click to enlarge Photo by Darryl Barnes

Peter Rowland (left) and Steve Trush spent months examining CRIMS.





California continues to veer away from much of the nation by adopting immigrant-friendly policies. Just last year, the state legislature and Gov. Brown approved a new law that bars any local or state law enforcement officer from investigating a person's immigration status or helping federal agents enforce immigration laws.

But are local cops in sanctuary cities like Oakland inadvertently helping federal immigration agents identify and deport local residents? A team of UC Berkeley Information School students is taking a close look at what happens to the large amount of detailed information collected by Oakland's cops to see if ICE agents are accessing it through a backdoor.

"There's a lot of trust being placed in the operators of this equipment or these databases," said Steve Trush, a Berkeley grad student working on the project. Trush has a computer science degree from the University of Arizona, and he served 13 years in the Army, working in military intelligence. Later, he contracted with national security agencies before going back to school.

"I'm looking at these systems from that perspective," said Trush. "I understand the context of their use. I understand the arguments for why some of these are necessary, or at least understand a lot of the decisions regarding their use."

Even so, Trush said that trust isn't enough. Law enforcement systems need to be assessed by civilians to ensure they're used constitutionally and that there aren't built-in flaws that undermine privacy rights and local policies.

Peter Rowland, another UC Berkeley graduate student working on the project, said their research originated last year when the Oakland Privacy Commission — which advises the city council on technology and civil rights — floated the idea of cataloging databases and surveillance tools used by the Oakland Police Department. Among other things, the privacy commission wanted to figure out who can access the trove of information OPD is gathering. In particular, the commission is interested in whether federal agencies like ICE are benefitting from OPD's data collection efforts. OPD officials ultimately disclosed 23 separate databases that the department uses to store and analyze information.

But comprehensively examining all 23 systems would be impossible in a short span of time, said Trush. So, the team chose to focus on one important system in particular and use it as a trial run to see how much they could learn.

The Consolidated Records Information Management System, or CRIMS, is an online portal that contains mountains of data on everyone who comes in contact with Alameda County's law enforcement agencies. CRIMS — which was built by the county's Information Technology Department and is managed by the sheriff's office — pipes in data from the in-house records management systems of individual police departments like OPD. It's constantly updated and serves as a clearinghouse for every police officer and sheriff's deputy in the county. Cops can access it from the computers in their squad cars or offices.

If you've ever reported a crime, been arrested, taken out or been subjected to a restraining order, placed on probation or parole, you're definitely in CRIMS. In fact, if you've even just had contact with a cop, like witnessing a crime and then speaking with the police, there will be information about you in CRIMS.

But outside of law enforcement circles, little is known about CRIMS. Could ICE get access to what's in it? Or, can individual officers abuse their access to CRIMS for other reasons having nothing to do with a legitimate investigation? What's to stop them?

The UC Berkeley team interviewed Manu Shukla, Alameda County's criminal justice systems manager who helps manage CRIMS, along with the sheriff's office, as well as Oakland Police Officer Aaron Bowie, OPD's head of policy and research Tim Birch, and OPD's Communications Manager Eugenia Oliver to get a better understanding of how OPD uses the system.

Rowland said law enforcement officials were open to the project. "They're interested in helping people understand how the tools are actually put to use."

Partly, Rowland said, it helps debunk myths about the capabilities the police have. But it also helps the police better understand the limitations and problems with their own technology.

Trush, Rowland, and others spent about month studying how police officers enter data into CRIMS, including what kinds of information goes into the database. They also examined who has authorization to access CRIMS. Although they're still reviewing what they found and haven't published a final report yet, they said that there appears to be some risks built into CRIMS that could be addressed with new safeguards.

One is the arrest reports that officers are required to enter into CRIMS before they take a prisoner to Alameda County jail. An arrest report requires information like place of birth and social security number. This means that OPD officers could be generating information that reveals a person's citizenship and immigration status.

But can ICE access it? According to Alameda County officials, federal law enforcement agencies aren't authorized to directly access CRIMS, except on a case-by-case basis. So, ICE agents can't just open up CRIMS on their own computers and browse what's in the system.

Trush and Rowland said they'll have many more detailed comments about the potential risks built into CRIMS when they finish their report, which they hope to hand over to the privacy commission later this month.

And Rowland said the project's purpose isn't just to answer questions about one database. "This was a test case to see how well we can understand the landscape of systems out there and the privacy and data sharing implications of them," he explained. "Hopefully, it'll be useful to people in other cities."

While Trush and Rowland were busy mapping CRIMS, their colleague Michelle Carney, another Berkeley Information School grad student, worked on a related project to help Oakland's privacy commission understand how city residents think about surveillance and civil liberties. The goal is to draw more people into policy debates about the appropriate use of technology by police and other city departments.

"Talking to the average person on the street, they don't even know that the city is involved in policy discussions about privacy," said Carney, who interviewed Oakland residents at several farmers' markets.

The interviews, according to Carney, showed that residents have widely diverging thoughts about what kinds of data the city is currently collecting about them and what should be done to better safeguard privacy rights.

Some people conceive of privacy mainly in physical terms, like security cameras watching them in public spaces, while others think about how their web-browsing habits are tracked. Some people focus on law enforcement surveillance and the trade-off of less liberty and more safety, while others think about private companies gathering their data on the internet.

Carney said a goal of the survey is to help the Oakland Privacy Commission expand its reach into Oakland's diverse communities and incorporate these different "mental maps" of what surveillance means to the commission's work while also educating Oaklanders about the kinds of data collection and surveillance they're subjected to, but possibly unaware of — like CRIMS.

"This hasn't answered any questions," she said about the work the Berkeley team has accomplished so far. "If anything, it's opened up more questions."