California's Gang Database Is a Privacy-Violating Mess, State Audit Declares

California's gang database operates without enough oversight, doesn't properly make sure the people it places in the database truly qualify as gang members, doesn't purge the names of people who are placed in the database when it's supposed to, and ultimately ends up with a high potential of violating the privacy of California citizens. Those are the results of a state audit released today of California's "CalGang Criminal Intelligence System."

The flaw in using data to assist in policing is that the subsequent policing is only as good as the data that is collected. And if the data is bad, the outcomes are not abstract. There are real world implications.

The outcome of this audit was hardly unpredictable. Reporter Ali Winston documented some of the actual real world consequences of the faulty gang database data earlier in the year in a story appropriately titled "You may be in California's gang database and not even know it." As Winston noted, being part of the gang database is not just about being treated with more suspicion by police during interactions. California laws allow for harsher penalties for some crimes if defendants are shown to be gang members.

In addition, there's almost no transparency with the gang database. People are not informed if they've been added to the database and therefore cannot challenge their inclusion. Police are instructed specifically not to reference the database in reports and testimony. In 2013, the state updated the law to require that police notify the parents of minors included in the database and allow parents to challenge the inclusion. People currently in prison are also informed if they're in the database and can challenge it. But the average citizen would have little way of knowing whether they're listed.

The full audit documents all sorts of examples where CalGang is being used incorrectly by police based on examining just four participating law enforcement agencies. Here's just a sample of some of the problems they found:

• Gangs were sometimes added to the database without establishing the appropriate documentation showing that they met the state's requirement to be considered criminal gangs (engaging in criminal activity, having common symbols or names, and having more than three members). Once a gang has been established in the system, law enforcement officers were then able to collect and share info about people they suspected to be members of this "gang." But in the audit, one administrator was unable to provide any documentation supporting the inclusion of a gang in the database.
• The auditors were unable to find supporting evidence that 13 of the 100 people included in the database that they selected to examine should have been included in the database. They found that in some cases, people were added to the database under the criterion that they admitted to being a member of a gang, but the auditors could not find any supporting documentation. In one case, they found the exact opposite: The person who was added to the database specifically said in a jail interview that he was not a member of a gang and didn't want to be jailed with them. Within just 100 cases, they found 131 instances where the criteria used to classify somebody as a gang member did not match the source documentation.
• In nine instances, law enforcement justified adding people to the gang database on the criterion that they had committed a crime associated with gang behavior, but the auditors could find no evidence that the listed people had been arrested for any crime at all. Another 20 had been arrested for crimes that did not meet the requirements for being considered gang-related.
• Even though information from the CalGang database was not intended to be used as basis of expert opinion or statements of fact, the auditors found one case where a CalGang data printout was provided to a jury and agencies admitted to using the database for employment screening.
• Entries contained many errors, including 42 entries where the suspected gang member's age was determined to be less than a year old at the time they were added to the system.
• Individual records are supposed to purged in five years if there's no continued documented evidence they're still involved in a gang. The auditors found that 12 out of 104 records had not been purged despite not containing new information.
• Despite the change in California law requiring parents to be informed when their minors were being added to the database, they found only 35 out of 129 cases where these rules were properly followed. In 44 cases they couldn't determine that parents had been sent notification letters. And when they did send letters, they often didn't explain the criteria by which the children had been added, making it difficult for parents to challenge their inclusion (sounds very similar to how the feds were handling the no-fly list).

The audit suggests a list of reform to the program, including giving a state agency actual oversight over it, something that doesn't currently exist. Also of note: The state sent out a survey to 329 law enforcement agencies about their use of the CalGang database. Among them, 77 agencies didn't even respond, though the report notes that the surveys were sent without checking whether they actually consulted the database.

Read the report here, which includes responses from the four audited law enforcement agencies at the end. The response from Sonoma County Sheriff's Office reads it was written by Danny McBride in character as Neal Gamby in HBO's series Vice Principals, complete with adding the little registered trademark symbol after every reference to CalGang.