California State Auditor Report Number : 2015-130

The CalGang Criminal Intelligence System
As the Result of Its Weak Oversight Structure, It Contains Questionable Information That May Violate Individuals’ Privacy Rights

Audit Results

Due to an Inadequate Leadership Structure, CalGang Has Failed to Comply With Requirements Designed to Protect Individuals’ Rights to Privacy

The California Department of Justice (Justice) funds CalGang. However, two bodies composed of law enforcement officials—the CalGang Executive Board (board) and its technical subcommittee, the California Gang Node Advisory Committee (committee)—are responsible for overseeing the CalGang database. These bodies operate free from the typical safeguards that are the foundation of government programs. When the board and the committee voluntarily adopted federal and state criminal intelligence requirements, they expressed a commitment to protect individuals’ privacy rights and maintain a high‑quality tool for law enforcement to use to suppress and solve gang crime. However, these entities lack the organizational structure and processes necessary to ensure that CalGang achieves these objectives.

Since state funding supports CalGang and law enforcement agencies statewide use it, we expected to find in place a state law establishing the powers, legal authority, and responsibilities that would ensure CalGang’s leadership structure and processes reflect the characteristics common to public programs. However, CalGang was not created in statute, and Justice is not statutorily required to oversee it. Thus, the board and the committee have assumed responsibility for managing and overseeing CalGang and its user agencies. Because of the value of CalGang to local law enforcement agencies, Justice voluntarily funds it and provides technical support as needed. Nonetheless, Justice’s involvement with those bodies is inconsistent despite holding a voting seat on both the board and the committee. For example, since 2010 Justice has not been represented at one‑third of the board’s meetings. We asked Justice about its not attending certain board meetings, and Justice officials explained that it found limited value in attending these meetings because board members viewed Justice’s role narrowly and as limited to providing technical support and funding for CalGang. Justice’s views on policy and governance were not given meaningful consideration by the board or the committee. Although Justice could have refused to renew the CalGang maintenance contract, this was not viewed as a viable option because it would likely have caused the program to shut down. Justice told us that it did not at that time have any other leverage over CalGang to ensure that its input was given any weight.

The board and the committee act without statutory authority, transparency, or meaningful opportunities for public engagement. Table 4 summarizes the characteristics common to government agencies and demonstrates the degree to which CalGang operates outside of those characteristics. Government agencies exhibit these characteristics as a means to gain the public’s trust and to engage the public in their decision‑making processes. Because CalGang’s oversight entities operate outside these parameters, their decisions lack transparency and public input. Specifically, the board and the committee do not conduct open meetings: They do not provide public notice of their meetings, post agendas and minutes, or accept public testimony. Thus, they limit the opportunity for public understanding and input. For example, Justice posted some of the board meetings’ minutes and agendas on its website, but the most recent document is dated May 2014—more than two years ago, despite there being more recent meetings.

Table 4
Common Characteristics of Government Entities Compared to CalGang’s Current Framework

Common Characteristics of Government Entities	CalGang’s Framework	Scorecard
Statutorily defined authority and responsibilities.	No responsibilities or authority defined in state law; CalGang is subject only to rules the CalGang Executive Board (board) and the California Gang Node Advisory Committee (committee) have adopted and established.	X
Transparency and opportunities for public participation.	Limited transparency and opportunities for public participation.	Δ
Direct reporting to a government agency or department that has policy, operations, and administrative oversight.	Limited oversight of policies and operations. State government is a participant with no decision-making authority.	Δ
Public input through elections, through an elected body, or through the composition of governing bodies.	The board and the committee determine their own membership and leadership.	X
Accountability established by clearly defining the roles of oversight entities.	Individuals serve in multiple roles, creating situations in which they oversee themselves.	X
Independently audited.	Not audited by an external, independent body. User agencies evaluate their own records.	X
Specified revenue sources and, if appropriate, the ability to collect fees.	No designated revenue source and no authority to collect fees from user agencies.	X
Legal representation.	No legal representation.	X

In addition, CalGang’s leadership structure does not provide adequate accountability or oversight. Because the board and the committee determine which law enforcement agencies (also referred to as user agencies) will be node administrator agencies, they control the composition of their own membership: Once the board approves a law enforcement agency to be a node administrator agency, that agency designates individuals to sit on the board and the committee. Moreover, the members of the board and the committee elect their own leadership. Thus, no opportunities exist for public input through elections or elected bodies. Accountability is further compromised because individuals can serve many roles within the CalGang framework. Table 5 outlines selected responsibilities of these bodies and illustrates how individuals can serve in multiple oversight roles. For example, in the Sonoma County Sheriff’s Office (Sonoma), the sergeant who serves on the committee also acts as a node administrator and as a CalGang user. In fact, the sergeant stated that he enters approximately 95 percent of CalGang records for his agency, yet this same sergeant is also responsible for conducting any audits of CalGang records for the region because he is the node administrator. The sergeant’s conflicting roles highlight the current weaknesses in CalGang’s oversight framework.

Table 5
Selected Responsibilities of CalGang Oversight Entities and User Agencies

	Composition	Responsibilities
CalGang Executive Board (board)	The chief executive or his or her designee from each of the following: the 11 node administrator agencies, the California Department of Justice, the California District Attorneys Association, and the California State Sheriff’s Association.	Provide oversight and policy direction. Approve the creation or abolition of a node. Elect a chairperson annually.
California Gang Node Advisory Committee (committee)	Full-time law enforcement officers or support staff designated by node administrator agencies, usually the node administrators.	Oversee the operations of law enforcement agencies (user agencies). Evaluate requests from agencies interested in becoming nodes. Elect a chairperson, vice chairperson, and sergeant of arms every other year.
Node administrator agencies	Designated node administrator.	Ensure that all users in the node adhere to committee policies. Conduct triannual audits. Examine gangs before they are added to CalGang.
User agencies	Law enforcement or support staff who enter CalGang data.	Comply with committee policies. Ensure data are legal, relevant, accurate, timely, and complete.

Sources: Board and committee bylaws, committee policies, and interviews with the committee chair.

Although the board and committee voluntarily committed to adhere to Title 28, Code of Federal Regulations, Part 23 (federal regulations), which establishes requirements to ensure the privacy of those whose data is maintained in criminal intelligence systems such as CalGang, their protocols for implementing the federal regulations allude to stronger oversight than the entities actually provide. Specifically, the federal regulations—which are viewed as the national standard for protecting and handling criminal intelligence systems—require rules and processes that implement administrative, technical, and physical safeguards to protect criminal intelligence data and individuals’ rights. On the surface, the committee’s policies and procedures (CalGang policy) appear to address some of these requirements. However, the board and the committee have not implemented or followed all of the necessary processes, as summarized in Table 6. For example, federal regulations require audits and inspections to ensure that the user agencies have necessary processes in place to make key decisions, such as determining that reasonable suspicion exists to support CalGang entries. However, as we discuss later, we found that the committee’s audits are neither independent nor robust and that CalGang policy does not include a provision for on‑site inspections of records or facilities.

Table 6
CalGang’s Oversight Entities’ Adherence to Federal Regulations for Protecting Criminal Intelligence

Selected Requirements Under Title 28, Code of Federal Regulations, Part 23	CalGang’S implementation	Scorecard
Administrative Safeguards
Audit and inspect properly trained participating agencies to ensure that reasonable suspicion exists and that users are following federal, state, and local laws.	Audits do not adequately review the establishment of reasonable suspicion or compliance with laws. CalGang’s oversight entities do not perform on-site inspections.	X
Adopt procedures to ensure that all information retained in the database has relevancy and importance.	Procedures do not exist.	X
Develop rules to implement authority to remove personnel authorized to access the system.	CalGang’s oversight entities have adopted rules to sanction users.	✔
Technical Safeguards
Store information in a manner such that it cannot be accessed without authorization.	At the time of our review, the four nodes lacked policies or procedures for ensuring that user accounts are disabled when employees transfer or separate from employment.*	X‡
Physical Safeguards
Restrict access to its facilities.	The four nodes we reviewed stored the servers containing CalGang information in locked buildings with limited physical access.	✔
Institute procedures to protect criminal intelligence information from fire, flood, or other disasters.	CalGang information is regularly backed up to protect from data loss.	✔†

Moreover, as Table 6 shows, we have concerns about the user agencies’ compliance with federal regulations related to safeguarding CalGang information from unauthorized access. At the node administrator agencies for each of the four law enforcement agencies that we reviewed—Sonoma, the Santa Clara County Sheriff’s Office (Santa Clara), the Los Angeles Police Department (Los Angeles), and the Santa Ana Police Department (Santa Ana)—we attempted to review the policies and procedures for removing or modifying employee CalGang user accounts when the employees transfer or separate from employment.⁶ However, none of the node administrator agencies had such policies or procedures at the time of our review. We found 65 active user accounts across Santa Clara, Los Angeles, and Sonoma for individuals who no longer worked for the agencies. Two of these accounts may have been vulnerable to inappropriate access for more than 11 years following the employees’ departures. Subsequent to our review, Santa Ana’s node administrator provided us with a new procedure for evaluating the validity of its node’s CalGang user accounts.

In addition, although each of the node administrator agencies we reviewed asserted that they protect their data against loss by implementing practices such as performing regular backups of data as federal regulations require, we found that none of the node administrator agencies have fully documented plans for restoring CalGang information after a man‑made or natural disaster. Specifically, neither Santa Ana’s node administrator agency nor Los Angeles has a contingency plan in place for restoring CalGang information after a loss of this nature. In contrast, the node administrators for Sonoma and Santa Clara provided written agreements with service providers for restoring CalGang information after a man‑made or natural disaster. However, these service agreements did not specify how quickly the information would need to be restored in order to minimize the impact of the interruption. Industry best practices state that organizations should develop contingency plans that identify maximum acceptable time frames during which critical business applications can be inoperable. Without sufficient planning, the node administrator agencies risk losing the capability to process and retrieve CalGang information, which could significantly affect user agencies’ timely access to gang‑related intelligence information.

Ultimately, the board and the committee have not effectively communicated the federal regulations and state guidelines to user agencies. CalGang’s policies state that CalGang will comply with federal regulations and Justice’s Model Standards and Procedures for Maintaining Criminal Intelligence Files and Criminal Intelligence Operational Activities, November 2007 (state guidelines). The state guidelines provide similar safeguards as the federal regulations but in certain areas are more restrictive. We expected that CalGang policy or the agreements that user agencies and their respective node administrator agencies sign would provide direction on implementing the requirements for safeguarding data and ensuring they are reliable. However, CalGang policy does not contain such guidance, and the user agreements do not reference the specific requirements—in fact, the agreements are very broad and simply state that user agencies must comply with all applicable laws, rules, and regulations. Consequently, the four law enforcement agencies we reviewed did not understand these requirements. For example, the sergeant at Santa Clara who is solely responsible for determining whether individuals meet the criteria for entry into CalGang stated that he was not familiar with the state guidelines. As we discuss later, we found that the four agencies had not implemented many of the processes the state guidelines require. The remainder of this report explores the many examples of broken and fragmented processes we identified related to CalGang and how these processes weaken the database and create opportunities for violations of individuals’ rights.

Law Enforcement Agencies Could Not Always Demonstrate That They Had Established Reasonable Suspicion That Groups Were Gangs Before Entering Them Into CalGang

Although CalGang policy requires that all user agencies maintain sufficient source documentation to support their CalGang entries, we found that the law enforcement agencies we reviewed were unable to demonstrate that many of the groups they entered into CalGang met the criteria necessary for identification as gangs. The federal regulations and the state guidelines require that law enforcement agencies analyze legally obtained information to establish reasonable suspicion of organizations’ criminal activity before adding those organizations to criminal intelligence databases. To establish reasonable suspicion for entry into CalGang, the committee requires that law enforcement agencies ensure that groups meet the definition of a gang in CalGang policy. Figure 3 illustrates in part the criteria a group of three individuals must meet to be considered a gang. These criteria are important because after entering a gang into CalGang, a user agency may add individuals to that gang as gang members.⁷ An individual’s right to privacy is jeopardized if a law enforcement agency justifies collecting personal information about that individual by stating that he or she is a gang member when the agency has not yet established that such a gang exists through a documented pattern of criminal activity.

Figure 3
The CalGang Record Lifecycle Required for Establishing Reasonable Suspicion for Gangs and Suspected Gang Members

We reviewed a total of nine gangs that Sonoma, Santa Ana, and Los Angeles had entered into CalGang to determine whether the user agencies had appropriately established reasonable suspicion according to the criteria in CalGang policy when the law enforcement agency entered them.⁸ We identified problems with Sonoma’s and Santa Ana’s processes for adding new gangs. We expected that these two agencies would be able to direct us to the records they analyzed to determine that the group of three or more individuals had a common sign, symbol, or name and demonstrated a pattern of criminal gang activity, as depicted in Figure 3. However, we found that Sonoma and Santa Ana generally relied on summary statements agency staff provided on forms or in emails that described how groups met the reasonable suspicion requirements for CalGang entry. Although through subsequent follow up we found that these groups currently meet the definition of a gang, neither agency was able to demonstrate which individuals—at the time of the groups’ initial entry into CalGang—supported the agencies’ conclusions that the groups met the necessary criteria. Therefore, neither agency could prove that it performed the analysis required to establish reasonable suspicion. In contrast, we found that Los Angeles could support the gang we reviewed. Specifically, before Los Angeles added the gang into CalGang, it supported that reasonable suspicion existed by maintaining a list of individuals and their associated arrests, which together established gang criteria.

Sonoma’s process for adding new gangs to CalGang is of particular concern to us. The sergeant acting as Sonoma’s node administrator is responsible for adding gangs for the 30 counties that make up the Sonoma node, yet he does not collect or analyze the source documents that support his gang entries. Moreover, he destroys the summary documentation the agencies within those counties provide after transferring the information into CalGang. Therefore, the sergeant could not provide supporting documentation for any of the four gangs we examined from Sonoma. This approach increases the risk that he will add groups to CalGang even when user agencies have not established reasonable suspicion according to CalGang policy. Once a gang is added to CalGang, all user agencies in the node, which encompasses Northern California, are free to collect and share information about individuals they believe are gang members, potentially violating those individuals’ rights.

Additionally, the committee has not ensured that user agencies periodically assess gangs to determine whether they continue to meet the criteria in CalGang policy. The minutes from board and committee meetings show that nodes periodically query CalGang data to identify and remove gangs with fewer than three members. However, this type of limited review does not confirm that reasonable suspicion continues to exist for larger gangs, creating the risk that CalGang contains information on individuals who are alleged members of groups that no longer meet the gang criteria. Guidance provided by the Institute for Intergovernmental Research—the criminal intelligence training vendor with which the federal government contracts—indicates that law enforcement agencies should periodically validate that reasonable suspicion exists for a gang within a specified time frame, called a retention period. According to this guidance, the gang and its members should generally be purged at the end of this retention period. However, no retention period for gangs exists in CalGang if reasonable suspicion can no longer be validated.

As a result, Los Angeles had no information since 2008 in its gang history records demonstrating that one gang had engaged in a pattern of criminal activity. To determine whether Los Angeles had simply neglected to update its history for this gang, we analyzed CalGang records for its members between 2010 and 2015 and found Los Angeles’ officers documented only one arrest for offenses consistent with gang activity. However, we determined through a review of that individual’s criminal history records that he was not arrested on the date documented in CalGang. As a result, based on our review, Los Angeles no longer had sufficient reasonable suspicion in its gang records or in CalGang to continue to categorize this group as a gang and the node administrator would not have reviewed the gang until its membership in CalGang fell below three members.

After we brought this problem to the attention of Los Angeles, its node administrator researched the gang’s members and provided us with records of arrests of gang members that law enforcement officers did not include in the gang’s history or accurately enter into CalGang. Although some of the offenses Los Angeles directed us to are consistent with gang activity, we question why Los Angeles failed to enter this information into CalGang and update its internal gang history. This example demonstrates why it is important for CalGang user agencies to establish a retention period and periodically assess whether a gang continues to meet reasonable suspicion requirements in order to ensure system accuracy and the protection of individuals’ rights.

Law Enforcement Agencies Do Not Have Adequate Support for Some of the Individuals and Many of the Criteria They Entered Into CalGang

When law enforcement agencies cannot provide adequate support for the inclusion of individuals in CalGang, documenting those individuals’ whereabouts, appearance, and associates in a shared database could constitute or lead to a violation of their privacy or other constitutional rights. Further, the inclusion of inaccurate or unsupported information in CalGang reduces the system’s value to law enforcement agencies. Nonetheless, when we reviewed a selection of 100 people included in CalGang, we found that law enforcement agencies did not have adequate support for inclusion of 13 of these individuals. Additionally, because user agencies can identify numerous reasons, or criteria, for entering or retaining individuals in CalGang, we reviewed more than 500 items of criteria associated with these 100 individuals and found that the user agencies lacked adequate supporting documentation, such as field notes or arrest report narratives, for 23 percent of the criteria.

CalGang policy requires, with one exception, that a user agency identify two documented criteria for initially entering a person into CalGang.⁹ For the individual to remain in CalGang longer than five years from the date of original entry, a user agency must enter subsequent criteria, which will reset the five‑year period from that date. User agencies generally enter criteria when they have additional contacts with the individuals. Because user agencies may have entered numerous criteria for some individuals, those individuals’ inclusion in CalGang may be justifiable even if some of these criteria are unsupported. As shown in Table 7, we found that 131 of the 563 (23 percent) items of criteria we reviewed lacked support. Ultimately, this led us to conclude that law enforcement agencies did not have adequate support for inclusion in CalGang for 13 of the 100 individuals we reviewed.

Table 7
Four Law Enforcement Agencies’ Support for a Selection of 100 Individuals in CalGang

Law Enforcement Agency	Individuals				Gang Criteria
	Number Reviewed	Number Adequately Supported	Number Not Adequately Supported		Number Reviewed	Number Adequately Supported	Number Not Adequately Supported
Los Angeles Police Department	25	23	2		213	165	48
Santa Ana Police Department	25	22	3		104	89	15
Santa Clara County Sheriff’s Office and the San Jose Police Department*	25	24	1		127	107	20
Sonoma County Sheriff’s Office†	25	18	7		119	71	48
Totals	100	87	13		563	432	131

As indicated in Table 8, 31 of the unsupported criteria related to the criterion “subject has admitted to being a gang member,” while three related to “in-custody classification interview,” which are admissions of gang membership when individuals are brought into custody and will be confined with other individuals. In these instances, we found that the source documents either contained no record of gang membership admissions or, in some instances, indicated that the individuals said they were not—or not currently—gang members. For example, Sonoma justified entering a person into CalGang in part because he supposedly admitted to being a gang member during a custody classification interview at the county jail. However, when we obtained a record of this interview, we found that the person said he was not currently a member of the gang to which he was later connected in CalGang. In fact, he specifically requested to not be housed with this gang. The only criterion for this individual’s inclusion in CalGang for which we found support was that he had been seen associating with documented gang members. However, even that circumstance consisted of no more than an officer’s observation that the individual was in the garage of a residence that a documented gang member had left. Given that Sonoma did not have adequate support for any other criteria for this individual, we concluded that his inclusion in CalGang was inappropriate.

Table 8
Number and Types of CalGang Criteria Entries That Lacked Adequate Support

Criteria	Number of Criteria Not Supported	Number of Criteria Reviewed
Subject has admitted to being a gang member.	31	136
Subject has been arrested for offenses consistent with usual gang activity.	29	70
Subject has been seen associating with documented gang members.	28	98
Subject is known to have gang tattoos.	16	104
Subject has been identified as a gang member by a reliable informant/source.	8	11
Subject has been seen wearing gang dress.	7	33
Subject has been seen frequenting gang areas.	6	63
Subject has been seen displaying gang symbols and/or hand signs.	3	12
In-custody classification interview.	3	35
Subject has been identified as a gang member by an untested informant.	0	1
Totals	131	563

Source: California State Auditor’s review of four law enforcement agencies’ support for 100 people included in CalGang, as listed in Table 7.

When we asked about these admission‑related entries that did not match source documents, representatives of the law enforcement agencies often agreed that the criteria were not accurate and even purged the information from CalGang. At times they explained that they could have used other field observations they did not record in CalGang but that were present in the source documents to justify the individuals’ inclusion in CalGang. However, admitting that they could or should have entered other criteria into CalGang does not negate the fact that the system inaccurately reflects individuals’ statements regarding gang membership. For CalGang to be useful to law enforcement personnel, it should be both complete and accurate.

We also found 29 instances in which user agencies were unable to support the criterion “subject has been arrested for offenses consistent with usual gang activity.” In fact, in nine of these instances, we could not find that the person had been arrested for any offense—despite the use of this criterion to justify putting the individual in CalGang. For the remaining 20 entries, we found that the individuals had been arrested for common crimes that did not necessarily have any connection to gang activity, such as probation violations and drug possession. Although the committee established the 10 criteria listed in Table 8, it did not implement any policies or procedures further describing what offenses are consistent with gang activity. However, the Penal Code contains a list of offenses that can be used to determine that a group is a criminal street gang for the purpose of prosecuting its members, a selection of which are listed in the text box. Absent any further definition from the committee or from the user agencies we reviewed, we used the Penal Code’s categories as a benchmark for whether individuals’ offenses were, in fact, consistent with gang activity.

In response to our concern regarding the offenses law enforcement agencies used for this criterion, Santa Ana agreed to remove one criteria entry related to loitering and two related to drug possession. Conversely, the node administrator in Sonoma stated that we misunderstood the concept of “subjective reasonable suspicion” and maintained that some of the offenses we were questioning—violating probation and resisting arrest—are common among gang members. When we questioned a criteria entry because the associated offense was the prohibited possession of ammunition, which the Penal Code does not identify as a gang‑related offense, the Sonoma node administrator responded that “possession of ammunition by a gang member is a gang crime.” The problem presented by both of these responses is that they presuppose that the individuals in question are gang members and therefore the offenses for which they were arrested are gang crimes. In our view, offenses need to be indicative of gang activity for user agencies to justify including individuals in CalGang. Although we understand law enforcement officers must exercise judgment in making certain criteria determinations, the results of our testing suggest that the exercise of this judgment needs to be informed by specific regulations.

The user agencies were also frequently unable to support the criterion “subject has been seen associating with documented gang members.” Specifically, we found 28 criteria entries in which the law enforcement agencies did not document that the people with whom the individuals in question were associating were gang members. In fact, at times we found no record of anyone else even being present during the events leading to the particular field observations.

In regard to the other unsupported criteria listed in Table 8, we did not question the validity of the law enforcement officers’ field observations but rather only identified criteria as unsupported if the source documents lacked such observations altogether.¹⁰ For example, if the law enforcement officers indicated in source documents that geographical locations, tattoos, symbols, or manner of dress were gang‑related, we accepted these statements. However, we identified criteria entries as unsupported if no such statements were present. For example, Los Angeles used the criterion “subject has been identified as a gang member by a reliable informant/source” to justify the inclusion of an individual in CalGang. Upon hearing our concern that the source document made no mention of an informant or other source, the node administrator for Los Angeles responded that the “reliable source would be the officer making the determination.” This interpretation of what constitutes a “reliable informant/source” is inappropriately broad and would allow officers to enter this criterion absent any evidence other than their own views that individuals are gang members.

We found two primary causes for the inaccurate criteria entries we identified. Based on their descriptions of their processes for entering information into CalGang, the user agencies we reviewed often have administrative staff or other designated officers enter information into CalGang rather than the officers who made the field observations. CalGang policy does not prohibit this approach and we recognize that it can be efficient. However, it may also be the cause of some of the discrepancies between CalGang entries and the corresponding source documents. Another contributing factor to the deficiencies we found is the lack of strong oversight of CalGang. No independent party regularly scrutinizes CalGang criteria—a condition we detail in the report.

As a result of these inaccurate criteria entries, law enforcement agencies are tracking people in CalGang who do not appear to justifiably belong in the system. Further, the inaccuracies weaken its value to law enforcement because many of the descriptions in CalGang do not match the support to which the system is pointing. If law enforcement agencies later attempt to use this support as evidence in convictions or sentencing enhancements—years added to a prison term when an individual commits a crime to promote or assist a gang—they will find that the information was not worth the time and resources they used to locate and analyze it.

Throughout the audit, law enforcement officials offered their perspective that inclusion in CalGang is of little impact to an individual because CalGang only points to source documentation. CalGang policy prohibits using the system as the basis for expert opinion or statements of fact in official reports or for non‑law enforcement purposes, such as employment screenings. However, we found that neither of these prohibitions is always followed. In fact, when we searched California appellate cases that contained the terms CalGang or gang database, we found at least four unpublished cases that referred to CalGang as support for expert opinions or conclusions in official reports that individuals were or were not gang members. Further, we found one case in which a CalGang printout was apparently provided to a jury. We found numerous other instances in which the unpublished decisions by the appellate courts cited or otherwise contained references to CalGang or a gang database. As we discuss later in this report, three user agencies admitted that they use CalGang for employment or military‑related screenings. These examples emphasize that inclusion in CalGang has the potential to seriously affect a person’s life and therefore the accuracy and appropriate use of CalGang is of critical importance.

Law Enforcement Agencies Lack Appropriate Safeguards to Ensure the Accuracy and Security of CalGang Records

Law enforcement agencies have failed to ensure that CalGang records are added, removed, and shared in a way that maintains the accuracy of the system and safeguards individuals’ rights. We found that the agencies we examined did not review records before and after entering them in CalGang and that committee audits of the information within CalGang lacked independence and transparency. Moreover, flaws in CalGang’s controls caused many individuals to remain in the system longer than federal regulations allow; in fact, some individuals are currently scheduled to remain in CalGang for hundreds of years. Finally, in response to our survey, three agencies reported using CalGang for employment or military-related screenings, which represent an inappropriate use of the system. We believe that the committee’s failure to implement standardized training has contributed to user agencies’ inappropriate and inconsistent use of CalGang. In addition, the committee’s lack of oversight and the user agencies’ lack of sound processes has increased the risk of inaccuracies in CalGang, which could jeopardize the effectiveness of investigations and lead to violations of individuals’ privacy rights.

Law Enforcement Agencies Have Not Established Necessary Processes for Reviewing and Purging Records

The federal regulations and state guidelines that CalGang adopted outline the requirements for maintaining individuals’ criminal intelligence records. The requirements that relate to reviewing records accomplish two objectives: They ensure that the information in CalGang is accurate, which helps make CalGang a valuable tool for solving and preventing crimes, and they help ensure that inaccurate information is not added and that unreliable and unnecessary information is purged, which protects individuals’ rights. As Figure 3 indicates, the federal regulations and state guidelines require that law enforcement agency supervisors review and approve criminal intelligence data before entry. The state guidelines also recommend periodic quality control reviews of such data and permanently removing data from CalGang if they are misleading, obsolete, or otherwise unreliable.

However, as Table 9 shows, the four law enforcement agencies we reviewed did not have processes in place to ensure that agency supervisors and quality control reviewers evaluated records before their entry into CalGang. In fact, three of the four agencies followed a practice of allowing one law enforcement officer or analyst to decide unilaterally which suspected gang members to add to CalGang. In contrast, Los Angeles has established and generally followed a process requiring that a supervisor review records before their entry. However, none of the four agencies annually assessed CalGang records as the state guidelines require. The Sonoma node administrator explained that his agency had not implemented these requirements because they would add unnecessary levels of review that would delay the entry of information into CalGang. He further stated that until the agency enters the information, it is not usable intelligence. However, if Sonoma or other agencies believed that the safeguards in the state guidelines were too onerous, they should have at least established other, compensating processes that would ensure the information they entered into CalGang was sound. We found no such mechanisms at Sonoma or the other three agencies we examined, the lack of which likely contributed to the numerous unsupported criteria entries in CalGang.

Table 9
Law Enforcement Agencies’ Adherence to State Record Review Requirements

	Los Angeles Police Department	Sonoma County Sheriff’s Office	Santa Ana Police Department	Santa Clara County Sheriff’s Office
Required Supervisory Review Ensures law enforcement agencies lawfully collected criminal intelligence and that information conforms to the California Department of Justice’s (Justice) guidelines (state guidelines*).	✔	X	X	X
Recommended Quality Control Review Ensures compliance with state guidelines.	X	X	X	X
Required Annual Review Ensures intelligence remains current, accurate, relevant, and complete.	X	X	X	X

In addition, the committee’s periodic audits of CalGang records are weak and do not ensure that CalGang contains only valid, accurate information. The federal regulations require that criminal intelligence information must be periodically reviewed and destroyed if it no longer meets certain standards and that records must be reviewed and validated for continuing compliance with submission criteria before the end of their retention period. CalGang policy implements this requirement from the federal regulations by stating that each node administrator agency will be audited no less than twice a year. However, the policy does not specify who will conduct these audits, how they are to be documented, or who will review the results. The current committee chairperson stated that the node administrator agencies conduct the audits—meaning that node administrators audit their own records—and that their representatives orally report the results at committee meetings. Nevertheless, our review of this process suggests that these audits are not adequate to determine the accuracy of the information in CalGang.

Specifically, the audits are limited in focus and it is difficult to determine if any change resulted. Board meeting minutes dated January 2006 indicate that the board directed each node administrator agency to audit 30 records a year, resulting in the annual review of 330 records statewide. However, this level of review appears inadequate given that CalGang contains in excess of 150,000 individuals’ records. Further, the minutes from the committee’s meetings document that the node administrator agencies report on the results of their audits, but the minutes lack sufficient detail of how the agencies addressed the problems they uncovered. Thus, for the majority of its audits, the committee was unable to demonstrate the value of its audit process and the related outcomes. The limited focus of these audits is especially concerning because they are the only oversight tool that the committee uses, yet the audits are self‑reported with no independent verification of the results, resulting in a process that is not robust enough to ensure that user agencies are maintaining valid and accurate criminal intelligence records, adhering to security protocols, and upholding individuals’ rights to privacy. The lack of an appropriate audit process potentially weakens CalGang’s value as a law enforcement tool and may contribute to the public’s concern that law enforcement agencies are mishandling private, sensitive information.

Our review of CalGang records statewide identified a significant number of errors that demonstrate the need for stronger controls over the processes for entering, evaluating, and auditing the data in CalGang. For example, we found 42 individuals in CalGang whose birthdates indicated that they were less than one year old at the time their information was entered, 28 of whom were entered into the system in part because they admitted to being gang members. CalGang also contained information that was unusable for meaningful data analysis, such as telephone numbers, zip codes, or random characters in the data field intended to capture a city name. Additionally, we found instances in which city names were misspelled or abbreviated in inconsistent ways. For example, we identified more than 100 variations for Los Angeles, including “Los Angels” and “Los Angeleses.”

We expected that the law enforcement agencies we examined would be familiar with the state guidelines that the committee adopted and have the necessary safeguards in place to implement the related requirements. However, key officials and CalGang users from Los Angeles, Santa Ana, and Santa Clara were all unaware of the state guidelines and the requirements therein. At Sonoma, the sergeant who functions as the node administrator stated that the processes the state guidelines outline were either not applicable to CalGang, did not have value, or would be too resource‑intensive to fully implement. We disagree with the sergeant’s assertions because CalGang policy explicitly requires user agencies to follow the state guidelines. Further, if Sonoma or other agencies had concerns regarding the processes in the state guidelines, they should have reconciled them with processes that were similarly robust but more efficient to implement. Disregarding the guidelines designed to enhance CalGang’s accuracy and to preserve individuals’ rights degrades the database and calls into question user agencies’ commitment to CalGang’s mission—to provide an accurate resource for law enforcement.

The programming underlying CalGang also may jeopardize individuals’ privacy rights because it did not purge all records within the required time frames. User agencies rely upon CalGang’s automatic purge function to comply with the requirement in the federal regulations to remove criminal intelligence records if user agencies have not added new information indicating gang membership within five years. However, when we searched 104 records for individuals in CalGang to ensure that they had been purged on schedule, we found that 12 remained in CalGang even though they did not contain new information that would have warranted extending their purge dates. In fact, these 12 records reflected purge dates that should have taken effect in the past. Santa Clara, which is within the San Jose node, had created all 12 records, but neither Santa Clara’s gang sergeant nor the sergeant in the gang investigations unit at the San Jose node could offer an explanation as to why the automatic purge function had exhibited this operational deficiency. When we checked CalGang again about three weeks later, the 12 records had been purged. CSRA International, Inc. (CSRA)—the company that developed the proprietary CalGang software—indicated that errors with the San Jose node’s server caused the automatic purge function to run improperly for approximately two months. CSRA asserted that it resolved this error and has implemented procedures to quickly identify similar issues in the future.

Further, as of November 2015, we identified records for three additional individuals who should have been purged in 2002, 2003, and 2008, respectively. When we asked CSRA why these individuals were still in CalGang, it identified a programming error that caused the automated purge process to overlook the three individuals. Consequently, these individuals’ records remained in CalGang from seven to 13 years beyond when they should have been purged. CSRA asserted that it subsequently corrected this error and would report these three individuals to the appropriate law enforcement agency for review. As of June 2016, CSRA reported that these individuals were no longer in CalGang.

Finally, CalGang’s programming has not at times had sufficient controls to prevent future dating of entries related to gang membership or affiliation. This lack of controls—coupled with law enforcement’s failure to establish a thorough review process to ensure the accuracy of data entries—could cause individuals to inappropriately remain in CalGang for several decades, or even centuries. Specifically, we identified 628 individuals whose records had purge dates beyond the standard five‑year time period, including 257 whose records were not scheduled to be purged for more than 100 years. When we inspected these individuals’ criteria dates—which is the information CalGang software uses to calculate purge dates—we found that the entries were future‑dated. For example, one individual had a criteria entry dated in the year 9992, which resulted in a purge date in the year 9997, or nearly 8,000 years from now. Although these future dates are most likely the result of data entry errors, an incorrect entry has significant implications for the timely removal of the individual from CalGang.

When we asked CSRA how such errors could occur, it stated that before 2009, and then again between 2011 and 2014, CalGang user agencies could enter future‑dated criteria. CSRA asserted that it implemented controls in 2014 designed to prevent users from future‑dating criteria. In addition, CSRA indicated that it would report the individuals we identified to the appropriate node administrators for review and possible deletion. However, as of June 2016, CSRA stated that 115 individuals with future‑dated criteria remained in CalGang.

Absent a robust review process, the committee has relied completely on the CalGang software to remove individuals within the time frames federal regulations specify. Software deficiencies have allowed some records to remain in CalGang and accessible to law enforcement agencies far beyond their purge dates. Retaining records in CalGang for longer than the federal regulations allow potentially violates individuals’ rights and pollutes CalGang with outdated information that may hinder law enforcement agencies’ efforts to suppress gang activity.

Law Enforcement Agencies Lack Processes to Ensure They Share CalGang Information Properly and Limit CalGang Access as CalGang Policy Requires

To preserve individuals’ privacy rights, numerous requirements contained in the federal regulations, the state guidelines and CalGang policy exist around sharing CalGang information. These requirements are generally rooted in the concept that CalGang information should be shared only for a law enforcement purpose and only with requesters that have a “need and right to know.” Nevertheless, we found that CalGang’s oversight entities and user agencies have not taken all the steps necessary to ensure CalGang information is shared only when appropriate. Specifically, the four local law enforcement agencies we reviewed each lack necessary policies and procedures for sharing CalGang information. Further, responses to our statewide survey suggest that at least three law enforcement agencies may have inappropriately used CalGang as an employment screening tool.

The information‑sharing policies of all four user agencies we reviewed omit some of the safeguards that CalGang policy requires. Requests for CalGang information can come either from within user agencies or from external parties, such as law enforcement agencies that do not use CalGang, media outlets, and researchers. CalGang policy requires that each user agency establish written policies and procedures for accessing CalGang information that ensure that they only share information in accordance with existing laws, regulations, and guidelines. However, we identified weaknesses in the policies of each of the four law enforcement agencies we reviewed. For example, Los Angeles’s policy addresses releasing information for discovery motions and requests for records, and it also specifies the parties that must approve information releases. Nonetheless, it is silent about documenting the requestors’ need and right to know and tracking to whom it releases criminal intelligence—both of which are requirements in federal regulations and state guidelines. As a result of similar types of omissions at all four user agencies, the users at the agencies lack the guidance necessary to ensure they share criminal intelligence only with authorized recipients and only for law enforcement purposes.

We attempted to assess Justice’s and the four user agencies’ past decisions to share information, but we have little assurance that they identified all of the CalGang requests they received. Specifically, Justice and the four agencies could identify requests for CalGang information made pursuant to the Public Records Act, but none of these law enforcement agencies had processes to capture internal requests or requests from other law enforcement agencies. Justice, Los Angeles, Santa Clara, and Santa Ana identified a combined total of 16 information requests they received between January 2011 and early March 2016; in contrast, the sergeant who functions as the Sonoma node administrator asserted that Sonoma did not receive any requests for information during that time frame. Table 10 shows the information requests categorized by requestor type and by the nature of the CalGang information requested. We found that requestors sought criminal intelligence information in four instances and that the agencies declined to provide the information because the requestors did not have a right to know it.

Table 10
Summary of CalGang Information Requests Received Between January 2011 and March 2016 by Requestor Type and the Nature of the Information Requested

Nature of Information Request
Requestor	Criminal Intelligence Records	CalGang Statistics	Policy and Procedures/ Operational Information
Media	0	5	3
Researchers	2	3	3
Legal counsel	2	1	1
Private party	0	1	1
Totals	4	10	8

Conversely, our statewide survey revealed that, of the 190 law enforcement agencies that responded to this question, three may have inappropriately shared information because they used CalGang to screen for employment or military recruitment purposes. Screenings of these types are not apparent law enforcement activities—they are not related to preventing or solving crimes—and thus do not meet the standard of need or right to know for a law enforcement purpose. Specifically, an administrative aide from Ventura County Sheriff’s Department (Ventura) asserted that she reviewed CalGang to determine if individuals who applied for employment with Ventura were listed as gang members. Similarly, a sergeant from Thousand Oaks Police Department (Thousand Oaks) asserted that the agency reviewed CalGang to assist the military in determining whether a candidate was a gang member. Finally, a detective from Santa Barbara County Sheriff’s Office (Santa Barbara) reported using CalGang to screen for employment and to assist the military.

Although each of the three agency officials asserted that they did not print or distribute any hard‑copy CalGang information resulting from their searches, using the system in this manner does not appear appropriate. On three separate occasions dating back to 2006, the board or the committee determined that user agencies should not use CalGang for employment background checks or in response to requests from the military. The board established that military recruiters do not have the need or right to know CalGang information and therefore users should not fill those information requests. Nevertheless, based on our review of their respective minutes, neither the board nor the committee disseminated these decisions to the CalGang users. Moreover, the committee did not clarify in CalGang policy that these uses are prohibited. Consequently, two of the three agencies asserted that using CalGang to screen employment or military candidates was appropriate. For example, according to a Thousand Oaks sergeant, using CalGang to respond to requests from military recruiters is appropriate because the military does not want to train gang members in the use of weapons and tactics, thus making those individuals more dangerous to the public. Alternatively, the Santa Barbara detective agreed that using CalGang to screen candidates for internal positions or for the military was inappropriate and planned to suggest the agency change its practices. The mix of interpretations is concerning to us and suggests that user agencies need better, and perhaps more frequent, training, as we describe in the next section.

The Committee and Node Administrators Cannot Demonstrate They Follow CalGang Training Policy or Best Practices

As previously discussed, the board and the committee delegate important tasks to user agencies, such as determining whether reasonable suspicion of criminal activity exists to warrant entering individuals into CalGang. However, the agencies’ abilities to effectively perform these tasks depends in large part on the training their staff receives. Consequently, CalGang policy states that the committee will develop, review, and approve standardized trainings for the staff at user agencies. Although the text box shows the committee’s required training topics for user agencies, neither the committee nor the two node administrator agencies we reviewed could demonstrate that the committee had developed or approved standardized training materials for statewide use. Instead, each node administrator agency develops its own materials. In addition, we expected to find that the committee had processes in place to identify needed changes and updates to the content of the training materials. For example, changes to state law that took effect in 2014 regarding notifying juveniles and their parents or guardians before entering juveniles into CalGang presented the committee with an opportunity to update CalGang training materials, but we found no evidence that the committee had done so.

The lack of standardized training may have created inconsistencies in how user agencies apply the criminal intelligence requirements the committee has adopted. Specifically, as discussed previously, we found that law enforcement agencies we reviewed did not have adequate support for including 13 individuals within CalGang. Moreover, three agencies responded to our survey that they used CalGang to screen for potential employment, even though this use does not appear to meet the standard of need and right to know for a law enforcement purpose. The appropriate adding to and sharing of information in CalGang is critical to protecting individuals’ right to privacy, yet the committee has failed to fulfill its responsibility to ensure user agencies are effectively trained in those two functions.

We also found deficiencies with the committee’s approval of training content for instructors. CalGang policy requires potential instructors to attend a committee‑approved, train‑the‑trainer course and requires node administrators to verify potential instructors’ experience using CalGang. However, neither the committee nor Sonoma and Los Angeles—which are both node administrator agencies—could demonstrate that the committee had approved an instructor training course. In fact, the committee chair—who is also the Los Angeles node administrator—stated that a formalized train‑the‑trainer course does not exist. CalGang policy further states that instructors must complete the 24‑hour user course in addition to a train‑the‑trainer course. However, CalGang instructors cannot obtain the requisite number of training hours because the user training the nodes provide is just 16 hours in length, not the required 24.

Finally, the committee has not required users to take periodic refresher trainings so that their skills remain up to date. The committee does not require such trainings, regardless of how long users have maintained CalGang access. In our statewide survey, 86 (46 percent) of the 186 CalGang user agencies that responded to this question indicated that their users could benefit from periodic refresher training. Further, a separate analysis we performed revealed that half of CalGang’s users have had accounts allowing their access to CalGang for six years or more. The full distribution of the length of time users have maintained their accounts is depicted in Figure 4. By requiring only an initial training for users, the committee risks that users’ knowledge of CalGang policy will fade over time or not keep pace with changes, thereby jeopardizing the integrity and accuracy of CalGang’s information.

Figure 4
Age of Users’ CalGang Accounts

Law Enforcement Agencies Have Failed to Appropriately Notify Necessary Parties Before Entering Juveniles Into CalGang

Because two of the four law enforcement agencies we reviewed did not send all legally required notices before entering juveniles into CalGang, many juveniles and their parents or guardians (parents) were not afforded the right to contest the juveniles’ gang designations. Further, the two agencies that sent the necessary notifications did not provide the juveniles and their parents with adequate information to contest the designations. In fact, responses to our statewide survey of law enforcement agencies revealed that less than 3 percent of juveniles or their parents contested these designations, possibly as a result of their notification letters not containing adequate information. Because the two law enforcement agencies have not complied with state law related to these notifications, they have limited the effectiveness of the juvenile notification process as a means to identify juveniles whom they may have mistakenly added to CalGang as gang members.

State law effective January 1, 2014, generally requires law enforcement agencies to send juveniles and their parents notices before adding juveniles to a shared gang database, such as CalGang. Figure 5 depicts the juvenile notification process the state law established. This process requires notifying juveniles and parents or guardians of the basis for the juveniles’ gang designations and of their right to contest the gang designations. The process also describes the limited circumstances in which law enforcement agencies do not have to notify the juveniles and the parents.

Figure 5
The Required Juvenile Notification and Contestation Process as Applied to CalGang

Between January 1, 2014, and November 23, 2015, user agencies added more than 2,200 juveniles to CalGang. Following January 2014, the number of juveniles that user agencies added to CalGang dropped significantly; from 2013 to 2014, the number decreased by 1,134, or 48 percent. In fact, the number of juveniles Sonoma and Santa Clara each added dropped to zero. Officers at each agency asserted that they stopped adding juveniles to CalGang in direct response to the new notification requirements. Specifically, the Sonoma gang enforcement sergeant asserted that Sonoma stopped adding juveniles for reasons that included the administrative burden and his perception that parents frequently refuse to believe their children are associated with a gang and would attack the agency’s motives. On the other hand, Santa Clara’s gang sergeant asserted that his agency no longer adds juveniles to CalGang because it does not have a notification process in place and wants to learn from the processes other agencies have established. However, when user agencies choose not to add juveniles to CalGang to avoid notifying juveniles and their parents or to wait and learn from other agencies’ processes, CalGang becomes a less useful tool for protecting the public from gang violence.

As indicated in Table 11, the two user agencies we reviewed—which were limited to Los Angeles and Santa Ana for the reasons just described—were unable to demonstrate that they properly sent letters before adding juveniles to CalGang for all but 35 of the 129 records we reviewed. Specifically, we found that Santa Ana did not send letters to juveniles, but rather only to their parents. Based on interviews with a number of officials, we determined that Santa Ana misinterpreted the law’s requirements. In contrast, Los Angeles has a policy that describes a process that meets the law’s notification requirement, but we found that officers in the five divisions we reviewed—Los Angeles has 21 divisions in total—did not follow the policy. Consequently, Los Angeles could not demonstrate that it sent letters to 29 juveniles and their parents. Moreover, Los Angeles sent notices for 50 juveniles after entering them into CalGang instead of before, as required; in fact, in several instances, it did not send the letters for more than a month after entering the juveniles into CalGang. As reasons for not following state law, officials for Los Angeles cited turnover in officer and administrative staff positions as well as agency staff misunderstanding the requirements.

Table 11
Rates of Adherence to State Law Requiring Juvenile Gang Designation
From January 2014 Through November 2015

	Total Number of Juveniles’ Records Reviewed	Records For Which Notification Requirements Were Met	Records For Which Notification Letters Were Not Sent [Juvenile and/or their Parents*]	Records For Which Notification Letters Were Sent After CalGang Entry [Juvenile or the Parents]
Santa Ana Police Department	15	0	15	0
Los Angeles Police Department	114	35	29	50
Totals	129	35	44	50
Percent of total juveniles’ records reviewed —————————————>		27%	34%	39%
			73%

We also determined that Los Angeles’s and Santa Ana’s notices were inadequate because they did not provide the bases the agencies used for the juveniles’ gang designations. Although state law requires law enforcement agencies to provide the bases for gang designations, the law does not specify what information the agencies need to include to fulfill that requirement. A bill analysis on the juvenile notification law states that the basis for a gang designation would be source documents, such as arrest reports and field interview cards, indicating that the person met the criteria for being considered a gang member. However, the notification letters Los Angeles and Santa Ana sent offered only conclusory language that was so vague it did not fully inform the juveniles and parents of the contacts or analyses that led to the designations. The text box cites the relevant language the agencies included in their letters to parents. Although the Los Angeles letters invite juveniles and parents to contact an officer with their questions, neither letter cites the specific criteria the agency used for identifying juveniles as members of gangs.

Without knowing law enforcement agencies’ bases for suspecting gang membership, juveniles and their parents do not have sufficient information to meaningfully challenge those agencies’ decisions to add the juveniles to CalGang. Part of the Legislature’s intent in developing the notification process was to ensure that user agencies did not incorrectly enter juveniles into CalGang. However, parents and juveniles cannot contest juvenile gang designations effectively, if at all, without knowing the criteria user agencies determined the juveniles met. Because of the lack of information in the juvenile notification letters, parents sometimes submitted letters that simply stated that their children were not gang members. Other parents submitted character references from school principals and church leaders or descriptions of their own efforts to keep their children away from gangs. These types of responses—which are the result of the lack of information the user agencies provided—do not help the agencies identify mistakes they may have made when concluding that juveniles met the criteria for entry into CalGang. Thus, the insufficient notification letters have disadvantaged the law enforcement agencies, juveniles, and parents.

We found that few juveniles and parents contested gang designations and that—contrary to state law—the two user agencies generally responded only to the party that contested the designation which only partially fulfilled the law. Table 12 summarizes the number and rate of contested juvenile gang designations for Los Angeles and Santa Ana, as well as the results from our survey of 329 law enforcement agencies. Santa Ana’s higher rate of contestations may be the result of its notification process. Specifically, it sends notices to parents each time a contact with a law enforcement officer results in an update to a juvenile’s CalGang record. This process, which results in multiple letters to parents, exceeds the requirements of state law. Although the law requires that agencies inform both juveniles and parents of their decisions in response to contestations, we found that the two user agencies generally responded only to the party that contested the designation.

Table 12
Contestations of Juvenile Gang Designations at Two Law Enforcement Agencies and Statewide
From January 1, 2014, Through October 31, 2015

	Los Angeles Police Department (Los Angeles)	Santa Ana Police Department (Santa Ana)	Statewide Survey Results*
Number of juveniles	381	140	1,705
Number of contestations received	5	19†	47
Contestation rate	1%	14%†	3%
Number of juveniles removed from CalGang in response to a contestation	0	7	15

Although the law provides two reasons to justify law enforcement agencies’ decisions not to notify juveniles and their parents before adding the juveniles into CalGang, we found that the user agencies rarely use these options. Specifically, as Figure 5 illustrates, law enforcement agencies can choose not to notify juveniles and their parents if they believe doing so will compromise either ongoing criminal investigations or the juveniles’ health or safety. However, based on our reviews of Santa Ana and Los Angeles, as well as the responses from our statewide survey, we determined that law enforcement agencies rarely choose not to send notices for these two reasons. In fact, Santa Ana has not used either option since the law went into effect in 2014, and Los Angeles documented using these options for just five juveniles. Further, the responses from our survey suggest that user agencies statewide documented only 10 additional instances in which the agencies justified not sending notices for the exceptions provided in law.

In response to our concerns about their juvenile notification practices, officials with Los Angeles and Santa Ana asserted they would take corrective actions. A detective who serves as the Los Angeles node administrator is working to implement a juvenile notification review process in which staff will review all juveniles Los Angeles officers entered since January 1, 2014 and document whether officers fulfilled the requirements of state law. If juveniles do not meet the law’s requirements, the detective’s plan is to delete the juvenile, send proper notification, and reenter the juvenile into CalGang. The detective is also planning to implement a process in which he will review some juveniles each month to ensure adherence to the law’s requirements.

Similarly, a commander from Santa Ana provided updated letter templates for both juveniles and their parents. However, the letters’ text still does not provide the bases for the juvenile’s designation as a gang member. According to the commander, Santa Ana chose not to include more specific information because it believes the letter gives parents and juveniles a sense of the behavior that led to the juveniles’ contacts with the law enforcement officers. He also stated that providing specifics about contacts would focus arguments on the contacts or incentivize juveniles to stop certain behaviors purely to prevent police detection, which are outcomes he does not believe would be productive. He stated that the benefit of the juvenile notification law is the conversations it can initiate among parents, juveniles, and law enforcement officers related to the resources the agency may provide to keep the juveniles away from and out of gangs. However, we believe that for these conversations to be productive, parents need specific information about the nature of their children’s contacts with law enforcement officers.

Notwithstanding Los Angeles’s and Santa Ana’s failures to properly implement state law, we recognize that both agencies have demonstrated a commitment to the juveniles they suspect are gang members. Los Angeles has contacted parents about juveniles’ gang designations through letters, calls, or in‑person meetings since at least 1998. Moreover, the letters Los Angeles currently sends to parents and juveniles invite them to contact officers about questions and to learn about community programs. Similarly, since about 1989 Santa Ana has notified juveniles that their involvement with gangs could subject them to criminal prosecution. Although this notice does not reference CalGang, it makes very clear that the agency has determined the juveniles are a part of or associated with specific gangs; in fact, the agency uses documentation from these notices to add individuals to CalGang. After the implementation of the juvenile notification law in 2014, Santa Ana exceeded the law’s requirements by notifying parents after each contact juveniles had with police that resulted in updates to their records.

Moreover, Santa Ana’s process when it receives a contestation letter represents a best practice that we believe could be the basis for statewide standards. Specifically, at Santa Ana a police investigator assembles background information on the juvenile’s case, and a corporal calls the family to discuss the juvenile’s entry into CalGang. Following the review and conversation, the corporal decides whether the juvenile should remain in CalGang. Santa Ana’s approach has resulted in it removing from CalGang more than a third of the juveniles who were the subject of contestations by the juveniles or their parents. This approach establishes relationships that can lead to a better understanding of juveniles’ situations for both the officers and the families, and it also achieves greater data accuracy for the law enforcement agencies using CalGang.

Governmental Oversight and Increased Public Participation Could Strengthen CalGang’s Usefulness and Better Ensure It Protects Individuals’ Rights

State and local law enforcement officials assert that CalGang is an important tool because it helps them to quickly identify information necessary to solve or prosecute gang crimes. User agencies’ success stories chronicle how they used CalGang to identify homicide victims and suspects through physical descriptions, like their tattoos, and to link local crimes to suspects or to crimes in other communities. For example, an officer in Salinas posted a testimonial in CalGang noting that he used CalGang to identify a murder suspect using a name, physical description, and believed gang affiliation. Witnesses then verified the suspect in a photo lineup, leading to his arrest for murder. Upon conviction, the courts sentenced the man with gang enhancements—years added to a prison term when an individual commits a crime to promote or assist a gang. The officer praised CalGang and encouraged other CalGang users to provide as much information as possible in their CalGang entries because even a minor gang contact could help solve a murder.

However, because of its potential to enhance public safety, CalGang needs an oversight structure that better ensures that the data entered into it are reliable and that its users adhere to the requirements that protect individuals’ rights. To this end, we believe the Legislature should adopt state law that specifies that CalGang, or any equivalent statewide shared gang database, must operate under defined requirements. We believe these requirements should encompass the federal regulations and key safeguards from the state guidelines, including supervisory and periodic record reviews. Further, we believe state law should assign Justice the responsibility for overseeing CalGang and for ensuring user agencies meet all the relevant requirements. Establishing Justice as a centralized oversight entity responsible for establishing best practices and holding user agencies accountable for implementing these practices will help ensure CalGang’s accuracy and safeguard individuals’ privacy protections. Moreover, we believe state law should create a technical advisory committee to provide Justice information about CalGang’s use and user agencies’ needs. Figure 6 illustrates what, in our view, would be a stronger oversight structure for CalGang.

The Legislature also has an opportunity to set standards for transparency and public participation where none currently exist. Generally, CalGang’s current operations are outside of public view. As previously discussed, we found that the CalGang users self‑administer the committee’s audits and that they do not meaningfully report the results to the board, the committee, or the public. Further, CalGang’s governance does not meet in public, and neither the board nor the committee invites public participation by posting meeting dates, agendas, or reports about CalGang.

Increased transparency in CalGang’s governance and operations could strengthen the public’s confidence in the system. For example, although the proposed technical advisory committee would likely need to close parts of its meetings to protect criminal intelligence information, we believe other parts of its meetings should be open and should comply with open‑meeting requirements. Further, requiring Justice either to conduct or to hire an external entity to conduct periodic audits would shed light on aspects of CalGang’s privacy safeguards that do not operate effectively and should help lead to necessary corrective actions. In addition, we recommend that the Legislature require Justice to develop annual reports that include CalGang statistics and summary‑level audit results. Justice should make these reports available for public comment and, in subsequent annual reports, summarize public concerns and the actions Justice has taken to address them.

Finally, establishing CalGang as a public program would create opportunities for public participation through the legislative and regulatory processes. As the Legislature drafts the bill that will provide for CalGang’s new oversight structure and framework, law enforcement officials and the public will have opportunities to express their concerns and needs. Using the regulatory process to establish requirements for user agencies will provide the public and law enforcement agencies an opportunity to comment on and help guide how the requirements are developed.

Figure 6
A Model for More Transparent and Accountable Oversight for a Shared Gang Database

Recommendations

The Legislature

To ensure that CalGang, or any equivalent statewide shared gang database, has an oversight structure that supports accountability for proper database use and for protecting individuals’ rights, the Legislature should do the following:

• Designate Justice as the state agency responsible for administering and overseeing CalGang or any equivalent statewide shared gang database.
• Require that CalGang or any equivalent statewide shared gang database adhere to federal regulations and relevant safeguards from the state guidelines, including supervisory reviews of database entries and regular reviews of all records.
• Specify that Justice’s oversight responsibilities include developing and implementing standardized periodic training as well as conducting—or hiring an external entity to conduct—periodic audits of CalGang or any equivalent statewide shared gang database.

To promote public participation in key issues that may affect California’s citizens and to help ensure consistency in the use of any shared gang database, the Legislature should require Justice to interpret and implement shared gang database requirements through the regulatory process. This process should include public hearings and should address the following:

• Adopting requirements for entering and reviewing gang designations, including establishing a retention period for gangs.
• Adopting criteria for identifying gang members. These criteria should define which offenses are consistent with gang activity.
• Specifying how user agencies will operate any statewide shared gang database, including requiring user agencies to implement supervisory review procedures and periodic record reviews. The user agencies should report the results of the reviews to Justice.
• Standardizing practices for user agencies to adhere to the State’s juvenile notification requirements, including guidelines for documenting and communicating the bases for juveniles’ gang designations.

To ensure transparency, the Legislature should require Justice to publish an annual report with key shared gang database statistics—such as the number of individuals added to and removed from the database—and summary results from periodic audits conducted by Justice or an external entity. Further, the Legislature should require Justice to invite and assess public comments following the report’s release. Subsequent annual reports should summarize any public comments Justice received and actions it took in response.

To help ensure that Justice has the technical information it needs to make certain that CalGang or any equivalent shared gang database remains an important law enforcement tool, the Legislature should establish a technical advisory committee to advise Justice about database use, database needs, database protection, and any necessary updates to policies and procedures. The Legislature should specify the qualifications for membership in the technical advisory committee, which should include representatives from local and state agencies that use the shared gang database. Further, it should require that the committee meet at least twice a year and adhere to the Bagley‑Keene Open Meeting Act and other relevant open‑meeting laws.

Justice

As the Legislature considers creating a public program for shared gang database oversight and accountability, Justice should guide the board and the committee to identify and address the shortcomings that exist in CalGang’s current operations and oversight. The guidance Justice provides to the board and the committee should address, but not be limited to, the following areas:

• Developing best practices based on the requirements stated in the federal regulations, the state guidelines and state law, and advising user agencies on the implementation of those practices. The best practices should include, but not be limited to, reviewing criminal intelligence, appropriately disseminating information, performing robust audit practices, establishing plans to recover from disasters, and meeting all of the State’s juvenile notification law requirements. Justice should guide the board and the committee to develop these best practices by June 30, 2017.
• Instructing user agencies that use CalGang to complete a comprehensive review of all the gangs documented in CalGang to determine if they meet the necessary requirements for inclusion and to purge from CalGang any groups that do not meet the requirements. Justice should guide the board and the committee to ensure that user agencies complete this review in phases, with the final phase to be completed by June 30, 2018.
• Instructing all user agencies to complete a comprehensive review of the records in CalGang to determine if the user agencies have adequate support for the criteria associated with all the individuals they have entered as gang members. If the user agencies do not have adequate support, they should immediately purge the criteria—and, if necessary, the individuals—from CalGang. In addition, the user agencies should ensure that all the fields in each CalGang record are accurate. Justice should guide the board and the committee to ensure that user agencies complete this review in phases, with the final phase to be completed by September 30, 2019.
• Instructing all user agencies to report to Justice every six months, beginning in January 2017, on their progress toward completing their gang and gang member reviews.
• Developing standardized periodic training content for all CalGang users and training instructors. Justice should guide the board and the committee to develop such standardized training content by June 30, 2017.
• Establishing a plan to recertify all CalGang users and training instructors on the new training content. Justice should guide the board and the committee to complete the draft plan by June 30, 2017, and the recertification training by June 30, 2018.
• Developing policies and procedures requiring the disabling of user accounts for all individuals who no longer have a need to or right to access CalGang because they have separated from their employment with user agencies or for other reasons. Justice should guide the board and the committee to identify and disable all such accounts by September 30, 2016.
• Determining what steps must be taken to upgrade CalGang’s controls to ensure that CalGang will automatically purge all individuals whose records have not been updated by user agencies for five years.

To promote transparency and hold the board, the committee, and user agencies accountable for implementing and adhering to criminal intelligence safeguards, Justice should post quarterly reports on its website, beginning June 30, 2017, that summarize how it has guided the board and the committee to implement and adhere to criminal intelligence safeguards; the progress the board, the committee, and the user agencies have made in implementing and adhering to these safeguards; the steps these entities still must take to implement these safeguards; and any barriers to the board’s and the committee’s success in achieving these goals.

To promote transparency and encourage public participation in CalGang’s meetings, Justice should post the following information to its website unless doing so would compromise criminal intelligence information or other information that must be shielded from public release:

• Summary results from the committee’s audits of CalGang records.
• The agendas, minutes, and referenced attachments for all future board and committee meetings, as well as all other documents of significance such as letters, memos, or agreements.
• From the past five years, all available agendas, minutes, and referenced attachments from scheduled and ad hoc board and committee meetings, as well as all other documents of significance. Justice should post these materials by October 31, 2016.

If Justice believes it needs additional resources to guide the board and the committee to identify and address the shortcomings that exist in CalGang’s current operations and oversight, to report on the board and committee’s progress in addressing CalGang’s shortcomings, and to post necessary information to its website, Justice should take steps to secure the resources it needs.

Law Enforcement Agencies

Until they receive further direction from the board, the committee, or Justice, the law enforcement agencies we reviewed—the Los Angeles Police Department, the Santa Ana Police Department, the Santa Clara County Sheriff’s Office, and the Sonoma County Sheriff’s Office—should address the specific deficiencies we found by taking the following actions:

• Begin reviewing the gangs they have entered into CalGang to ensure the gangs meet reasonable suspicion requirements. They should also begin reviewing the gang members they have entered into CalGang to ensure the existence of proper support for each criterion. They should purge from CalGang any records for gangs or gang members that do not meet the criteria for entry. Individuals who are independent from the ongoing administration and use of CalGang should lead this review. The agencies should complete the gang and gang member reviews in phases, with the final phase for gangs to be completed by June 30, 2018, and the final phase for gang members to be completed by June 30, 2019.
• Develop or modify as necessary all their policies and procedures related to CalGang to ensure they align with state law, CalGang policy, the federal regulations, and the state guidelines. In particular, the law enforcement agencies should implement appropriate policies and procedures for entering gangs; performing supervisory reviews of gang and gang member entries; performing periodic CalGang record reviews; sharing CalGang information; and complying with juvenile notification requirements. The law enforcement agencies should complete this recommendation by March 31, 2017.

We conducted this audit under the authority vested in the California State Auditor by Section 8543 et seq. of the California Government Code and according to generally accepted government auditing standards. Those standards require that we plan and perform the audit to obtain sufficient, appropriate evidence to provide a reasonable basis for our findings and conclusions based on our audit objectives specified in the Scope and Methodology section of the report. We believe that the evidence obtained provides a reasonable basis for our findings and conclusions based on our audit objectives.

Respectfully submitted,

ELAINE M. HOWLE, CPA
State Auditor

Date:
August 11, 2016

Staff:
Benjamin M. Belnap, CIA, Deputy State Auditor
Sharon L. Fuller, CPA
Kathryn Cardenas, MPPA
Brianna J. Carlson
Lisa J. Sophie, MPH

IT Audits:
Michelle J. Baur, CISA, Audit Principal
Lindsay M. Harris, MBA, CISA
Ben Ward, ACDA, CISA
Ryan P. Coe, MBA, CISA

Legal Counsel:
Stephanie Ramirez‑Ridgeway, Senior Staff Counsel

For questions regarding the contents of this report, please contact
Margarita Fernández, Chief of Public Affairs, at 916.445.0255.

---

Footnotes

⁶ Two of the law enforcement agencies that we reviewed—Sonoma and Los Angeles—are node administrator agencies. The other two agencies—Santa Ana and Santa Clara—are parts of the nodes overseen by the Orange County District Attorney’s Office and the San Jose Police Department, respectively, which both function as node administrator agencies. Go back to text

⁷ Throughout this report, we use the term gang member to refer to both gang members and gang affiliates unless specifically stated otherwise. Go back to text

⁸ Santa Clara does not add gangs to CalGang; rather, it links suspected gang members to gangs already existing in the database. Consequently, it did not have a process for us to review. Go back to text

⁹ The only exception to the two‑criteria requirement is when an individual admits to his or her gang membership during an in‑custody classification interview for jail or prison housing. Go back to text

¹⁰ For the criterion “subject has been seen frequenting gang areas,” we accepted the judgment of those administering CalGang even when the field officers did not specifically record this observation. Given their unique position of regularly recording or observing CalGang entries, these administrators are likely to know the geographical locations that gangs frequent. Go back to text

Back to top