Report: Streetlight Surveillance Oversight Meeting

Palm trees, a traffic signal and a street light near Mission Boulevard in San Diego
Photo credit: Maddisen V.

At the August 1, 2023 meeting of San Diego City Council, councilmembers voted 7-2 to adopt a resolution that approved the proposed Surveillance Use Policy (SUP) for Streetlight surveillance cameras (SSC), and they voted 6-3 on the Automatic License Plate Readers (ALPR) SUP.

City Council voted to approve these policies despite the city's Privacy Advisory Board recommending that City Council should not approve either policy. In addition, any time the wider public had an opportunity to speak since this process began, the public sentiment was overwhelmingly opposed to the use of the technology.

More than 6 hours was spent on these policies at the meeting, and many things happened. Here I will share my opinions of The Good, The Bad, The Ugly and The Future.

A note: I am not naïve about the possibility of hidden loopholes, bad faith wording, and the possibility of stakeholders with intentions to simply not comply with their own policies. However, now is the time to take the city at its word in good faith, and help everyone get it right. Here, I am giving the city and its leaders the benefit of the doubt wherever possible.

The Good

Both the SSC and ALPR surveillance policy proposals were at high risk of being “rubber-stamped,” that is, being completely untouched and approved, without even one change being made by anyone in the entire oversight process.

This was narrowly averted by some last minute changes to the SUPs, which were then swapped into the docket mere hours before the City Council met. Here is the original proposals (SSC and ALPR) that were considered by PAB and the Public Safety Committee. These versions of the policies were present on the City Council’s docket, even on the same day City Council was set to consider the items.

With only hours to go until City Council met to consider these proposals, those versions of the policies were replaced with new ones (New SSC and New ALPR) (strikeout versions). The differences between the two versions were widely attributed to work done by the office of District 1 Councilmember Joe LaCava. To whatever extent the changes made are improvements over the previous policies, and are enforced, the changes are good.

The good changes include:

  • Monthly written confirmations that surveillance vendor has deleted any surveillance data that is past its retention period.
  • Explicit prohibition on SDPD sharing data with ICE and CBP for immigration enforcement.
  • Explicit prohibition on using surveillance data for enforcement against reproductive care or assistance thereof.
  • Explicit prohibition on sharing surveillance data with federal task forces for the purpose of investigating behavior that is legal in California.
  • Data sharing with outside parties is mostly prohibited, pending the adoption of a "third party data sharing use policy" that needs to be approved by City Council.
  • Some items previously located in DP 3.33 were moved directly to the Surveillance Use Policy.
  • Persons under investigation for misconduct are required to have their access to the surveillance systems revoked.
  • In additions to the above improvements, a request by District 6 Councilmember Kent Lee was also made to further improve the Surveillance Use Policies. Since those improvements were only promised to be made in the future, I cover those items in a later section.

The Bad

  • Many deficient policy sections were not improved. Sections such as Data Protection, Public Access, and Audit and Oversight were left deficient, untouched and unimproved.

    As a result, San Diegans can not expect protections in those areas to be adequate, nor to be able to enforce any protections that are typical in most other organizations, if those protections would fall under these deficient policy sections.

    Potential solution
    : Councilmember Lee made a proposal for further SUP improvements and received verbal agreement from many stakeholders to work on creating those improvements. That improvement process is what should have already happened prior to this item coming to full City Council. Since that opportunity was missed, it should be finished prior to City Council voting to approve a contract for the surveillance technology.

  • A policy that required staff be disciplined if they violated the Surveillance Use Policy was removed.

    Potential solution: This change may have been justified or it may have been opportunistic, but it definitely should have been explained to the community. Police and communities already struggle with the perception that police are immune from accountability.

  • Nobody asked city staff if any intended use of the streetlight cameras or ALPR system was being hidden from the Surveillance Use Policy, hidden from City Council, and hidden from public view, as is permitted by the ordinance.

    This question is unfortunately necessary and critical, because of a late-stage amendment to the surveillance ordinance that allows any city department staff to conceal intended uses of the technology from the Surveillance Use Policy, if that individual feels doing so supports “legitimate security interests” of the city, in that staff member’s own judgement.

    Potential solution: City Councilmembers need to ask whether the department has used the “security interests” loophole to conceal any intentional, planned uses of the surveillance technology from the Surveillance Use Policy they are considering. If yes, then the City Council members can at least be aware that the proposed technology is operating, in part, completely out of councilmembers’ view, knowledge and oversight.

    Councilmembers can decide for themselves what the appropriate further inquiry might be, if any. Knowing that the loophole has been used is the first step in deciding what, if anything, to do about it.

    Alternatively, if councilmembers do not relish the prospect of having this potentially sensitive conversation live during meetings, the surveillance ordinance could be amended to require departments to indicate in writing, within the SUP, if any use has been concealed using the “security interest” loophole as a justification for concealment.

    Ultimately, the TRUST SD Coalition, along with other legal experts, recommends the “security interest” loophole be completely removed wherever it appears in the ordinance, as it is vague, completely undefined, promotes secrecy rather than transparency, and lacks any formal process that would allow for accountability.

The Ugly

  • The PAB’s recommendation was ignored, causing an unknown amount of damage to both the PAB’s willingness to serve the city as well as shaking the foundation of trust the community has in its city leaders to make the surveillance oversight process work for everyone, rather than working primarily for city departments and politicians.

    While total agreement between the PAB and City Council will not always occur, City Council ignoring all PAB recommendations, and allowing proposals to sail through the process unchanged, will not result in sustainable oversight or protections for San Diego.

    Potential solution
    : Councilmembers and PAB members must collaborate more effectively to ensure respect is mutual, that surveillance proposals are substantially improved, and that the proposals are never rubber stamped.

    Councilmember offices who have full time staff should be taking the lead to facilitate this collaboration, rather than waiting on the volunteers of the board, many of whom have full time jobs and families to care for, in addition to their volunteer duties for the Privacy Advisory Board.
  • The exemption approved by City Council for staff working on federal task forces is interpreted by some to mean that if a SDPD officer is working on a federal task force, none of the protections of the surveillance ordinance apply and the officer can use mass surveillance technology without being subject to SUP or the surveillance ordinance.

    Here's the amendment in question:

    "City personnel assigned to federal task force activities by the Chief of Police or designee are exempt from the requirements of this Division related to the acquisition, use, reporting, and contractual obligations, solely to the extent of their duties and work related to their assignment to the federal task force."
    SDMC §210.0101(d)

    While confusion ruled councilmembers' conversation about this issue at the session on August 1, a plain reading of the amendment could lead any person to believe an SDPD officer may throw off all burdens of surveillance oversight once they are assigned to a federal task force, as long as their actions are attributable to supporting the work of the federal task force.

    Potential solution: City departments could create a requirement within their Surveillance Use Policy that requires existing access to the department’s surveillance technology be removed for any city staff at the time they are assigned to a federal task force. Such a person could be ineligible for access to surveillance technology while they are assigned to a federal task force.
  • Some councilmembers do not seem to understand the concept of an enforceable Surveillance Use Policy. Certain councilmembers expressed they believed that protections for San Diegans from misuse of the technology need only be codified within the vendor contract, as if the risk of harm to San Diegans comes exclusively from the vendor’s potentially bad practices. But this understanding is mistaken, as we can see historically and as we weigh potential harms in the future.

    One fundamental purpose of surveillance oversight is to not only control the risk of harm that comes from the technology vendor, but also control the risks of harm that come from city staff’s own acquisition and regular use of the technology. Those latter harms are controlled by strong provisions within the SUP, not the vendor contract.

    Potential solution: While councilmembers are well-versed and comfortable with the concept of ensuring protections from the risk of harms coming through a vendor, they need more experience with guarding against risks of harms that come from city staff. The Surveillance Use Policy should be seen as akin to the vendor contract. Both documents are protecting San Diego from potential harms and both require provisions.
  • City departments that share detailed surveillance data with data aggregators, such as the ARJIS regional crime data system, will continue to do so even if that data is then shared forward with ICE or CBP for the purposes of immigration enforcement. Even though sharing such data into the possession of ICE or CBP is ostensibly prohibited, City Council failed to require any further protections within the SUP to deal with this loophole for sharing surveillance data with federal law enforcement.

    Potential solution: City departments can create a policy within their SUP that prohibits sharing surveillance data with any party that aggregates data and shares it with any other entity.

    Later, compliant aggregators, who have a fully functioning and proven capability of safeguarding shared data, could be individually identified. The policy could then be changed to allow data sharing with that specific aggregator, due to that aggregator’s proven capability to safeguard the data in accordance with the department’s requirements.

The Future – Promises Made and Accountability

City Councilmember Kent Lee's proposals for surveillance use policy improvements
  • Councilmember Lee sought the above improvements to the Surveillance Use Policies, and received many commitments from the mayor’s office and others that such improvements will be made, either in the SUPs or in the vendor contract. If this promise is delivered, the improvements requested by Councilmember Lee would represent a significant improvement in the ways San Diegans will be protected from misuse or abuse of these technologies.

  • The police department claimed that they are in discussions with SANDAG, which operates the crime data system ARJIS, to restrict sharing of ALPR data provided by SDPD to ARJIS, so that ALPR data is not forward-shared with CPB or ICE through ARJIS as the intermediary. The details of this commitment were completely unclear at the meeting.

    SDPD’s description of this issue at the meeting seemed to indicate that SDPD will “check the box” to share ALPR data with ARJIS, and that SDPD will not “check the box” to share the data with ICE or CBP. It was unclear if ARJIS would independently choose to share SDPD data with CBP and ICE, in the event that SDPD allowed the sharing with ARJIS.

    It is exactly this type of deeply technical and potentially harmful detail that the Privacy Advisory Board was created to assist the city with, but City Council must ensure the board has the information and the opportunity to provide an expert analysis.

  • The SDPD committed to providing contracts with the surveillance technology vendor(s) to the Privacy Advisory Board so that the board could meet and provide advice to City Council regarding the contract “once it’s out.”

  • SDPD committed to accessing streetlight surveillance data only for a “qualifying crime, a crime of significance.” I note that the only meaningful commitment that any department can make, which actually protects San Diegans and ensures a department's use of surveillance is overseen, would be that the department will access the technology only as stated in the Surveillance Use Policy. The SUP's entire purpose is to define how the technology will be used, and it is the only container of enforceable provisions regarding when the technology will be used. All other verbal responses are speculative and unenforceable.

  • The SDPD committed to “having conversations” with any “religious or non-religious” community group regarding placement of surveillance cameras.

  • The SDPD committed to being transparent with the specific location of the surveillance devices. “We are not hiding anything.”

  • “No cameras tracking people outside of abortion clinics, no listening devices installed in these cameras, no cell phone tracking without a warrant, none of this technology should be used for immigration enforcement.” Marni von Wilpert.

  • SDPD promised to present to City Council the draft changes to SDPD Procedure 3.33 ("Smart Streetlights") and 1.51 (ALPR) once the procedure documents have settled to its final proposed state.

  • SDPD promised to develop additional safeguards for Data Protection, although the commitment was to add protections to “the contract” and the request was to add protections to the department’s use policy. Both are needed.

You may also like:

A green-eyed robot with a camera on its head and a streetlight growing out of the camera

Smart Streetlights Audit

San Diego Privacy's new report "Getting Smart: Protecting Privacy While Controlling and Measuring the Outcomes of Streetlight Surveillance" is…

Downtown buildings of San Diego are shown in the background behind bushes in the foreground

Smart Wayfinders and Self Surveillance

San Diego's leaders are set on Monday, July 17, 2023 to approve a contract with the company Ike Smart…

San Diego's downtown skyline is shown at night with motion-blurred objects appearing on the water

What Happened With Surveillance Technology Oversight in San Diego

San Diego's new Surveillance Technology Oversight ordinance made a big splash this week as people became aware the law…