The URL can be used to link to this page

Home My WebLink AboutEmailed comments from Robert GoldbergGloria Harper From: Robert Goldberg <rgoldberg@live.com> Sent: Sunday, March 21, 20216:08 PM To: Thomas Moore; Schelly Sustarsic; Mike Varipapa; Sandra Massa-Lavitt; Joe Kalmick Cc: Jill Ingram; Gloria Harper; Charles M. Kelly; Jeannette Andruss; Iris Lee; Steve Myrter; Phil Gonshak; Kelly Telford Subject: Questions & Comments for Open Session 3/22/21 Attachments: 3.22.21 Questions & Comments.doc Robert Goldberg has shared OneDrive files with you. To view them, click the links below. LPR LA Times.pdf LPR State Audit.pdf Dear Council and Staff, Please see the attached questions and comments for this Monday's open session. Also attached are several referenced pdf's. Thank you for your consideration and service, Robert Goldberg estions & Comments for 3/22/21 Oaen Session from Robert Goldbe Item B: Demand on Treasury (Warrants) Page 1, Check #18844 to APLPD HOLDCO INC for $287 for "services 1-9 to 2-8-2021." What is this for? Item G: Financial Advisory Service Contract with Fieldman, Rolapp & Associates (FRA) The staff report states that "The previous contract is now expired and as such, a new contract is needed." This is a correct statement. However, for the record, the historical summary below of our engagement of FRA shows that the previous contract expired almost 2 % years ago in October 2018. 1 previously brought this to the attention of Council and staff in August and December of 2019. Date Type of Engagement Term Amount Services to be Provided 5/26/2015 Professional Services One year $50,000 Refunding of Heron Pointe Agreement bonds 1/30/2017 Purchase Order Not applicable $14,000 Development of debt #13686 policies to comply with SB 10/20/2017 Professional Services One year $30,000 Development of financial A reement forecast model 10/10/2019 Purchase Order Not applicable $20,000 General financial advisory #16137 services I have two concerns regarding the proposed contract. The first is that the contract does not provide for a maximum expenditure amount, either annually or over its five-year term. This omission is not consistent with the terms of the previous two contracts with FRA, nor any contract that the Council has approved to my recollection. The lack of a contract maximum means that, by default, approval of this contract authorizes staff to expend up to $34,476 per fiscal year (per staff's 1/11/21 interpretation of the City Manager's spending authority). Why was no expenditure maximum(s) included in this contract? My second concern is that this contract includes both advising the City on the pros/cons of bond issuance ("Analytical Services"), as well as the extensive (3 pages long!) actual "Transaction Services" related to the issuance of a bond. This is unlike the previous two contracts with FRA which included either Analytical Services (2017 contract) or Transaction Services (2015 contract). With Transaction Services having the potential to generate considerable bond -related fees to FRA, there is an inherent conflict of interest in having the same firm advise the City on whether to issue bonds. This was not a concern with the previous two contracts with FRA since they did not include both services. I think it behooves the City to engage a municipal financial firm which can provide us with completely independent advice regarding the merits of bond issuance. A good example of why this matters is our current sewer bonds. As I indicated in three separate communications to staff and Council in 2020, we are currently paying 4.8% interest on a $2 million bond through 2029. This bond could have easily been paid off on the bond's "call" date of 6/1/20 using a portion of the approximate $9 million in sewer fund reserves. I had urged the Council and staff to do so since these reserves were making less than 0.75% interest at that time (and only 0.41% now) in the State Investment Fund. By my calculations, reducing our current sewer fund reserves from $9 million to $7 million while saving $365,000 in interest over the next five years would have resulted in only a small reduction in the proposed cut in the new five-year sewer rates. The bond was not paid off, but it appears that FRA was consulted. In a 1/11/21 response to a question from Councilwoman Sustarsic regarding an $1887 warrant to FRA for October 2020 "Sewer D/S Services," staff indicated that "the City is working with Feldman to determine the cost of issuing debt and whether or not existing debt can be refinanced, particularly the State Loans for the Sewer Fund." The State Loans represent two other sewer bonds that total about $3 million with an interest rate of 2.6% through 2031. Given this low rate, refinancing these two bonds by issuing new bonds is not likely to save the City much money after the cost of issuance. Furthermore, the combined annual interest that we are currently paying on these two 2.6% bonds (about $77,000) is less than the interest (about $91,000) that we are paying on the 4.8% $2 million bond that we could have been paid off without any "transaction" or underwriting fees. Doing so ASAP with reserves should have been (and is still) a "no-brainer" IMHO. Recommendation: Delete "B. Transaction Services" from the Exhibit A, Scope of Services, and add language to the proposed contract indicating that FRA will not be eligible during the term of the proposed contract for provision of Transactional Services via a contract amendment, a separate contract, or purchase order. Item H: Business License Discovery and Recovery Audits Is this effort going to include discovery of businesses that operate (or should be operating) under annually renewable home occupation permits? Item K: Police Fixed ALPR's Page 2 of the staff report states that we own our data and control who sees it and how long it is kept on the server. Additionally, the Vigilant system allows agencies to audit who has accessed the database. This will allow us to comply with SB 34 by adopting a SBPD policy regarding access, data retention, and auditing. Since the staff report indicates that West Comm staff will also have access, the same policy needs to be adopted by West Comm. Do we currently have a written SBPD policy that complies with SB 34? For background information on SB 34 for the Council and public, I have attached a summary from a February 2020 State Auditor's Report of four agencies that found that all had either a deficient policy or no policy at all. I have also attached a subsequent article in the LA Times. The top of page 3 of the staff report states that four additional cameras will be provided at no cost by the UASI Grant. How much will the Grant money offset Vigilant's Project Quotation of $211,162 for the envisioned 16 -camera, 4 -intersection system? In other words, what will be our net cost after deducting the amount paid by the Grant? The Financial Impact section of the staff report makes no mention of annual costs. However, the Vigilant Project Quotation includes an unspecified cost for a "Basic Service Package" which is "priced per camera per year" and requires a separate Enterprise Service Agreement. How much is the price per camera per year for this Service Package? Does the quote of $211,162 include more than just the first year of this Service Package? Item L: Local Paving Contract The staff report recommends that good pricing warrants adding two streets to the original four for a total of six streets in this project. However, for the six -street project, the lowest bidder is Hardy & Harper ($251,660), not the selected Onyx Paving ($255,000). The staff report does not address this issue, and just states that Onyx is the "lowest responsive bidder." Why was Hardy & Harper not selected for the proposed six -street project? Item M: OC Auto Theft Task Force The first paragraph of the Background section states that auto theft is a significant national crime trend, and that it increased 43% in Seal Beach in 2020. For a greater than one (pandemic) year perspective on this trend, I compiled auto theft data for Seal Beach from the California Dept of Justice for the years 2010-2019 and added a figure for 2020 reflecting a 43% increase. The table below shows that an increase of this magnitude would represent an additional 13 auto thefts in 2020 vs. 2019. The calculated 2020 total of 44 would be in the range that the City experienced in 2016 and 2017. Vehicle Theft 2010 2011 2012 2013 2014 2015 2016 2017 2018 2019 2020 28 30 23 33 34 36 41 48 38 31 44 The Financial Impact section of the staff report states that hiring a new officer with assignment to the OCATT will not place any additional burden on the General Fund. However, it is not clear from the Memoranda of Agreement (MOA) that this will be the case. The MOA does not appear to cover the cost to recruit, outfit (including body camera), and fully train a new officer. What is the estimated cost for this to the General Fund? Section IV.A (page 4) of the MOA states that "salaries, benefits" will be reimbursed and that task force members "shall be assigned as a full time position." However, Section IV.D (page 5) then specifies that reimbursements to the employing agency "will be based on actual hours of program participation." Additionally, hours spent in training that is not related to OCATT duties is not reimbursable. Will time off for vacation or sick leave be reimbursable as "actual hours of program participation? How many hours of training per year do we require for an Investigator? Will any of these be reimbursable OCATT time? The MOA makes no specific mention of reimbursement for pension or retiree health costs, but presumably both are reimbursable "benefits." However, will OCATT be responsible for the payment of any unfunded liabilities for these benefits that may accrue during the years of program participation? Section VILA (page 7) of the MOA states that "If the task force is unable to provide a vehicle to the member through task force resources, participating agencies agree to provide this equipment." Is it anticipated that we will have to provide a vehicle? Audit cites license reader risk 2123/ Zv BY PATRICK MCGREEVY SACRAMENTO — The Los Angeles Police Depart- ment and three other Cali- fornia law enforcement agencies have not provided sufficient privacy protec- tions forthe hundreds of mil- lions of images collected by automated license plate readers and shared with other jurisdictions, accord- ing to the state auditor. Most of the images col- lected by the devices are un- related to criminal cases. The audit, released Feb. 13, found that 99.9% of the 320 million images the LAPD stored were of vehi- cles that were not on a list of those involved in criminal investigations when the im- age was made by the auto- mated license plate readers, or ALPR. State Auditor Elaine Howle said in a letter to Gov. Gavin Newsom and the Leg- islature that changes were needed to better safeguard the privacy of license plate data collected by the Fresno Police Department, Marin County Sheriff's Office, Sac- ramento County Sheriff's Department and LAPD. "Local law enforcement agencies did not always fol- low practices that ad- equately consider the ua s orivacv in handling and retaining the ALPR im- s and associate ata," e audit said. " one o e agencies have an ALPR us - a e and privacy poe cy tFat implements he eg y mandated — since 2016 — require einellts." State Sen. Scott Wiener (D -San Francisco), who re- quested the audit, said he would write legislation to ad- dress the problems, includ- ing the need for more pri- vacy safeguards as well as stronger state enforcement to ensure local law enforce- ment agencies have proper policies. "I am horrified," Wiener said after the audit. "We be- lieved that there were prob- lems with the ALPR pro- gram, but I did not antici- pate the scale of the problem — the fact that we have so many 1313E enforcement agencies that are noon com_ plying with state law includ- ing LAPD." Wiener had asked for the audit of what he called "mass surveillance" sys- tems, concerned that the in- formation collected might indicate where someone worships or goes to the doc- tor, or where the person sleeps. He said the systems were supposed to be used for the narrow purpose of iden- tifying crimes. "Instead, we have law enforcement agencies re- taining the data for years and disseminating it broadly," Wiener said. "It's very disturbing." The findings will prob- ably have consequences far beyond the four agencies ex- amined. Howle said a survey by her office found that 70% of all law enforcement agen- cies in California either op- erated or planned to operate anALPR system. "This raises concerns that these agencies may share the deficiencies we identified at the four agen- cies we reviewed," the audit said. LAPD Chief Michel Moore said in a letter re- sponding to the audit that his agency had "the utmost respect for individuals' pri- vacy and currently has poli- cies and procedures in place to safeguard personal infor- mation" but that the depart- ment was taking additional steps to address the audi- tor's concerns. The automated camera systems mounted on street- light poles and patrol cars collect and store license plate images of vehicles passing in their view and enable law enforcement to track a vehicle's movements over time. The images are compared with a list of vehi- cles of interest, including stolen cars and those used in crimes, and officers are alerted in real time to their location. State law requires that a enciesop policies a d sa" i'eguards o prevent mis- �escribing t— the purpose, who may use it, how the agency will share data, how the agency will protect and monitor the sys- tem, and how long the _ agency will keep the data. However, the agencies we reviewed either digit ;vt�LP were deficient, and y had not implemented sufficient safeguards," the audit found. "For example, none had audited searches oTfre ALPR ima es b their sta and thus had no assur- ance Wat the searches were appropriate." Pnvacy concerns have been raised by groups in- cluding the American Civil Liberties Union, which has questioned the collection and storage of data on those not suspected of crimes,-in- eluding rimes;in- cluding associates and neighbors of suspects. The audit found that LAPD policy is to retain the license plate data for at least five years. But Mohammad Tajsar, a staff attorney for the ACLU of Southern California, said data not in- volving criminal investiga- tions should be disposed of immediately. "This audit confirms what we have long sus- pected: The LAPD treats its license plate reader pro- gram like it's in the Wild West," Tajsar said. "The LAPD collects an extraordi- nary amount of license plate hits, keeps them for far long- er than most agencies across the country, doesn't delete the 99.9% of records that ar- en't related to a criminal in- vestigation, and has no pol- icy that safeguards the ex- tremely sensitive informa- tion that its technology generates." The Fresno, Sacramento County and Marin County agencies share their images with hundreds of law en- forcement entities through- out the country, the audit said, but they could not pro- vide auditors with evidence that the other entities had a right or need to access the images. "We are concerned that unless an agency conducts verifying research, it will not know who is actually using the ALPR images and for what purpose," the audit concluded. The LAPD shares license plate data with 58 law en- forcement agencies in Southern California — in- cluding those in San Fer- nando, Anaheim and Thou- sand Oaks — and does a bet- ter job of recording and con- trolling which images are shared, the audit found. Although the vast major- ity of images stored by the LAPD are not related to ve- hicles on a so-called hot list, the auditors said the stored images could "provide value beyond immediate hit alerts," allowing officers to search the database to gather information on vehi- cles present at particular locations and "to track vehicles' movements at par- ticular times in order to gather or resolve leads in investigations." Howle recommended that the state Department of Justice develop a model policy to protect privacy that could be adopted by local law enforcement agencies. She said the state agency should also have the power to make sure agencies com- plied with policies. Fresno officials told Howle they will use the audit to help them achieve their goal of building trust in the community. Sacramento County sheriff's officials said they have already be- gun implementing many of the recommendations but dispute some of the audit findings. Moore said in his written response that the LAPD provided extensive training to its employees on acces- sing the data and that infor- mation was only provided on a need -to -know basis. But he said other steps were be- ing taken. Although our dedication to protecting individuals' privacy is covered in our day to day operations and pro- cedures, the department is currently working on an ALPR policy to ensure that the protection of those rights is also memorialized in our Department Manual," Moore wrote. He said he hoped the department would complete that work by April, and the new docu- ment will detail who can ac- cess the information and how long it can be stored. Moore also promised to perform periodic audits to make sure the information is collected and handled properly. California State Auditor Report 2019-118 February 2020 Summary Results in Brief To better protect the privacy of residents, local law enforcement agencies must improve their policies, procedures, and monitoring for the use and retention of license plate images and corresponding data. The majority of California law enforcement agencies (agencies) collect and use images captured by automated license plate reader (ALPR) cameras. The ALPR system is both a real-time tool for these agencies and an archive of historical images. Fixed cameras mounted to stationary objects, such as light poles, and mobile cameras mounted to law enforcement vehicles, capture ALPR images. Software extracts the license plate number from the image and stores it, with the date, time, and location of the scan and sometimes a partial image of the vehicle, in a searchable database. The software also automatically compares the plate number to stored lists of vehicles of interest, called hot lists then issues alerts, called hits if the plate number matches an entry on the hot list. Agencies compile these hot lists based on vehicles sought in crime investigations and vehicles connected to people of interest—for example, a list of stolen vehicles or of missing persons. We use the term ALPR data to describe all the information stored in an ALPR system, including license plate images and hot lists. Because an ALPR system stores the plate number and image in a database even if the plate number does not match one on a hot list, the American Civil Liberties Union (ACLU) raised concerns in a 2013 report about law enforcement collecting and storing ALPR images related to individuals not suspected of crimes. The ACLU noted that law enforcement officers could inappropriately monitor the movements of individuals such as ex -spouses, neighbors, and other associates—actions that do not respect individuals' privacy. Although ALPR supporters contend that the images are collected in public places where there is no reasonable expectation of privacy, state law has made privacy a consideration when operating or using an ALPR system. Nonetheless, we found that the handling and retention of ALPR images and associated data did not always follow practices that adequately consider an individual's privacy. Although law enforcement agencies collect ALPR images in public view, and there is no reasonable expectation of privacy regarding a license plate, the use and retention of those images raises privacy concerns. The four local law enforcement agencies we reviewed—Fresno Police Department (Fresno), Los Angeles Police Department (Los Angeles), Marin County Sheriff's Office (Marin), and Sacramento County Sheriff's Office (Sacramento)—have accumulated a large number of images in their ALPR systems, yet most of these images are unrelated to their criminal investigations. Audit Highlights .. . Our audit of the use of automated license plate readers (ALPR) at four local law enforcement agencies highlighted the following: Local law enforcement agencies did not always followproctices that adequately consider the individual's privacy in handling and retaining the ALPR images and associated data. All four agencies have accumulated a large number of images in their ALPR systems, yet most of the images do not relate to their criminal investigations -99.9 percent of the 320 million images Los Angeles stores are for vehicles that were not on a hot list when the image was made. • None of the agencies have an ALPR usage and privacypolicy that implements all the legally mandated—since 2016— requirements. • Three agencies did not completely or clearly specify who has system access, who has system oversight orhowto destroyALPR data, and the remaining agency has not developed a policy at all. • Two of the agencies add and store names, addresses, dates of birth, and criminal charges to their systems— some of these data may be categorized as criminal justice information and may originate from a system maintained and protected by the Department of Justice. continued on next page .. . California State Auditor Report 2019-118 February 2020 • Three agencies use a cloud storage vendor to hold theirmany images and associated data, yet the agencies lack contract guarantees that the cloud vendor will appropriately protect the data. • Three agencies share their images with hundreds of entities across the U.S. but could not provide evidence that they had determined whether those entities have a right or a need to access the images. » Agencies may be retaining the images longer than necessary and thus increasing the risk to individuals' privacy. » The agencies have few safeguards for creating ALPR user accounts and have not audited the use of their systems. For example, at Los Angeles only 400,000 of the 320 million images it has accumulated over several years and stores in its database generated an immediate match against its hot lists. In other words, 99.9 percent of the ALPR images Los Angeles stores are for vehicles that were not on a hot list at the time the image was made. Nevertheless, the stored images provide value beyond immediate hit alerts, as law enforcement personnel can search the accumulated images to determine the vehicles present at particular locations and to track vehicles' movements at particular times in order to gather or resolve leads in investigations. Technology gives governments the ability to accumulate volumes of information about people, raising a reasonable question: How is an individual's privacy to be preserved? Effective in 2c,16 the California Legislature addressed privacy with respect to ALPR systems through Senate Bill 34 (Statutes of 2o15, Chapter 532) (SB 34) by establishing requirements for these systems, including requiring detailed usage and privacy policies that describe the system's purpose, who may use it, how the agency will share data, how the agency will protect and monitor the system, and how long the agency will keep the data. Yet the agencies we reviewed have not implemented all of the requirements in that law. Law enforcement agencies must first create policies that set clear guidelines for how they will use ALPR data. Setting certain expectations in writing through an ALPR usage and privacy policy helps ensure that agencies operate their ALPR programs in a manner that better protects individuals' privacy. However, none of the four agencies have an ALPR policy that contains all of the required information. In fact, Los Angeles has not developed an ALPR policy at all. The other three agencies did not completely or clearly specify who has system access, who has system oversight, or how to destroy ALPR data. Their poorly developed and incomplete policies contributed to the agencies' failure to implement ALPR programs that reflect the privacy principles in SB 34. ALPR systems may contain data beyond license plate images. For example, we found that Sacramento and Los Angeles are adding names, addresses, dates of birth, and criminal charges to their ALPR systems, which are then stored in those systems. Some of these data may be categorized as criminal justice information; in addition, the data may originate from the California Law Enforcement Telecommunications System (CLETS), which the California Department of Justice (Justice) maintains. These various types of data require different levels of protection under the law. State law requires these agencies to maintain reasonable security procedures and practices to protect ALPR data from unauthorized access, destruction, use, modification, or disclosure. In addition, we believe that policy from the Criminal Justice Information Services California State Auditor Report 2019-118 February 2020 Division (CJIS) of the U.S. Federal Bureau of Investigation (FBI) models reasonable security measures for law enforcement agencies' ALPR data. CJIS policy specifies operational, administrative, technical, and physical safeguards for each of the areas specified in state law. Fresno, Marin, and Sacramento use a cloud storage solution to hold their many ALPR images and associated data. Although the three agencies told us their systems comply with CJIS policy, none of them could demonstrate the vetting they performed to confirm that their cloud storage vendor did, in fact, meet the CJIS policy standards. Moreover, none of the contracts these three agencies have with their cloud storage vendors include all necessary data security safeguards. Thus, the agencies lack guarantees that the cloud vendor will provide appropriate protection of their data. Law enforcement agencies of all types may benefit from guidance to improve their policies and data security practices. We surveyed 391 police and sheriff departments statewide, and of those using an ALPR system, 96 percent stated that they have ALPR policies, and nearly all reported that their ALPR data storage solution complies with CJIS policy. However, it is likely that many of the survey respondents have the same problems we identified at the four agencies we visited. Justice has experience guiding law enforcement agencies to help them adhere to state law and to improve their administrative practices. By developing guidance for local agencies on needed ALPR policy elements, Justice could help them improve the quality and completeness of their policies. State law allows law enforcement agencies to share ALPR images only with public agencies, and it requires such sharing to be consistent with respect for individuals' privacy. Three of the reviewed agencies share their ALPR images widely using features in the ALPR systems that enable convenient sharing of images with minimal effort. Fresno and Marin have each arranged to share their ALPR images with hundreds of entities and Sacramento with over a thousand entities across the United States. However, we did not find evidence that the agencies had always determined whether an entity receiving shared images had a right and a need to access the images or even that the entity was a public agency. We are concerned that unless an agency conducts verifying research, it will not know who is actually using the ALPR images and for what purpose. In addition, the agencies have not based their decisions regarding how long to retain their ALPR images on the documented usefulness of those images to investigators, and they may be retaining the images longer than necessary, increasing the risk to individuals' privacy. Fresno's policy is to retain ALPR images for 4 California State Auditor Report 2019-118 February 2020 one year; Sacramento's and Marin's policies specify two years. Los Angeles does not have an ALPR policy, and the lieutenant who administers the ALPR program stated that its protocol is to retain the images for at least five years. However, when we reviewed the agencies' ALPR searches over a six-month period in 2oig, we found that personnel for three of the four agencies typically searched for images zero to six months old. Nonetheless, the agencies keep the images far longer. The agencies we reviewed have few safeguards for the creation of ALPR user accounts and have also failed to audit the use of their ALPR systems. Instead of ensuring that only authorized users access ALPR data for appropriate purposes, the agencies have left their systems open to abuse by neglecting to institute sufficient oversight. Over the years, the media has reported that some individuals within law enforcement used or could use data systems—and sometimes ALPR systems—to obtain information about individuals for their personal use, including to locate places they regularly visit, to determine their acquaintances, and to blackmail them based on this information. ALPR systems should be accessible only to employees who need the data, and accounts should be promptly disabled otherwise. However, the agencies often neglected to limit ALPR system access and have allowed accounts that should be disabled to remain active longer than is prudent. To further ensure that individuals with access do not misuse the ALPR systems, the agencies should be auditing the license plate searches that users perform, along with conducting other monitoring activities. Instead, the agencies have conducted little to no auditing and monitoring and thus have no assurance that misuse has not occurred. Recommendations Legislature To better protect individuals' privacy and to help ensure that local law enforcement agencies structure their ALPR programs in a manner that supports accountability for proper database use, the Legislature should amend state law to do the following: • Require Justice to draft and make available on its website a policy template that local law enforcement agencies can use as a model for their ALPR policies. California State Auditor Report 2019-118 February 2020 • Require Justice to develop and issue guidance to help local law enforcement agencies identify and evaluate the types of data they are currently storing in their ALPR systems. The guidance should include the necessary security requirements agencies should follow to protect the data in their ALPR systems. • Establish a maximum data retention period for ALPR images. • Specify how frequently ALPR system use must be audited and that the audits must include assessing user searches. Law Enforcement Agencies To address the shortcomings this audit identified, Fresno, Los Angeles, Marin, and Sacramento should do the following: • Improve their ALPR policies. • Implement needed ALPR data security. • Update vendor contracts with necessary data safeguards. • Ensure that sharing of ALPR images is done appropriately. • Evaluate and reestablish data retention periods. • Develop and implement procedures for granting and managing user accounts. • Develop and implement ALPR system oversight. Agency Comments The four law enforcement agencies we reviewed responded to the draft audit report. Fresno responded that it will use the audit to work to achieve its goal of building trust in its community. Los Angeles responded that it respects individuals' privacy and believes it has policies in place to safeguard information. Nonetheless, it is working on an ALPR policy as required by state law and will perform periodic audits of users' searches. Marin stated it is committed to improvement and will consider the recommendations we made, although it disagreed with several of them. Sacramento stated that it had already begun implementing many of the recommendations, but that it did not agree with how we characterized some of the findings. Justice and the Sacramento County Department of Human Assistance also responded by acknowledging the draft report, although we did not have recommendations directed to either entity.