil liability, but the department is much less so). Apropos to this subject:
- They want to minimize the number of apparent past bad actors that will be revealed during discover because a lot of past bad actors could be presented as a pattern of poor hiring and/or training. Allowing officers to resign to kill an investigation is golden).
- When something bad happens and it makes it into a courtroom with sufficient evidence that it happened, they want every officer in the department to testify that the action in question is definitely not common practice and completely contrary to training. Such testimony would be greatly undermined by a subpoena that revealed several investigations finding officers to have engaged in such behavior in the past. Again anything that stops the investigation before it can find anything material could potentially save the department millions of dollars in future liability.
jl6
Why? Most police spend their time keeping the peace and catching bad guys. That seems an intrinsically rewarding activity. No need to posit any character flaw to explain why someone would want to do that. Maybe you are thinking “power over other people” is the issue, but I think most cops see that as a necessary tool rather than the chief reward.
darioush
This is not the problem.
The problem is a higher portion of people who just want to power trip apply to these positions, even if they are not the majority of the police force. Basically, it is the dream job for a bully.
It seems there should be severe penalties for "power tripping" (aka misuse of authority and databases for special purposes); slap of the wrist fine, suspended paychecks and internal investigations will not deter this group of people. I don't see how these crimes are considered less than drug dealing.
Specifically the punishment should include mandatory jail time and permanent ban from jobs where they have any form of authority over others including management, teaching, and all government positions.
fn-mote
> I think most cops see that as a necessary tool rather than the chief reward.
The problem with this view is that there are a lot of high profile cases that are examples of people abusing their power.
I am happy to believe that “most cops” see it that way.
I am less familiar with those police officers supporting reforms that would either expose or suppress the bad behavior of the minority.
codr7
Could have fooled me!
I'm more worried about the Police than any other class of criminals.
itishappy
Excerpting power over others is intrinsically rewarding too, so I'm not sure why we should only expect the pure motivation.
tasty_freeze
There are countless videos demonstrating that some cops are power tripping. Some guy doesn't react quickly enough to a request and they get floored brutally while the cop screams at him: "Don't you dare f** with me or I'll turn you into a puddle you a*h**! Do you understand me! I said do you understand me!"
You might argue that hey, he has adrenaline flowing and so maybe he was a bit over the line. But they are professionals supposedly trained in effective deescalation techniques. Those techniques aren't just because it is humane, it is because it results in better outcomes. But the ego trippers put all that aside because they enjoy being the punisher.
Both of my grandfathers (and an uncle and a brother in law) were career cops. One of my grandfathers said: the power given to you as a cop either brings out the best in you or the worst.
null
datavirtue
No human is trustworthy. Verify.
nonameiguess
I don't disagree on the principle you're advocating for here, but this example isn't about massive surveillance systems. CLETS seems to aggregate various databases police already had access to, probably some of which include data that ideally we wouldn't collect at all, but vehicle registration has to be stored somewhere and cops always have and always will have access to that.
sweeter
The other factor is that police have near blanket immunity to violate any of our rights, whether that be privacy, using the power of the state to harass individuals, and even killing or maiming people. Then the worst consequence they face is a light slap on the wrist, paid vacation and then a transfer to another Police department. Police only serve one purpose, and that is... well if you know, you know. They have a mass surveillance state in their hands, blanket immunity, and no oversight or checks and balances. People should at the very least recognize this fact.
On top of that I get super frustrated when people want to do austerity measures like cutting funding to libraries, cancer research, public health etc... but refuse to even acknowledge that the police takes up the majority of a states public funding by orders of magnitude, and often receive "surplus" military weaponry.
If anyone actually cared about govt spending, it would be extremely clear that military and police funding would come first and foremost. The reality is that these two things are heavily intertwined, and the ways in which they are corrupt are the same... but one should ask themselves why does the US police force need to be more powerful than nearly every countries military? Who is it that they are fighting and who are they fighting for?
mschuster91
> but one should ask themselves why does the US police force need to be more powerful than nearly every countries military? Who is it that they are fighting and who are they fighting for?
Well, either you pay for healthcare (especially mental health care) and social security programs such as affordable housing... or you'll pay police to deal with the fallout.
Unfortunately, unlike in Europe, "government handouts" for the poor aren't something to score political points with, but authoritarian police is...
delichon
In 2021 alone, the FBI conducted up to 3.4 million warrantless searches of Section 702 data to find Americans’ communications. --https://www.eff.org/deeplinks/2023/04/internal-documents-show-how-little-fbi-did-correct-misuse-section-702-databases
datavirtue
I'm cool with this. The FBI purged my city and state of rampant corruption and they remove heinous violent criminals from the street every day, often before they can commit any other crimes. Most of the people who work there are tireless and thankless servants.
And to all the haters, let's see how you feel when your daughter is abducted and taken over state lines or your local law enforcement becomes corrupt and starts working with criminals. The FBI showing up is a great feeling.
throawayonthe
[dead]
phkahler
Database use can NOT be limited by policy. If the data is there, people with access to it WILL use it for whatever they want, even if that's simply because nobody told them what the restrictions are.
The best way to prevent misuse of data is not to have it. The second best way is to only allow access through technical means with proper access control at the query level and never access to the raw data.
firejake308
idk, I would say that at least in healthcare, most people are sufficiently terrified of the consequences of HIPAA violations that they won't access records they aren't supposed to. In this case, what works is a combination of serious, career-ending consequences and the knowledge that compliance departments conduct regular audits of everyone's access logs.
null
Loughla
The problem is that if someone has access to query at all, they can abuse it.
How do you limit to specific search strings? Is that a thing?
phkahler
An interface that accepts only certain things - not raw SQL - and only returns whats needed for the task at hand. Logging of who asked for what is good too but is not preventative.
rdtsc
> The Los Angeles County Sheriff’s Department (LACSD) committed wholesale abuse of sensitive criminal justice databases in 2023, violating a specific rule against searching the data to run background checks for concealed carry firearm permits
So for the concealed carry there is a background check involved, but it has to be done in a certain way, and the police instead were being more "thorough" and were digging through more databases than they were supposed to? I guess they do have access to those databases, but are only supposed to check them if they suspect a crime was committed.
What's the personal motivation there? It seems like they were going out of their way to be more "thorough", wouldn't it save them time and grief not to check more than needed. Is some higher political figure asking them to be more "thorough". I don't quite get the whole picture. Of course, they broke the law, but just wondering about their motive.
varenc
The CLETS database LACSD used includes non-conviction records, investigative records, gang affiliations, and other data that aren’t part of the proper background check process. For example, if you were arrested but never charged, or if you’re a known gang member without any convictions, those records would be in CLETS but not in the system they’re legally supposed to use for concealed carry permits (CCPs).
State law doesn’t allow this kind of non-conviction information to be used in CCP decisions, so this was an overreach. (previously you had to be of "good moral character" and have "good cause" to get a CCP, but these have been replaced with objective criteria)
You could argue that having more information might lead to better decisions on who gets a permit, but that’s not what the law allows—and letting police pull extra data whenever they feel like it creates obvious risks of abuse.
bbarn
The issue at hand is despite federal rulings forcing all states to have some level of "shall issue" concealed permits, and laws on the books, California's process has left it to county sheriffs to follow the evaluation criteria. Some, like San Bernardino, practically rubber stamp them if you pass the background checks. Others, like Ventura, Riverside, LA, etc. try their hardest to find ways to reject them - even circumventing the law to do so.
They've also tried to implement strong arm policies like "We will notify your employer you have a license" knowing most large employers in California are fairly liberal and anti-gun and might look at that negatively to try to dissuade people from even exercising the right.
rdtsc
Aha, that's the kind of nuance I was missing. Something just didn't add up. One would like to believe these are all just hard-working officers, going above and beyond their "call of duty" to keep the guns out of "bad citizens'" hands, but that seemed a little too naive of an idea.
andrewla
I think the most likely good faith version of this is that the LACSD wants to prevent people that are bad actors from obtaining the licenses.
Where this touches on abuse are people who are not convicted of any particular criminal offense related to firearms, or people that have had negative contact with the LACSD.
So on the "positive" side this might allow them to prevent a person who they strongly believe is a gang leader but has not been convicted of any offense from obtaining a permit.
On the "negative" side this might be people like defense attorneys, anti-police activists, or private investigators who have a tendencious relationship with the police from obtaining such a permit. Or in some cases maybe even people who have simply had a negative interaction -- filing reports critical of officers, etc., who are being spitefully targetted.
The law attempts to strike a balance between the concerns and law enforcement overreach and exists for a reason.
pc86
It is an ideologically driven belief that "dirty civilians" don't deserve firearms, and any reason to deny them access should be used.
th0ma5
Probably also Wilhoit's law some too "There must be in-groups whom the law protects but does not bind, alongside out-groups whom the law binds but does not protect." So not only do some people not get the right to own a gun effectively, but specifically certainly kinds of people arbitrarily.
psunavy03
There has been documented corruption and abuse in basically every state that uses a "may-issue" firearms permit scheme that allows official "discretion" about "suitability," as opposed to a "shall-issue" one where issuing a permit is mandatory to anyone who meets the qualifications.
pc86
Yeah I would be very interested in the demographic makeup of those people who were checked in this database compared to those who weren't. Maybe cross-referenced with who accepted/reviewed/received their application.
Maybe nothing but perhaps very interesting.
lukan
This is not about the right to have firearms, but the right to carry them concealed, which is not exactly the same.
pc86
To "bear" means to carry. "You may have this firearm but you cannot carry it in a manner which is fit for purpose anywhere other than your own private property" is a pretty tough sell to anyone who believes in the second amendment.
potato3732842
You're not wrong but with all the other laws surrounding firearms in public and in vehicles not being able to have a concealed carry permit is a huge practical impediment to exercising one's rights.
potato3732842
CC permits and anything firearm related winds up having to do elaborate song and dance routines to avoid being unconstitutional. Searching the crappy DB that only contains stuff they're allowed to care about instead of searching the good DB that they use when they really want to find dirt on someone falls into that category.
null
Suppafly
That seems like it's only data that's self reported by the agencies themselves, I suspect the real number is much, much higher.
sbarre
The article also mentions this is only one of many databases, and the only one that has self-reporting requirements for abuse.
JumpCrisscross
"Los Angeles County Sheriff’s Department (LACSD) committed wholesale abuse of sensitive criminal justice databases in 2023, violating a specific rule against searching the data to run background checks for concealed carry firearm permits"
Well that was a fuck-up! Not only is Los Angeles politically vulnerable right now, LASD went after gun owners. Bipartisan hell in 3, 2, 1...
tzury
That’s about every 30 minutes, every day of the week, including weekends, during their day shift.
pc86
As if anyone needed any more proof that LASD is just a criminal gang with a badge.
LinuxBender
I'm surprised that with all the leaks of sensitive databases there isn't a public copy of every government database running on Tor in some distributed anti-take-down configuration by this point.
steezeburger
How do I join the effort for running these kinds of analyses?
EA-3167
Well it's no shock that the top of the list of offenders is the LA Sheriff Dept, they're a nightmare of abuse at pretty much every level.
cge
It appears the LASD is not just at the top of the list, but essentially is the list: they account for 93% of the violations.
Which, as you point out, is not surprising. The LASD is enough of a mess that I've heard other nearby police departments complain about them, not to mention their history of gangs, corruption, and conflicts with the Board of Supervisors and FBI.
wahern
In California it's generally the county sheriff who issues carry permits. Apparently sometime in the past few years municipal police were also given the authority to do this, but for decades I believe it was just the sheriff. And it was discretionary and highly political--urban sheriff's departments were invariably, "no", unless you were a high profile figure, whereas rural sheriff's departments were typically an easy, "yes", unless they had a reason (good or bad) not to. And sometimes there were jurisdictional fights where rural sheriff's departments would bend the rules and issue permits to residents of urban counties, (arguably) sometimes just to spite the cities. Like most jurisdictions in the US, sheriffs are an elected position, and very often crudely politicized, especially in states like California with strong urban/rural partisanship.
In any event, it's likely most Californians still go straight to the sheriff's department when seeking a permit.
skyyler
>especially in states like California with strong urban/rural partisanship
I haven't been to a state where there isn't strong urban/rural partisanship. Is that what Rhode Island is like?
nashashmi
Typically the tactics and abuses are shared among other staff to help them in their cases. The 7k number should be higher in 2024. Exponentially higher.
> A Redding Police Department officer in 2021 was charged with six misdemeanors after being accused of accessing CLETS to set up a traffic stop for his fiancée's ex-husband, resulting in the man's car being towed and impounded, the local outlet A News Cafe reported. Court records show the officer was fired, but he was ultimately acquitted by a jury in the criminal case. He now works for a different police department 30 miles away.
When people say "I don't see why privacy matters, I have nothing to hide" this is the exact kind of edge-case I always think about.
The problem with a lot of these massive surveillance systems is that a lot of people end up with access to them, and some of those people may not be trustworthy.
In this case, your ex-wife gets engaged to a cop and now they're abusing their access to databases to cause you harm.
(That note that "he now works for a different police department 30 miles away" is such a toxic aspect of American policing: cops who get fired for stuff like this inevitably end up in the exact same job somewhere else.)