BART Gets An “A” For Annual Reporting
On September 21, 2018, the San Francisco Bay Area Rapid Transit District (“BART”) enacted by ordinance a surveillance technology vetting framework sponsored by Director Rebecca Saltzman.
"Transparency is important for all government agencies, especially in the times we live in, with increasing data collection and surveillance. I appreciate that advocates, including Secure Justice, worked with BART to help ensure we are as transparent as possible to BART riders and the public,” says Director Saltzman.
Co-written by Secure Justice Executive Director Brian Hofer, the framework is intended to increase transparency into BART’s use of potentially powerful and invasive equipment and to establish guidelines with community input to govern such use. Seven such jurisdictions in California have similar frameworks in place, and thirteen more across the nation. BART is the first transit district in the country to adopt such a model. The framework provides for ongoing oversight via an annual reporting obligation for each piece of technology in use.
During the up-front review process, for each piece of technology BART staff must provide for public review and input an Impact Report, and a proposed Use Policy. The two documents work together, as any concerns identified in the analysis provided by the Impact Report ideally are mitigated by the proposed use policy. If the Board approves the use policy, the ordinance requires an ongoing annual report for each piece of technology, to demonstrate how it has been used, whether public safety goals are being met, how much it has cost the taxpayer, and the results of audits, among other categories of required information.
During the review, Secure Justice worked closely with BART staff on their proposed use policy regulating the use of automated license plate readers. At our suggestion, BART agreed to reduce the retention limit to 30 days, demonstrating their good-faith efforts to reduce the risk of profiling and unnecessary retention of personal information. Many jurisdictions arbitrarily have chosen a one year retention limit for license plate scans, and when asked to justify the length of that retention, they are unable to do so. People that park at BART owned garages are typically daily commuters, and they would likely know (and report to the police) if their car was stolen the same day, thus removing the need for a lengthier retention limit.
Greater accumulation and retention of data can lead to profiling and more accurate identification of folks that have no business being in a police surveillance database, as historically across the country 99.97% of most license plate scans are never tied to any suspicion of wrongdoing. BART’s use of Clipper cards for payment, which are also used to pay for parking at its garages, greatly increases the likelihood that an individual can be identified and tracked throughout its system. Most users of Clipper cards register them and link them to a bank account or credit card, further enabling them to be monitored as they go about their daily lives.
Now that BART has completed one full cycle of the framework, have the stated goals of the vetting framework been achieved? We believe that the information being supplied to the Board and public has led to greater transparency, increased trust, and better informed decision making, and considering that this is BART’s first time through the annual reporting stage, we are confident in stating that BART is honoring both the letter and spirit of the ordinance.
The ordinance requires “mindfulness”, thinking about the potential impact from use of technology prior to its implementation. The ordinance framework also asks a question missing from many government expenditures of taxpayer funds – does the technology actually work in a cost effective manner at achieving the purported goals? In order to continue use of surveillance technology on an ongoing basis, BART’s Board must make a determination that the benefits of using the technology according to its proposed use policy will outweigh the potential cost to civil liberties and the taxpayer.
Due to the subjective nature of the framework and surveillance technology in general, there is intentionally no definition of “success” written into the ordinance. Each of us likely has a different comfort level when it comes to how much of our privacy we’re willing to give up, and for what purpose. We likely also have differing opinions when it comes to whether the use of such technology has been successful – is it a deterrant? Has it lead to more prosecutions? However, the transparent nature of the published annual reports, which allows for both public scrutiny and feedback, ensures that a democratic process occurs prior to the Board making the above determination (whether favorable or adverse).
Prior to BART’s August 27, 2020 board meeting, staff submitted the following annual reports for Board and public review: 1) CCTV camera network, 2) Public Video Monitors, 3) Public Emergency Phone Towers, 4) Mobile Applications, 5) Automated License Plate Readers, 6) Research Data Collection & Usage Application, and 7) Trip Verification Technology.
Our August 26, 2020 letter identified deficiencies in four of the reports, where information required by the ordinance was not provided or wasn’t clear to a casual reader. Our written feedback led to staff providing more information and better clarity into the efficacy (or lack thereof) and real-world metrics of BART’s use of these technologies. The final approved versions of the seven annual reports are viewable here, at pages 50-80: https://www.bart.gov/sites/default/files/docs/agendas/09-10-20%20Board%20Packetrev4.pdf
Based on our work with jurisdictions across the country operating under similar frameworks, we believe that BART is presently leading the way when it comes to supplying sufficient specificity and information to meet their annual reporting obligations, and the public should have confidence that such use appears to be responsible, that certain technology is proven to be effective, and where other technologies have not met the standard (e.g. Public Video Monitors), BART is ceasing such use so as not to cause taxpayers an undue burden or negatively impact civil liberties.
Furthermore, BART staff from different departments collectively rated the administrative burden in producing the reports as a 4, on a scale of 1 to 10 with 10 being the most burdensome. A ‘back of the napkin’ estimate by BART staff is that they collectively spent 100 hours on the above seven annual reports. Considering that this was their first time through the annual reporting stage, and that they created their templates from scratch, BART’s experience here helps dispel the common concern we hear from any new jurisdiction’s administrative staff – that the greater transparency and reporting mandated by the ordinance will cause an undue burden. In BART’s own words, they expect the 100 hours it took to “dramatically decrease” now that they understand the expectations and have templates to use in future reporting.
In addition to the above groundbreaking work, BART worked with Secure Justice to modify a data sharing memorandum of understanding with a local law enforcement intelligence center – the Northern California Regional Intelligence Center (“NCRIC”). After hearing our concerns about the boilerplate language and commingling of data with federal agencies, BART modified their MOU to become the first NCRIC partner ever to firewall their data from federal immigration agencies. We applaud BART staff Mimi Bolaffi, Deputy Chief Kevin Franklin, Ryan Greene-Roesel and the many others that reviewed the documents behind the scenes, for these significant civil liberties defending practices.
This was no mere symbolic victory – the conversation about the use of surveillance technology by BART began in earnest after it was revealed that staff ignored a unanimous Board decision to not install automated license plate reader technology. Staff both installed the technology and began sharing data with NCRIC. In addition to many state and local partners, NCRIC also co-hosts the FBI and ICE in the same building, and allows them to access local agency data unless such a firewall is put into place. BART is both a sanctuary district and subject to the California Values Act (SB54), a state law prohibiting most cooperation with federal immigration efforts. By initially sharing data with NCRIC without any restrictions in place, BART staff was potentially placing its own ridership in harm’s way due to the increased immigration enforcement of the Trump administration.
After hearing concerns from the community about BART’s use of technology and data sharing practices, Board Director Rebecca Saltzman sponsored the above ordinance and invited us to participate in the drafting process.
By sharing the expertise we learned in jurisdictions that had earlier adopted similar frameworks, we were able to create a win-win situation with the administrative staff that would be subject to, and have to execute, the ordinance’s obligations. Discussions with staff about the unique security risks of a transit system also were of benefit to us – some of the refined language incorporated into BART’s ordinance is now commonplace in subsequent ordinances adopted across the country. In addition to the names we recognized above, we want to thank Matthew Burrows, Byron Toma, former Chief Carlos Rojas, former Deputy Chief Ben Fairow, Tamar Allen, and Russell Bloom for spending approximately two years working with us on the ordinance.
If you would like to support the work of Secure Justice, please make a financial contribution here: