Crossing the Golden Gate Bridge. Cruising the Lake Tahoe waterfront. Crawling the 110 Freeway in Los Angeles or speeding through the desert fringes of Riverside County.

It’s nearly impossible for drivers to escape the reach of automated license plate readers in California.

Police say these controversial cameras, which log the license plate and description of every passing vehicle, help them hunt criminals. But across the country, the technology has helped authorities ensnare noncriminals, including undocumented immigrants, in their data dragnets.

In California, police have increasingly pushed the bounds of a landmark surveillance law meant to protect the citizens they serve. 

A key provision of that 2015 law, Senate Bill 34, prevented police from sharing data from automated license plate readers, or ALPRs, with out-of-state and federal law enforcement agencies.

These agencies answer to different legal and ethical standards than California cops do. The FBI can surveil people who are not suspected of wrongdoing and has been accused of engaging in the controversial “ethnic mapping” of Arab Americans. And, increasingly, federal police have been deputized to carry out President Donald Trump’s mass deportation agenda.

Ten years after SB 34 took effect, it’s questionable if it has any teeth. Recent investigations by The Standard and other news outlets found that apparent violations of the law are routine and widespread, including in San Francisco.

An April search by the California Highway Patrol of 845 ALPR systems, including Oakland’s, was labeled “ICE case,” raising concerns that local police may have aided federal immigration enforcement. The CHP pledged to investigate the search but has not shared additional information.

The California attorney general’s office says it is committed to enforcing SB 34 and since June 2024 has quietly scolded at least 20 law enforcement agencies for alleged noncompliance. But new findings show that in at least two instances, police appeared to continue violating the law months after receiving warnings.

It’s part of a larger pattern. For years, police have skirted bans on facial recognition technology and deployed drones in open violation of state law, all while dodging calls for transparency regarding their powerful new tools.

Now, privacy advocates are calling for aggressive enforcement of SB 34 to bring cops into compliance.

“Somebody needs to be made an example of,” said Brian Hofer, executive director of the advocacy group Secure Justice. “This has been an ongoing, known issue, and they’re just refusing to change. Until somebody drops the hammer on them, I don’t think they’re going to change.”

At the end of March, the Riverside County Sheriff’s Department received a slap on the wrist.

In a letter to Sheriff Chad Bianco, a senior California Department of Justice attorney cited a recent report that showed Bianco’s staff may have shared ALPR data with two federal agencies.

“As our office has previously advised California’s law enforcement agencies, this practice violates state law,” the letter, which was reviewed by The Standard, said. “We thank you in advance for your cooperation.”

It is unclear what correspondence followed. But logs obtained by The Standard show that, less than two months later, the department was still searching ALPR data for investigations related to the FBI and U.S. Postal Inspection Service.

The Sacramento County Sheriff’s Department received a similar warning in June 2024 but continued to make searches labeled “DEA Assist” and “ATF” — referring to the Drug Enforcement Administration and Bureau of Alcohol, Tobacco, Firearms, and Explosives — between December 2024 and June of this year, according to the logs.

The Sacramento County Sheriff’s Department did not respond to requests for comment. 

A Riverside County Sheriff’s Department spokesperson said that agency’s searches had “not violated any provisions of SB 34.” However, the spokesperson would not answer questions about whether the department passed ALPR data to federal partners — the action that would have violated the law.

A representative for Attorney General Rob Bonta’s office did not respond to questions about the apparent violations and declined to comment on the legality of their searches. 

“Our engagement on this issue has gone beyond these letters and is continuous based on our ongoing monitoring of this issue,” the spokesperson said. “We take seriously any potential violations of SB 34 and will review any reported noncompliance and take action as appropriate.”

Some advocates say that’s not enough. Hofer said he’d like to see the state DOJ take cops to court.

“I love that the attorney general is out in court challenging Trump,” Hofer said. “But it’s like, here’s a big one, right here. Data privacy is how ICE and the Trump administration in general attack people. So if we’re not even going to keep our own house clean, it’s kind of ironic to go sue the federal government for breaking the law.”

Jerry Hill, the former state senator who authored SB 34, said the attorney general should “aggressively go after” police who violate the law.

“There are court sanctions that the judge can apply if they’re not following the letter of the law,” Hill said. “But it requires aggressive behavior. It’s really in all of our interests to make sure that the privacy that we have is maintained.”

The Standard contacted 26 California police agencies that probed ALPR data for investigations using search terms related to federal law enforcement. 

The logs, obtained via a public records request, show every time an agency searched the Oakland Police Department’s ALPR system. Although the data originates in Oakland, it offers a window into the search habits of more than 200 California law enforcement agencies. 

That’s because Flock Safety — the company that sells the ALPR systems popular in California and across the U.S. — makes it easy for police to share data. Once a department allows another agency to access its system, the outside agency can search the data without needing approval each time. Many searches of Oakland’s system simultaneously queried hundreds of other Flock networks.

Two agencies contacted by The Standard — the Riverside County Sheriff’s Department and Chino Police Department — asserted that they didn’t break the law but didn’t know or wouldn’t share whether officers gave ALPR data to federal agents. 

One agency insisted that it had found a legal workaround and questioned the purpose of SB 34.

“I don’t think the necessary intent of that law was to exclude out-of-state agencies,” said Mike Sena, executive director of Northern California Regional Intelligence Center, a government agency that fights organized crime and drug trafficking. “I think that was actually an error.”

Still, Sena said NCRIC does not share ALPR data directly with federal agencies. Rather, when working on a joint task force, California personnel share only information gleaned indirectly from the data. 

Sena provided a hypothetical: An NCRIC analyst might search for hits in Flock — logs of the time and date a vehicle was spotted by certain cameras — then use that data to guess which neighborhood a suspect is operating in. The analyst could share the suspected location, but not the log of hits, with federal partners.

“We’re working against criminal organizations that are trying to kill people in the community,” Sena said. “This technology has saved lives, and it will continue to do so. But I agree: We balance everything we do with privacy, civil rights, and civil liberties.” 

Privacy advocates, however, blasted the data sharing, describing it as an illegal workaround.

“It’s the fruit of the poisonous tree,” said Adam Schwartz, privacy litigation director at the Electronic Frontier Foundation. “I don’t think judges like these kind of shenanigans, where the cops are saying, ‘But judge, we didn’t give them the ALPR information; we took the ALPR information, made it into new information, then gave them that information.’”

Seventeen other agencies did not respond to a detailed list of questions about searches they had made. 

The Oakland Police Department, which has called The Standard’s reporting “misleading,” did not answer questions about whether it will revoke access to its ALPR system from the San Francisco Police Department — which made more than half the searches in its logs that are marked with federal keywords — or the CHP, which made the search labeled “ICE case.”

“OPD is carefully reviewing whether any actions conducted by OPD officers are inconsistent with our department policies,” a spokesperson wrote. “We will also collaborate with external California agencies to identify any potential issues inconsistent with OPD’s policy.”

At a meeting Tuesday of Oakland’s Public Safety Committee, acting Lt. Gabriel Urquiza accused “outside actors” of “driving a wedge between the community and the department” by highlighting “outlier incidents to undermine the use of technology while ignoring the overall benefit to the community.”

Urquiza said ALPR data has led to 182 arrests in Oakland for burglaries, illegal firearm possessions, robberies, shootings, and homicides, among other crimes, in the first year that the cameras were in operation. That represents 1.4% of the homicides, robberies, burglaries, and firearm assaults the department reported in 2024.

“While the department does not agree with the manner in which the information was presented, we do take the issues discovered seriously and are working to determine ways to prevent future misuse by outside agencies,” Urquiza said. 

Some Bay Area officials are tight-lipped about the alleged abuse of ALPR data.

Oakland Mayor Barbara Lee would not address potential SB 34 violations, saying only that she supports the OPD’s and CHP’s review of their actions. A spokesperson for San Francisco Mayor Daniel Lurie did not respond to requests for comment.

Supervisor Jackie Fielder this month sent a detailed list of questions to the SFPD after The Standard reported that the department accessed Oakland’s data more than 100 times for cases marked as related to federal law enforcement. A spokesperson for Fielder’s office said the SFPD has not replied, although the supervisor gave the department a July 28 deadline to respond.

Should policymakers choose to further regulate ALPR data sharing, there are a number of approaches they could take, privacy advocates say.

They could enact more stringent requirements on how thoroughly police audit searches of their systems, which could help catch violations by outside agencies. They could stop sharing data with departments that have a history of violating SB 34. They could turn to new built-in security features in Flock, like one rolled out this month that allows police to require a case number in order to search their systems, according to spokesperson Holly Beilin. 

A bill in the state Legislature would mandate this. Senate Bill 274, authored by State Sen. Sabrina Cervantes of Riverside, would require that any search of an ALPR system in California include a case number.

On Tuesday, Flock unveiled a separate feature in California that it says will automatically flag and block searches that include keywords like “immigration” and “ICE.” All state agencies were automatically opted into the feature, Beilin said.