Protecting Immigrant Privacy with SB 54, the California Values Act

Aug. 23, 2018 – Immigration and Customs Enforcement (ICE), and its sister agencies, have long targeted immigrants and communities of color using data collected at the state and local level. The California Values Act (Senate Bill 54) offers California the opportunity to advance important privacy protections that curtail the flow of sensitive personal information about immigrants that fuels mass deportation.

Behind ICE’s digital deportation machine

ICE draws from a complex web of information-sharing among federal, state, and local agencies to find and arrest people. At the federal level, Department of Homeland Security agencies, along with counterparts at the FBI and Department of State, maintain vast troves of data on people entering, leaving, and living in the United States. These agencies collect basic biographic information about immigrants, along with social media handles, information from commercial data aggregators, biometrics such as face scans at land and air borders, and surveillance technology data such as drones and automated license plate readers. DHS draws upon powerful information processing and facial recognition software — technology criticized for its bias against communities of color — to process the data and generate leads that guide ICE in targeting communities and individuals for deportation.

Advertisement

Alongside its own databases and surveillance technology, ICE uses data collected by local law enforcement — often containing unverified allegations or naming people who will never be charged with a crime — for immigration enforcement. Programs like Secure Communities provide ICE with real-time knowledge: local police departments run biometric checks through the FBI database when arresting and booking individuals, leading to notifications of ICE. Other local law enforcement databases and regional information sharing networks — such as COPLINK and LInx and the CA Law Enforcement Telecommunications Network — allow ICE to access sensitive personal information about community members. Gang databases that reflect discriminatory and biased policing practices are yet another source of information for ICE.

The effects of the fear of deportation

Local communities have pulled back from obtaining essential services for fear that their information will be shared with ICE. Recent studies examine the impact of Secure Communities in reducing access to jobs, health care, and nutrition for undocumented individuals and citizens alike. Victims are afraid to report domestic violence; people in need of health care are afraid to seek medical attention; survivors are afraid to seek FEMA assistance after wildfires and natural disasters; and families are afraid to apply for assistance to feed their families.

In the face of these fears, cities and states have moved to protect their communities by reasserting control over their residents’ data. Digital sanctuary cities are disentangling information-sharing networks with ICE. These cities are rejecting contracts with surveillance technology companies that do business with ICE and passing local ordinances that allow for community input before surveillance technology is used.

California has the opportunity to propel itself to the forefront of this movement

The California Values Act (Senate Bill 54) broadly prohibits local law enforcement from assisting in federal immigration enforcement. Among its provisions, the Attorney General’s office is required to issue guidelines that ensure that personal information held in law enforcement databases is not used for immigration enforcement purposes.

Last month, a wide range of community organizations submitted recommendations to the Attorney General’s office for what those guidelines should look like. Drawing from the Fair Information Practice Principles, a widely-used framework to protect privacy, our recommendations focus on protecting the informational privacy of immigrants and preventing data from being used for immigration enforcement.

Among our recommendations:

  • Limit Collection. Agencies should limit collection of personal information that can be used as a proxy for immigration status or for immigration enforcement, such as place of birth, tax numbers, and home and work addresses.
  • Consider Alternative Methods. If agencies are legally required to collect personal information, they should consider alternate methods of fulfilling that obligation that do not require collecting sensitive personal information that could later be used for immigration enforcement.
  • Limit Retention and Sharing. Agencies should minimize the retention of personal information that could be used for immigration enforcement, and limit its availability to certain, specified users. Agencies should only share personal information with other entities where there are clear policies and procedures in place to ensure that the information will not be used for immigration enforcement. Moreover, agencies should not provide unlimited access to personal information or allow bulk or mass sharing; any sharing of personal information should be individualized and documented.
  • Accountability and Auditing. Agencies should conduct regular audits of whether and how personal information has been disclosed to internal and external entities. Agencies should publicly disclose how many requests they have received from immigration authorities, the legal justifications underlying those requests, how it responded to those requests, and whether notice was provided to the individuals who were the subject of those requests.
  • Gang Databases. In California, advocates have long documented the discriminatory ways in which gang databases are used to target and harass racial minorities and immigrant communities. Field interview cards, which are used to input data into CalGang and other gang databases, should be updated to remove prompts for social security number, nationality, country of origin, or immigration status. If information from these databases is shared with federal authorities for non-immigration enforcement purposes, the agency should note whether it is providing simply allegations or judicial findings of gang membership.
  • California Law Enforcement Telecommunications Network (CLETS). The California Department of Justice oversees CLETS and allows ICE, CBP, and other DHS agencies to have access to CLETS. CADOJ should create tiers for different levels of access to CLETS, depending on the type of user, and limit the level of access given to agencies engaged in immigration enforcement. Law enforcement agencies should not share information available through CLETS with these agencies.
  • Surveillance Technology. Data collected by surveillance technology — such as automated license plate readers — should be subject to the same limits and privacy policies as other personal information. Local law enforcement should limit the sharing of data collected locally for one purpose with agencies that may share it onwards for other purposes.
  • Fusion centers. Facilities that house equipment and staff that enable broad intelligence sharing between local, state, and federal agencies should ensure that any law enforcement or investigatory activities they carry out with agencies engaged in immigration enforcement does not include the unfettered access to databases at the fusion centers.

Vasudha Talla is a Staff Attorney with the ACLU of Northern California. www.aclunc.org