California’s Immigration Firewall Has a Blind Spot
Why SB 54 Cannot Stop Deportation by Data — and What the State Must Do Next
California has been a national leader in limiting state and local entanglement with federal immigration enforcement. The California Values Act (SB 54) was a landmark statement: state resources should not be used to aid deportation.
But today, deportation rarely depends on a knock at a police station door. It depends on data.
As law enforcement systems have become automated, interstate, and self-service, California’s protections have failed to keep pace. The result is a widening gap between California’s stated values and the technical reality of how residents’ data is accessed and used by federal immigration agencies.
This is not a theoretical concern. It is a known, documented, and ongoing practice — and one that SB 54 is structurally incapable of stopping.
Federal Immigration Agencies Already Use State Law Enforcement Data
Federal immigration agencies, including Immigration and Customs Enforcement (ICE) and Homeland Security Investigations (HSI), have routine access to California-originated law enforcement and DMV data through national systems such as CLETS, NCIC, and Nlets.
On November 12, 2025, a coalition of US Senators and Representatives wrote to a number of Governors about these concerns, including California’s:
Dear Governor Newsom:
We write to alert you to the fact that your state is providing Immigration and Customs Enforcement (ICE) and other federal agencies with frictionless, self-service access to the personal data of all of your residents. We urge you to block ICE’s access, as Illinois, New York, Massachusetts, Minnesota and Washington have already done and Oregon is in the process of doing, and to consider going further by blocking access to other federal agencies that are now acting as Trump’s shock troops.
CLETS (the California Law Enforcement Telecommunications System) is California’s statewide law-enforcement network, operated by the Department of Justice, that allows agencies to enter and retrieve records such as warrants, protection orders, stolen vehicles, and other law enforcement data. CLETS also serves as California’s gateway to national law enforcement systems.
NCIC (the National Crime Information Center) is a nationwide database maintained by the FBI that contains records such as wanted persons, warrants, missing persons, and stolen property. When California agencies enter records into NCIC through CLETS, those records can become searchable to law enforcement agencies across the country.
Nlets is not a database, but a secure interstate messaging and data-sharing network used by all 50 states and many federal agencies. It is commonly used to exchange DMV records, vehicle registration data, and administrative law enforcement messages. Through Nlets, out-of-state and federal agencies can query California DMV information without contacting a California official directly.
These systems were designed decades ago for criminal justice coordination. Today, they function as high-volume intelligence platforms. Federal agencies can query them directly, without notifying California officials, without officer involvement, and without stating a purpose.
The scale is not trivial. In a single recent year, ICE and HSI made nearly 900,000 DMV data queries through Nlets, a system that California uses to expose driver records, addresses, vehicle ownership data, and — in many cases — photos.
Once accessed, this data is routinely combined with:
Warrants and wanted-person records
Vehicle and license plate information
Address histories
Driver photographs usable for facial recognition
Administrative messages such as BOLOs and ATLs
Each data point alone may seem mundane. Together, they form a powerful deportation targeting system.
The Real Threat Model: Deportation by Automation, Not Cooperation
California law assumes that immigration enforcement happens when someone chooses to help. The modern threat model is different.
The system itself is the helper.
Under current architecture:
Local agencies enter records for routine policing purposes.
Those records automatically propagate to national systems like NCIC or become queryable through networks like Nlets.
Federal immigration agencies conduct self-service searches.
Data is fused, analyzed, and operationalized for arrest and removal.
No California officer needs to pick up the phone. No request needs to be approved. No law is “violated” in the traditional sense.
A common scenario illustrates the risk:
A minor or old state warrant is entered into NCIC.
ICE queries NCIC and identifies a match.
ICE supplements the hit with DMV address and vehicle data via Nlets.
A traffic stop or arrest on the state warrant leads directly to immigration custody.
At no point does SB 54 meaningfully intervene — because no one affirmatively “assisted.”
Why SB 54 — and DOJ Policy — Are Structurally Insufficient
SB 54 was drafted for a human-mediated world. It regulates what officers and agencies may do. It does not regulate what systems disclose.
California Department of Justice CLETS Policies, Practices, and Procedures (PPP) strengthen training requirements, audits, and misuse penalties, and they play an important role in governing how authorized users are expected to behave. But like SB 54, PPP is fundamentally a conduct-based framework.
Key gaps remain:
No regulation of system design
Neither SB 54 nor PPP contains sufficient requirements governing CLETS, NCIC, or Nlets configuration, routing rules, or agency-level access controls.
No control over automated data sharing
Automated interstate disclosures do not trigger conduct-based prohibitions, because no employee action occurs.
Purpose-based limits that cannot be enforced
Federal agencies are not required to state — let alone prove — that a query is unrelated to immigration enforcement. Purpose restrictions collapse in self-service systems, a limitation DOJ policy cannot solve on its own.
No meaningful prevention mechanism
Audits and sanctions occur after misuse has already happened; they do not stop data from flowing in the first place.
In short: SB 54 and DOJ policy limit people. Deportation today is driven by machines.
California Is Falling Behind Other States
California is no longer at the forefront of this issue.
Illinois, New York, Massachusetts, Minnesota, and Washington have already technically blocked ICE’s access to state DMV data through system-level controls. Oregon is actively implementing similar protections.
These states demonstrate several critical points:
Technical blocking is feasible.
Data governance is not immigration policymaking — it is privacy and public safety policy.
Blocking automated access does not prevent warrant-based or court-approved information sharing.
Notably, many of these states acted only after discovering — often belatedly — how their data was actually being used.
California now finds itself in the opposite position: rhetorically strong, technically permissive.
The Case for a CLETS Data Firewall
A CLETS-focused data firewall would not dismantle law enforcement cooperation. It would modernize it.
Such legislation would:
Regulate system behavior, not just officer conduct.
Block automated access by immigration agencies at the technical level.
Preserve warrant-based and emergency access where legally justified.
Require logging, reporting, and oversight.
Align California’s data infrastructure with its stated values.
This is not radical. It is basic risk management.
Values Without Infrastructure Are Not Protection
SB 54 remains important. DOJ policy improvements are meaningful. But both were built for an earlier era.
Today, California’s law enforcement databases operate in a national, automated ecosystem where data moves faster than law, and enforcement decisions are downstream from system design.
If California is serious about limiting its role in deportation, it must move beyond symbolic safeguards and adopt system-level controls. Other states have already done so. The technical tools exist. The risk is documented. The policy rationale is clear.
What remains is a choice: continue to regulate intent, or finally regulate impact.
Secure Justice is presently shopping around a legislative proposal to address this issue.