For more than a year, EFF has been investigating how police in California misuse the state’s law enforcement database with little oversight from officials. An investigation published by the Associated Press today shows that abuse of law enforcement systems is a nationwide problem.

The AP’s investigation analyzed records from all 50 states and three dozen of the country’s largest cities. The reporters found that officers have routinely used law enforcement and driver databases to stalk ex-partners, dig up dirt on their neighbors, and even spy on celebrities and journalists.

According to AP, between 2013 and 2015, more than 325 officers and employees either resigned or were fired or suspended for unauthorized database queries. In another 250 cases, staff received reprimands, counseling or other lower levels of discipline. The numbers are staggering, but also only the tip of the iceberg. As the AP reports:

The unauthorized searches demonstrate how even old-fashioned policing tools are ripe for abuse, at a time when privacy concerns about law enforcement have focused mostly on more modern electronic technologies. And incomplete, inconsistent tracking of the problem frustrates efforts to document its pervasiveness.

The AP investigation builds off more than a year's worth of research by EFF into the California Law Enforcement Telecommunications System (CLETS). EFF previously found that the oversight body charged with combatting misuse had been systematically giving law enforcement agencies a pass by either failing to make sure agencies filed required misuse data or to hold hearings to get to the bottom of persistent problems with misuse. As EFF reported, confirmed misuse cases have more than doubled in California between 2010 and 2015.

Other news organizations have shown the problem isn’t limited to California. In 2013, the Minneapolis Star-Tribune reported on a state audit that found more than half of the state’s 11,000 officers had misused driver data. In August of this year, the Tampa Bay Times found that over just 18 months, police had misused the Driver and Vehicle Information Database (DAVID) 432 times. But the AP’s report demonstrates that this is a pervasive issue throughout the entire country.

%3Ciframe%20src%3D%22https%3A%2F%2Fwww.youtube-nocookie.com%2Fembed%2Fl-VX6qlWdxw%3Frel%3D0%26autoplay%3D1%26mute%3D1%22%20allowfullscreen%3D%22%22%20width%3D%22560%22%20height%3D%22315%22%20frameborder%3D%220%22%20allow%3D%22autoplay%22%3E%3C%2Fiframe%3E Privacy info.

This embed will serve content from youtube-nocookie.com

AP interviewed numerous victims of database misuse. As one woman explained:

It's personal. It's your address. It's all your information, it's your Social Security number, it's everything about you," said Alexis Dekany, the Ohio woman whose ex-boyfriend, a former Akron officer, pleaded guilty last year to stalking her. "And when they use it for ill purposes to commit crimes against you — to stalk you, to follow you, to harass you ... it just becomes so dangerous.

Some of the AP cases are especially egregious, such as a Michigan State Police dispatcher who sold confidential data to lawyers over a period of more than a decade. A Georgia police officer accepted a $1,000 bribe to search a database. A marshal in Colorado “asked his deputies to run license plates of every white pickup truck they saw because his girlfriend was seeing a man who drove a white pickup, according to an investigative report.”

EFF found similar examples in California, including a case where a Los Angeles police officer allegedly pulled information on witnesses in a murder case to provide to the family of a convicted killer. Other officers were caught screening online dates through CLETS or even stalking women. Database misuse has also come to the forefront in recent police controversies in the San Francisco Bay Area, with at least one officer at the center of a racist text scandal being charged for abusing a DMV database.

It’s a problem that spans all level of law enforcement and intelligence. The NSA even came up with a codeword—LOVEINT—when people used sensitive intelligence databases to spy on their romantic interests and ex-partners.

The AP’s story highlights the dangers of police misuse of sensitive databases, but it also prompts a bigger question: whether law enforcement is being vigilant enough in policing itself. This is further complicated when databases are shared across states, making it difficult for one state to know when an officer in another state has inappropriately accessed their data.

EFF is continuing to put pressure on the California Department of Justice’s CLETS Advisory Committee to fulfill its statutory obligations to control the system. So far, the agency has been stricter with ensuring that local police and sheriff departments disclose annual misuse data. However, the committee has yet to hold hearings on a single case for at least five years.

The committee has indicated that at its next meeting it may start looking at individual misuse cases. We plan to hold them to that, but in the meantime, we’re not holding our breath.