|
Getting your Trinity Audio player ready...
|
Pleasanton Police Department officials acknowledged flaws in its previous automatic license plate reading system after a public records request by an Oakland-based citizens’ coalition revealed that the system allowed federal agencies to have access to its data, which is a violation of state and city law.
While the department has stopped using the system as of last October, the discovery of the violation was made public during the July 7 Pleasanton City Council meeting when Mike Katz-Lacabe, a director of research for Oakland Privacy, informed the city and public of his findings during public comment.
The Oakland Privacy citizens’ coalition “works statewide to defend the right to privacy, enhance public transparency and promote oversight regarding the use of surveillance techniques and equipment,” according to its website.
“Not only is it disappointing that the agency tasked with enforcing the law is itself failing to follow the law, its actions may have endangered the residents, visitors, neighbors and families of Pleasanton,” Katz-Lacabe said during the meeting.
According to the “Agency Data Sharing Report” published by Oakland Privacy, which also called out several other agencies in the state for the same issue, the San Diego Sector Border Patrol was one of the dozens of agencies that were able to access PPD’s license plate reader data.
“With our old system, the San Diego Border Patrol Office was not prohibited from being able to access our data as all other federal agencies were,” PPD Lt. Nicholas Albert told Pleasanton Weekly. “However, we have no ability to confirm whether any data was actually accessed at any period of time by them.”
According to city documents, Pleasanton first began using automatic license plate readers (ALPR) back in 2018 as a tool for officers and dispatchers to quickly alert police when vehicles that were implicated in criminal activity entered the city and to identify other vehicles involved in crimes throughout the city.
But it wasn’t until 2020 that the city installed 30 Motorola Vigilant cameras at nearly a dozen intersections. Two years later, the city also installed eight ALPR cameras from Flock Safety, which is another license plate reader private company that has faced public scrutiny for allowing federal agencies to access information.
The Motorola Vigilant cameras and relevant contract with the company had remained active until October 2025. The City Council approved a new contract with Flock the previous month after testing out the technology with those original eight cameras. According to a July 15, 2025 staff report, 20 of the other Motorola cameras were “inoperable and, due to advances in technology, no longer meet operational needs.”
The Motorola Vigilant system is now facing criticism for not prohibiting the San Diego Sector Border Patrol from accessing Pleasanton’s ALPR data, despite the city having canceled its contracts with them.
Katz-Lacabe said during Tuesday’s meeting this is illegal under California Senate Bill 34 which states that law enforcement agencies are not allowed to share license plate reader data with any federal and out-of-state agencies, or private entities.
Additionally, the PPD’s policy states that “ALPR system audits should be conducted on a regular basis.”
Katz-Lacabe said either these audits are not being conducted or the audits are “not thorough enough to check whether the police department is complying with California state law.”
“They say they’re not doing it now, they don’t have a contract with Motorola anymore. Great,” Katz-Lacabe said. “But at least up until October 2025, they were doing something against the law and the question now is for how long were they doing it, what impact did it have, how did it happen, who’s responsible and how will they make sure that doesn’t happen going forward.”
Whether those agencies, including the San Diego Sector Border Patrol, actually accessed that data from Pleasanton specifically is unknown, Katz-Lacabe told the Weekly in a follow up interview. He said he believes once the city installed the Motorola license plate reader cameras, that’s when the city could have possibly started sharing data with outside agencies like the San Diego Sector Border Patrol.
“Because the legacy system was no longer in use, it was not part of our ongoing auditing process,” Albert said. “It appears that when all federal agency connections were removed, the San Diego Sector Border Patrol entry was inadvertently overlooked because it was listed under California rather than as a federal agency.”
Katz-Lacabe noted how even though the city might have canceled its contract with Motorola Vigilant, the data sharing report had a Jan. 6 date marked, which could mean that the San Diego Sector Border Patrol could still have access to the system.
And even though Albert said that with the “new Flock system, it is not possible for federal agencies to access any of our data”, others were also left feeling skeptical about the city’s five-year, $639,760 contract with Flock Safety, which also included the installation of 54 replacement ALPR cameras.
“This is the type of data breach that we were concerned about with Flock,” Dan Morley, a member of the progressive organization, Indivisible Tri-Valley, told the Weekly.
He also noted how he and other Indivisible members had asked the City Council in the past to take into account the dangers of using the automatic license plate reader technology and how they had been assured by the council, staff and even the police chief that the department does not share any data with federal agencies.
“I trusted what our Pleasanton council members and police representatives said at the meeting, when they considered the contracts, saying that these breaches won’t happen,” Morley said.
“These data breaches still happen, even though Flock claims (or) tells the city ‘trust us’ ” Morley added. “I don’t really trust Flock. I tend to trust our city and I’d like to hear their response to these breaches of data.”
Katz-Lacabe also criticized the department’s newest contract with Flock noting how the company had been under fire recently in San Francisco and other places after federal agencies accessed the company’s license-plate surveillance data.
And while he said there are currently no federal agencies with direct access to license plate readers from Flock that he is aware of, local police agencies can access Flock data and perform searches on behalf of federal agencies.
“That has been documented to be happening in many, many places where they will do a search on behalf of the FBI or the DEA or border patrol or ICE,” he said. “As far as I can tell, Flock is correct when they say there is no direct federal agency access to the license plate reader data, but these kinds of side searches … Those still occur and there is no way that Pleasanton can prevent it.”
He also pointed out how Flock is a private company which could make changes to its policies and how it decides to share data at any time without notifying its customers, which should cause concern to cities like Pleasanton.
Despite all of this, Katz-Lacabe remains hopeful that the city can address this issue moving forward.
“I look forward to this violation of state law being quickly addressed and a transparent investigation into how this happened, how long this has been occurring and accountability for those responsible, including a plan for how it will be prevented in the future,” Katz-Lacabe told the dais on Tuesday.
He also noted how he has requested subsequent public record reports and audits on the matter.
“The Pleasanton Police Department is committed to protecting the privacy of our community, complying with all applicable laws, and maintaining the public’s trust,” Albert said. “When issues are identified, we take them seriously, act promptly to address them, and review our processes to help prevent similar situations in the future.”



