LBPD Enterprise Systems Missing from City’s Senate Bill 272 Required List
Senate Bill 272 requires public agencies to disclose all enterprise systems in use, with some limited exceptions. The bill defines an enterprise system as “a software application or computer system that collects, stores, exchanges, and analyzes information that the agency uses that is both of the following: (A) A multi-departmental system or a system that contains information collected about the public. (B) A system of record. (2) “System of record” means a system that serves as an original source of data within an agency.”
The law's purpose is stated as furthering the purpose of Section 3 of Article I of the California Constitution by assisting the citizens in exercising their right of public access to the meetings of local public bodies and the writings of local public officials and local agencies.
The California Constitution states, “the people have the right of access to information concerning the conduct of the people’s business, and, therefore, the meetings of public bodies and the writings of public officials and agencies shall be open to public scrutiny.”
The California Constitutional also orders that any law related to public access to meetings or documents “shall be broadly construed if it furthers the people’s right of access, and narrowly construed if it limits the right of access.”
Long Beach’s SB 272 compliance leaves a lot to be desired. While other cities and counties have extensive multi-page lists covering all their agencies and departments, Long Beach has a single page list covering core systems used by city hall.
By way of comparison, Long Beach lists only 23 enterprise systems, with some multi-purpose systems repeated. Long Beach lists no enterprise systems specific to the LBPD, while the County of Los Angeles lists almost 400 systems.
The L.A. Sheriff’s Department list listed as the sole user of 28 of those 400 systems, many of which are systems the LBPD also uses (including ALPR, the LACRIS facial recognition database, others biometric identification databases, inmate tracking, inmate visitation, CLETS, gang databases, and systems related to video surveillance). The City of Long Beach's list should include all the law enforcement specific systems the LBPD uses; it doesn't include a single one.
The LBPD also collects data to comply with the California Racial Identity and Profiling Act of 2015 that would be hard to manage without “a system that contains information collected about the public.” As of January 1, 2019, Long Beach has begun publishing data to comply with the Racial Identity and Profiling Act—which will be analyzed as a future project for this site.
The city publishes that data on DataLB, “a public GeoSpatial & Open Data Portal for exploring, visualizing and downloading data” recently created by Long Beach.
The LBPD was asked for a list of their enterprise systems as a public records act request. The LBPD replied that they had no responsive records and that “the enterprise system catalog that the city published listed applications used by the majority of the city’s departments, including PD.”
CheckLBPD’s investigations into LBPD surveillance systems found over a dozen LBPD systems that other City’s include on their enterprise lists.
Long Beach is missing other obvious enterprise systems—knowledge of which would be helpful to journalists, activists, and researchers. The Long Beach Department of Health does not list a single enterprise system, not even epidemiological data, while the Los Angeles Department of Health lists 29 systems. L.A.County also considers campaign finance databases to be enterprise systems, while Long Beach does not.
Although these departments are not tasked with SB 272 Compliance, that is the city’s responsibility.
While SB 272 non-compliance is a relatively minor violation, it is part of a pattern of lack of transparency. A pattern that makes it harder for citizens of Long Beach to hold their government accountable. CheckLBPD had to issue dozens of PRA requests to find out all the surveillance systems the LBPD has in place when many of those systems should have been publicly disclosed under SB 272.
S.B. 272 came up in my discussions with the Electronic Frontier Foundation and the ACLU of Southern California regarding LBPD surveillance.
Dave Maass of the EFF said, “across the state, it’s hard to point at one city that is doing a great job implementing SB 272. Part of that may be that there’s not a strong incentive to comply, but part of it might be that SB 272 could certainly use some revision for clarity.” He then pointed out that San Francisco has 463 disclosed enterprise systems, including law enforcement specific systems.
For some reason the LBPD thinks it doesn't have to comply with a state law yet again.
There is no reason LBPD should not be held to the same standards as LAPD and SFPD. While SB 272 isn't nearly as important as the other California laws the LBPD ignores, like the California Values Act and Senate Bill 54 (on ALPR data-sharing), it is still the law and they are a law enforcement agency. It is a bit hypocritical of them to thumb their noses at this requirement.
Questions, comments, or tips can be directed to Greg@CheckLBPD.org (encrypted on our end with protonmail)
This article was written by Greg Buhl, a Long Beach resident and attorney.
This work is licensed under a Creative Commons Attribution 4.0 License. Feel free to distribute, remix, adapt, or build upon this work.