Skip navigation
Disciplinary Self-Help Litigation Manual - Header

The CalGang Criminal Intelligence System, CA State Auditor, 2015

Download original document:
Brief thumbnail
This text is machine-read, and may contain errors. Check the original document to verify accuracy.
August 2016

The CalGang Criminal
Intelligence System
As the Result of Its Weak Oversight Structure,
It Contains Questionable Information That May
Violate Individuals’ Privacy Rights
Report 2015-130

COMMITMENT
INTEGRITY

LEADERSHIP

The first five copies of each California State Auditor report are free. Additional copies are $3 each, payable by check
or money order. You can obtain reports by contacting the California State Auditor’s Office at the following address:
California State Auditor
621 Capitol Mall, Suite 1200
Sacramento, California 95814
916.445.0255 or TTY 916.445.0033
OR
This report is also available on our website at www.auditor.ca.gov.
The California State Auditor is pleased to announce the availability of an online subscription service.
For information on how to subscribe, visit our website at www.auditor.ca.gov.
Alternate format reports available upon request.
Permission is granted to reproduce reports.
For questions regarding the contents of this report,
please contact Margarita Fernández, Chief of Public Affairs, at 916.445.0255.
For complaints of state employee misconduct, contact the California State Auditor’s
Whistleblower Hotline: 1.800.952.5665.

Elaine M. Howle State Auditor
Doug Cordiner Chief Deputy

August 11, 2016	

2015-130

The Governor of California
President pro Tempore of the Senate
Speaker of the Assembly
State Capitol
Sacramento, California 95814
Dear Governor and Legislative Leaders:
As requested by the Joint Legislative Audit Committee, the California State Auditor presents this audit report
concerning the CalGang database and how law enforcement has implemented requirements for adding juveniles
to CalGang.
This report concludes that CalGang’s current oversight structure does not ensure that law enforcement
agencies  (user agencies) collect and maintain criminal intelligence in a manner that preserves individuals’
privacy rights. Although the California Department of Justice funds it, CalGang is not established in state
statute and consequently receives no state oversight. Instead, the CalGang Executive Board and the California
Gang Node Advisory Committee (CalGang’s governance) oversee CalGang and function independently from
the State and without transparency or meaningful opportunities for public input.
Inadequate oversight contributed to the numerous instances in which the four user agencies we examined
could not substantiate the validity of CalGang entries. Specifically, the agencies lacked adequate support for
13 of 100 people we reviewed in CalGang and for 131 of 563 (23 percent) of the CalGang criteria entries we
reviewed. Although a person’s CalGang record must be purged after five years unless updated with subsequent
criteria, we found more than 600 people in CalGang whose purge dates extended beyond the five-year limit,
many of which were more than 100 years in the future. Finally, the user agencies have poorly implemented a
2014 state law requiring notifications before adding a juvenile to CalGang. Two agencies we reviewed did not
provide juveniles and parents with enough information to reasonably contest the juveniles’ gang designations,
thereby denying many people their right to contest a juvenile’s gang designation.
Although it asserts compliance with federal regulations and state guidelines—standards designed to protect
privacy and other constitutional rights—little evidence exists that CalGang’s governance has ensured these
standards are met. As a result, user agencies are tracking some people in CalGang without adequate justification,
potentially violating their privacy rights. Further, by not reviewing information as required, CalGang’s
governance and user agencies have diminished the system’s crime-fighting value. Although CalGang is not to
be used for expert opinion or employment screenings, we found at least four appellate cases referencing expert
opinions based on CalGang and three agencies we surveyed confirmed they use CalGang for employment
screenings. Although these practices do not appear to be common place, they emphasize the effect CalGang
can have on a person’s life.
We believe that CalGang needs an oversight structure that ensures that information is reliable and that users
adhere to requirements that protect individuals’ rights. Thus, we recommend that the Legislature adopt state
law assigning Justice the responsibility for CalGang oversight and specifying that CalGang must operate under
defined requirements, such as supervisory and periodic record reviews.
Respectfully submitted,

ELAINE M. HOWLE, CPA
State Auditor
621 Capitol Mall, Suite 1200

S a c r a m e n t o, C A 9 5 8 1 4

916.445.0255

916.327.0019 fax

w w w. a u d i t o r. c a . g o v

Blank page inserted for reproduction purposes only.

California State Auditor Report 2015-130

August 2016

Contents
Summary	1
Introduction	9
Audit Results
Due to an Inadequate Leadership Structure, CalGang Has Failed
to Comply With Requirements Designed to Protect Individuals’
Rights to Privacy	

23

Law Enforcement Agencies Could Not Always Demonstrate That
They Had Established Reasonable Suspicion That Groups Were
Gangs Before Entering Them Into CalGang	

28

Law Enforcement Agencies Do Not Have Adequate Support for
Some of the Individuals and Many of the Criteria They Entered
Into CalGang	

31

Law Enforcement Agencies Lack Appropriate Safeguards to
Ensure the Accuracy and Security of CalGang Records	

36

Law Enforcement Agencies Have Failed to Appropriately Notify
Necessary Parties Before Entering Juveniles Into CalGang	

46

Governmental Oversight and Increased Public Participation
Could Strengthen CalGang’s Usefulness and Better Ensure It
Protects Individuals’ Rights 	

52

Recommendations	55
Appendix A
Summary of Selected CalGang Survey Responses	

61

Appendix B
Demographics of Individuals in CalGang by Location, Type,
Gender, Age, and Race	

65

Response to the Audit
California Department of Justice	

69

Los Angeles Police Department	

77

California State Auditor’s Comments on the Response
From the Los Angeles Police Department	

81

v

vi

California State Auditor Report 2015-130

August 2016

Santa Ana Police Department	

83

Santa Clara County Sheriff’s Office	

87

California State Auditor’s Comments on the Response
From the Santa Clara County Sheriff’s Office	
Sonoma County Sheriff’s Office	
California State Auditor’s Comments on the Response
From the Sonoma County Sheriff’s Office	

89
91
103

California State Auditor Report 2015-130

August 2016

Summary
Results in Brief

Audit Highlights . . .

CalGang is a shared criminal intelligence system that law
enforcement agencies (user agencies) throughout the State use
voluntarily. User agencies enter information into CalGang on
suspected gang members, including their names, associated
gangs, and the information that led law enforcement officers
to suspect they were gang members. User agencies have noted
that CalGang’s benefits include directing them to information
about gang members’ interactions with law enforcement officers
throughout the State and facilitating cross‑agency collaboration
when investigating and prosecuting gang‑related crimes. However,
CalGang’s weak leadership structure has been ineffective at
ensuring that the information the user agencies enter is accurate
and appropriate, thus lessening CalGang’s effectiveness as a tool
for fighting gang‑related crimes. Further, the inaccurate data
within CalGang may violate the privacy rights of individuals whose
information appears in CalGang records but who do not actually
meet the criteria for inclusion in the system.

Our audit concerning the CalGang database
and how law enforcement agencies (user
agencies) have implemented requirements
for adding juveniles to CalGang revealed
the following:

Both the United States Constitution and the California
Constitution recognize the right to privacy—the former implicitly
and the latter explicitly. However, CalGang’s current oversight
structure does not ensure that user agencies collect and maintain
criminal intelligence in a manner that preserves individuals’
privacy rights. Specifically, although the California Department of
Justice (Justice) funds a contract to maintain CalGang, the system
is not established in state statute and consequently receives no
state oversight. Instead, CalGang’s user agencies elect their peers
to serve as members of two entities—the CalGang Executive Board
(board) and its technical subcommittee called the California
Gang Node Advisory Committee (committee)—that oversee
CalGang. These oversight entities function independently from
the State and without transparency or meaningful opportunities
for public engagement. When the committee and the board
established CalGang’s policies and procedures (CalGang policy),
they asserted CalGang’s voluntary compliance with two different
standards: the criminal intelligence requirements in Title 28, Code
of Federal Regulations, Part 23 (federal regulations) and Justice’s
Model Standards and Procedures for Maintaining Criminal
Intelligence Files and Criminal Intelligence Operational Activities,
November 2007 (state guidelines)—which were promulgated
to protect privacy and other constitutional rights. However, in
practice, we found little evidence that the committee and the board
have ensured that user agencies comply with either the federal
regulations or the state guidelines.

»» CalGang’s current oversight structure
does not ensure that user agencies collect
and maintain criminal intelligence in a
manner that does not invade individuals’
privacy rights.
»» The CalGang Executive Board and the
California Gang Node Advisory
Committee act without statutory
authority, transparency, or meaningful
opportunities for public engagement.
»» The four user agencies we examined could
not substantiate numerous CalGang
entries they had made, demonstrating
weaknesses in the processes for entering,
evaluating, and auditing the data
in CalGang.
•	 Three user agencies were unable to
adequately support that many of the
groups they entered into CalGang met
the criteria for inclusion.
•	 All four user agencies lacked support
for CalGang entry criteria suggesting
they inappropriately included in
CalGang 13 of the 100 individuals
we reviewed.
•	 More than 600 individuals in CalGang
had purge dates extending beyond the
five-year limit, many of which were
not scheduled to be purged for more
than 100 years.

continued on next page . . .

1

2

California State Auditor Report 2015-130

August 2016

»» The user agencies have not fully
implemented state law requiring
notification to juveniles and their parents
or guardians before adding the juveniles
to CalGang.
»» CalGang needs an oversight structure
that better ensures that CalGang’s
information is reliable and that its users
adhere to the requirements that protect
individuals’ rights.

A lack of adequate oversight likely contributed to the numerous
instances we found in which the four user agencies we examined—
the Los Angeles Police Department (Los Angeles), the Santa Ana
Police Department (Santa Ana), the Santa Clara County Sheriff ’s
Office (Santa Clara), and the Sonoma County Sheriff ’s Office
(Sonoma)—could not substantiate CalGang entries they had made.1
Specifically, Los Angeles, Santa Ana, and Sonoma, which add
gangs to the system, were able to demonstrate that only one of the
nine gangs we reviewed met the requirements of CalGang policy
before entry; Santa Clara does not add gangs to the system. We
also found that all four user agencies lacked adequate support for
including 13 of the 100 individuals we reviewed in CalGang. Further,
we reviewed more than 560 criteria related to these 100 individuals
and determined that the user agencies lacked adequate support
for 131, or 23 percent.
Our review uncovered numerous examples demonstrating
weaknesses in the user agencies’ approaches for entering
information into CalGang. For example, Sonoma included a person
in CalGang for allegedly admitting during his booking into county
jail that he was a gang member and for being “arrested for an
offense consistent with gang activity.” However, the supporting files
revealed that this person stated during his booking interview that
he was not a member of a gang and that he preferred to be housed
in the general jail population. Further, his arrest was for resisting
arrest, an offense that has no apparent connection to gang activity.
Throughout our audit, law enforcement officials offered their
perspective that inclusion in CalGang is of little impact to
individuals because CalGang only points to source documentation.
According to CalGang policy, information in the system itself
should not be the basis of expert opinion or statement of fact in
official reports, nor should it be used for any purposes unrelated
to law enforcement, such as employment screenings. However,
we found that these prohibitions are not always followed. In fact,
our search of California appellate cases that included the terms
CalGang or gang database uncovered at least four unpublished
cases that referred to CalGang as support for expert opinions that
individuals were or were not gang members. Further, three law
enforcement agencies that responded to our statewide survey
admitted to using CalGang for employment or military‑related
screenings. These instances emphasize that inclusion in CalGang
has the potential to seriously affect an individual’s life; therefore,
each entry must be accurate and appropriate.

1	

Because multiple law enforcement agencies can add information to a gang member’s CalGang
record, some of the deficiencies we found relate to information other law enforcement agencies
added to these CalGang records.

California State Auditor Report 2015-130

August 2016

The four user agencies we reviewed might have been able to avoid
making inappropriate CalGang entries had they fully followed the
federal regulations and state guidelines that the committee and
the board voluntarily adopted. For example, the state guidelines
require supervisory reviews of all information for CalGang
entries and annual reviews of all CalGang records to ensure
their accuracy and relevance. However, we found that none of
the four user agencies have the necessary processes in place to
perform these reviews. Further, by requiring only minimal audits
of the information in CalGang, the committee has limited its own
accountability in ensuring that user agencies comply with the
federal regulations and state guidelines. These self‑administered
audits review less than 1 percent of CalGang’s total records. The
committee does not document the audit results, which CalGang
administrators present orally at committee meetings. The limited
nature of these audits is especially concerning because they are the
committee’s only oversight tool, yet they are not robust enough
to ensure that user agencies are maintaining valid and accurate
criminal intelligence records, adhering to security protocols, and
upholding individuals’ rights to privacy.
In addition to the errors we found in the 100 records we reviewed,
our use of an electronic analysis of all CalGang records uncovered
a number of problems that highlight the importance of both
supervisory and ongoing reviews of CalGang information. For
example, we found 42 individuals in CalGang who were supposedly
younger than one year of age at the time of entry—28 of whom
were entered for “admitting to being gang members.” We also found
a significant number of individuals with illogical record purge
dates—the dates by which the individuals’ records must be deleted
from CalGang. Mirroring the federal regulations, CalGang policy
requires that individuals’ records be purged five years after their
dates of entry unless user agencies have entered subsequent criteria
which resets the five-year period. Nevertheless, we found more
than 600 individuals with purge dates that were well beyond the
five year limit; in fact, more than 250 individuals in CalGang had
purge dates more than 100 years in the future. By failing to review
information before and after its entry into CalGang, the committee
and user agencies diminish the system’s crime‑fighting value and do
not adequately protect the privacy of those who have been entered
into the system.
Further, the user agencies we reviewed have not fully implemented
a state law that took effect in January 2014 that generally requires
law enforcement agencies to notify juveniles and their parents
or guardians (parents) before adding the juveniles to a shared
gang database such as CalGang. As a result, many juveniles and
their parents were not afforded the right to contest the juveniles’
gang designations. Los Angeles and Santa Ana continued to add

3

4

California State Auditor Report 2015-130

August 2016

juveniles to CalGang after January 2014, but these two user agencies
failed to provide proper notification for more than 70 percent of
the 129 juvenile records we reviewed. Further, the two agencies
did not provide the juveniles and parents who were sent notices
with enough information to reasonably contest the juveniles’
gang designations. Possibly as a result of insufficient information,
we found that few juveniles or parents have contested juveniles’
inclusion in CalGang. The other two user agencies we reviewed—
Santa Clara and Sonoma—did not add juveniles to CalGang once
the notification law took effect.
Because of its potential to enhance public safety, CalGang needs
an oversight structure that better ensures that the information
entered into it is reliable and that its users adhere to requirements
that protect individuals’ rights. To this end, we believe the
Legislature should adopt state law that specifies that CalGang, or
any equivalent statewide shared gang database, must operate under
defined requirements that include the federal regulations and key
safeguards from the state guidelines, such as supervisory and
periodic record reviews. Further, we believe the Legislature
should assign Justice the responsibility for overseeing CalGang
and for ensuring that the law enforcement agencies that use
CalGang comply with the requirements. Establishing Justice as
a centralized oversight entity responsible for determining best
practices and holding user agencies accountable for implementing
such practices will help ensure CalGang’s accuracy and safeguard
individuals’ privacy protection. Moreover, we recommend that
the Legislature create a technical advisory committee to provide
Justice with information about database best practices, usage, and
needs to ensure that CalGang remains a useful law enforcement
tool. Figure 6 on page 54 illustrates what, in our view, would be a
stronger oversight structure for CalGang.
Recommendations
The Legislature
To ensure that CalGang, or any equivalent statewide shared gang
database, has an oversight structure that supports accountability
for proper database use and for protecting individuals’ rights, the
Legislature should do the following:
•	 Designate Justice as the state agency responsible for
administering and overseeing CalGang or any equivalent
statewide shared gang database.

California State Auditor Report 2015-130

August 2016

•	 Require that CalGang or any equivalent statewide shared gang
database adhere to federal regulations and relevant safeguards
from the state guidelines.
•	 Specify that Justice’s oversight responsibilities include developing
and implementing standardized periodic training as well
as conducting—or hiring an external entity to conduct—
periodic audits of CalGang or any equivalent statewide shared
gang database.
To promote public participation in key issues that may affect
California’s citizens and help ensure consistency in the use of
any shared gang database, the Legislature should require Justice
to interpret and implement shared gang database requirements
through the regulatory process. This process should include public
hearings and should address the following:
•	 Adopting requirements for entering and reviewing
gang designations.
•	 Specifying how user agencies will operate any statewide shared
gang database, including requiring the agencies to implement
supervisory review procedures and regular record reviews.
•	 Standardizing practices for user agencies to adhere to the
State’s juvenile notification requirements, including guidelines
for documenting and communicating the bases for juveniles’
gang designations.
To ensure transparency, the Legislature should require Justice to
publish an annual report with key shared gang database statistics—
such as the number of individuals added to and removed from the
database—and summary results from periodic audits conducted
by Justice or an external entity. Further, the Legislature should
require Justice to invite and assess public comments following
the report’s release. Subsequent annual reports should summarize
any public comments Justice received and actions it took
in response.
To help ensure that Justice has the technical information it needs to
make certain that CalGang or any equivalent shared gang database
remains an important law enforcement tool, the Legislature
should establish a technical advisory committee to advise Justice
about database use, database needs, database protection, and any
necessary updates to policies and procedures.

5

6

California State Auditor Report 2015-130

August 2016

Justice
As the Legislature considers creating a public program for shared
gang database oversight and accountability, Justice should guide the
board and the committee to identify and address the shortcomings
that exist in CalGang’s current operations and oversight. The
guidance Justice provides to the board and the committee should
address, but not be limited to, the following areas:
•	 Developing best practices based on the requirements stated in
the federal regulations, the state guidelines and state law, and
advising user agencies on the implementation of those practices
by June 30, 2017.
•	 Instructing user agencies to complete a comprehensive review
of all the gangs documented in CalGang to determine if they
meet the necessary requirements for inclusion and to purge from
CalGang any groups that do not meet the requirements. Justice
should guide the board and the committee to ensure that user
agencies complete this review in phases, with the final phase
completed by June 30, 2018.
•	 Instructing user agencies to complete a comprehensive review
of the records in CalGang to determine if the user agencies
have adequate support for the criteria associated with all the
individuals they have entered as gang members. If the user
agencies do not have adequate support, they should immediately
purge the criteria—and, if necessary, the individuals—from
CalGang. In addition, the user agencies should ensure that all
the fields in each CalGang record are accurate. Justice should
guide the board and the committee to ensure that user agencies
complete this review in phases, with the final phase completed
by September 30, 2019.
To promote transparency and hold the board, the committee,
and user agencies accountable for implementing and adhering
to criminal intelligence safeguards, Justice should post quarterly
reports on its website beginning June 30, 2017, that summarize
how it has guided the board and the committee to implement and
adhere to criminal intelligence safeguards; the progress the board,
the committee, and the user agencies have made in implementing
and adhering to these safeguards; the steps these entities still must
take to implement these safeguards; and any barriers to the board’s
and the committee’s success.

California State Auditor Report 2015-130

August 2016

To promote transparency and encourage public participation in
CalGang’s meetings, Justice should post summary audit results,
meeting agendas, and meeting minutes to its website, unless doing
so would compromise criminal intelligence information or other
information that must be shielded from public release.
Law Enforcement Agencies
Until they receive further direction from the board, the committee,
or Justice, the law enforcement agencies we reviewed—Los Angeles,
Santa Ana, Santa Clara, and Sonoma—should address the specific
deficiencies we found by taking the following actions:
•	 Begin reviewing the gangs they have entered into CalGang
to ensure the gangs meet reasonable suspicion requirements.
They should also begin reviewing the gang members they
have entered into CalGang to ensure the existence of proper
support for each criterion. They should purge from CalGang any
records for gangs or gang members that do not meet the criteria
for entry. Individuals who are independent from the ongoing
administration and use of CalGang should lead this review.
•	 Develop or modify as necessary, and fully implement by
March 31, 2017, all their policies and procedures related to
CalGang to ensure they align with state law, CalGang policy,
the federal regulations, and the state guidelines.
Agency Comments
Justice responded to the audit stating that it agreed with all of
the recommendations. Justice expressed that it will work with the
board and the committee in various capacities to implement
the recommendations. However, Justice stated that it believes
it needs express authority and additional resources from the
Legislature to assume oversight of CalGang.
Los Angeles, Santa Ana and Santa Clara all indicated that they
agreed with the recommendations and would take the steps
necessary to implement them.
Sonoma disagreed with the audit’s findings and took exception to
the criteria the audit relied upon. Sonoma stated that it believes it
has met or exceeded the statutory guidelines for administering a
model criminal intelligence system. Sonoma also stated that if
it follows the report’s recommendations it will be forced to stop
operating as a node administrative agency.

7

8

California State Auditor Report 2015-130

August 2016

Blank page inserted for reproduction purposes only.

California State Auditor Report 2015-130

August 2016

Introduction
Background
Criminal street gangs in California commit a multitude of crimes
and employ violence to expand their criminal enterprises. The
Federal Bureau of Investigation’s 2011 National Gang Threat
Assessment states that gang members are responsible for an average
of 48 percent of violent crime in most jurisdictions and up to
90 percent in others. According to a report the California Attorney
General released in 2014 titled Gangs Beyond Borders, gang
membership increased by 40 percent nationally between 2009 and
2011, leading to higher levels of violent crime within California—
particularly assault, extortion, home invasion, homicide,
intimidation, and shootings—as well as increases both in arrests
for human trafficking offenses and in seizures of drugs, weapons,
and cash. Although gang populations are heavily concentrated
in Southern California counties—Los Angeles, Orange, Riverside,
San Bernardino, and San Diego—gangs exist in communities across
the State, as Figure 1 on the following page shows.
The CalGang Criminal Intelligence System
With funding from the Office of Criminal Justice Planning, CSRA
International, Inc. (CSRA) developed the proprietary CalGang
software in 1997.2 The system provides current gang information
to law enforcement agencies that choose to use it (user agencies),
ideally allowing those agencies to improve the efficiency of their
criminal investigations, enhance officer safety, and better protect
the public. Because CalGang allows user agencies to collect, store,
and share intelligence information about individuals suspected—
but not necessarily convicted—of being involved in criminal
activity, it qualifies as a criminal intelligence system under Title 28,
Code of Federal Regulations, Part 23 (federal regulations). These
federal regulations—which CalGang’s oversight entities voluntarily
choose to follow—state that criminal intelligence entries must
be supported by reasonable suspicion that an individual or
organization is involved in criminal conduct or activity and that
the information entered into the system must be relevant to
that criminal conduct or activity.

2	

CalGang is also known as GangNet, a system that federal law enforcement agencies, other states,
and Canada use.

9

California State Auditor Report 2015-130

August 2016

Figure 1
CalGang Regional Nodes and California Counties’ Gang Member and Affiliate Populations
DEL
NORTE
SISKIYOU

MODOC

Number of
Gang Members and Affiliates

HUMBOLDT

SHASTA

TRINITY

More than 10,000

LASSEN

5,001–10,000
2,501–5,000
501–2,500

TEHAMA

Less than 500

PLUMAS

MENDOCINO
BUTTE

GLENN

LAKE

SIERRA
DA

VA

NE

PLACER

TER

SUT

Sonoma County Sheriff’s Office

YU

BA

COLUSA

EL DORADO

TO

YOLO

SONOMA

Node Administrator Agency

SAN FRANCISCO

CONTRA
COSTA

SAN
JOAQUIN

ALAMEDA

S

US

SAN MATEO

ALPINE

RA

OR

AD

AM

LA
VE

SOLANO

CA

MARIN

CR

AM

EN

NAPA

SA

LA
SANTA
CLARA

TUOLUMNE

MONO

MARIPOSA

IS
ST
AN

10

MERCED

MADERA

Fresno County Sheriff’s Office

SANTA CRUZ
FRESNO

INYO

SAN
BENITO
TULARE

San Jose Police Department
KINGS
MONTEREY

Kern County Sheriff’s Office

San Bernardino County Sheriff’s Office

KERN

SAN LUIS OBISPO

SAN BERNARDINO

Santa Barbara Police Department
SANTA BARBARA
VENTURA

LOS ANGELES

Los Angeles County Sheriff’s Department with
the Los Angeles Police Department

Orange County District Attorney’s Office

RIVERSIDE

Riverside County Sheriff’s Department,
Riverside County District Attorney’s
Office, and Riverside Police Department

ORANGE

San Diego Police Department

IMPERIAL

SAN DIEGO

Sources:  California State Auditor’s analysis of CalGang data obtained from the California Department of Justice as of November 23, 2015, and
documents obtained from the California Gang Node Advisory Committee.
Note:  We assigned gang members and affiliates based on the location of the law enforcement agency that initially entered them into CalGang.
We excluded 1,797 individuals for whom we did not have valid county information.

California State Auditor Report 2015-130

August 2016

A person can be entered into CalGang either as a documented
gang member or as an affiliate (an individual who is known to
associate with active gang members and whom a law enforcement
officer reasonably suspects may be involved in criminal activity
or enterprise). As of November 2015, more than 150,000 people
were in CalGang, and the average length of time they had been in
CalGang was five and a half years. Table 1 summarizes the number
of people that law enforcement agencies added and removed from
CalGang since January 2010 and shows that more people have been
removed from than added to CalGang since 2011.
Table 1
Number of Gang Members and Affiliates Added to and Removed From CalGang From 2010 Through 2015

ADDITIONS

Affiliates
Gang members

Total additions
Affiliates purged

REMOVALS

Affiliates manually deleted
Gang members purged
Gang members manually deleted

Total removals

2010

2011

2012

2013

2014

2015*

3,534

3,419

2,337

1,829

1,717

1,444

26,518

21,269

18,209

15,331

15,890

13,490

30,052

24,688

20,546

17,160

17,607

14,934

2,946

3,238

4,142

4,617

4,043

3,801

63

55

43

15

15

19

16,790

23,102

25,391

28,275

30,695

29,461

769

374

221

152

184

150

20,568

26,769

29,797

33,059

34,937

33,431

Source:  California State Auditor’s analysis of CalGang data obtained from the California Department of Justice as of November 23, 2015.
*	 Our analysis for 2015 was limited to additions and removals that occurred as of November 23, 2015.

CalGang is what is called a pointer system; the records within it
point—or refer—to documents outside of CalGang that contain
information about suspected gang members and their affiliates,
such as arrest reports, reports of interactions with law enforcement
officers in the field, and booking photographs. Using those documents
and in‑person observations, law enforcement agency staff—generally
gang enforcement officers or administrative staff—record in CalGang
various data points about gang members, including their names,
birth dates, races, genders, known addresses, vehicles, physical
descriptors, and personal markings such as tattoos. CalGang also
captures information specific to gang culture, such as monikers,
aliases, gang symbols, gang colors, gang territories, weapons, drugs,
and gang affiliates. However, law enforcement agencies must use the
information contained in records external to CalGang as the bases for
any official actions, such as arrests or applications for search warrants,
rather than the entries in CalGang itself. Figure 2 on the following
page shows demographic information for individuals in CalGang by
race, gender, and age.

11

12

California State Auditor Report 2015-130

August 2016

Figure 2
Proportion of Gang Members and Affiliates in CalGang by Race, Gender, and Age

8.2% WHITE

2.3% ASIAN/PACIFIC ISLANDER

0.6% OTHER*
3.5% NOT IDENTIFIED

20.5% BLACK

RACE

64.9% HISPANIC

GENDER

0.1% NOT IDENTIFIED
6.8% FEMALE
93.1% MALE

1.7%

7.4%

Under 18 years

Over 45 years

33.6%

31–45 years

AGE
57.3%

18–30 years

Source:  California State Auditor’s analysis of CalGang data obtained from the California Department
of Justice as of November 23, 2015.
*	 Other includes African, American Indian, and people of two or more races.

California State Auditor Report 2015-130

August 2016

CalGang is the primary shared gang database law enforcement
agencies use throughout the State. When we surveyed law
enforcement agencies statewide, 92 percent of respondents asserted
that CalGang was the only shared gang database their agencies
used. When we reviewed information provided by the remaining
8 percent of respondents, we were able to verify only one additional
shared gang database: the Sacramento County Known Persons File.
However, just one law enforcement agency reported that many
agencies within Sacramento County use this shared gang database.
We describe our survey approach and analyze selected responses in
Appendix A beginning on page 61.
CalGang’s Oversight Entities and Costs
Several different entities are responsible for aspects of CalGang’s
funding, operation, and oversight. Specifically, the CalGang
Executive Board (board) and the California Gang Node Advisory
Committee (committee) are the system’s two informal governing
bodies. These two governing bodies work with 10 local agencies
called node administrator agencies, as we discuss below. In addition,
the California Department of Justice (Justice) helps to administer
CalGang by funding its annual software maintenance contract with
CSRA and providing technology and infrastructure support.
CalGang’s board is composed of 15 total voting members representing
node administrator agencies, Justice, and three statewide law
enforcement associations.3 According to the board’s bylaws, its
objectives and purposes include providing oversight and policy
direction, ensuring CalGang performs its intended functions,
facilitating funding, and ensuring compliance with local, state,
and federal standards. According to the board’s bylaws, the board
elects a chairperson annually from the 15 voting members, and that
chairperson appoints a vice chairperson. The board’s officers may
serve consecutive terms. The bylaws direct the board to meet in
conjunction with the committee or as needed.
Members of the committee act as CalGang operational subject
matter experts. The committee’s bylaws establish that each
node administrator agency can designate one voting committee
member and that the Justice representative also acts as a voting
committee member.4 Only voting members may serve as
the committee’s chairperson, vice chairperson, and sergeant at
3	

The Los Angeles node has two voting members—the Los Angeles County Sheriff’s Department
and the Los Angeles Police Department.

4	

California Emergency Management Agency (CalEMA) is listed as a voting member in the
committee’s bylaws. However, CalEMA has not been represented at committee meetings
since 2011, and the board voted to remove it as a voting member in 2014.

13

14

California State Auditor Report 2015-130

August 2016

arms. The committee’s objectives include developing, reviewing,
and approving standardized training for CalGang user agencies;
recommending changes to CalGang; exploring and developing
funding strategies; recommending new legislation to reduce
California’s criminal street gang problem; and evaluating requests
from agencies that wish to serve as node administrator agencies.
As shown in Figure 1 on page 10, node administrator agencies are
mainly local law enforcement agencies. The node administrator
agencies are responsible for providing training and overseeing
CalGang user agencies—which may be local law enforcement
agencies, probation departments, or district attorney’s offices—within
a specified geographic area. They are also responsible for managing
CalGang’s technical and administrative requirements, including
auditing user agencies to ensure their compliance with federal laws
and safeguards related to the storage of information. The committee’s
policies and procedures (CalGang policy) outline the requirements that
node administrator agencies oversee, including CalGang operations
and user agency access. Figure 1 on page 10 depicts each node
administrator agency and the county or counties within its region.
Justice, the node administrator agencies, and CalGang user agencies
all incur costs to support CalGang. For example, Justice entered
into a sole‑source contract with CSRA for maintenance of the
CalGang proprietary software. The value of this contract was about
$283,000 for fiscal year 2015–16. In addition, Justice runs CalGang
through its existing information technology network, purchases
necessary hardware to store CalGang data, and pays its staff to
provide necessary system support. Similarly, the node administrator
agencies and CalGang user agencies are responsible for their own
hardware and staffing costs. In response to our statewide survey, node
administrators reported that they spent a total of about $1 million
between fiscal years 2012–13 and 2014–15 for CalGang‑related costs,
including purchasing required equipment, maintaining network
communication lines, providing training to CalGang user agencies,
and participating in required committee and board meetings.
CalGang user agencies reported that they spent a total of about
$78,000 over the same three fiscal years for personnel and travel costs.
CalGang Requirements
CalGang policy outlines system operations and requirements that
have their foundation in the federal regulations and in Justice’s
Model Standards and Procedures for Maintaining Criminal
Intelligence Files and Criminal Intelligence Operational Activities,
November 2007 (state guidelines). Although the federal regulations
are not directly applicable to CalGang, the board and committee
adopted requirements for operating CalGang that they based on the

California State Auditor Report 2015-130

August 2016

federal regulations and state guidelines.5 The requirements include
node administrator agency and CalGang user agency training,
system audit and record purges, and information security and
dissemination. CalGang policy also states that only properly trained
individuals may access CalGang. We describe these requirements in
more detail in the Audit Results.
CalGang policy also specifies the criteria that individuals must meet
before user agencies can add them to CalGang. Before a CalGang
user can add an individual to CalGang as a gang member, a trained
law enforcement officer generally must affirm that the individual
meets at least two gang membership criteria. As shown in Table 2,
these criteria include admitting to gang membership, being affiliated
with known gang members, and exhibiting gang clothing or behavior.
As previously discussed, a user can also add an individual as a gang
affiliate if a law enforcement officer suspects the individual is involved
in criminal activity and he or she affiliates with a documented gang
member. According to CalGang policy, users must have sufficient
source documentation to support CalGang entries.
Table 2
The Frequency With Which Law Enforcement Agencies Used Criteria When
Initially Entering Individuals Into CalGang
 CRITERIA
(REASONS FOR ENTERING AN INDIVIDUAL INTO CALGANG)

FREQUENCY OF USE
FOR INITIAL ENTRY

1. Subject has admitted to being a gang member.

58%

2. Subject has been seen associating with documented gang members.

44

3. Subject is known to have gang tattoos.

43

4. Subject has been seen frequenting gang areas.

30

5. Subject has been seen wearing gang dress.

25

6. In-custody classification interview.*

24

7. Subject has been arrested for offenses consistent with usual gang activity.

11

8. Subject has been seen displaying gang symbols and/or hand signs.

7

9. Subject has been identified as a gang member by a reliable informant/source.

6

10. Subject has been identified as a gang member by an untested informant.

1

Sources:  Policy and Procedures for the CalGang System, California Gang Node Advisory Committee;
and California State Auditor’s analysis of CalGang data obtained from the California Department of
Justice as of November 23, 2015.
*	 Admission of gang membership during a custody classification interview is the one exception to
the two‑criteria requirement.

5	

According to Los Angeles, at the May 2016 committee meeting, the committee voted to remove
the State guidelines from its requirements. However, as of July 28, 2016 the board had not voted
on this recommendation.

15

16

California State Auditor Report 2015-130

August 2016

Effective January 1, 2014, state law requires that if law enforcement
agencies wish to enter juveniles—defined as individuals younger
than 18 years of age—into a shared gang database such as CalGang,
the user agencies must first notify the juveniles and their parents
or guardians in writing. Because those who receive the letters
have a right to contest the gang designation, this notification
should explain the juveniles’ rights to contest the gang designation.
However, if the user agencies determine that notifications will
compromise active criminal investigations or the juveniles’ health
or safety, they are not required to provide the notifications or
supply information to juveniles or their parents or guardians. We
address the law’s requirements in more detail in the Audit Results.
Privacy Protections for Californians
Justice stated in the state guidelines that law enforcement agencies
can collect criminal intelligence information for legitimate law
enforcement purposes; the trade‑off, however, is that doing so
potentially violates individuals’ privacy and other constitutional
rights. The right to privacy is an implied constitutional right under
the United States Constitution and an express constitutional right
under the California Constitution. Therefore, both the federal
regulations and the state guidelines establish certain standards for
how law enforcement agencies may collect, maintain, and share
criminal intelligence in a way that protects the privacy rights
of the individuals in the intelligence files. Because the board
and committee adopted requirements indicating that CalGang
will comply with the federal regulations and state guidelines,
these two bodies have a responsibility to develop processes
to ensure CalGang operates according to those requirements.
In addition, CalGang user agencies have a responsibility to
thoroughly understand and follow the requirements.
Academics and citizen advocacy groups have expressed concerns
about how collecting and storing criminal intelligence in a database
such as CalGang can impinge on individuals’ rights. Many of
these concerns relate to the discretion law enforcement agencies
have in classifying groups of individuals as gangs and individuals
as gang members. In particular, academic literature suggests that
the broad criteria used to label gangs and gang members may
make it difficult for youth living in gang‑heavy communities to
avoid meeting the qualifying criteria and that gang labeling can
stigmatize minority, inner‑city youth, limiting their social and
economic opportunities. In addition, other critics have expressed
concerns that collecting and disseminating criminal intelligence
may infringe upon individuals’ constitutional rights, including the
rights to free speech, to peaceably assemble, to protection from
illegal search and seizure, and to equal protection under the law.

California State Auditor Report 2015-130

August 2016

Ultimately, California’s law enforcement agencies must balance
the need to protect individuals’ rights with the need to protect the
public from crime caused by gangs. The law enforcement agencies
can achieve this balance only through rigorous processes designed
to ensure the information they maintain in CalGang is accurate and
lawfully obtained.
Scope and Methodology
The Joint Legislative Audit Committee (Audit Committee)
directed the California State Auditor to conduct an audit to
understand the State’s adherence to relevant laws related
to protecting the rights of individuals for whom information
is entered into and removed from CalGang. It also asked us to
determine the extent to which agencies across the State use CalGang.
Table 3 on the following pages lists the 15 objectives that the Audit
Committee approved and the methods we used to address them.
Assessment of Data Reliability
In performing this audit, we obtained electronic data files extracted
from CalGang as of November 23, 2015. The U.S. Government
Accountability Office (GAO), whose standards we are statutorily
required to follow, requires us to assess the sufficiency and
appropriateness of computer‑processed information that we use
to support our findings, conclusions, or recommendations. To
accomplish this assessment, we performed data‑set verification and
electronic testing of key data elements and identified significant
issues. As we discuss in the Audit Results, we found many instances
of questionable data entries related to individuals’ birthdates,
criteria dates, purge dates, and individuals’ location information.
We also conducted accuracy testing for a selection of 563 criteria
entries pertaining to 100 individuals in the CalGang data and
found that 23 percent were not adequately supported. Moreover,
we identified concerns over the existing controls that safeguard
CalGang information from inappropriate access and man‑made
or natural disasters.
Due to these deficiencies, we did not perform further testing of
the CalGang data, such as completeness testing. Consequently,
additional weaknesses may exist that we did not identify during
our review. As a result of the pervasive deficiencies identified, we
determined that the CalGang data are not sufficiently reliable.
Although our determination may affect the precision of the numbers
we present, sufficient evidence in total exists to support our audit
findings, conclusions, and recommendations in this report.

17

18

California State Auditor Report 2015-130

August 2016

Table 3
Audit Objectives and the Methods Used to Address Them
AUDIT OBJECTIVE

METHOD

1

Review and evaluate the laws, rules,
and regulations significant to the
audit objectives.

We identified relevant federal regulations; state laws and guidelines; CalGang
agreements; CalGang Executive Board (board) bylaws; the California Gang Node
Advisory Committee (committee) bylaws; CalGang policies and procedures; and other
background materials.

2

Identify the number of gang database
systems that exist in California and the
extent to which they are used by agencies.

See Method related to Audit Objective 13.

3

Identify and evaluate the roles and
responsibilities of the California Department
of Justice (Justice), the committee, the
board, and any other agencies involved in
the management and oversight of CalGang,
including the level of training provided to
program administrators and operators
to implement the CalGang program and
ensure it complies with the law.

•	 We reviewed relevant federal regulations, state guidelines, CalGang agreements, the board’s
and the committee’s bylaws, and CalGang policies and procedures.
•	 We interviewed key officials with Justice, the board, the committee, and with the four law
enforcement agencies we selected for review—Los Angeles Police Department (Los Angeles),
Santa Ana Police Department (Santa Ana), Santa Clara County Sheriff’s Office (Santa Clara), and
Sonoma County Sheriff’s Office (Sonoma).
•	 In selecting the four law enforcement agencies, we considered the following factors: agency
location, number of gang members and CalGang users based on the CalGang data set
described in Method related to Audit Objective 4, and whether the agency responded to our
survey. The survey is described further in Method related to Audit Objective 13.
•	 We assessed CalGang’s oversight structure in relation to key requirements specified in the federal
regulations and in other pertinent requirements.
•	 We assessed whether the committee fulfilled its responsibilities related to training materials per
the CalGang policies and procedures.
•	 We determined whether two node administrator agencies—Los Angeles and Sonoma—fulfilled
their responsibilities related to training materials per the CalGang policies and procedures,
including reviewing their training materials to determine whether the materials covered all
required topics.

4

Assess whether and to what extent access
to and the release of data in CalGang
is tracked and monitored to ensure all
applicable laws, regulations, and policies
and procedures are consistently followed.
To the extent possible, determine
the following for the latest year such
information is available:
a.  The number of requests for information
and the purpose of each request.
b.  The number of juveniles added to the
system since January 1, 2014, and
the number of related notifications
made in accordance with Senate Bill 458
(Chapter 797, Statutes 2013) (SB458).
c.  The length of time each individual has
been in CalGang.

•	 We reviewed relevant federal regulations, state guidelines, and CalGang policies and
procedures. We interviewed key officials at Justice, the board, the committee, and the
four law enforcement agencies we selected for review.
•	 We reviewed requests for information Justice and the four law enforcement agencies
received and responded to generally between January 1, 2011, and early March 2016, to
determine whether they released CalGang data in accordance with applicable requirements.
•	 We obtained a filtered extract of data entered by California law enforcement entities into
CalGang as of November 23, 2015. We conducted all of the analyses of the CalGang data we
describe throughout this report using this limited data set.
•	 We identified individuals in CalGang data whose birthdates indicated that they were under
the age of 18 upon initial entry into the system.
•	 CalGang data does not track all juvenile notifications. For review purposes, we relied on
the notifications each law enforcement agency we reviewed had in its files. Also, as part of
our statewide survey, we asked law enforcement agencies to report the number of juvenile
notifications they made between January 1, 2014, and October 31, 2015.
•	 We calculated the average length of time individuals were in CalGang as of
November 23, 2015.

California State Auditor Report 2015-130

August 2016

AUDIT OBJECTIVE

5

For the most recent five years that data
are available and to the extent possible,
determine the following:
a.  The number of people added
to and removed from CalGang by year
and whether they were notified of
such action.
b.  Demographics of individuals in CalGang,
including age, gender, race, ethnicity,
and geographic location.

METHOD

•	 We calculated the number of individuals added to and removed from CalGang data annually
from January 1, 2010, through November 23, 2015.
•	 We reviewed relevant federal regulations, state guidelines, and CalGang policies and
procedures. We determined that no requirements pertaining to notifying adults added to or
removed from CalGang currently exist.
•	 We analyzed available demographics for individuals in the CalGang data.
•	 We reviewed policy and procedures as available from the four law enforcement agencies as
well as other pertinent documents.

c.  Number of requests for removal from
CalGang received and the outcome
of each.

•	 We interviewed key officials at the four law enforcement agencies and determined that
those agencies generally do not track or keep records of adult or juvenile requests for
removal from the CalGang system. Also, as part of our statewide survey, we asked law
enforcement agencies to report the number of requests for removal they received and the
outcome of each.

d.  Number of juvenile appeals for removal
received and the outcome of each.

•	 We analyzed the frequency of the criterion used by law enforcement agencies to initially
enter individuals into CalGang.

e.  The criteria used for adding each individual
to the system during this period.
6

Determine whether individuals are
removed from CalGang consistent with any
guidelines established in law, regulations,
and policies.

•	 We reviewed the relevant federal regulations, state guidelines, CalGang policies and
procedures, and policies and procedures of the law enforcement agencies, as well as other
pertinent documents.
•	 We interviewed key officials at the four law enforcement agencies.
•	 We assessed whether CalGang automatically removes individuals from CalGang after
five years if individuals do not meet additional entry criteria.

7

Review and assess any evaluations of
CalGang that have been conducted to
determine its effectiveness in achieving its
intended purpose.

•	 We reviewed the relevant federal regulations, state guidelines, CalGang policies and
procedures, and committee meeting minutes.
•	 We interviewed key officials at Justice, the board, the committee, and the four local law
enforcement agencies we selected for review and other key local officials.
•	 We performed web searches to determine whether CalGang studies, reviews, evaluations, or
audits have been performed and reported.
•	 We assessed committee audits and the committee’s audit processes to determine whether
the audits were effective.
•	 We reviewed committee meeting minutes to determine what information node
administrators reported and documented, including audit findings and how those findings
were resolved.

8

Determine the annual cost of CalGang and
identify the major categories of expenditure.

•	 We interviewed key officials at Justice.
•	 We reviewed CalGang contracts and project cost documentation for fiscal years 2012–13
through 2014–15.
•	 As part of our statewide survey, we asked law enforcement agencies to report their costs for
administering and using CalGang.

9

Determine whether policies and procedures
exist to prevent, detect, and address
possible conflicts of interest specific to
contracting and spending related to the
administration of CalGang.

•	 We reviewed the relevant federal regulations, state guidelines, CalGang policies and
procedures, and the State Contracting Manual. We also reviewed Justice’s purchasing
authority and pertinent documentation it maintained related to its contract with CSRA
International, Inc.
•	 We determined that Justice’s contract with CSRA International is low risk and that the
contract itself is over twenty years old.

continued on next page . . .

19

20

California State Auditor Report 2015-130

August 2016

AUDIT OBJECTIVE

10 At a selection of law enforcement agencies,
evaluate law enforcement’s compliance with
relevant laws and policies governing gang
database systems.

METHOD

•	 We reviewed the relevant federal regulations, state guidelines, and CalGang policies and
procedures, and other pertinent documents.
•	 We interviewed key officials with the four selected law enforcement agencies.
•	 At the law enforcement agencies we selected for review, we assessed their compliance with
selected administrative safeguards outlined in federal regulations, the state guidelines, and
other pertinent requirements.
•	 At Sonoma, Los Angeles, and the node administrators for Santa Clara and Santa Ana—
the San Jose Police Department and the Orange County District Attorney’s Office
respectively—we reviewed compliance with selected technical and physical safeguards
outlined in federal regulations.
•	 At the four law enforcement agencies, we reviewed a selection of gangs to determine
whether they met gang criteria when law enforcement entered them into CalGang
and whether they currently meet gang criteria.

11 At a selection of local law enforcement
agencies and for the most recent five years,
identify the criteria being used to designate
a person as a gang member for inclusion
in CalGang and determine if the criteria
align with the intended purpose of CalGang
and with the definition of gang or gang
member codified in Section 186.22 of
the California Penal Code. To the extent
possible, determine how frequently each
criterion has been used to identify someone
as a gang member.

•	 We reviewed the relevant federal regulations, state law, state guidelines, CalGang policies
and procedures, and policies and procedures of the law enforcement agencies, as well as
other pertinent documents.

12 Determine how those with oversight
responsibility ensure the following:

•	 We interviewed key officials with Justice, the board, and the committee.

a.  CalGang operates in compliance with all
relevant laws, regulations, and policies
and procedures.
b.  The information included in CalGang is
current, accurate, and reliable.

•	 We interviewed key officials with the four selected law enforcement agencies and reviewed
pertinent documents to determine what criteria the agencies use for designating individuals
as gang members.
•	 We assessed whether CalGang criteria the four local law enforcement agencies use align
with CalGang’s purpose and with the definition of “criminal street gang.” We determined the
four local law enforcement agencies are not using additional criteria to enter individuals
into CalGang.
•	 We analyzed the frequency of the criteria used by law enforcement agencies to initially enter
individuals into CalGang.

•	 We reviewed the relevant federal regulations, state law, state guidelines, CalGang policies
and procedures, and board and committee meeting minutes.
•	 We evaluated CalGang’s oversight structure against common characteristics of
government programs.
•	 We assessed committee audits and the committee’s audit processes to determine whether
the audits were effective.
•	 We reviewed committee meeting minutes to determine what information node
administrators reported and documented, including audit findings and how those findings
were resolved.

California State Auditor Report 2015-130

August 2016

AUDIT OBJECTIVE

13 Survey local law enforcement agencies
and visit selected local law enforcement
agencies to determine the following:

METHOD

•	 We surveyed 329 local and state law enforcement agencies, including county sheriff’s offices,
city police departments, school district police departments, and selected state agencies.
Appendix A on page 61 further describes how we selected agencies to survey.

a.  Whether the law enforcement employees
who use CalGang are adequately trained
to implement the program and ensure
full compliance with the law.

•	 The survey questions covered topics such as the extent of the agencies’ use of CalGang; their
training; their processes for adult and juvenile entry, notification, and removal from CalGang;
their information requests; and their use of other shared gang databases.

b.  Whether the policies and procedures
local law enforcement agencies have
put in place are adequate for ensuring
compliance with SB 458 and other
applicable laws.

•	 The survey responses were self-reported, and, except as noted, we did not verify the
accuracy of the responses. We clarified survey responses agencies provided about shared
gang databases and information requests related to employment.

•	 We performed related analyses, including items a through d for this objective.

c.  How many requests for removal from
CalGang have been submitted over the
past five years and the outcomes of
these requests.
d.  How many juvenile appeals have been
made since the approval of SB458 and
how many names have been removed
through this appeal process.
14 To the extent possible, evaluate the
accuracy and completeness of the CalGang
data, as well as the types of documentation
maintained to support information entered
into CalGang.

We selected 100 individuals (25 from each of the local law enforcement agencies we reviewed)
recorded in CalGang and evaluated the accuracy of criteria entries by analyzing supporting
documentation. As we discuss in the Assessment of Data Reliability on page 17, we did not test
the completeness of CalGang.

15 Review and assess any other issues that are
significant to the audit.

We did not identify any other issues that were significant to the audit.

Sources:  California State Auditor’s analysis of Joint Legislative Audit Committee audit request number 2015-130, and information and documentation
identified in the Table column titled Method.

21

22

California State Auditor Report 2015-130

August 2016

Blank page inserted for reproduction purposes only.

California State Auditor Report 2015-130

August 2016

Audit Results
Due to an Inadequate Leadership Structure, CalGang Has Failed to
Comply With Requirements Designed to Protect Individuals’ Rights
to Privacy
The California Department of Justice (Justice) funds CalGang.
However, two bodies composed of law enforcement officials—the
CalGang Executive Board (board) and its technical subcommittee,
the California Gang Node Advisory Committee (committee)—are
responsible for overseeing the CalGang database. These bodies
operate free from the typical safeguards that are the foundation
of government programs. When the board and the committee
voluntarily adopted federal and state criminal intelligence
requirements, they expressed a commitment to protect individuals’
privacy rights and maintain a high‑quality tool for law enforcement
to use to suppress and solve gang crime. However, these entities
lack the organizational structure and processes necessary to
ensure that CalGang achieves these objectives.
Since state funding supports CalGang and law enforcement
agencies statewide use it, we expected to find in place a state
law establishing the powers, legal authority, and responsibilities
that would ensure CalGang’s leadership structure and processes
reflect the characteristics common to public programs. However,
CalGang was not created in statute, and Justice is not statutorily
required to oversee it. Thus, the board and the committee have
assumed responsibility for managing and overseeing CalGang
and its user agencies. Because of the value of CalGang to local
law enforcement agencies, Justice voluntarily funds it and
provides technical support as needed. Nonetheless, Justice’s
involvement with those bodies is inconsistent despite holding a
voting seat on both the board and the committee. For example,
since 2010 Justice has not been represented at one‑third of
the board’s meetings. We asked Justice about its not attending
certain board meetings, and Justice officials explained that it found
limited value in attending these meetings because board members
viewed Justice’s role narrowly and as limited to providing technical
support and funding for CalGang. Justice’s views on policy and
governance were not given meaningful consideration by the board
or the committee. Although Justice could have refused to renew
the CalGang maintenance contract, this was not viewed as a viable
option because it would likely have caused the program to shut down.
Justice told us that it did not at that time have any other leverage
over CalGang to ensure that its input was given any weight.
The board and the committee act without statutory authority,
transparency, or meaningful opportunities for public engagement.
Table 4 summarizes the characteristics common to government

23

24

California State Auditor Report 2015-130

August 2016

agencies and demonstrates the degree to which CalGang operates
outside of those characteristics. Government agencies exhibit these
characteristics as a means to gain the public’s trust and to engage
the public in their decision‑making processes. Because CalGang’s
oversight entities operate outside these parameters, their decisions
lack transparency and public input. Specifically, the board and the
committee do not conduct open meetings: They do not provide
public notice of their meetings, post agendas and minutes, or
accept public testimony. Thus, they limit the opportunity for public
understanding and input. For example, Justice posted some of the
board meetings’ minutes and agendas on its website, but the most
recent document is dated May 2014—more than two years ago,
despite there being more recent meetings.
Table 4
Common Characteristics of Government Entities Compared to CalGang’s Current Framework
COMMON CHARACTERISTICS OF GOVERNMENT ENTITIES

CALGANG’S FRAMEWORK

SCORECARD

Statutorily defined authority and responsibilities.

No responsibilities or authority defined in state law; CalGang is subject
only to rules the CalGang Executive Board (board) and the California Gang
Node Advisory Committee (committee) have adopted and established.

5

Transparency and opportunities for public participation.

Limited transparency and opportunities for public participation.

s

Direct reporting to a government agency or department
that has policy, operations, and administrative oversight.

Limited oversight of policies and operations. State government is a
participant with no decision-making authority.

s

Public input through elections, through an elected body,
or through the composition of governing bodies.

The board and the committee determine their own membership
and leadership.

5

Accountability established by clearly defining the roles
of oversight entities.

Individuals serve in multiple roles, creating situations in which they
oversee themselves.

5

Independently audited.

Not audited by an external, independent body. User agencies evaluate
their own records.

5

Specified revenue sources and, if appropriate, the ability
to collect fees.

No designated revenue source and no authority to collect fees from
user agencies.

5

Legal representation.

No legal representation.

5

Sources:  California State Auditor’s analysis of documentation from the Institute of Internal Auditors’ Public Sector Definition, excerpts from Strategic
Planning for Public and Nonprofit Organizations by John Bryson, excerpts from Understanding and Managing Public Organizations by Hal Rainey, and
analysis of the board’s and the committee’s bylaws and minutes and the committee’s policies and procedures.
5 = CalGang’s framework does not meet this common characteristic of government entities.
s = CalGang’s framework only partially meets this common characteristic of government entities.

In addition, CalGang’s leadership structure does not provide
adequate accountability or oversight. Because the board and
the committee determine which law enforcement agencies (also
referred to as user agencies) will be node administrator agencies,
they control the composition of their own membership: Once
the board approves a law enforcement agency to be a node
administrator agency, that agency designates individuals to sit

California State Auditor Report 2015-130

August 2016

on the board and the committee. Moreover, the members of the
board and the committee elect their own leadership. Thus, no
opportunities exist for public input through elections or elected
bodies. Accountability is further compromised because individuals
can serve many roles within the CalGang framework. Table 5
outlines selected responsibilities of these bodies and illustrates
how individuals can serve in multiple oversight roles. For example,
in the Sonoma County Sheriff ’s Office (Sonoma), the sergeant
who serves on the committee also acts as a node administrator
and as a CalGang user. In fact, the sergeant stated that he enters
approximately 95 percent of CalGang records for his agency,
yet this same sergeant is also responsible for conducting any
audits of CalGang records for the region because he is the node
administrator. The sergeant’s conflicting roles highlight the current
weaknesses in CalGang’s oversight framework.
Table 5
Selected Responsibilities of CalGang Oversight Entities and User Agencies
COMPOSITION

CalGang Executive
Board (board)

The chief executive or his or her designee from each
of the following: the 11 node administrator agencies,
the California Department of Justice, the California
District Attorneys Association, and the California State
Sheriff’s Association.

RESPONSIBILITIES

•	Provide oversight and policy direction.
•	 Approve the creation or abolition of a node.
•	Elect a chairperson annually.

California Gang Node Full-time law enforcement officers or support staff
Advisory Committee designated by node administrator agencies, usually
(committee)
the node administrators.

•	 Oversee the operations of law enforcement agencies
(user agencies).
•	 Evaluate requests from agencies interested in becoming nodes.
•	 Elect a chairperson, vice chairperson, and sergeant of arms
every other year.

Node administrator
agencies

Designated node administrator.

•	 Ensure that all users in the node adhere to committee policies.
•	 Conduct triannual audits.
•	 Examine gangs before they are added to CalGang.

User agencies

Law enforcement or support staff who enter
CalGang data.

•	 Comply with committee policies.
•	 Ensure data are legal, relevant, accurate, timely, and complete.

Sources:  Board and committee bylaws, committee policies, and interviews with the committee chair.

Although the board and committee voluntarily committed to
adhere to Title 28, Code of Federal Regulations, Part 23 (federal
regulations), which establishes requirements to ensure the privacy
of those whose data is maintained in criminal intelligence systems
such as CalGang, their protocols for implementing the federal
regulations allude to stronger oversight than the entities actually
provide. Specifically, the federal regulations—which are viewed
as the national standard for protecting and handling criminal
intelligence systems—require rules and processes that implement
administrative, technical, and physical safeguards to protect

25

26

California State Auditor Report 2015-130

August 2016

criminal intelligence data and individuals’ rights. On the surface,
the committee’s policies and procedures (CalGang policy) appear
to address some of these requirements. However, the board
and the committee have not implemented or followed all of the
necessary processes, as summarized in Table 6. For example, federal
regulations require audits and inspections to ensure that the user
agencies have necessary processes in place to make key decisions,
such as determining that reasonable suspicion exists to support
CalGang entries. However, as we discuss later, we found that the
committee’s audits are neither independent nor robust and that
CalGang policy does not include a provision for on‑site inspections
of records or facilities.
Table 6
CalGang’s Oversight Entities’ Adherence to Federal Regulations for Protecting Criminal Intelligence
SELECTED REQUIREMENTS UNDER TITLE 28,
CODE OF FEDERAL REGULATIONS, PART 23

CALGANG’S IMPLEMENTATION

SCORECARD

Audit and inspect properly trained participating agencies to
ensure that reasonable suspicion exists and that users are
following federal, state, and local laws.

Audits do not adequately review the establishment of reasonable
suspicion or compliance with laws. CalGang’s oversight entities do
not perform on-site inspections.

5

Adopt procedures to ensure that all information retained in
the database has relevancy and importance.

Procedures do not exist.

5

Develop rules to implement authority to remove personnel
authorized to access the system.

CalGang’s oversight entities have adopted rules to sanction users.



At the time of our review, the four nodes lacked policies or
procedures for ensuring that user accounts are disabled when
employees transfer or separate from employment.*

5‡

Restrict access to its facilities.

The four nodes we reviewed stored the servers containing CalGang
information in locked buildings with limited physical access.



Institute procedures to protect criminal intelligence
information from fire, flood, or other disasters.

CalGang information is regularly backed up to protect from
data loss.

†

Administrative Safeguards

Technical Safeguards
Store information in a manner such that it cannot be accessed
without authorization.

Physical Safeguards

Sources:  California State Auditor’s analysis of Title 28, Code of Federal Regulations, Section 23; CalGang’s administrative, technical, and physical
oversight processes; and the California Gang Node Advisory Committee’s policies and procedures.
= No significant issues identified.
5 = Did not adhere to requirements.
*	 We visited four law enforcement agencies—the Sonoma County Sheriff’s Office (Sonoma), the Santa Clara County Sheriff’s Office (Santa Clara),
the Los Angeles Police Department (Los Angeles), and the Santa Ana Police Department (Santa Ana). Two of these agencies—Sonoma and
Los Angeles—are node administrator agencies. The other two agencies—Santa Ana and Santa Clara—are part of the nodes overseen by the
Orange County District Attorney’s Office and the San Jose Police Department, respectively.
†	 Although we did not identify any significant issues related to protecting criminal intelligence information from fire, flood, or other disasters, the
nodes we visited did not have adequate plans for restoring the information following a disaster.
‡	 Subsequent to our review, Santa Ana’s node administrator provided us with a new procedure for evaluating the validity of its node’s CalGang
user accounts.

California State Auditor Report 2015-130

August 2016

Moreover, as Table 6 shows, we have concerns about the user
agencies’ compliance with federal regulations related to safeguarding
CalGang information from unauthorized access. At the node
administrator agencies for each of the four law enforcement agencies
that we reviewed—Sonoma, the Santa Clara County Sheriff’s Office
(Santa Clara), the Los Angeles Police Department (Los Angeles),
and the Santa Ana Police Department (Santa Ana)—we attempted
to review the policies and procedures for removing or modifying
employee CalGang user accounts when the employees transfer or
separate from employment.6 However, none of the node administrator
agencies had such policies or procedures at the time of our review.
We found 65 active user accounts across Santa Clara, Los Angeles,
and Sonoma for individuals who no longer worked for the agencies.
Two of these accounts may have been vulnerable to inappropriate
access for more than 11 years following the employees’ departures.
Subsequent to our review, Santa Ana’s node administrator provided us
with a new procedure for evaluating the validity of its node’s CalGang
user accounts.
In addition, although each of the node administrator agencies
we reviewed asserted that they protect their data against loss
by implementing practices such as performing regular backups
of data as federal regulations require, we found that none of the
node administrator agencies have fully documented plans for
restoring CalGang information after a man‑made or natural
disaster. Specifically, neither Santa Ana’s node administrator agency
nor Los Angeles has a contingency plan in place for restoring
CalGang information after a loss of this nature. In contrast,
the node administrators for Sonoma and Santa Clara provided
written agreements with service providers for restoring CalGang
information after a man‑made or natural disaster. However, these
service agreements did not specify how quickly the information
would need to be restored in order to minimize the impact of the
interruption. Industry best practices state that organizations should
develop contingency plans that identify maximum acceptable time
frames during which critical business applications can be inoperable.
Without sufficient planning, the node administrator agencies risk
losing the capability to process and retrieve CalGang information,
which could significantly affect user agencies’ timely access to
gang‑related intelligence information.
Ultimately, the board and the committee have not effectively
communicated the federal regulations and state guidelines to user
agencies. CalGang’s policies state that CalGang will comply with
federal regulations and Justice’s Model Standards and Procedures
6	

Two of the law enforcement agencies that we reviewed—Sonoma and Los Angeles—are node
administrator agencies. The other two agencies—Santa Ana and Santa Clara—are parts of
the nodes overseen by the Orange County District Attorney’s Office and the San Jose Police
Department, respectively, which both function as node administrator agencies.

We have concerns about how law
enforcement agencies safeguard
CalGang information from
unauthorized access. We found
65 active user accounts for former
employees; two accounts were left
open for more than 11 years.

27

28

California State Auditor Report 2015-130

August 2016

for Maintaining Criminal Intelligence Files and Criminal Intelligence
Operational Activities, November 2007 (state guidelines). The state
guidelines provide similar safeguards as the federal regulations but
in certain areas are more restrictive. We expected that CalGang
policy or the agreements that user agencies and their respective node
administrator agencies sign would provide direction on implementing
the requirements for safeguarding data and ensuring they are reliable.
However, CalGang policy does not contain such guidance, and the user
agreements do not reference the specific requirements—in fact, the
agreements are very broad and simply state that user agencies must
comply with all applicable laws, rules, and regulations. Consequently,
the four law enforcement agencies we reviewed did not understand
these requirements. For example, the sergeant at Santa Clara who is
solely responsible for determining whether individuals meet the criteria
for entry into CalGang stated that he was not familiar with the state
guidelines. As we discuss later, we found that the four agencies had not
implemented many of the processes the state guidelines require. The
remainder of this report explores the many examples of broken and
fragmented processes we identified related to CalGang and how these
processes weaken the database and create opportunities for violations of
individuals’ rights.
Law Enforcement Agencies Could Not Always Demonstrate That They
Had Established Reasonable Suspicion That Groups Were Gangs Before
Entering Them Into CalGang

Law enforcement agencies are
required to analyze legally obtained
information to establish reasonable
suspicion of organizations’
criminal activity before adding
those organizations to criminal
intelligence databases.

Although CalGang policy requires that all user agencies maintain
sufficient source documentation to support their CalGang entries,
we found that the law enforcement agencies we reviewed were unable
to demonstrate that many of the groups they entered into CalGang met
the criteria necessary for identification as gangs. The federal regulations
and the state guidelines require that law enforcement agencies analyze
legally obtained information to establish reasonable suspicion of
organizations’ criminal activity before adding those organizations to
criminal intelligence databases. To establish reasonable suspicion for
entry into CalGang, the committee requires that law enforcement
agencies ensure that groups meet the definition of a gang in CalGang
policy. Figure 3 illustrates in part the criteria a group of three individuals
must meet to be considered a gang. These criteria are important
because after entering a gang into CalGang, a user agency may add
individuals to that gang as gang members.7 An individual’s right to
privacy is jeopardized if a law enforcement agency justifies collecting
personal information about that individual by stating that he or she is a
gang member when the agency has not yet established that such a gang
exists through a documented pattern of criminal activity.
7	

Throughout this report, we use the term gang member to refer to both gang members and gang
affiliates unless specifically stated otherwise.

California State Auditor Report 2015-130

August 2016

Figure 3
The CalGang Record Lifecycle Required for Establishing Reasonable Suspicion for Gangs and Suspected Gang Members

Is it a

GANG?

Requirement 1

Do members
individually or
collectively engage
in a pattern of
criminal gang
activity?

Requirement 2

Law enforcement has contact with an
individual potentially involved in gang activity.

GANG MEMBER?

d into
ere

Quality control
reviewer reviews
documentation.*

Gang Member?

Supervisor
reviews officer’s
documentation.

NOT ent

lGang
Ca

d into
ere

lGang
Ca

NOT ent

Is the individual a

Gang Member?

A BC

Gang Member?

How Many?

Three or more
members?

Gang Review

Individual Review

om
d fr Ca

ng
lGa

Law enforcement agency
periodically reviews the
gang’s record. It purges
the record from CalGang
when it no longer
meets criteria.

Law enforcement agency
creates the gang and/or
an individual's record
in CalGang.

Purge

Common
sign, symbol,
or name?

Analyst determines
if the individual
meets the gang
criteria for entry
into CalGang.

Law enforcement agency
reviews the individual’s record
at least annually.† The record is
purged from CalGang when it
no longer meets criteria or if a
law enforcement agency has
not added gang criteria
for five years.

Sources:  California State Auditor’s analysis of the California Department of Justice’s Model Standards and Procedures for Maintaining Criminal Intelligence Files and
Criminal Intelligence Operational Activities, November 2007 (state guidelines); the Title 28, Code of Federal Regulations, Part 23 (1993); and the California Gang Node
Advisory Committee’s policies and procedures, September 2007.
*	 The state guidelines recommend that law enforcement agencies perform quality control reviews; they require supervisory reviews.
†	 The state guidelines require reviewing information stored in a criminal intelligence file to determine whether it is current, accurate, relevant, and complete, and
whether it continues to meet the needs and objectives of the responsible agency.

29

30

California State Auditor Report 2015-130

August 2016

We reviewed a total of nine gangs that Sonoma, Santa Ana, and
Los Angeles had entered into CalGang to determine whether
the user agencies had appropriately established reasonable
suspicion according to the criteria in CalGang policy when the law
enforcement agency entered them.8 We identified problems with
Sonoma’s and Santa Ana’s processes for adding new gangs. We
expected that these two agencies would be able to direct us to the
records they analyzed to determine that the group of three or more
individuals had a common sign, symbol, or name and demonstrated
a pattern of criminal gang activity, as depicted in Figure 3. However,
we found that Sonoma and Santa Ana generally relied on summary
statements agency staff provided on forms or in emails that
described how groups met the reasonable suspicion requirements
for CalGang entry. Although through subsequent follow up we
found that these groups currently meet the definition of a gang,
neither agency was able to demonstrate which individuals—at
the time of the groups’ initial entry into CalGang—supported the
agencies’ conclusions that the groups met the necessary criteria.
Therefore, neither agency could prove that it performed the analysis
required to establish reasonable suspicion. In contrast, we found
that Los Angeles could support the gang we reviewed. Specifically,
before Los Angeles added the gang into CalGang, it supported that
reasonable suspicion existed by maintaining a list of individuals and
their associated arrests, which together established gang criteria.
Sonoma’s node administrator adds
gangs for 30 other counties, yet
he does not collect or analyze the
source documents that support his
gang entries.

Sonoma’s process for adding new gangs to CalGang is of particular
concern to us. The sergeant acting as Sonoma’s node administrator
is responsible for adding gangs for the 30 counties that make up
the Sonoma node, yet he does not collect or analyze the source
documents that support his gang entries. Moreover, he destroys
the summary documentation the agencies within those counties
provide after transferring the information into CalGang. Therefore,
the sergeant could not provide supporting documentation for
any of the four gangs we examined from Sonoma. This approach
increases the risk that he will add groups to CalGang even when
user agencies have not established reasonable suspicion according
to CalGang policy. Once a gang is added to CalGang, all user
agencies in the node, which encompasses Northern California, are
free to collect and share information about individuals they believe
are gang members, potentially violating those individuals’ rights.
Additionally, the committee has not ensured that user agencies
periodically assess gangs to determine whether they continue
to meet the criteria in CalGang policy. The minutes from board
and committee meetings show that nodes periodically query

8	

Santa Clara does not add gangs to CalGang; rather, it links suspected gang members to gangs
already existing in the database. Consequently, it did not have a process for us to review.

California State Auditor Report 2015-130

August 2016

CalGang data to identify and remove gangs with fewer than
three members. However, this type of limited review does not
confirm that reasonable suspicion continues to exist for larger gangs,
creating the risk that CalGang contains information on individuals
who are alleged members of groups that no longer meet the gang
criteria. Guidance provided by the Institute for Intergovernmental
Research—the criminal intelligence training vendor with which
the federal government contracts—indicates that law enforcement
agencies should periodically validate that reasonable suspicion
exists for a gang within a specified time frame, called a retention
period. According to this guidance, the gang and its members should
generally be purged at the end of this retention period. However, no
retention period for gangs exists in CalGang if reasonable suspicion
can no longer be validated.
As a result, Los Angeles had no information since 2008 in its gang
history records demonstrating that one gang had engaged in a
pattern of criminal activity. To determine whether Los Angeles had
simply neglected to update its history for this gang, we analyzed
CalGang records for its members between 2010 and 2015 and
found Los Angeles’ officers documented only one arrest for offenses
consistent with gang activity. However, we determined through a
review of that individual’s criminal history records that he was not
arrested on the date documented in CalGang. As a result, based on our
review, Los Angeles no longer had sufficient reasonable suspicion in
its gang records or in CalGang to continue to categorize this group as
a gang and the node administrator would not have reviewed the gang
until its membership in CalGang fell below three members.
After we brought this problem to the attention of Los Angeles, its
node administrator researched the gang’s members and provided us
with records of arrests of gang members that law enforcement officers
did not include in the gang’s history or accurately enter into CalGang.
Although some of the offenses Los Angeles directed us to are consistent
with gang activity, we question why Los Angeles failed to enter this
information into CalGang and update its internal gang history. This
example demonstrates why it is important for CalGang user agencies
to establish a retention period and periodically assess whether a gang
continues to meet reasonable suspicion requirements in order to ensure
system accuracy and the protection of individuals’ rights.
Law Enforcement Agencies Do Not Have Adequate Support for Some of
the Individuals and Many of the Criteria They Entered Into CalGang
When law enforcement agencies cannot provide adequate support
for the inclusion of individuals in CalGang, documenting those
individuals’ whereabouts, appearance, and associates in a shared
database could constitute or lead to a violation of their privacy or

It is important for CalGang user
agencies to establish a retention
period and periodically assess
whether a gang continues to meet
reasonable suspicion requirements
in order to ensure system
accuracy and the protection of
individuals’ rights.

31

32

California State Auditor Report 2015-130

August 2016

other constitutional rights. Further, the inclusion of inaccurate or
unsupported information in CalGang reduces the system’s value
to law enforcement agencies. Nonetheless, when we reviewed a
selection of 100 people included in CalGang, we found that law
enforcement agencies did not have adequate support for inclusion of
13 of these individuals. Additionally, because user agencies can identify
numerous reasons, or criteria, for entering or retaining individuals in
CalGang, we reviewed more than 500 items of criteria associated with
these 100 individuals and found that the user agencies lacked adequate
supporting documentation, such as field notes or arrest report
narratives, for 23 percent of the criteria.
CalGang policy requires, with one exception, that a user agency
identify two documented criteria for initially entering a person into
CalGang.9 For the individual to remain in CalGang longer than
five years from the date of original entry, a user agency must enter
subsequent criteria, which will reset the five‑year period from that
date. User agencies generally enter criteria when they have additional
contacts with the individuals. Because user agencies may have
entered numerous criteria for some individuals, those individuals’
inclusion in CalGang may be justifiable even if some of these
criteria are unsupported. As shown in Table 7, we found that 131 of
the 563 (23 percent) items of criteria we reviewed lacked support.
Ultimately, this led us to conclude that law enforcement agencies
did not have adequate support for inclusion in CalGang for 13 of the
100 individuals we reviewed.
Table 7
Four Law Enforcement Agencies’ Support for a Selection of 100 Individuals in CalGang
INDIVIDUALS

LAW ENFORCEMENT AGENCY

NUMBER
REVIEWED

NUMBER
ADEQUATELY
SUPPORTED

GANG CRITERIA
NUMBER NOT
ADEQUATELY
SUPPORTED

NUMBER
REVIEWED

NUMBER
ADEQUATELY
SUPPORTED

NUMBER NOT
ADEQUATELY
SUPPORTED

Los Angeles Police Department

25

23

2

213

165

48

Santa Ana Police Department

25

22

3

104

89

15

Santa Clara County Sheriff’s Office and
the San Jose Police Department*
Sonoma County Sheriff’s Office†

25

24

1

127

107

20

Totals

25

18

7

119

71

48

100

87

13

563

432

131

Source:  California State Auditor’s review of four law enforcement agencies’ support for 100 people included in CalGang.
*	 The San Jose Police Department is responsible for the majority of the entries we reviewed and the criteria we found to not be adequately supported.
†	 Other agencies in the Sonoma County node—excluding Sonoma County Sheriff’s Office—were responsible for nearly half of the criteria we found to
not be adequately supported.

9	

The only exception to the two‑criteria requirement is when an individual admits to his or her gang
membership during an in‑custody classification interview for jail or prison housing.

California State Auditor Report 2015-130

August 2016

As indicated in Table 8, 31 of the unsupported criteria related to
the criterion “subject has admitted to being a gang member,” while
three related to “in-custody classification interview,” which are
admissions of gang membership when individuals are brought
into custody and will be confined with other individuals. In these
instances, we found that the source documents either contained
no record of gang membership admissions or, in some instances,
indicated that the individuals said they were not—or not currently—
gang members. For example, Sonoma justified entering a person into
CalGang in part because he supposedly admitted to being a gang
member during a custody classification interview at the county jail.
However, when we obtained a record of this interview, we found that
the person said he was not currently a member of the gang to which
he was later connected in CalGang. In fact, he specifically requested
to not be housed with this gang. The only criterion for this individual’s
inclusion in CalGang for which we found support was that he had
been seen associating with documented gang members. However,
even that circumstance consisted of no more than an officer’s
observation that the individual was in the garage of a residence that
a documented gang member had left. Given that Sonoma did not
have adequate support for any other criteria for this individual, we
concluded that his inclusion in CalGang was inappropriate.
Table 8
Number and Types of CalGang Criteria Entries That Lacked Adequate Support
CRITERIA

NUMBER OF
CRITERIA NOT SUPPORTED

NUMBER OF
CRITERIA REVIEWED

Subject has admitted to being a gang member.

31

136

Subject has been arrested for offenses consistent with usual gang activity.

29

70

Subject has been seen associating with documented gang members.

28

98

Subject is known to have gang tattoos.

16

104

Subject has been identified as a gang member by a reliable informant/source.

8

11

Subject has been seen wearing gang dress.

7

33

Subject has been seen frequenting gang areas.

6

63

Subject has been seen displaying gang symbols and/or hand signs.

3

12

In-custody classification interview.

3

35

Subject has been identified as a gang member by an untested informant.
Totals

0

1

131

563

Source:  California State Auditor’s review of four law enforcement agencies’ support for 100 people included in CalGang, as listed in Table 7 on page 32.

When we asked about these admission‑related entries that did not
match source documents, representatives of the law enforcement
agencies often agreed that the criteria were not accurate and even
purged the information from CalGang. At times they explained that

33

34

California State Auditor Report 2015-130

August 2016

they could have used other field observations they did not record in
CalGang but that were present in the source documents to justify
the individuals’ inclusion in CalGang. However, admitting that they
could or should have entered other criteria into CalGang does not
negate the fact that the system inaccurately reflects individuals’
statements regarding gang membership. For CalGang to be
useful to law enforcement personnel, it should be both complete
and accurate.

Selection of Offenses Used to Establish
a Pattern of Criminal Gang Activity
•	 Assault with deadly weapon.
•	 Robbery, burglary, and carjacking.
•	 Homicide and manslaughter.
•	 Sale, or possession for sale, of a controlled substance.
•	 Shooting at an inhabited dwelling or occupied
motor vehicle.
•	Arson.
•	 Rape, torture, and kidnapping.
•	 Money laundering and counterfeiting.
•	 Intimidation of witnesses and victims.
•	 Prohibited possession of firearm.
•	 Felony vandalism.
Source:  Penal Code 186.22, Section (e).

We also found 29 instances in which user agencies
were unable to support the criterion “subject has
been arrested for offenses consistent with usual
gang activity.” In fact, in nine of these instances, we
could not find that the person had been arrested
for any offense—despite the use of this criterion to
justify putting the individual in CalGang. For the
remaining 20 entries, we found that the
individuals had been arrested for common crimes
that did not necessarily have any connection to
gang activity, such as probation violations and drug
possession. Although the committee established
the 10 criteria listed in Table 8 on page 33, it did
not implement any policies or procedures further
describing what offenses are consistent with gang
activity. However, the Penal Code contains a list of
offenses that can be used to determine that a group
is a criminal street gang for the purpose of
prosecuting its members, a selection of which are
listed in the text box. Absent any further definition
from the committee or from the user agencies we
reviewed, we used the Penal Code’s categories as a
benchmark for whether individuals’ offenses were,
in fact, consistent with gang activity.

In response to our concern regarding the offenses law enforcement
agencies used for this criterion, Santa Ana agreed to remove
one criteria entry related to loitering and two related to drug
possession. Conversely, the node administrator in Sonoma stated
that we misunderstood the concept of “subjective reasonable
suspicion” and maintained that some of the offenses we were
questioning—violating probation and resisting arrest—are common
among gang members. When we questioned a criteria entry
because the associated offense was the prohibited possession
of ammunition, which the Penal Code does not identify as a
gang‑related offense, the Sonoma node administrator responded
that “possession of ammunition by a gang member is a gang crime.”
The problem presented by both of these responses is that they
presuppose that the individuals in question are gang members and
therefore the offenses for which they were arrested are gang crimes.

California State Auditor Report 2015-130

August 2016

In our view, offenses need to be indicative of gang activity for user
agencies to justify including individuals in CalGang. Although we
understand law enforcement officers must exercise judgment in
making certain criteria determinations, the results of our testing
suggest that the exercise of this judgment needs to be informed by
specific regulations.
The user agencies were also frequently unable to support the
criterion “subject has been seen associating with documented gang
members.” Specifically, we found 28 criteria entries in which the law
enforcement agencies did not document that the people with whom
the individuals in question were associating were gang members. In
fact, at times we found no record of anyone else even being present
during the events leading to the particular field observations.
In regard to the other unsupported criteria listed in Table 8 on
page 33, we did not question the validity of the law enforcement
officers’ field observations but rather only identified criteria as
unsupported if the source documents lacked such observations
altogether.10 For example, if the law enforcement officers indicated
in source documents that geographical locations, tattoos,
symbols, or manner of dress were gang‑related, we accepted these
statements. However, we identified criteria entries as unsupported
if no such statements were present. For example, Los Angeles used
the criterion “subject has been identified as a gang member by a
reliable informant/source” to justify the inclusion of an individual
in CalGang. Upon hearing our concern that the source document
made no mention of an informant or other source, the node
administrator for Los Angeles responded that the “reliable source
would be the officer making the determination.” This interpretation
of what constitutes a “reliable informant/source” is inappropriately
broad and would allow officers to enter this criterion absent
any evidence other than their own views that individuals are
gang members.
We found two primary causes for the inaccurate criteria entries we
identified. Based on their descriptions of their processes for
entering information into CalGang, the user agencies we reviewed
often have administrative staff or other designated officers enter
information into CalGang rather than the officers who made the
field observations. CalGang policy does not prohibit this approach
and we recognize that it can be efficient. However, it may also be
the cause of some of the discrepancies between CalGang entries
and the corresponding source documents. Another contributing
10	

For the criterion “subject has been seen frequenting gang areas,” we accepted the judgment
of those administering CalGang even when the field officers did not specifically record this
observation. Given their unique position of regularly recording or observing CalGang entries,
these administrators are likely to know the geographical locations that gangs frequent.

Although law enforcement officers
must exercise judgment in making
certain criteria determinations,
the results of our testing suggest
that the exercise of this judgment
needs to be informed by
specific regulations.

35

36

California State Auditor Report 2015-130

August 2016

factor to the deficiencies we found is the lack of strong oversight
of CalGang. No independent party regularly scrutinizes CalGang
criteria—a condition we detail later in the report.
As a result of these inaccurate criteria entries, law enforcement
agencies are tracking people in CalGang who do not appear to
justifiably belong in the system. Further, the inaccuracies weaken
its value to law enforcement because many of the descriptions in
CalGang do not match the support to which the system is pointing.
If law enforcement agencies later attempt to use this support as
evidence in convictions or sentencing enhancements—years added
to a prison term when an individual commits a crime to promote or
assist a gang—they will find that the information was not worth the
time and resources they used to locate and analyze it.

Inclusion in CalGang has the
potential to seriously affect a
person’s life and therefore the
accuracy and appropriate use of
CalGang is of critical importance.

Throughout the audit, law enforcement officials offered their
perspective that inclusion in CalGang is of little impact to an
individual because CalGang only points to source documentation.
CalGang policy prohibits using the system as the basis for expert
opinion or statements of fact in official reports or for non‑law
enforcement purposes, such as employment screenings. However,
we found that neither of these prohibitions is always followed.
In fact, when we searched California appellate cases that
contained the terms CalGang or gang database, we found at least
four unpublished cases that referred to CalGang as support for
expert opinions or conclusions in official reports that individuals
were or were not gang members. Further, we found one case
in which a CalGang printout was apparently provided to a jury.
We found numerous other instances in which the unpublished
decisions by the appellate courts cited or otherwise contained
references to CalGang or a gang database. As we discuss later in
this report, three user agencies admitted that they use CalGang
for employment or military‑related screenings. These examples
emphasize that inclusion in CalGang has the potential to seriously
affect a person’s life and therefore the accuracy and appropriate use
of CalGang is of critical importance.
Law Enforcement Agencies Lack Appropriate Safeguards to Ensure
the Accuracy and Security of CalGang Records
Law enforcement agencies have failed to ensure that CalGang
records are added, removed, and shared in a way that maintains
the accuracy of the system and safeguards individuals’ rights.
We found that the agencies we examined did not review records
before and after entering them in CalGang and that committee
audits of the information within CalGang lacked independence
and transparency. Moreover, flaws in CalGang’s controls caused
many individuals to remain in the system longer than federal

California State Auditor Report 2015-130

August 2016

regulations allow; in fact, some individuals are currently scheduled
to remain in CalGang for hundreds of years. Finally, in response to
our survey, three agencies reported using CalGang for employment
or military-related screenings, which represent an inappropriate
use of the system. We believe that the committee’s failure to
implement standardized training has contributed to user agencies’
inappropriate and inconsistent use of CalGang. In addition, the
committee’s lack of oversight and the user agencies’ lack of sound
processes has increased the risk of inaccuracies in CalGang, which
could jeopardize the effectiveness of investigations and lead to
violations of individuals’ privacy rights.
Law Enforcement Agencies Have Not Established Necessary Processes
for Reviewing and Purging Records
The federal regulations and state guidelines that CalGang
adopted outline the requirements for maintaining individuals’
criminal intelligence records. The requirements that relate to
reviewing records accomplish two objectives: They ensure that the
information in CalGang is accurate, which helps make CalGang
a valuable tool for solving and preventing crimes, and they help
ensure that inaccurate information is not added and that unreliable
and unnecessary information is purged, which protects individuals’
rights. As Figure 3 on page 29 indicates, the federal regulations and
state guidelines require that law enforcement agency supervisors
review and approve criminal intelligence data before entry. The
state guidelines also recommend periodic quality control reviews of
such data and permanently removing data from CalGang if they are
misleading, obsolete, or otherwise unreliable.
However, as Table 9 on the following page shows, the four law
enforcement agencies we reviewed did not have processes in place
to ensure that agency supervisors and quality control reviewers
evaluated records before their entry into CalGang. In fact, three
of the four agencies followed a practice of allowing one law
enforcement officer or analyst to decide unilaterally which suspected
gang members to add to CalGang. In contrast, Los Angeles has
established and generally followed a process requiring that a
supervisor review records before their entry. However, none of
the four agencies annually assessed CalGang records as the state
guidelines require. The Sonoma node administrator explained
that his agency had not implemented these requirements because
they would add unnecessary levels of review that would delay the
entry of information into CalGang. He further stated that until
the agency enters the information, it is not usable intelligence.
However, if Sonoma or other agencies believed that the safeguards
in the state guidelines were too onerous, they should have at least
established other, compensating processes that would ensure the

The committee’s failure to
implement standardized training
has contributed to user agencies’
inappropriate and inconsistent use
of CalGang.

37

38

California State Auditor Report 2015-130

August 2016

information they entered into CalGang was sound. We found no such
mechanisms at Sonoma or the other three agencies we examined,
the lack of which likely contributed to the numerous unsupported
criteria entries in CalGang.
Table 9
Law Enforcement Agencies’ Adherence to State Record Review Requirements
LOS ANGELES
POLICE
DEPARTMENT

SONOMA
COUNTY
SHERIFF’S OFFICE

SANTA ANA
POLICE
DEPARTMENT

SANTA CLARA
COUNTY
SHERIFF’S OFFICE



5

5

5

5

5

5

5

5

5

5

5

Required Supervisory Review
Ensures law enforcement agencies lawfully collected criminal
intelligence and that information conforms to the California
Department of Justice’s (Justice) guidelines (state guidelines*).

Recommended Quality Control Review
Ensures compliance with state guidelines.

Required Annual Review
Ensures intelligence remains current, accurate, relevant,
and complete.

Sources:  California State Auditor’s analysis of Justice’s Model Standards and Procedures for Maintaining Criminal Intelligence Files and processes at
four law enforcement agencies.
*	 State guidelines refers to Justice’s Model Standards and Procedures for Maintaining Criminal Intelligence Files and Criminal Intelligence Operational
Activities, November 2007.
 = Agency generally implemented review process.
5 = Agency did not implement review process.

In addition, the committee’s periodic audits of CalGang records
are weak and do not ensure that CalGang contains only valid,
accurate information. The federal regulations require that criminal
intelligence information must be periodically reviewed and
destroyed if it no longer meets certain standards and that records
must be reviewed and validated for continuing compliance with
submission criteria before the end of their retention period.
CalGang policy implements this requirement from the federal
regulations by stating that each node administrator agency will
be audited no less than twice a year. However, the policy does
not specify who will conduct these audits, how they are to be
documented, or who will review the results. The current committee
chairperson stated that the node administrator agencies conduct
the audits—meaning that node administrators audit their own
records—and that their representatives orally report the results
at committee meetings. Nevertheless, our review of this process
suggests that these audits are not adequate to determine the
accuracy of the information in CalGang.

California State Auditor Report 2015-130

August 2016

Specifically, the audits are limited in focus and it is difficult
to determine if any change resulted. Board meeting minutes
dated January 2006 indicate that the board directed each node
administrator agency to audit 30 records a year, resulting in the
annual review of 330 records statewide. However, this level of
review appears inadequate given that CalGang contains in excess
of 150,000 individuals’ records. Further, the minutes from the
committee’s meetings document that the node administrator
agencies report on the results of their audits, but the minutes lack
sufficient detail of how the agencies addressed the problems they
uncovered. Thus, for the majority of its audits, the committee was
unable to demonstrate the value of its audit process and the related
outcomes. The limited focus of these audits is especially concerning
because they are the only oversight tool that the committee uses,
yet the audits are self‑reported with no independent verification
of the results, resulting in a process that is not robust enough
to ensure that user agencies are maintaining valid and accurate
criminal intelligence records, adhering to security protocols,
and upholding individuals’ rights to privacy. The lack of an
appropriate audit process potentially weakens CalGang’s value
as a law enforcement tool and may contribute to the public’s
concern that law enforcement agencies are mishandling private,
sensitive information.
Our review of CalGang records statewide identified a significant
number of errors that demonstrate the need for stronger controls
over the processes for entering, evaluating, and auditing the data
in CalGang. For example, we found 42 individuals in CalGang
whose birthdates indicated that they were less than one year old at
the time their information was entered, 28 of whom were entered
into the system in part because they admitted to being gang
members. CalGang also contained information that was unusable
for meaningful data analysis, such as telephone numbers, zip codes,
or random characters in the data field intended to capture a city
name. Additionally, we found instances in which city names were
misspelled or abbreviated in inconsistent ways. For example, we
identified more than 100 variations for Los Angeles, including
“Los Angels” and “Los Angeleses.”
We expected that the law enforcement agencies we examined
would be familiar with the state guidelines that the committee
adopted and have the necessary safeguards in place to implement
the related requirements. However, key officials and CalGang
users from Los Angeles, Santa Ana, and Santa Clara were all
unaware of the state guidelines and the requirements therein. At
Sonoma, the sergeant who functions as the node administrator
stated that the processes the state guidelines outline were either
not applicable to CalGang, did not have value, or would be too
resource‑intensive to fully implement. We disagree with the

Our review of CalGang records
statewide identified a significant
number of errors that demonstrate
the need for stronger controls
over the processes for entering,
evaluating, and auditing the data
in CalGang.

39

40

California State Auditor Report 2015-130

August 2016

sergeant’s assertions because CalGang policy explicitly requires
user agencies to follow the state guidelines. Further, if Sonoma or
other agencies had concerns regarding the processes in the state
guidelines, they should have reconciled them with processes that
were similarly robust but more efficient to implement. Disregarding
the guidelines designed to enhance CalGang’s accuracy and to
preserve individuals’ rights degrades the database and calls into
question user agencies’ commitment to CalGang’s mission—
to provide an accurate resource for law enforcement.
The programming underlying
CalGang may jeopardize
individuals’ privacy rights because
it did not purge all records within
the required time frames.

The programming underlying CalGang also may jeopardize
individuals’ privacy rights because it did not purge all records
within the required time frames. User agencies rely upon CalGang’s
automatic purge function to comply with the requirement in
the federal regulations to remove criminal intelligence records if
user agencies have not added new information indicating gang
membership within five years. However, when we searched
104 records for individuals in CalGang to ensure that they had
been purged on schedule, we found that 12 remained in CalGang
even though they did not contain new information that would have
warranted extending their purge dates. In fact, these 12 records
reflected purge dates that should have taken effect in the past.
Santa Clara, which is within the San Jose node, had created all
12 records, but neither Santa Clara’s gang sergeant nor the sergeant
in the gang investigations unit at the San Jose node could offer an
explanation as to why the automatic purge function had exhibited
this operational deficiency. When we checked CalGang again
about three weeks later, the 12 records had been purged. CSRA
International, Inc. (CSRA)—the company that developed the
proprietary CalGang software—indicated that errors with
the San Jose node’s server caused the automatic purge function to
run improperly for approximately two months. CSRA asserted that
it resolved this error and has implemented procedures to quickly
identify similar issues in the future.
Further, as of November 2015, we identified records for
three additional individuals who should have been purged in 2002,
2003, and 2008, respectively. When we asked CSRA why these
individuals were still in CalGang, it identified a programming
error that caused the automated purge process to overlook the
three individuals. Consequently, these individuals’ records remained
in CalGang from seven to 13 years beyond when they should have
been purged. CSRA asserted that it subsequently corrected this
error and would report these three individuals to the appropriate
law enforcement agency for review. As of June 2016, CSRA reported
that these individuals were no longer in CalGang.

California State Auditor Report 2015-130

August 2016

Finally, CalGang’s programming has not at times had sufficient
controls to prevent future dating of entries related to gang
membership or affiliation. This lack of controls—coupled with
law enforcement’s failure to establish a thorough review process
to ensure the accuracy of data entries—could cause individuals to
inappropriately remain in CalGang for several decades, or even
centuries. Specifically, we identified 628 individuals whose records
had purge dates beyond the standard five‑year time period,
including 257 whose records were not scheduled to be purged
for more than 100 years. When we inspected these individuals’
criteria dates—which is the information CalGang software uses to
calculate purge dates—we found that the entries were future‑dated.
For example, one individual had a criteria entry dated in the year
9992, which resulted in a purge date in the year 9997, or nearly
8,000 years from now. Although these future dates are most likely
the result of data entry errors, an incorrect entry has significant
implications for the timely removal of the individual from CalGang.
When we asked CSRA how such errors could occur, it stated that
before 2009, and then again between 2011 and 2014, CalGang
user agencies could enter future‑dated criteria. CSRA asserted
that it implemented controls in 2014 designed to prevent users
from future‑dating criteria. In addition, CSRA indicated that it
would report the individuals we identified to the appropriate node
administrators for review and possible deletion. However, as of
June 2016, CSRA stated that 115 individuals with future‑dated
criteria remained in CalGang.
Absent a robust review process, the committee has relied
completely on the CalGang software to remove individuals within
the time frames federal regulations specify. Software deficiencies
have allowed some records to remain in CalGang and accessible to
law enforcement agencies far beyond their purge dates. Retaining
records in CalGang for longer than the federal regulations allow
potentially violates individuals’ rights and pollutes CalGang with
outdated information that may hinder law enforcement agencies’
efforts to suppress gang activity.
Law Enforcement Agencies Lack Processes to Ensure They Share
CalGang Information Properly and Limit CalGang Access as CalGang
Policy Requires
To preserve individuals’ privacy rights, numerous requirements
contained in the federal regulations, the state guidelines and
CalGang policy exist around sharing CalGang information. These
requirements are generally rooted in the concept that CalGang
information should be shared only for a law enforcement purpose
and only with requesters that have a “need and right to know.”

We identified 628 individuals whose
records had purge dates beyond
the standard five-year time period,
including 257 whose records were
not scheduled to be purged for
more than 100 years.

41

42

California State Auditor Report 2015-130

August 2016

The four local law enforcement
agencies we reviewed each lack
necessary policies and procedures
for sharing CalGang information.

Nevertheless, we found that CalGang’s oversight entities and user
agencies have not taken all the steps necessary to ensure CalGang
information is shared only when appropriate. Specifically, the four
local law enforcement agencies we reviewed each lack necessary
policies and procedures for sharing CalGang information. Further,
responses to our statewide survey suggest that at least three law
enforcement agencies may have inappropriately used CalGang as an
employment screening tool.
The information‑sharing policies of all four user agencies we
reviewed omit some of the safeguards that CalGang policy requires.
Requests for CalGang information can come either from within
user agencies or from external parties, such as law enforcement
agencies that do not use CalGang, media outlets, and researchers.
CalGang policy requires that each user agency establish written
policies and procedures for accessing CalGang information
that ensure that they only share information in accordance with
existing laws, regulations, and guidelines. However, we identified
weaknesses in the policies of each of the four law enforcement
agencies we reviewed. For example, Los Angeles’s policy addresses
releasing information for discovery motions and requests for
records, and it also specifies the parties that must approve
information releases. Nonetheless, it is silent about documenting
the requestors’ need and right to know and tracking to whom it
releases criminal intelligence—both of which are requirements
in federal regulations and state guidelines. As a result of similar
types of omissions at all four user agencies, the users at the
agencies lack the guidance necessary to ensure they share criminal
intelligence only with authorized recipients and only for law
enforcement purposes.
We attempted to assess Justice’s and the four user agencies’ past
decisions to share information, but we have little assurance
that they identified all of the CalGang requests they received.
Specifically, Justice and the four agencies could identify requests
for CalGang information made pursuant to the Public Records
Act, but none of these law enforcement agencies had processes to
capture internal requests or requests from other law enforcement
agencies. Justice, Los Angeles, Santa Clara, and Santa Ana identified
a combined total of 16 information requests they received between
January 2011 and early March 2016; in contrast, the sergeant who
functions as the Sonoma node administrator asserted that Sonoma
did not receive any requests for information during that time frame.
Table 10 shows the information requests categorized by requestor
type and by the nature of the CalGang information requested. We
found that requestors sought criminal intelligence information
in four instances and that the agencies declined to provide the
information because the requestors did not have a right to know it.

California State Auditor Report 2015-130

August 2016

Table 10
Summary of CalGang Information Requests Received Between
January 2011 and March 2016 by Requestor Type and the Nature of the
Information Requested
NATURE OF INFORMATION REQUEST
CRIMINAL
INTELLIGENCE RECORDS

CALGANG STATISTICS

POLICY AND PROCEDURES/
OPERATIONAL INFORMATION

Media

0

5

3

Researchers

2

3

3

Legal counsel

2

1

1

Private party

0

1

1

4

10

8

REQUESTOR

Totals

Source:  California State Auditor’s analysis of public records requests received by the California
Department of Justice, Santa Ana Police Department, Santa Clara County Sheriff’s Office, and
Los Angeles Police Department.
Note:  The Table reflects the nature of all the information the requests specified. Requests may have
covered more than one category of information; thus, the nature of the requests will not correlate
with the 16 total requests the four agencies asserted they received.

Conversely, our statewide survey revealed that, of the 190 law
enforcement agencies that responded to this question, three may
have inappropriately shared information because they used
CalGang to screen for employment or military recruitment
purposes. Screenings of these types are not apparent law
enforcement activities—they are not related to preventing or
solving crimes—and thus do not meet the standard of need
or right to know for a law enforcement purpose. Specifically, an
administrative aide from Ventura County Sheriff ’s Department
(Ventura) asserted that she reviewed CalGang to determine if
individuals who applied for employment with Ventura were listed
as gang members. Similarly, a sergeant from Thousand Oaks Police
Department (Thousand Oaks) asserted that the agency reviewed
CalGang to assist the military in determining whether a candidate
was a gang member. Finally, a detective from Santa Barbara County
Sheriff ’s Office (Santa Barbara) reported using CalGang to screen
for employment and to assist the military.
Although each of the three agency officials asserted that they
did not print or distribute any hard‑copy CalGang information
resulting from their searches, using the system in this manner
does not appear appropriate. On three separate occasions dating
back to 2006, the board or the committee determined that user
agencies should not use CalGang for employment background
checks or in response to requests from the military. The board
established that military recruiters do not have the need or right
to know CalGang information and therefore users should not fill
those information requests. Nevertheless, based on our review

43

44

California State Auditor Report 2015-130

August 2016

of their respective minutes, neither the board nor the committee
disseminated these decisions to the CalGang users. Moreover,
the committee did not clarify in CalGang policy that these uses
are prohibited. Consequently, two of the three agencies asserted
that using CalGang to screen employment or military candidates
was appropriate. For example, according to a Thousand Oaks
sergeant, using CalGang to respond to requests from military
recruiters is appropriate because the military does not want to
train gang members in the use of weapons and tactics, thus making
those individuals more dangerous to the public. Alternatively,
the Santa Barbara detective agreed that using CalGang to
screen candidates for internal positions or for the military was
inappropriate and planned to suggest the agency change its
practices. The mix of interpretations is concerning to us and
suggests that user agencies need better, and perhaps more frequent,
training, as we describe in the next section.
The Committee and Node Administrators Cannot Demonstrate They
Follow CalGang Training Policy or Best Practices
As previously discussed, the board and the committee delegate
important tasks to user agencies, such as determining whether
reasonable suspicion of criminal activity exists to warrant entering
individuals into CalGang. However, the agencies’
abilities to effectively perform these tasks
depends in large part on the training their staff
Training Topics for CalGang User Agencies
receives. Consequently, CalGang policy states
The CalGang Node Advisory Committee requires that
that the committee will develop, review, and
training for user agencies must address the following topics,
approve standardized trainings for the staff at
at a minimum:
user agencies. Although the text box shows the
committee’s required training topics for user
•	 The definition of a criminal street gang.
agencies, neither the committee nor the two node
•	 The accepted criteria for identifying gang members,
administrator agencies we reviewed could
affiliates, and adding photos.
demonstrate that the committee had developed
•	 The definition of criminal predicate and
or approved standardized training materials for
reasonable suspicion.
statewide use. Instead, each node administrator
agency develops its own materials. In addition, we
•	 Local, state, and federal statutes and policies regarding
expected to find that the committee had processes
criminal intelligence information.
in place to identify needed changes and updates to
•	 Physical and technical security.
the content of the training materials. For example,
•	 Data dissemination protocols.
changes to state law that took effect in 2014
regarding notifying juveniles and their parents or
•	 Practical, hands‑on database use.
guardians before entering juveniles into CalGang
Source:  California Gang Node Advisory Committee Policy and
presented the committee with an opportunity to
Procedures for the CalGang System (2007).
update CalGang training materials, but we found
no evidence that the committee had done so.

California State Auditor Report 2015-130

August 2016

The lack of standardized training may have created inconsistencies
in how user agencies apply the criminal intelligence requirements
the committee has adopted. Specifically, as discussed previously,
we found that law enforcement agencies we reviewed did not have
adequate support for including 13 individuals within CalGang.
Moreover, three agencies responded to our survey that they used
CalGang to screen for potential employment, even though this use
does not appear to meet the standard of need and right to know for
a law enforcement purpose. The appropriate adding to and sharing
of information in CalGang is critical to protecting individuals’ right
to privacy, yet the committee has failed to fulfill its responsibility to
ensure user agencies are effectively trained in those two functions.
We also found deficiencies with the committee’s approval of
training content for instructors. CalGang policy requires potential
instructors to attend a committee‑approved, train‑the‑trainer course
and requires node administrators to verify potential instructors’
experience using CalGang. However, neither the committee nor
Sonoma and Los Angeles—which are both node administrator
agencies—could demonstrate that the committee had approved
an instructor training course. In fact, the committee chair—who is
also the Los Angeles node administrator—stated that a formalized
train‑the‑trainer course does not exist. CalGang policy further
states that instructors must complete the 24‑hour user course in
addition to a train‑the‑trainer course. However, CalGang instructors
cannot obtain the requisite number of training hours because the
user training the nodes provide is just 16 hours in length, not
the required 24.
Finally, the committee has not required users to take periodic
refresher trainings so that their skills remain up to date. The
committee does not require such trainings, regardless of how
long users have maintained CalGang access. In our statewide
survey, 86 (46 percent) of the 186 CalGang user agencies that
responded to this question indicated that their users could benefit
from periodic refresher training. Further, a separate analysis we
performed revealed that half of CalGang’s users have had accounts
allowing their access to CalGang for six years or more. The full
distribution of the length of time users have maintained their
accounts is depicted in Figure 4 on the following page. By requiring
only an initial training for users, the committee risks that users’
knowledge of CalGang policy will fade over time or not keep pace
with changes, thereby jeopardizing the integrity and accuracy of
CalGang’s information.

CalGang instructors cannot obtain
the requisite number of training
hours because the user training the
nodes provide is just 16 hours in
length, not the required 24.

45

46

California State Auditor Report 2015-130

August 2016

Figure 4
Age of Users’ CalGang Accounts

21%
0–2 years

50%

USER
ACCOUNT
AGE

2.01–4 years
4.01–6 years

14

%

> 6.01 years

15%

Source:  California State Auditor’s analysis of CalGang data obtained from the California Department of
Justice as of November 23, 2015.
Note:  Because CalGang did not capture user account creation dates until 2009, we were unable to
determine the exact age of user accounts older than six years.

Law Enforcement Agencies Have Failed to Appropriately Notify
Necessary Parties Before Entering Juveniles Into CalGang
Because two of the four law enforcement agencies we reviewed did
not send all legally required notices before entering juveniles into
CalGang, many juveniles and their parents or guardians (parents)
were not afforded the right to contest the juveniles’ gang designations.
Further, the two agencies that sent the necessary notifications did not
provide the juveniles and their parents with adequate information to
contest the designations. In fact, responses to our statewide survey of
law enforcement agencies revealed that less than 3 percent of juveniles
or their parents contested these designations, possibly as a result of
their notification letters not containing adequate information. Because
the two law enforcement agencies have not complied with state law
related to these notifications, they have limited the effectiveness of the
juvenile notification process as a means to identify juveniles whom
they may have mistakenly added to CalGang as gang members.
State law effective January 1, 2014, generally requires law enforcement
agencies to send juveniles and their parents notices before adding
juveniles to a shared gang database, such as CalGang. Figure 5 depicts
the juvenile notification process the state law established. This process
requires notifying juveniles and parents or guardians of the basis for
the juveniles’ gang designations and of their right to contest the gang
designations. The process also describes the limited circumstances in
which law enforcement agencies do not have to notify the juveniles
and the parents.

California State Auditor Report 2015-130

August 2016

Figure 5
The Required Juvenile Notification and Contestation Process as Applied to CalGang

A law enforcement officer
determines a juvenile meets
the minimum criteria required
to be designated as a gang
member (designation).*

DOES AN
EXCEPTION
EXIST?

The law enforcement agency
(agency) sends written notice
of the designation to the
juvenile and his/her parent or
guardian (parent).

A juvenile or parent contests in
writing the juvenile’s designation.

The agency has 60 days to
review the contestation and
respond to the juvenile and parent
with written verification of the
agency’s decision.

The agency adds the juvenile
to CalGang and the law
enforcement officer affirms
that the notice was sent or
an exception applied.†

The agency does not send a
written notice because the
notice would do one of
the following:
• Compromise an ongoing
criminal investigation.
• Compromise the juvenile’s
health or safety.

Juvenile’s record
remains in CalGang.

The agency disagrees
with contestation.
The agency agrees
with contestation.

Juvenile’s record
deleted from CalGang.

Sources:  California State Auditor’s analysis of the Penal Code and the CalGang juvenile-notification process.
*	 A juvenile is defined as an individual who is under 18 years of age. A juvenile can be designated as a gang member or gang affiliate.
†	 If a law enforcement officer indicates in CalGang that the agency did not send a notification because of an exception, the officer must document a
detailed reason for the exception.

Between January 1, 2014, and November 23, 2015, user agencies added
more than 2,200 juveniles to CalGang. Following January 2014, the
number of juveniles that user agencies added to CalGang dropped
significantly; from 2013 to 2014, the number decreased by 1,134, or
48 percent. In fact, the number of juveniles Sonoma and Santa Clara
each added dropped to zero. Officers at each agency asserted that they

47

48

California State Auditor Report 2015-130

August 2016

stopped adding juveniles to CalGang in direct response to the new
notification requirements. Specifically, the Sonoma gang enforcement
sergeant asserted that Sonoma stopped adding juveniles for reasons
that included the administrative burden and his perception that parents
frequently refuse to believe their children are associated with a gang and
would attack the agency’s motives. On the other hand, Santa Clara’s gang
sergeant asserted that his agency no longer adds juveniles to CalGang
because it does not have a notification process in place and wants to
learn from the processes other agencies have established. However, when
user agencies choose not to add juveniles to CalGang to avoid notifying
juveniles and their parents or to wait and learn from other agencies’
processes, CalGang becomes a less useful tool for protecting the public
from gang violence.
As indicated in Table 11, the two user agencies we reviewed—which were
limited to Los Angeles and Santa Ana for the reasons just described—
were unable to demonstrate that they properly sent letters before adding
juveniles to CalGang for all but 35 of the 129 records we reviewed.
Specifically, we found that Santa Ana did not send letters to juveniles,
but rather only to their parents. Based on interviews with a number
of officials, we determined that Santa Ana misinterpreted the law’s
requirements. In contrast, Los Angeles has a policy that describes a
process that meets the law’s notification requirement, but we found that
officers in the five divisions we reviewed—Los Angeles has 21 divisions
in total—did not follow the policy. Consequently, Los Angeles could
not demonstrate that it sent letters to 29 juveniles and their parents.
Moreover, Los Angeles sent notices for 50 juveniles after entering them
into CalGang instead of before, as required; in fact, in several instances,
it did not send the letters for more than a month after entering the
juveniles into CalGang. As reasons for not following state law, officials
for Los Angeles cited turnover in officer and administrative staff
positions as well as agency staff misunderstanding the requirements.
Table 11
Rates of Adherence to State Law Requiring Juvenile Gang Designation From January 2014 Through November 2015

Santa Ana Police Department
Los Angeles Police Department
Totals

TOTAL NUMBER OF
JUVENILES’ RECORDS
REVIEWED

RECORDS FOR WHICH
NOTIFICATION
REQUIREMENTS WERE MET

RECORDS FOR WHICH
NOTIFICATION LETTERS
WERE NOT SENT [JUVENILE
AND/OR THEIR PARENTS*]

15

0

15

RECORDS FOR WHICH
NOTIFICATION LETTERS
WERE SENT AFTER
CALGANG ENTRY [JUVENILE
OR THE PARENTS]

0

114

35

29

50

129

35

44

50

Percent of total juveniles’ records reviewed ————————>

27%

34%

39%
73%

Sources:  California State Auditor’s analysis of juvenile notification letters and other documents for the law enforcement agencies listed.
*	 Because state law requires law enforcement agencies to send notification letters to the juvenile and their parents or guardians (parents), this column
represents instances in which law enforcement agencies did not send letters to either party and both parties.

California State Auditor Report 2015-130

August 2016

We also determined that Los Angeles’s and
Santa Ana’s notices were inadequate because they
did not provide the bases the agencies used for the
juveniles’ gang designations. Although state law
requires law enforcement agencies to provide the
bases for gang designations, the law does not specify
what information the agencies need to include to
fulfill that requirement. A bill analysis on the
juvenile notification law states that the basis for a
gang designation would be source documents, such
as arrest reports and field interview cards, indicating
that the person met the criteria for being considered
a gang member. However, the notification letters
Los Angeles and Santa Ana sent offered only
conclusory language that was so vague it did not
fully inform the juveniles and parents of the contacts
or analyses that led to the designations. The text box
cites the relevant language the agencies included in
their letters to parents. Although the Los Angeles
letters invite juveniles and parents to contact an
officer with their questions, neither letter cites the
specific criteria the agency used for identifying
juveniles as members of gangs.

Excerpts From Juvenile Notification Letters Law
Enforcement Agencies Sent to Parents
Los Angeles Police Department (Los Angeles)
On __[date]__, your son/daughter, __[name]_, was involved
in a field contact by officers from the Los Angeles Police
Department. As a result, information relative to __[name]___
participation in or association with an active street gang was
discovered. The contact met the minimum criteria required
by state law to identify him/her as an active gang member
or active affiliate gang member. Therefore, his/her name
and gang affiliation will be entered into the department’s
computerized shared gang database.
Santa Ana Police Department (Santa Ana)
On __[date]__, your son/daughter, __[name]__, was
contacted by Officers from the Santa Ana Police Department.
As a result of a law enforcement officer’s investigation, your
child’s participation in or association with an active criminal
street gang has been included in our files based upon two or
more of the following criteria, including but not limited to:
arrest and/or associating with criminal street gang members,
frequenting gang area, gang indicia, statements made by a
contacted individual.
Sources:  Los Angeles’s and Santa Ana’s juvenile notification
letter templates.

Without knowing law enforcement agencies’ bases
for suspecting gang membership, juveniles and
their parents do not have sufficient information
to meaningfully challenge those agencies’ decisions to add the
juveniles to CalGang. Part of the Legislature’s intent in developing
the notification process was to ensure that user agencies did not
incorrectly enter juveniles into CalGang. However, parents and
juveniles cannot contest juvenile gang designations effectively, if
at all, without knowing the criteria user agencies determined the
juveniles met. Because of the lack of information in the juvenile
notification letters, parents sometimes submitted letters that simply
stated that their children were not gang members. Other parents
submitted character references from school principals and church
leaders or descriptions of their own efforts to keep their children
away from gangs. These types of responses—which are the result
of the lack of information the user agencies provided—do not
help the agencies identify mistakes they may have made when
concluding that juveniles met the criteria for entry into CalGang.
Thus, the insufficient notification letters have disadvantaged the
law enforcement agencies, juveniles, and parents.
We found that few juveniles and parents contested gang designations
and that—contrary to state law—the two user agencies generally
responded only to the party that contested the designation which
only partially fulfilled the law. Table 12 on the following page

49

50

California State Auditor Report 2015-130

August 2016

summarizes the number and rate of contested juvenile gang
designations for Los Angeles and Santa Ana, as well as the results
from our survey of 329 law enforcement agencies. Santa Ana’s higher
rate of contestations may be the result of its notification process.
Specifically, it sends notices to parents each time a contact with a
law enforcement officer results in an update to a juvenile’s CalGang
record. This process, which results in multiple letters to parents,
exceeds the requirements of state law. Although the law requires
that agencies inform both juveniles and parents of their decisions
in response to contestations, we found that the two user agencies
generally responded only to the party that contested the designation.
Table 12
Contestations of Juvenile Gang Designations at Two Law Enforcement
Agencies and Statewide From January 1, 2014, Through October 31, 2015

Number of juveniles

LOS ANGELES POLICE
DEPARTMENT
(LOS ANGELES)

SANTA ANA POLICE
DEPARTMENT
(SANTA ANA)

STATEWIDE
SURVEY
RESULTS*

381

140

1,705

5

19†

Contestation rate

1%

14%†

Number of juveniles removed from
CalGang in response to a contestation

0

Number of contestations received

7

47
3%
15

Sources:  California State Auditor’s analysis of Los Angeles’s and Santa Ana’s juvenile notification
records and other documents, and unaudited statewide survey results.
*	 These numbers represent self‑reported data from our statewide survey.
†	 Santa Ana’s process requires it to send a letter to a juvenile’s parents for each law enforcement
contact the juvenile has that results in it creating or updating a CalGang record. Sending multiple
letters to parents likely contributed to the higher contestation rate in Santa Ana.

Although the law provides two reasons to justify law enforcement
agencies’ decisions not to notify juveniles and their parents before
adding the juveniles into CalGang, we found that the user agencies
rarely use these options. Specifically, as Figure 5 on page 47 illustrates,
law enforcement agencies can choose not to notify juveniles and
their parents if they believe doing so will compromise either ongoing
criminal investigations or the juveniles’ health or safety. However,
based on our reviews of Santa Ana and Los Angeles, as well as
the responses from our statewide survey, we determined that law
enforcement agencies rarely choose not to send notices for these
two reasons. In fact, Santa Ana has not used either option since the
law went into effect in 2014, and Los Angeles documented using
these options for just five juveniles. Further, the responses from
our survey suggest that user agencies statewide documented only
10 additional instances in which the agencies justified not sending
notices for the exceptions provided in law.

California State Auditor Report 2015-130

August 2016

In response to our concerns about their juvenile notification
practices, officials with Los Angeles and Santa Ana asserted
they would take corrective actions. A detective who serves as
the Los Angeles node administrator is working to implement a
juvenile notification review process in which staff will review
all juveniles Los Angeles officers entered since January 1, 2014 and
document whether officers fulfilled the requirements of state law.
If juveniles do not meet the law’s requirements, the detective’s plan
is to delete the juvenile, send proper notification, and reenter the
juvenile into CalGang. The detective is also planning to implement
a process in which he will review some juveniles each month to
ensure adherence to the law’s requirements.
Similarly, a commander from Santa Ana provided updated letter
templates for both juveniles and their parents. However, the letters’
text still does not provide the bases for the juvenile’s designation as
a gang member. According to the commander, Santa Ana chose not
to include more specific information because it believes the letter
gives parents and juveniles a sense of the behavior that led to the
juveniles’ contacts with the law enforcement officers. He also stated
that providing specifics about contacts would focus arguments on
the contacts or incentivize juveniles to stop certain behaviors purely
to prevent police detection, which are outcomes he does not believe
would be productive. He stated that the benefit of the juvenile
notification law is the conversations it can initiate among parents,
juveniles, and law enforcement officers related to the resources
the agency may provide to keep the juveniles away from and out
of gangs. However, we believe that for these conversations to be
productive, parents need specific information about the nature of
their children’s contacts with law enforcement officers.
Notwithstanding Los Angeles’s and Santa Ana’s failures to properly
implement state law, we recognize that both agencies have
demonstrated a commitment to the juveniles they suspect
are gang members. Los Angeles has contacted parents about
juveniles’ gang designations through letters, calls, or in‑person
meetings since at least 1998. Moreover, the letters Los Angeles
currently sends to parents and juveniles invite them to contact
officers about questions and to learn about community programs.
Similarly, since about 1989 Santa Ana has notified juveniles that
their involvement with gangs could subject them to criminal
prosecution. Although this notice does not reference CalGang, it
makes very clear that the agency has determined the juveniles are
a part of or associated with specific gangs; in fact, the agency uses
documentation from these notices to add individuals to CalGang.
After the implementation of the juvenile notification law in 2014,
Santa Ana exceeded the law’s requirements by notifying parents after
each contact juveniles had with police that resulted in updates to
their records.

In response to our concerns about
their juvenile notification practices,
officials with Los Angeles and
Santa Ana asserted they would take
corrective actions.

51

52

California State Auditor Report 2015-130

August 2016

Moreover, Santa Ana’s process when it receives a contestation
letter represents a best practice that we believe could be the
basis for statewide standards. Specifically, at Santa Ana a police
investigator assembles background information on the juvenile’s
case, and a corporal calls the family to discuss the juvenile’s entry
into CalGang. Following the review and conversation, the corporal
decides whether the juvenile should remain in CalGang. Santa Ana’s
approach has resulted in it removing from CalGang more than a
third of the juveniles who were the subject of contestations by the
juveniles or their parents. This approach establishes relationships
that can lead to a better understanding of juveniles’ situations for
both the officers and the families, and it also achieves greater data
accuracy for the law enforcement agencies using CalGang.
Governmental Oversight and Increased Public Participation Could
Strengthen CalGang’s Usefulness and Better Ensure It Protects
Individuals’ Rights
State and local law enforcement officials assert that CalGang is an
important tool because it helps them to quickly identify information
necessary to solve or prosecute gang crimes. User agencies’ success
stories chronicle how they used CalGang to identify homicide
victims and suspects through physical descriptions, like their
tattoos, and to link local crimes to suspects or to crimes in other
communities. For example, an officer in Salinas posted a testimonial
in CalGang noting that he used CalGang to identify a murder
suspect using a name, physical description, and believed gang
affiliation. Witnesses then verified the suspect in a photo lineup,
leading to his arrest for murder. Upon conviction, the courts
sentenced the man with gang enhancements—years added to a
prison term when an individual commits a crime to promote or
assist a gang. The officer praised CalGang and encouraged other
CalGang users to provide as much information as possible in
their CalGang entries because even a minor gang contact could
help solve a murder.

We believe state law should be
adopted that assigns Justice the
responsibility for overseeing
CalGang and for ensuring
user agencies meet all the
relevant requirements.

However, because of its potential to enhance public safety, CalGang
needs an oversight structure that better ensures that the data entered
into it are reliable and that its users adhere to the requirements that
protect individuals’ rights. To this end, we believe the Legislature
should adopt state law that specifies that CalGang, or any equivalent
statewide shared gang database, must operate under defined
requirements. We believe these requirements should encompass the
federal regulations and key safeguards from the state guidelines,
including supervisory and periodic record reviews. Further, we
believe state law should assign Justice the responsibility for overseeing
CalGang and for ensuring user agencies meet all the relevant
requirements. Establishing Justice as a centralized oversight entity

California State Auditor Report 2015-130

August 2016

responsible for establishing best practices and holding user agencies
accountable for implementing these practices will help ensure
CalGang’s accuracy and safeguard individuals’ privacy protections.
Moreover, we believe state law should create a technical advisory
committee to provide Justice information about CalGang’s use and
user agencies’ needs. Figure 6 on the following page illustrates what, in
our view, would be a stronger oversight structure for CalGang.
The Legislature also has an opportunity to set standards for
transparency and public participation where none currently
exist. Generally, CalGang’s current operations are outside of
public view. As previously discussed, we found that the CalGang
users self‑administer the committee’s audits and that they do not
meaningfully report the results to the board, the committee, or the
public. Further, CalGang’s governance does not meet in public, and
neither the board nor the committee invites public participation by
posting meeting dates, agendas, or reports about CalGang.
Increased transparency in CalGang’s governance and operations
could strengthen the public’s confidence in the system. For example,
although the proposed technical advisory committee would likely
need to close parts of its meetings to protect criminal intelligence
information, we believe other parts of its meetings should be open
and should comply with open‑meeting requirements. Further,
requiring Justice either to conduct or to hire an external entity to
conduct periodic audits would shed light on aspects of CalGang’s
privacy safeguards that do not operate effectively and should help
lead to necessary corrective actions. In addition, we recommend
that the Legislature require Justice to develop annual reports that
include CalGang statistics and summary‑level audit results. Justice
should make these reports available for public comment and, in
subsequent annual reports, summarize public concerns and the
actions Justice has taken to address them.
Finally, establishing CalGang as a public program would create
opportunities for public participation through the legislative and
regulatory processes. As the Legislature drafts the bill that will
provide for CalGang’s new oversight structure and framework,
law enforcement officials and the public will have opportunities to
express their concerns and needs. Using the regulatory process
to establish requirements for user agencies will provide the public
and law enforcement agencies an opportunity to comment on and
help guide how the requirements are developed.

Increased transparency in CalGang’s
governance and operations could
strengthen the public’s confidence
in the system.

53

54

California State Auditor Report 2015-130

August 2016

Figure 6
A Model for More Transparent and Accountable Oversight for a Shared Gang Database

Public process
Non-public process

THE LEGISLATURE
Key Legislative Actions
Establish requirements for CalGang, or any equivalent statewide
shared gang database, in state law as detailed below.
Require the database to comply with federal regulations and
important safeguards from the state guidelines.*

LAW

Make the California Department of
Justice (Justice) responsible for the database

Create a technical
advisory committee

TECHNICAL
ADVISORY COMMITTEE

JUSTICE
Key Requirements to be Specified in Law

Key Requirements to be Specified in Law

Engage in a regulatory process to define important
requirements like gang member criteria.
Conduct or hire an external entity to conduct
periodic audits.

Advise Justice of best practices, database use,
and database needs.
Collaborate

Periodically review policies and procedures to
provide suggestions to Justice for their
improvement.

Standardize training and ensure it is periodically
provided to all end users.

Obtain public input when appropriate.

Publish an annual report with key statistics and
summary audit results. Invite, assess, and act on
public comments.

USERS

Voluntarily
participate

Key Requirements to be Specified in Law
Oversee

Implement supervisory review procedures.
Implement periodic record reviews and
report the results to Justice.

Source:  Based on the California State Auditor’s recommendations to the Legislature.
*	 State guidelines refers to Justice’s Model Standards and Procedures for Maintaining Criminal Intelligence Files and Criminal Intelligence Operational
Activities, November 2007.

California State Auditor Report 2015-130

August 2016

Recommendations
The Legislature
To ensure that CalGang, or any equivalent statewide shared gang
database, has an oversight structure that supports accountability
for proper database use and for protecting individuals’ rights, the
Legislature should do the following:
•	 Designate Justice as the state agency responsible for
administering and overseeing CalGang or any equivalent
statewide shared gang database.
•	 Require that CalGang or any equivalent statewide shared gang
database adhere to federal regulations and relevant safeguards
from the state guidelines, including supervisory reviews of
database entries and regular reviews of all records.
•	 Specify that Justice’s oversight responsibilities include developing
and implementing standardized periodic training as well
as conducting—or hiring an external entity to conduct—
periodic audits of CalGang or any equivalent statewide shared
gang database.
To promote public participation in key issues that may affect
California’s citizens and to help ensure consistency in the use of
any shared gang database, the Legislature should require Justice
to interpret and implement shared gang database requirements
through the regulatory process. This process should include public
hearings and should address the following:
•	 Adopting requirements for entering and reviewing gang
designations, including establishing a retention period for gangs.
•	 Adopting criteria for identifying gang members. These criteria
should define which offenses are consistent with gang activity.
•	 Specifying how user agencies will operate any statewide shared
gang database, including requiring user agencies to implement
supervisory review procedures and periodic record reviews. The
user agencies should report the results of the reviews to Justice.
•	 Standardizing practices for user agencies to adhere to the
State’s juvenile notification requirements, including guidelines
for documenting and communicating the bases for juveniles’
gang designations.

55

56

California State Auditor Report 2015-130

August 2016

To ensure transparency, the Legislature should require Justice to
publish an annual report with key shared gang database statistics—
such as the number of individuals added to and removed from the
database—and summary results from periodic audits conducted
by Justice or an external entity. Further, the Legislature should
require Justice to invite and assess public comments following the
report’s release. Subsequent annual reports should summarize any
public comments Justice received and actions it took in response.
To help ensure that Justice has the technical information it needs to
make certain that CalGang or any equivalent shared gang database
remains an important law enforcement tool, the Legislature
should establish a technical advisory committee to advise Justice
about database use, database needs, database protection, and any
necessary updates to policies and procedures. The Legislature
should specify the qualifications for membership in the technical
advisory committee, which should include representatives from
local and state agencies that use the shared gang database. Further,
it should require that the committee meet at least twice a year and
adhere to the Bagley‑Keene Open Meeting Act and other relevant
open‑meeting laws.
Justice
As the Legislature considers creating a public program for shared
gang database oversight and accountability, Justice should guide the
board and the committee to identify and address the shortcomings
that exist in CalGang’s current operations and oversight. The
guidance Justice provides to the board and the committee should
address, but not be limited to, the following areas:
•	 Developing best practices based on the requirements stated
in the federal regulations, the state guidelines and state law,
and advising user agencies on the implementation of those
practices. The best practices should include, but not be limited
to, reviewing criminal intelligence, appropriately disseminating
information, performing robust audit practices, establishing
plans to recover from disasters, and meeting all of the State’s
juvenile notification law requirements. Justice should guide the
board and the committee to develop these best practices by
June 30, 2017.
•	 Instructing user agencies that use CalGang to complete a
comprehensive review of all the gangs documented in CalGang
to determine if they meet the necessary requirements for
inclusion and to purge from CalGang any groups that do not

California State Auditor Report 2015-130

August 2016

meet the requirements. Justice should guide the board and the
committee to ensure that user agencies complete this review in
phases, with the final phase to be completed by June 30, 2018.
•	 Instructing all user agencies to complete a comprehensive review
of the records in CalGang to determine if the user agencies
have adequate support for the criteria associated with all the
individuals they have entered as gang members. If the user
agencies do not have adequate support, they should immediately
purge the criteria—and, if necessary, the individuals—from
CalGang. In addition, the user agencies should ensure that
all the fields in each CalGang record are accurate. Justice
should guide the board and the committee to ensure that user
agencies complete this review in phases, with the final phase to
be completed by September 30, 2019.
•	 Instructing all user agencies to report to Justice every six months,
beginning in January 2017, on their progress toward completing
their gang and gang member reviews.
•	 Developing standardized periodic training content for all
CalGang users and training instructors. Justice should guide the
board and the committee to develop such standardized training
content by June 30, 2017.
•	 Establishing a plan to recertify all CalGang users and training
instructors on the new training content. Justice should guide
the board and the committee to complete the draft plan by
June 30, 2017, and the recertification training by June 30, 2018.
•	 Developing policies and procedures requiring the disabling of
user accounts for all individuals who no longer have a need to
or right to access CalGang because they have separated from
their employment with user agencies or for other reasons. Justice
should guide the board and the committee to identify and disable
all such accounts by September 30, 2016.
•	 Determining what steps must be taken to upgrade CalGang’s
controls to ensure that CalGang will automatically purge all
individuals whose records have not been updated by user
agencies for five years.
To promote transparency and hold the board, the committee,
and user agencies accountable for implementing and adhering
to criminal intelligence safeguards, Justice should post quarterly
reports on its website, beginning June 30, 2017, that summarize
how it has guided the board and the committee to implement and
adhere to criminal intelligence safeguards; the progress the board,
the committee, and the user agencies have made in implementing

57

58

California State Auditor Report 2015-130

August 2016

and adhering to these safeguards; the steps these entities still must
take to implement these safeguards; and any barriers to the board’s
and the committee’s success in achieving these goals.
To promote transparency and encourage public participation in
CalGang’s meetings, Justice should post the following information to
its website unless doing so would compromise criminal intelligence
information or other information that must be shielded from
public release:
•	 Summary results from the committee’s audits of CalGang records.
•	 The agendas, minutes, and referenced attachments for all future
board and committee meetings, as well as all other documents of
significance such as letters, memos, or agreements.
•	 From the past five years, all available agendas, minutes, and
referenced attachments from scheduled and ad hoc board
and committee meetings, as well as all other documents
of significance. Justice should post these materials by
October 31, 2016.
If Justice believes it needs additional resources to guide the board
and the committee to identify and address the shortcomings that
exist in CalGang’s current operations and oversight, to report
on the board and committee’s progress in addressing CalGang’s
shortcomings, and to post necessary information to its website,
Justice should take steps to secure the resources it needs.
Law Enforcement Agencies
Until they receive further direction from the board, the committee,
or Justice, the law enforcement agencies we reviewed—the
Los Angeles Police Department, the Santa Ana Police Department,
the Santa Clara County Sheriff ’s Office, and the Sonoma County
Sheriff ’s Office—should address the specific deficiencies we found
by taking the following actions:
•	 Begin reviewing the gangs they have entered into CalGang
to ensure the gangs meet reasonable suspicion requirements.
They should also begin reviewing the gang members they
have entered into CalGang to ensure the existence of proper
support for each criterion. They should purge from CalGang any
records for gangs or gang members that do not meet the criteria
for entry. Individuals who are independent from the ongoing
administration and use of CalGang should lead this review. The
agencies should complete the gang and gang member reviews

California State Auditor Report 2015-130

August 2016

in phases, with the final phase for gangs to be completed by
June 30, 2018, and the final phase for gang members to be
completed by June 30, 2019.
•	 Develop or modify as necessary all their policies and procedures
related to CalGang to ensure they align with state law, CalGang
policy, the federal regulations, and the state guidelines. In
particular, the law enforcement agencies should implement
appropriate policies and procedures for entering gangs;
performing supervisory reviews of gang and gang member
entries; performing periodic CalGang record reviews; sharing
CalGang information; and complying with juvenile notification
requirements. The law enforcement agencies should complete
this recommendation by March 31, 2017.

We conducted this audit under the authority vested in the California State Auditor by Section 8543
et seq. of the California Government Code and according to generally accepted government auditing
standards. Those standards require that we plan and perform the audit to obtain sufficient, appropriate
evidence to provide a reasonable basis for our findings and conclusions based on our audit objectives
specified in the Scope and Methodology section of the report. We believe that the evidence obtained
provides a reasonable basis for our findings and conclusions based on our audit objectives.
Respectfully submitted,

ELAINE M. HOWLE, CPA
State Auditor
Date:	

August 11, 2016

Staff:	

Benjamin M. Belnap, CIA, Deputy State Auditor
Sharon L. Fuller, CPA
Kathryn Cardenas, MPPA
Brianna J. Carlson
Lisa J. Sophie, MPH

IT Audits: 	

Michelle J. Baur, CISA, Audit Principal
Lindsay M. Harris, MBA, CISA
Ben Ward, ACDA, CISA
Ryan P. Coe, MBA, CISA

Legal Counsel:	

Stephanie Ramirez‑Ridgeway, Senior Staff Counsel

For questions regarding the contents of this report, please contact
Margarita Fernández, Chief of Public Affairs, at 916.445.0255.

59

60

California State Auditor Report 2015-130

August 2016

Blank page inserted for reproduction purposes only.

California State Auditor Report 2015-130

August 2016

Appendix A
SUMMARY OF SELECTED CALGANG SURVEY RESPONSES
The Joint Legislative Audit Committee requested that we survey
local agencies for information about their CalGang use. We
surveyed 329 agencies statewide, which we selected without regard
to whether they used CalGang. As shown in Figure A on the
following page, we surveyed a wide variety of law enforcement and
related agencies. For example, we surveyed police departments,
sheriff ’s offices, probation departments, and school district police
departments. We generally selected police departments based on
the number of identified gang members or gangs in the counties
in which they were located. Finally, we surveyed three state
agencies: the California Department of Justice, the Department of
Corrections and Rehabilitation, and the California Highway Patrol.11
Our survey population encompassed all the agencies the California
Gang Node Advisory Committee identified as participating in
maintaining CalGang nodes as of September 2015, two of which
were district attorney’s offices. Figure A summarizes the response
rate by agency type for the agencies we surveyed.
We received 252 responses (77 percent) to the 329 surveys we sent.
Seventy‑seven agencies we surveyed did not respond. Table A.1 on
page 63 lists those agencies.
Summary of Survey Results Related to Adults’ Requests for Removal
From CalGang
In our survey, we asked the agencies how many requests by adults
for removal from CalGang they had received from 2010 through
2014 and how they had handled these requests.12 Currently no
requirement exists that agencies remove adults from CalGang upon
their request. Of the 191 agencies that answered this question, only
six reported having received requests from adults who believed
they were in CalGang. Those six agencies estimated that they had
received a total of between seven and eight requests each year from
adults asking to be removed from CalGang. However, they stated
that none of these requests resulted in removals.

11	

The California Highway Patrol consists of a headquarters and eight divisions, and we
surveyed each.

12	

We discuss juvenile notifications and requests for removal from CalGang in the Audit Results
beginning on page 46.

61

62

California State Auditor Report 2015-130

August 2016

Figure A
Rate of Survey Response by Agency Type

178

180

Sent

160

Responded

138

140
120
100
80

59

60

57
46

45

40

22

20
0

2

District
Attorney’s
Offices*

11

11

1
Police
Departments

Probation
Departments

School District
Police
Departments

Sheriff’s Offices

11

State Agencies†

Source:  California State Auditor’s analysis of agencies that responded to the survey.
*	 We surveyed two district attorney’s offices because each participated in maintaining a CalGang node.
†	 We surveyed the California Highway Patrol’s headquarters and its eight divisions as well as the California Department of Justice and the
Department of Corrections and Rehabilitation.

We also asked the agencies that we surveyed if they notified
adults when they removed them from CalGang. Although
CalGang policy does not require such notifications, a number
of agencies responded that they provide them. Table A.2 on
page 64 summarizes the survey questions and the responses.
The Table shows that at least 188 agencies responded to each of the
three questions about notifying adults, and between 4 percent
and 11 percent of respondents indicated that they notify adults
regarding various actions that they take to remove the adults from
CalGang. As shown in the Table, 21 agencies responded that they
notify adults when they remove them from CalGang in response
to requests for removal, which seems inconsistent with the fact
that only six agencies responded that they had received such
requests between 2010 and 2014. One possible explanation for the
discrepancy may be that some agencies did not receive requests for
removal from adults but responded to our question in terms of the
processes they have in place to notify adults if they were to receive
requests for removal.

California State Auditor Report 2015-130

August 2016

Table A.1
Agencies That Did Not Respond to the CalGang Survey
AGENCY NAME

AGENCY NAME

Alameda Police Department

Petaluma Police Department

Amador County Probation Department*

Palo Alto Police Department

Baldwin Park School Police Department

Plumas County Probation Department

Banning Police Department

Plumas County Sheriff’s Office

Barstow Police Department

Pomona Unified School District Security Department

Calaveras County Sheriff’s Office

Redwood City Police Department

California City Police Department

Riverbank Police Department

Citrus Heights Police Department

Riverside Police Department

Clovis Unified School District Police Department

San Benito County Probation Department

Coronado Police Department

San Benito County Sheriff’s Office

Covina Police Department

San Bernardino Unified School District Police Department

Del Norte County Sheriff’s Office

San Clemente Police Department

El Rancho Unified School District Police Department

San Jacinto Police Department

Firebaugh Police Department

San Luis Obispo Police Department

Fontana Unified School District Police Department*

San Mateo County Sheriff’s Office

Glenn County Sheriff’s Office

San Mateo Police Department

Goleta Police Department

Sanger Police Department

Huntington Park Police Department

Santa Clara County Probation Department

Inglewood Unified School District Police Department*

Santa Clara Police Department

Inyo County Probation Department

Santa Cruz Police Department

Kern High School District Police Department

Shafter Police Department

Lake County Probation Department

Shasta County Probation Department

Livingston Police Department

Sierra Madre Police Department

Lodi Police Department

Siskiyou County Probation Department*

Los Angeles County Probation Department

Siskiyou County Sheriff’s Office

Los Angeles School Police Department*

Solano County Sheriff’s Office

Los Banos Police Department

Soledad Police Department

Madera County Probation Department

South Gate Police Department

Madera County Sheriff’s Office

South Lake Tahoe Police Department

McFarland Police Department

South Pasadena Police Department

Mendocino County Probation Department

Taft Police Department

Modoc County Probation Department

Tehachapi Police Department*

Montebello Unified School District Police Department

Tehama County Sheriff’s Department

Monterey Park Police Department

Tuolumne County Probation Department

Orange County District Attorney’s Office

Ukiah Police Department

Orange County Sheriff’s Department

West Contra Costa Unified School District Police Department

Oroville Police Department

Windsor Police Department

Palos Verdes Estates Police Department

Yolo County Sheriff’s Department

Perris Police Department
Source:  California State Auditor’s analysis of the agencies we surveyed compared to the agencies that submitted responses.
*	 These agencies contacted the California State Auditor’s Office to explain that they missed the survey deadline; generally, they asserted that this was
a result of mail delays within the agencies.

63

64

California State Auditor Report 2015-130

August 2016

Table A.2
Summary of the Number of Agencies That Reported Notifying Adults Regarding Their Removal From CalGang
RESPONSES

YES

NO

PERCENTAGE
RESPONDING YES

. . . It removes them from CalGang in response to a request for removal?

188

21

167

11%

. . . They are removed from CalGang as part of the automatic five-year system purge?

190

8

182

4

. . . It removes them from CalGang for any other reason, such as the result of an audit?

190

9

181

5

DOES YOUR AGENCY NOTIFY ADULTS WHEN . . .

Source:  California State Auditor’s analysis of survey responses.

Summary of Survey Results Related to Requests for CalGang Information
Table A.3 summarizes the estimated number of requests for CalGang
information our survey respondents received and responded to
between January 1, 2014, and October 31, 2015. According to the survey
responses, they most commonly received internal requests from law
enforcement officials. We discuss the employment- and military‑related
screening requests in the Audit Results on pages 43 and 44.
Table A.3
The Number of Requests for CalGang Information Agencies Estimated They
Received and Responded to Between January 1, 2014, and October 31, 2015

TYPE OF INFORMATION REQUEST

NUMBER OF
REQUESTS
RECEIVED

NUMBER OF
REQUESTS
RESPONDED TO

Public Records Act request for CalGang aggregate data

8

38*

Public Records Act request for specific information on a
CalGang subject

20

7

169

169

Legal request by a court, attorney, or judge
Internal request by a law enforcement official within
an agency
External request by a local, state, or federal law
enforcement official

5,633

5,641*

513

606*

Media request by a newspaper, radio station, television
station, etc.

3

2

Public-benefit‑related request for public housing,
financial assistance, or school financial aid

3

0

238

215

6,587

6,678

Employment-related request for background checks or
hiring decisions
Totals

Source:  California State Auditor’s analysis of survey responses.
*	 For this information category, the agencies reported responding to more information requests than
they received. The data presented in this Table is based on the agencies’ responses, and thus, we do
not know the exact reasons for the differences; it is possible that the agencies counted information
requests that they responded to during our audit period but received in an earlier period.

California State Auditor Report 2015-130

August 2016

Appendix B
DEMOGRAPHICS OF INDIVIDUALS IN CALGANG BY
LOCATION, TYPE, GENDER, AGE, AND RACE
In the Introduction, we present two figures summarizing
information about individuals in CalGang as of November 23, 2015.
Specifically, Figure 1 on page 10 summarizes the number of gang
members and affiliates by county based on the location of the law
enforcement agency that entered the individuals into CalGang,
and Figure 2 on page 12 shows the demographic breakdown of
individuals by race, gender, and age. We present this information
in more detail in Table B on pages 66 and 67. In total, more than
150,000 individuals had records in the CalGang system as of
November 23, 2015, more than 64,000 of which were entered
by the law enforcement agencies in Los Angeles County alone.
Eleven California counties—Alpine, Del Norte, Glenn, Imperial,
Mariposa, Modoc, Mono, Plumas, San Benito, Sierra, and Trinity—
do not appear in the Table because the law enforcement agencies in
those counties had not created the records for any of the individuals
who were in CalGang as of November 23, 2015. However, some
of the individuals in CalGang may reside in these counties. For
example, if a law enforcement officer in Los Angeles County
entered an individual who resides in Imperial County into CalGang,
our analysyis presented in the Table on the following pages would
assign that individual’s record to Los Angeles County.

65

11

Amador

5

99

3,740

14

96

33

Kern

Kings

Lake

Lassen

10,434

Orange

Riverside

9,618

292

18

Placer

412

Nevada

1,296

Napa

1,018

86

Mendocino

Monterey

177

Marin

Merced

95

Madera

64,384

3

Los Angeles

3

Inyo

10,205

Humboldt

Fresno

El Dorado

1,023

Colusa

Contra Costa

1

Calaveras

1,075

4,513

Alameda

Butte

150,432

Statewide

COUNTY †

TOTAL
NUMBER OF
INDIVIDUALS

94.29

98.97
5.71

1.03

10.22

5.56

89.78

4.13

94.44

0.31

2.26

5.81

2.82

–

9.17

–

–

–

7.35

–

–

0.23

7.07

0.98

–

–

13.49

–

10.86

7.60%

AFFILIATES

95.87

99.69

97.74

94.19

97.18

100.00

90.83

100.00

100.00

100.00

92.65

100.00

100.00

99.77

92.93

99.02

100.00

100.00

86.51

100.00

89.14

92.40%

GANG
MEMBERS

TYPE

93.97

94.86

93.26

94.44

92.72

94.29

95.68

98.84

93.79

100.00

92.14

96.97

97.92

100.00

95.43

66.67

100.00

94.70

91.92

97.07

80.00

100.00

92.28

100.00

91.96

93.09%

MALE

6.03

5.14

6.74

5.56

7.28

5.71

4.32

1.16

6.21

–

7.86

3.03

2.08

–

4.57

33.33

–

5.30

8.08

2.93

20.00

–

7.72

–

8.04

6.78%

FEMALE

GENDER

–

–

–

–

–

–

–

–

–

–

–

–

–

–

–

–

–

–

–

–

–

–

–

–

–

0.14%

NOT
IDENTIFIED

1.27

0.34

4.67

–

9.95

0.08

3.54

1.16

1.13

–

1.71

–

–

–

1.02

–

–

0.24

–

1.17

–

–

3.16

9.09

2.33

50.64

47.60

67.26

50.00

83.50

62.73

77.31

65.12

82.49

49.47

56.89

42.42

46.88

71.43

52.51

66.67

–

47.54

61.62

65.69

100.00

–

58.14

90.91

60.12

57.26%

18–30

30.05

–

29.36

33.61%

31–45

39.02

43.15

23.66

44.44

5.83

32.48

17.58

26.74

14.69

42.11

33.67

51.52

47.92

21.43

39.28

33.33

100.00

43.20

31.31

27.37

–

100.00

AGE*

9.07

8.90

4.41

5.56

0.73

4.71

1.57

6.98

1.69

8.42

7.73

6.06

5.21

7.14

7.19

–

–

9.02

7.07

5.77

–

–

8.65

–

8.20

7.42%

46+

PERCENTAGE OF INDIVIDUALS BY CATEGORY

1.72%

0–17

Table B
Demographics of Individuals in CalGang by Location, Type, Gender, Age, and Race

0.55

2.74

5.23

11.11

0.24

0.62

3.73

–

0.56

–

1.71

–

1.04

–

0.27

–

–

3.55

–

1.27

–

–

4.74

–

3.66

2.27%

ASIAN/
PACIFIC
ISLANDER

16.8

6.16

1.90

–

0.97

2.08

9.82

1.16

12.99

5.26

29.99

6.06

3.13

7.14

18.10

–

–

12.53

5.05

17.11

–

–

5.02

9.09

15.87

20.54%

BLACK

65.21

50.00

80.53

55.56

89.08

93.90

78.78

59.30

73.45

81.05

60.15

39.39

52.08

85.71

65.40

–

66.67

71.66

48.48

63.83

40.00

100.00

42.51

54.55

67.16

64.93%

HISPANIC

RACE

12.68

36.64

6.78

33.33

7.77

2.31

6.09

15.12

9.60

12.63

4.06

39.39

36.46

7.14

15.91

–

33.33

10.60

44.44

14.66

60.00

–

34.05

36.36

11.85

8.17%

WHITE

0.49

1.03

0.21

–

–

0.31

0.39

24.42

1.69

–

0.37

6.06

5.21

–

0.11

100.00

–

0.76

2.02

0.98

–

–

2.60

–

0.66

0.57%

OTHER‡

4.26

3.42

5.35

–

1.94

0.77

1.18

–

1.69

1.05

3.72

9.09

2.08

–

0.21

–

–

0.89

–

2.15

–

–

11.07

–

0.80

3.53%

NOT
IDENTIFIED

66
California State Auditor Report 2015-130

August 2016

697

572

1.40
3.01

96.99

–

5.38

–

1.28

4.88

–

23.84

32.16

5.20

12.50

–

3.31

5.02

17.10

0.82

2.87

1.01

0.29

4.75

5.42

1.67%

AFFILIATES

98.60

100.00

94.62

100.00

98.72

95.12

100.00

76.16

67.84

94.80

87.50

100.00

96.69

94.98

82.90

99.18

97.13

98.99

99.71

95.25

94.58

98.33%

GANG
MEMBERS

96.99

90.38

100.00

96.02

100.00

96.42

100.00

83.10

88.28

75.52

96.53

87.50

94.00

97.24

94.16

96.08

96.81

94.12

97.83

95.37

95.98

94.58

94.98%

MALE

3.01

9.62

–

3.98

–

3.58

–

16.90

11.72

13.99

3.47

12.50

6.00

2.76

5.84

3.79

3.19

5.88

2.17

4.63

4.02

5.42

5.02%

FEMALE

GENDER

–

–

–

–

–

–

–

–

–

10.48

–

–

–

–

–

0.13%

–

–

–

–

–

–

–

NOT
IDENTIFIED

0.28

9.62

–

0.86

–

1.35

–

5.76

1.25

2.09

1.16

–

2.80

2.39

1.55

0.39

0.64

6.89

1.45

–

1.96

0.31

2.93%

0–17

46.13

61.89

28.57

73.41

–

75.73

70.73

60.82

69.11

67.84

80.35

75.00

51.60

77.16

62.28

66.58

75.39

61.69

75.69

48.63

70.81

42.68

66.03%

18–30

AGE*

46.19

24.48

57.14

22.82

75.00

20.96

26.83

28.94

24.45

24.12

16.18

25.00

38.40

17.86

28.81

30.16

22.24

26.83

21.42

41.24

24.61

45.39

22.43%

31–45

7.40

4.02

14.29

2.91

25.00

1.96

2.44

4.48

5.20

5.95

2.31

–

7.20

2.58

7.35

2.87

1.73

4.59

1.45

10.13

2.63

11.62

8.62%

46+

PERCENTAGE OF INDIVIDUALS BY CATEGORY

4.28

5.42

–

0.22

–

3.38

2.44

0.64

3.26

1.48

–

–

0.80

–

3.68

0.13

1.00

0.57

3.62

1.01

6.37

0.64

5.36%

ASIAN/
PACIFIC
ISLANDER

22.98

8.39

–

1.18

–

2.64

–

5.51

4.51

5.60

6.94

12.50

8.00

1.66

2.07

2.09

2.19

1.00

5.35

22.58

25.27

26.48

16.65%

BLACK

63.55

56.47

85.71

90.74

100.00

87.96

65.85

67.09

71.45

55.78

85.55

37.50

28.40

80.48

85.75

91.12

61.71

69.44

81.91

22.43

60.96

58.40

50.71%

HISPANIC

RACE

7.12

27.80

14.29

5.17

–

3.92

29.27

24.71

17.64

22.65

5.20

37.50

58.40

14.36

6.35

3.92

4.01

25.97

8.25

3.62

3.18

12.23

25.52%

WHITE

0.11

1.05

–

0.11

–

0.20

–

1.02

0.32

2.44

1.16

12.50

3.60

–

0.36

0.26

0.36

0.57

0.43

4.49

0.80

0.99

0.50%

OTHER‡

1.95

0.87

–

2.58

–

1.89

2.44

1.02

2.82

12.06

1.16

–

0.80

3.50

1.80

2.48

30.72

2.44

0.43

45.88

3.42

1.26

1.26%

NOT
IDENTIFIED

Source:  California State Auditor’s analysis of CalGang data obtained from the California Department of Justice as of November 23, 2015.
Note:  Some percentages may not sum to 100 due to rounding.
*	 Because the CalGang data may include multiple birthdates for an individual, we used the birthdate that was confirmed by a law enforcement agency to determine the age of the individual. If a confirmed birthdate did
not exist, we used the most recent birthdate entered into CalGang for that individual.
†	 We assigned gang members and affiliates based on the location of the law enforcement agency that initially entered them into CalGang. The counties of Alpine, Del Norte, Glenn, Imperial, Mariposa, Modoc, Mono,
Plumas, San Benito, Sierra, and Trinity do not appear in this Table because law enforcement agencies in those counties did not create records for any of the individuals that were in CalGang as of November 23, 2015.
‡	 Other includes African, American Indian, and people of two or more races.

1,797

Yuba

Unknown

7

929

Ventura

Yolo

4

Tuolumne

1,479

41

Tulare

781

2,483

Stanislaus

Tehama

1,965

Sonoma

Sutter

8

173

Solano

250

Shasta

Siskiyou

543

Santa Cruz

766

5,276

Santa Clara

Santa Barbara

1,097

San Luis Obispo

San Mateo

691

691

6,015

San Diego

San Francisco

14,321

San Bernardino

San Joaquin

1,195

TOTAL
NUMBER OF
INDIVIDUALS

Sacramento

COUNTY †

TYPE

California State Auditor Report 2015-130

August 2016

67

68

California State Auditor Report 2015-130

August 2016

Blank page inserted for reproduction purposes only.

California State Auditor Report 2015-130

August 2016

KAMALA D. HARRIS
Attorney General

State of California
DEPARTMENT OF JUSTICE
1300 I Street
SACRAMENTO, CA 95815-4524

Telephone: (916) 227-3043
E-Mail: Joe.Dominic@doj.ca.gov
Telephone: (916) 319-8269
Email: Larry.Wallace@doj.ca.gov

July 22, 2016
Elaine M. Howle, CPA
California State Auditor
621 Capitol Mall, Suite 1200
Sacramento, CA 95814
RE:

CSA Report 2015-130

Dear Ms. Howle:
Dear Ms. Howle,
The Department of Justice (DOJ) has reviewed the California State Auditor’s (CSA) draft report
titled “The CalGang Criminal Intelligence System: As the Result of Its Weak Oversight Structure, It Contains
Questionable Information That May Violate Individuals’ Privacy Rights” and appreciates the opportunity to
respond to the report.
CSA has made several recommendations to DOJ and the Legislature with regard to creating a public
program for shared gang database oversight and accountability, specifically recommending that DOJ guide
the board and committee to identify and address the shortcomings that exist in CalGang’s current operations.
DOJ would be charged with providing oversight and development of new policies and procedures to ensure
proper management and transparency of the CalGang system or any equivalent statewide shared gang
database.
In response to the CSA’s specific recommendations to DOJ identified in the draft report, DOJ
submits the following responses:
CSA Recommendation: Developing best practices based on the requirements stated in the federal
regulations, the state guidelines, and state law, and advising user agencies on the implementation of those
practices. The best practices should include, but not be limited to, reviewing criminal intelligence,
appropriately disseminating information, performing robust audit practices, establishing plans to recover
from disasters and meeting all of the State’s juvenile notification law requirements. Justice should guide the
board and committee to develop these best practices by June 30, 2017.

69

70

California State Auditor Report 2015-130

August 2016

Elaine M. Howle, CPA
California State Auditor
July 22, 2016
Page 2
DOJ Response:
DOJ agrees with this recommendation. The CSA recommends that the Legislature require DOJ to
implement state regulations that adhere to federal regulations and state guidelines. The best practices
developed by DOJ should align with these regulations to avoid confusion. As DOJ will not have the
authority to begin the state regulations process until the Legislature grants express authority through
legislation, the CSA’s recommended implementation date of June 30, 2017 will likely be impacted. DOJ
recommends that the date to develop the best practices be determined by the Legislature through statute.
DOJ currently has no existing resources or program in place to handle oversight or administration of
CalGang; thus, additional resources and funding will be needed to implement this recommendation.
CSA Recommendation: Instructing law enforcement agencies that use CalGang to complete a
comprehensive review of all the gangs documented in CalGang to determine if they meet the necessary
requirements for inclusion and to purge from CalGang any groups that do not meet the requirements.
Justice should guide the board and the committee to ensure that user agencies complete this review in phases
with the final phase to be completed by June 30, 2018.
DOJ Response:
DOJ agrees with this recommendation and will work with the board, committee, and user agencies to
provide instruction as recommended. However, until the Legislature grants DOJ express authority, DOJ
cannot compel user agencies to complete a comprehensive review and purge groups from CalGang that lack
criterion. Once legislation is passed to authorize DOJ to enforce the requirements and compel user agencies
to comply, DOJ can assume oversight of CalGang. DOJ currently has no existing resources or program in
place to handle oversight or administration of CalGang; thus, additional resources and funding will be
needed to implement this recommendation.
CSA Recommendation: Instructing all law enforcement agencies that use CalGang to complete a
comprehensive review of all records in CalGang to determine if the user agencies have adequate support for
the criteria associated with all the individuals they have entered as gang members. If the user agencies do
not have adequate support, they should immediately purge the criteria---and, if necessary, the individuals--from CalGang. In addition, the user agencies should ensure that all the fields on each CalGang record are
accurate. Justice should guide the board and the committee to ensure that user agencies complete this
review in phases with the final phase to be completed by September 30, 2019.
DOJ Response:
DOJ agrees with this recommendation and will work with the board, committee, and user agencies to
provide instruction as recommended. However, until the Legislature grants DOJ express authority, DOJ
cannot compel user agencies to complete the comprehensive review of all records in CalGang, purge
individuals lacking adequate support for cited criteria, and ensure the accuracy of all fields on each record.
Once legislation is passed to authorize DOJ to enforce the requirements and compel user agencies to comply,
DOJ can assume oversight of CalGang. DOJ currently has no existing resources or program in place to

California State Auditor Report 2015-130

August 2016

Elaine M. Howle, CPA
California State Auditor
July 22, 2016
Page 3
handle oversight or administration of CalGang; thus, additional resources and funding will be needed to
implement this recommendation.
CSA cited several unsupported criteria for individuals entered into CalGang, DOJ will need to further
develop how the required support documentation for criterion is maintained in its regulations. As such, all
records tied to this criterion for inclusion in CalGang will need to be reviewed after the implementation of
regulations. This may impact the deadline recommended by the CSA for completion of the review of
records. DOJ recommends that the final review date be determined by the Legislature through statute.
CSA Recommendation: Instructing all user agencies to report to Justice every six months, beginning in
January 2017, on their progress toward completing their gang and gang member reviews.
DOJ Response:
DOJ agrees with this recommendation and will work with the board, committee, and user agencies to
provide instruction as recommended. However, until the Legislature grants DOJ express authority, DOJ
cannot compel user agencies to report their review progress to the DOJ biannually. DOJ recommends that
the commencement of the biannual reporting be determined by the Legislature through statute.
CSA Recommendation: Developing standardized periodic training content for all CalGang users and
training instructors. Justice should guide the board and committee to develop such standardized training
content by June 30, 2017.
DOJ Response:
DOJ agrees with this recommendation and will work with the board and committee to develop
standardized training for CalGang users and training instructors. However, until the Legislature grants DOJ
express authority, DOJ cannot compel the board and committee to participate in the development,
implementation, and enforcement of the training. Once legislation is passed to authorize DOJ to enforce the
requirements, and user agencies are compelled to adhere to DOJ’s requirements, DOJ will ensure that the
training content is implemented and participation by user agencies is enforced. DOJ currently has no
existing resources or program in place to handle oversight or administration of CalGang; thus, additional
resources and funding will be needed to implement this recommendation. DOJ recommends that the date for
DOJ to develop the standardized training be determined by the Legislature through statute.
CSA Recommendation: Establishing a plan to recertify all CalGang users and training instructors on the
new training content. Justice should guide the board and the committee to complete the draft plan by June
30, 2017, and the recertification training by June 30, 2018.
DOJ Response:
DOJ agrees with this recommendation and will work with the board and committee to develop and
implement a plan to recertify all CalGang users and training instructors. However, until the Legislature
grants DOJ express authority, DOJ cannot compel the board and committee to participate in the
development, implementation, and enforcement of the recertification. Once legislation is passed to authorize

71

72

California State Auditor Report 2015-130

August 2016

Elaine M. Howle, CPA
California State Auditor
July 22, 2016
Page 4
DOJ to enforce the requirements and user agencies are compelled to comply, DOJ will ensure that the
recertification plan is implemented and participation by user agencies is enforced. DOJ currently has no
program or existing resources in place to handle oversight or administration of CalGang; thus, additional
resources and funding will be needed to implement this recommendation. DOJ recommends that the date for
DOJ to establish a training plan for recertification be determined by the Legislature through statute.
CSA Recommendation: Developing policies and procedures requiring the disabling of user accounts for
all individuals who no longer have a need to or right to access CalGang because they have separated from
their employment with user agencies or for other reasons. Justice should guide the board and the committee
to identify and disable all such accounts by September 20, 2016.
DOJ Response:
DOJ agrees with this recommendation and will work with the board, committee, and user agencies to
identify and disable accounts for those who no longer have a need or right to access CalGang as outlined.
However, until the Legislature grants DOJ express authority, DOJ cannot compel the board, committee, and
user agencies to comply with the disabling requirements. Once legislation is passed to authorize DOJ to
enforce the requirements, DOJ will ensure that the policies and procedures are established and enforced.
DOJ currently has no existing resources or program in place to handle oversight or administration of
CalGang; thus, additional resources and funding will be needed to implement this recommendation. DOJ
recommends that the date for DOJ to develop policies and procedures be determined by the Legislature
through statute.
CSA Recommendation: Determining what steps must be taken to upgrade CalGang’s controls to ensure
that CalGang will automatically purge all individuals whose records have not been updated by user agencies
for five years.
DOJ Response:
DOJ agrees with this recommendation, but currently has no authority to mandate CSRA International,
Inc. (CSRA), the developer of the proprietary CalGang software, to upgrade CalGang’s controls to do
automatic purges, nor does DOJ have existing resources or a program in place to handle oversight or
administration of CalGang; thus, additional resources and funding will be needed to implement this
recommendation. For immediate implementation, DOJ suggests that CSA make this recommendation to the
CalGang Executive Board and California Gang Node Advisory Committee that currently oversees CalGang
and CSRA. It would be beneficial to DOJ for CSRA to begin making enhancements to CalGang before
oversight and administration is assumed by DOJ.
CSA Recommendation: To promote transparency and hold the board, the committee, and user agencies
accountable for implementing and adhering to criminal intelligence safeguards, Justice should post
quarterly reports on its website beginning June 30, 2017, that summarize how it has guided the board and
the committee to implement and adhere to criminal intelligence safeguards: the progress the board, the
committee, and user agencies have made in implementing and adhering to these safeguards; the steps these
entities still must take to implement these safeguards; and any barriers to the board’s and the committee’s
success in achieving these goals.

California State Auditor Report 2015-130

August 2016

Elaine M. Howle, CPA
California State Auditor
July 22, 2016
Page 5
DOJ Response:
DOJ agrees with this recommendation, but currently has no program in place to handle oversight or
administration of CalGang; thus, additional resources and funding will be needed to implement this
recommendation. DOJ also does not have authority to require user agencies to conduct external audits to
assess implementation and adherence to criminal intelligence safeguards and report their progress to DOJ.
Until the Legislature grants DOJ express authority, DOJ cannot compel the board, committee, and user
agencies to comply with the requirements. DOJ recommends that the date to start posting quarterly reports be
determined by the Legislature through statute.
CSA Recommendation: To promote transparency and encourage public participation in CalGang’s
meetings, Justice should post the following information to its website unless doing so would compromise
criminal intelligence information that must be shielded from public release:
 Summary results from the committee’s audits of CalGang records.
 The agendas, minutes, and referenced attachments for all future board and committee meetings, as
well as other documents of significance such as letters, memos, or agreements.
 From the past five years, all available agendas, minutes, and referenced attachments from scheduled
and ad-hoc board and committee meetings, as well as all other documents of significance. Justice
should post these materials by October 31, 2016.
DOJ Response:
DOJ agrees with this recommendation and will work with the board and committee to post all
referenced information that we are successful in acquiring to the Attorney General’s website. However, until
the Legislature grants DOJ express authority, DOJ cannot compel the board and committee to make all
components available to DOJ. Once legislation is passed to authorize DOJ to enforce the requirements, DOJ
will ensure that all available and future referenced information are made available to the public through the
Attorney General’s website. DOJ currently has no existing resources or program in place to handle oversight
or administration of CalGang; thus, additional resources and funding will be needed to implement this
recommendation.
CSA Recommendation: If Justice needs additional resources to guide the board and committee to identify
and address the shortcoming that exist in CalGang’s current operations and oversight, to report on the
board and committee’s progress in addressing CalGang’s shortcomings, and to post necessary information
to its website, Justice should take steps to secure the resources it needs.
DOJ Response:
DOJ agrees with this recommendation and will work with the Legislature and the Department of
Finance to identify and obtain the additional resources and funding necessary for DOJ to implement the
recommendations outlined in the CSA audit of CalGang.

73

74

California State Auditor Report 2015-130

August 2016

Elaine M. Howle, CPA
California State Auditor
July 22, 2016
Page 6
The following recommendations by CSA were made to the Legislature with regard to CalGang, but
have a direct impact to DOJ. As such, DOJ has provided the following responses to these recommendations:
CSA Recommendation: Designate Justice as the state agency responsible for administering and
overseeing CalGang or any equivalent statewide shared gang database.
DOJ Response:
DOJ agrees with this recommendation. Express authority from the Legislature is needed before DOJ
can fully enforce the recommendations made by the CSA. DOJ currently has no existing resources or
program in place to handle oversight or administration of CalGang; thus, additional resources and funding
will be needed to implement this recommendation.
CSA Recommendation: Require that CalGang or any equivalent statewide shared gang database adhere o
federal regulations and relevant safeguards from the state guidelines, including supervisory reviews of
database entries and regular reviews of all records.
DOJ Response:
DOJ agrees with this recommendation. Express authority from the Legislature is needed for DOJ to
fully enforce CalGang’s adherence to federal regulations and state guidelines regarding criminal intelligence
systems and compel user agencies to comply. DOJ currently has no program in place to handle oversight or
administration of CalGang; thus, additional resources and funding will be needed to enable DOJ to
adequately administer and oversee CalGang.
CSA Recommendation: Specify that Justice’s oversight responsibilities include developing and
implementing standardized periodic training as well as conducting---or hiring an external entity to conduct-periodic audits of CalGang or any equivalent statewide shared gang database.
DOJ Response:
DOJ agrees with this recommendation. Express authority from the Legislature, and funding to either
DOJ or the user agencies to hire an external entity to conduct periodic audits is needed before DOJ can fully
enforce the recommendations made by the CSA. DOJ currently has no program in place to handle oversight
or administration of CalGang; thus, additional resources and funding will be needed to enable DOJ to
adequately administer and oversee CalGang.
CSA Recommendation: To promote public participation in key issues that may affect California’s citizens
and to help ensure consistency in the use of any shared gang database, the Legislature should require
Justice to interpret and implement shared gang database requirements through the regulatory process. This
process should include public hearings and should address the following:
 Adopting requirements for entering and reviewing gang designations, including establishing a
retention period for gangs.
 Adopting criteria for identifying gang members. These criteria should define which offenses are
consistent with gang activity.

California State Auditor Report 2015-130

August 2016

Elaine M. Howle, CPA
California State Auditor
July 22, 2016
Page 7



Specifying how user agencies will operate any statewide shared gang database, including requiring
user agencies to implement supervisory review procedures and periodic record reviews. The user
agencies should report the results of the reviews to Justice.
Standardizing practices for user agencies to adhere to the State’s juvenile notification requirements,
including guidelines for documenting and communicating the bases for juveniles’ gang designations.

DOJ Response:
DOJ agrees with this recommendation. Express authority from the Legislature is needed before DOJ
can fully enforce the recommendations made by the CSA and ensure user agency compliance with policies
and procedures. DOJ currently has no program in place to handle oversight or administration of CalGang;
thus, additional resources and funding will be needed to enable DOJ to adequately administer and oversee
CalGang.
CSA Recommendation: To ensure transparency, the Legislature should require Justice to publish an
annual report with key shared gang database statistics---such as the number of individuals added to and
removed from the database---and summary results from periodic audits conducted by Justice or any external
entity. Further, the Legislature should require Justice to invite and assess public comments following the
report’s release. Subsequent annual reports should summarize any public comments Justice received and
actions it took in response.
DOJ Response:
DOJ agrees with this recommendation. Express authority from the Legislature is needed before DOJ
can fully enforce the recommendations made by the CSA. DOJ currently has no program in place to handle
oversight or administration of CalGang; thus, additional resources and funding will be needed to enable DOJ
to adequately administer and oversee CalGang.
CSA Recommendation: To help ensure that Justice has the technical information it needs to make certain
that CalGang or any equivalent shared gang database remains an important law enforcement tool, the
Legislature should establish a technical advisory committee to advise Justice about the database use,
database needs, database protection, and any necessary updates to policies and procedures. The Legislature
should specify the qualifications for membership in the technical advisory committee, which should include
representatives from local and state agencies that use the shared gang database. Further, it should require
that the committee meet at least twice a year and adhere to the Bagley-Keene Open Meeting Act and other
relevant open meeting laws.
DOJ Response:
DOJ agrees with this recommendation and would welcome feedback from a Legislative technical
advisory committee with regard to CalGang. DOJ would also like to be a member of the committee, if
established.

75

76

California State Auditor Report 2015-130

August 2016

Elaine M. Howle, CPA
California State Auditor
July 22, 2016
Page 8
Again, thank you for the opportunity to review and comment on the draft audit report. If you have
any questions or concerns regarding this matter, you may contact me at the telephone number listed above.
Sincerely,

JOE DOMINIC
Director, California Justice Information Services Division

LARRY J. WALLACE
Director, Division of Law Enforcement

cc:

Nathan R. Barankin, Chief Deputy Attorney General
Venus D. Johnson, Associate Attorney General
Tammy Lopes, Director, Division of Administrative Support
Andrew J. Kraus III, CPA, Director, Office of Program Review and Audits

California State Auditor Report 2015-130

August 2016

*

*  California State Auditor’s comments begin on page 81.

77

78

California State Auditor Report 2015-130

August 2016

1

1

79

California State Auditor Report 2015-130

August 2016

2

80

California State Auditor Report 2015-130

August 2016

3

4

California State Auditor Report 2015-130

August 2016

Comments
CALIFORNIA STATE AUDITOR’S COMMENTS
ON THE RESPONSE FROM THE LOS ANGELES
POLICE DEPARTMENT
To provide clarity and perspective, we are commenting on the
Los Angeles Police Department’s (Los Angeles) response to our
audit. The number below corresponds to the number we have
placed in the margin of Los Angeles’s response.
Los Angeles erroneously concludes that our report does not
identify the department as deficient in following state law or
federal regulations or with sharing CalGang information. We did,
in fact, find that Los Angeles is deficient in numerous areas. For
example, it is deficient in supporting gang member criteria entries,
as summarized in Table 7 on page 32; it lacks processes to properly
share CalGang information and limit CalGang assess as described
on pages 41 and 42; and it has failed to appropriately notify juveniles
and their parents as state law requires, as summarized in Table 11
on page 48.

1

We are not questioning the training, expertise, and field experience
of Los Angeles’s gang enforcement officers. They are uniquely
qualified to evaluate potential gang tattoos, gang areas, gang
dress, gang symbols and hand signs, and to conduct interviews of
suspected gang members and informants—all of which are criteria
they can use to justify a person’s inclusion in CalGang. Because
this criteria is available, we find it inappropriate, as we discuss on
page 35, that Los Angeles would allow an officer to justify a person’s
inclusion in CalGang based on the criteria—“Subject has been
identified as a gang member by a reliable informant/source”, when
the only support for this criteria is a circular reference back to this
officer’s conclusion that the individual is a gang member. In our
view, “reliable informant/source” indicates that the law enforcement
agency received reliable information from outside its agency, and
not simply a determination made by an officer inside its agency.

2

Los Angeles misunderstands our concern. We received and
reviewed the documents that Los Angeles refers to and found that
these documents outline processes for backing up CalGang data.
We acknowledge on page 27 that each of the node administrator
agencies that we reviewed— including Los Angeles—asserted that
they protect their data against loss by implementing practices such
as regular backups of data. However, Los Angeles seems to overlook
our concern that it does not have an agreed-upon plan with its
service provider—the Los Angeles County Sheriff ’s Department,
in this case—for restoring CalGang information within a specified
time frame after a man-made or natural disaster. As Los Angeles

3

81

82

California State Auditor Report 2015-130

August 2016

points out, in the event of such a disaster, users will be unable to
add or update records until the Los Angeles servers are restored.
As such, it is important that Los Angeles and its service provider
formally agree on an acceptable recovery strategy to minimize the
impact of an interruption.
4

The audit’s title is derived from the conclusions we drew from the
evidence we collected and examined over the course of the audit.
We believe the title aptly summarizes the audit conclusions and that
those conclusions are soundly supported by audit evidence.

California State Auditor Report 2015-130

August 2016

MAYOR
Miguel A. Pulido
MAYOR PRO TEM
Vicente Sarmiento
COUNCILMEMBERS
Angelica Amezcua
P. David Benavides
Michele Martinez
Roman Reyna
Sal Tinajero

CITY MANAGER
David Cavazos
CITY ATTORNEY
Sonia R. Carvalho
CLERK OF THE COUNCIL
Maria D. Huizar

CITY OF SANTA ANA
POLICE DEPARTMENT
60 Civic Center Plaza ● P.O. Box 1981
Santa Ana, California 92702
www.santa-ana.org

OFFICE OF THE CHIEF OF POLICE
July 28, 2016

Elaine M. Howle, CPA
California State Auditor
621 Capitol Mall, Suite 1200
Sacramento, CA 95814
Re: Response to Audit of “The CalGang Criminal Intelligence System”
Dear Ms. Howle,
In 2015, the Joint Legislative Audit Committee requested the California State Auditor’s Office
conduct an audit on the use of CalGang, a shared criminal intelligence database. The Santa Ana
Police Department is an end-user of the CalGang system and was one of several agencies
throughout the state to be audited. The Santa Ana Police Department welcomed the audit as an
examination of this magnitude had never been conducted. During the audit, Santa Ana Police
Department and State Auditor personnel interacted in a transparent and professional manner.
The Department was eager to learn how to improve internal processes and ensure industry-best
practices have been employed.
On July 18, 2016 the State Auditor’s Office released their preliminary audit report. The report
primarily focuses on law enforcement’s process deficiencies. However, when scrutinizing the
Department’s juvenile notification process, the State Auditor’s Office indicated, “… Santa Ana
exceeded the law’s requirement by notifying parents after each contact juveniles had with police
that resulted in updates to their records.” More impressive was the State Auditor’s Office
recognizing the Department’s efforts to provide education and intervention for juveniles and
their parents during the contestation process. The State Auditor’s report states, “Santa Ana’s
process when it receives a contestation letter represents a best practice that we believe could be
the basis for statewide standards.”

83

84

California State Auditor Report 2015-130

August 2016

July 28, 2016
Page 2
The State Auditor’s Office recommended the following actions to address the specific
deficiencies:


Begin reviewing the gangs they have entered into CalGang to ensure the gangs meet
reasonable suspicion requirements. They should also begin reviewing the gang members they
have entered into CalGang to ensure the existence of proper support for each criterion. They
should purge from CalGang any records for gangs or gang members that do not meet the
criteria for entry. Individuals who are independent from the ongoing administration and use
of CalGang should lead this review. The agencies should complete the gang and gang
member reviews in phases with the final phase for gangs to be completed by June 30, 2018,
and the final phase for gang members to be completed by June 30, 2019.

The Santa Ana Police Department has a clear understanding of the State Auditor’s
recommendation and intends to fulfill the recommendation without modification or delay. The
Department will begin reviewing the gangs we have entered into CalGang immediately. The
Department will then review the gang members we have entered to ensure proper criterion has
been documented and entered. Any gangs or its members not meeting requirements will be
purged from CalGang. The Department intends to complete this review within the recommended
timelines.


Develop or modify as necessary all their policies and procedures related to CalGang to
ensure they align with state law, CalGang policy, the federal regulations, and the state
guidelines. In particular, the law enforcement agencies should implement appropriate
policies and procedures for entering gangs; performing supervisory reviews of gangs and
gang member entries; performing periodic CalGang record reviews; sharing CalGang
information; and complying with juvenile notification requirements. The law enforcement
agencies should complete this recommendation by March 31, 2017.

The Santa Ana Police Department, with assistance from legal counsel, will establish a standalone
policy and procedure for CalGang. This policy and procedure will support state law, CalGang
policy, federal regulations, and state guidelines. The Department will ensure CalGang entries
meet all criteria, supervisory reviews are conducted, a system to track CalGang information
sharing will be created, and juvenile compliance notification requirements will be met. The
Department intends to fully comply with these recommendations on or before March 31, 2017.

California State Auditor Report 2015-130

85

August 2016

July 28, 2016
Page 3

The Santa Ana Police Department would like to thank the staff from the California State
Auditor’s Office for their professionalism during the audit process. There is no question their
review and recommendations will assist the Santa Ana Police Department in the implementation
of process improvements related to criminal intelligence files.
Sincerely,

CARLOS ROJAS
Chief of Police

SANTA ANA CITY COUNCIL
Miguel A. Pulido
Mayor
MPulido@santa-ana.org

Vicente Sarmiento
Mayor Pro Tem, Ward 1
VSarmiento@santa-ana.org

Michele Martinez
Ward 2
MMartinez@santa-ana.org

Angelica Amezcua
Ward 3
AAmezcua@santa-ana.org

P. David Benavides
Ward 4
DBenavides@santa-ana.org

Roman Reyna
Ward 5
RReyna@santa-ana.org

Sal Tinajero
Ward 6
STinajero@santa-ana.org

86

California State Auditor Report 2015-130

August 2016

Blank page inserted for reproduction purposes only.

California State Auditor Report 2015-130

August 2016

*

*  California State Auditor’s comments appear on page 89.

87

88

California State Auditor Report 2015-130

August 2016

1

2

California State Auditor Report 2015-130

August 2016

Comments
CALIFORNIA STATE AUDITOR’S COMMENTS ON
THE RESPONSE FROM THE SANTA CLARA COUNTY
SHERIFF’S OFFICE
To provide clarity and perspective, we are commenting on the
Santa Clara County Sheriff ’s Office (Santa Clara) response to our
audit. The numbers below correspond to the numbers we have
placed in the margin of Santa Clara’s response.
In footnote 8 on page 30 of the audit report, we note that
Santa Clara does not add gangs to CalGang; rather, it links
suspected gang members to gangs already existing in the database.
Consequently, it did not have a process for adding gangs to CalGang
for us to review.

1

Nowhere in the audit report do we conclude that Santa Clara is not
in compliance with juvenile notification requirements. On pages 47
and 48 of the audit report, we acknowledge that Santa Clara
stopped adding juveniles to CalGang in direct response to
the notification requirements.

2

89

90

California State Auditor Report 2015-130

August 2016

Blank page inserted for reproduction purposes only.

California State Auditor Report 2015-130

August 2016

Sonoma County
Sheriff’s Office

STEVE FREITAS
Sheriff-Coroner
ROBERT GIORDANO
Assistant Sheriff
Law Enforcement Division
RANDALL WALKER
Assistant Sheriff
Detention Division

July 22, 2016
Elanie M. Howle, CPA*
California State Auditor
621 Capitol Mall
Suite 1200
Sacramento, CA 95814
Dear Ms. Howle,
Attached please find the Sonoma County Sheriff’s Office response to the State Auditor’s Report
about CalGang® and the Sonoma County Sheriff’s Office’s regional role in the administration of
this gang crime intelligence system.
Included are several attachments for your review.
If you have any questions, please contact me at 707-565-2781.
Sincerely,

STEVE FREITAS
Sheriff-Coroner
SF/wh

Administration Division
2796 Ventura Avenue
Santa Rosa, CA 95403
707.565.2781

Law Enforcement Division
2796 Ventura Avenue
Santa Rosa, CA 95403
707.565.2511

*  California State Auditor’s comments begin on page 103.

Detention Division
2777 Ventura Avenue
Santa Rosa, CA 95403
707.565.1422

Coroner
3336 Chanate Road
Santa Rosa, CA 95404
707.565.5070

91

92

California State Auditor Report 2015-130

August 2016

SONOMA COUNTY SHERIFF’S OFFICE
RESPONSE TO CALGANG® AUDIT REPORT
The Sonoma County Sheriff’s Office is pleased to have the opportunity to respond to the State Auditor’s
Report about CalGang® and the Sonoma County Sheriff’s Office’s regional role in the administration of
this important gang crime intelligence system (“Report”). The Report was compiled after a months-long
audit during which the auditor team was given unprecedented access to staff and materials. Volumes of
information were presented, procedures were explained, and full cooperation was provided to the
auditor team by the Sonoma County Sheriff’s Office. 1
The Report highlights the importance of CalGang® which provides a shared database to law
enforcement agencies with current gang information, allowing agencies to improve the efficiency of
their criminal investigations, enhance officer safety, and better protect the public 2. The Sonoma County
Sheriff’s Office shares those important values and has been committed to supporting CalGang® for the
benefit and safety of our communities and law enforcement agencies. The statewide gang problem
knows no jurisdictional boundaries and the Sonoma County Sheriff’s Office believes that effective
intelligence sharing is essential to protect the public from dangerous gang crimes.
The gathering of data in a criminal intelligence system often includes sensitive and private information.
The Sonoma County Sheriff’s Office understands that this may raise concerns about individual’s privacy
rights. The Sonoma County Sheriff’s Office acknowledges that an appropriate level of auditing is
necessary, and is committed to administering the CalGang® database in a responsible and appropriate
way, while balancing the need to protect individuals’ rights with the need to protect the public from
crimes caused by gangs.
1

2

3

The Sonoma County Sheriff’s Office’s administration of CalGang® has always been appropriate and
lawful. Despite the Report’s title which suggests a potential for privacy rights violations state-wide, the
audit did not unearth any actual privacy violations by the Sonoma County Sheriff’s Office. In fact, the
Sonoma County Sheriff’s Office believes that it has met or exceeded the statutory guidelines for
administering a model Criminal Intelligence System that is used nation-wide. Indeed, since the CalGang®
program’s inception, it was been used as the template for other regional and nation-wide criminal
intelligence databases. Sonoma County’s administration of CalGang® fully complies with federal
auditing requirements, contained in Title 28, section 23 of the Code of Federal Regulations (28 CFR §23).
Importantly, any information contained in CalGang® is subject to multiple levels of scrutiny before it is
entered into CalGang®. First, the source information comes from law enforcement officers in the field.
Before any information is transmitted to a CalGang® node agency (like Sonoma County) for entry into

4

1

The Sonoma County Sheriff’s Office was provided a redacted version of the Report that contained only
information about the Sonoma County Sheriff’s Office. Further, the Sonoma County Sheriff’s Office was prohibited
by the Auditor’s Office from discussing the Report with CalGang’s governing board or other local agencies who
administer CalGang – despite the fact that CalGang is a state-wide program. The Sonoma County Sheriff’s Office
hopes and anticipates that CalGang’s state-wide governing board will subsequently issue a comprehensive
response to the Report once all agencies involved in operating the state-wide CalGang system have had an
opportunity to review the entire Report.
2
The legislature recognized that gang crimes presented a “clear and present danger” to the public when it enacted
the Street Terrorism and Prevention Act (Penal Code §§186.20 et.seq.).
Page 1

93

California State Auditor Report 2015-130

August 2016

CalGang®, it is generally reviewed by the local law enforcement officer’s supervisor. Then, once the
information is transmitted to a CalGang® node administrator, the source information is again vetted to
ensure it meets the CalGang® criteria.

5

Sonoma County Sheriff’s Office has supported CalGang® for over 20 years. The staff from all involved
agencies assigned to the California Gang Node Advisory Committee (Committee) and CalGang®
Executive Board (Board) have done a phenomenal job developing and deploying a system that has
become the gold standard around the county and beyond. This work was done primarily by local law
enforcement, with very little support from the state of California and largely at the expense of the
committee and board member agencies. The exceptional value of the CalGang® system is evidenced by
more than 500 success stories written by end users praising the ability of CalGang® to assist in the
investigation of crimes up to and including multiple capital murders.
The Report focuses on the 2007 version of the California Attorney General’s Model Standards and
Procedures for Maintaining Criminal Intelligence Files (AG’s Model Standards) regarding heightened
audit requirements. What the Report fails to acknowledge is that CalGang® was created more than 20
years ago in full compliance with the prior version of the AG’s Model Standards. The CalGang® Board
and Committee never agreed to comply with the 2007 version of the AG’s Model Procedures. The
Sonoma County Sheriff’s Office believes that the current level of CalGang® oversight, which was
originally recommended by John Gordiner, Senior Assistant Attorney General assigned to CalGang®,
remains appropriate. It is above and beyond what is employed in other Criminal Intelligence Systems
we are familiar with, it is proactive, forward looking, and holds end users accountable. It also, within
the permissible confines of 28CFR23, promotes transparency through its Executive Board which has met
in public for decades. CalGang® does not violate individual privacy rights, in fact, it protects those rights
by operating strictly within the confines of 28CFR23.
The overly onerous annual auditing requirements of the 2007 version of the AG’s Model Standards
would make administering the CalGang® system as a node administrator unfeasible for Sonoma County.
The Sonoma County Sheriff’s Office, as a node agency, would have to hire multiple high-level law
enforcement personnel to fully comply with the Report’s interpretation of the 2007 version of the AG’s
Model Procedures.
This highlights Sonoma County’s fundamental concern about this Report. The Auditors acknowledged
that they had never audited a criminal intelligence database before. The Sonoma County Sheriff’s Office
is concerned that given the limited time the Auditors had to review the CalGang® system, and become
familiarized with how criminal intelligence databases are maintained and the national standards that
govern such databases, the Report contains recommendations that are not grounded in either the
correct interpretation of the law or the reality of operating a criminal intelligence database.
The ongoing resources necessary to operate the state-wide system has been an issue for 20
years. CalGang® has never been appropriately funded by the State, leaving stake holders, local
communities, and law enforcement agencies to fund the staff and equipment. However, if CalGang® is
forced to comply with the recommendations put forth by the auditor’s report, the Sonoma County
Sheriff’s Office will not be able to provide the additional resources it would take to support the 35 other
counties of the Node. Ultimately, Sonoma County will be forced to stop operating as a Node agency.

Page 2

6

7

6

8

9

10

94

California State Auditor Report 2015-130

August 2016

Recommendation #1
Begin reviewing the gangs they have entered into CalGang® to insure that the gangs meets reasonable
suspicion requirements. They should also begin reviewing the gang members they have entered into
CalGang® to insure the existence of proper support for each criterion. They should purge from CalGang®
any records for gangs or gang members that do not meet the criteria for entry. Individuals who are
independent from the on-going administration and use of CalGang® should lead this review. The agencies
should complete the gang and gang member reviews in phases with the final phase for gangs to be
complete June 30, 2018, and the final phase for gang members to be completed by June 30, 2019.

Recommendation #2
Develop or modify as necessary all their policies and procedures related to CalGang® to insure they align
with state law, CalGang® policy, the federal regulations, and the state guidelines. In particular, the law
enforcement agencies should implement appropriate policies and procedures for entering gangs;
performing supervisory reviews of gang and gang member entries; performing periodic CalGang® record
reviews; sharing CalGang® information; and complying with juvenile notification requirements. The law
enforcement agencies should complete this recommendation by March 31, 2017.

The Sonoma County Sheriff’s Office simple response to the auditor’s recommendations is:
CalGang® is a state-wide program, and funding and staffing is a state-wide issue.
11

If we follow the recommendations of the auditor’s report, the Sonoma County Sheriff’s Office will be
forced to stop operating as a Node agency.
We will operate for a reasonable amount of time for a replacement to be identified; if no other agency
steps forward, our stored criminal intelligence data in CalGang® will be purged, pursuant to 28CFR23.

Page 3

95

California State Auditor Report 2015-130

August 2016

ATTACHMENT A: SPECIFIC RESPONSES
A major challenge with the auditor’s document was that significant portions, including titles and some
complete sections were redacted. It is unclear exactly what areas of concern must be attended to.

4

The Sonoma County Sheriff’s Office would eagerly work to correct actual issues, but specifics are redacted,
leaving only broad, non-specific allegations. There is nothing to identify the offender and specific
questionable record(s).

Generally:
The auditors have never audited a criminal intelligence system. The very title of the report, ”The CalGang
Criminal Intelligence System: As a result of Weak Oversight Structure, It contains Questionable
Information That May Violate Individuals’ Privacy Rights” draws conclusions that are subjective and
misleading.

12

The CalGang® policies and procedures and the end use agency agreements were originally drafted by the
Attorney General’s representatives, Senior Assistant Attorney General John Gordiner until his retirement;
then Deputy Attorneys General Rob Nash and Harry Colombo.

Specifically:
Section

Concerns (C) and Sonoma County Sheriff’s Office Response (R)

“Scope and
Methodology
[REDACTED]”

The portion titled Scope and Methodology is redacted entirely. We cannot
respond to the contents without knowing the materials and process with which
the auditors are relying upon to complete their tasks and reach their
conclusions.

“Leadership Section
[TITLE REDACTED]”

The paragraph title is redacted.
C1:
The auditor takes exception to our senior detective sergeant, with 35 years of
law enforcement experience, serving as node administrator, committee
member, and end user.
R1:

SCSO – Attachment A



Every node administrator is a committee member. Every node
administrator is an end user. Every node administrator is an instructor.



This is far from a weakness in the framework; rather, it is an
overwhelming strength. It makes sense to use our best, brightest,
most experienced personnel to fill these crucial positions.



The node administrators have in excess of 250 years of combined law
enforcement experience. The collective expertise of these dedicated
personnel is an asset and an integral part of the CalGang® system.

Page 1

13

13

96

California State Auditor Report 2015-130

August 2016

C2:
The auditor has concern that end users are not disabled when they separate or
transfer.
R2:
14



The auditor has redacted the identity of the sole end user they take
exception to. Due to this omission we are unable to correct the issue.



Sonoma County Sheriff’s Office has procedures in place for the
modifying and removing separated employees. An office-wide
message, generated from the Personnel Bureau, is distributed
whenever a person is moved to a different position or separates from
the agency. It is at that time that person’s CalGang® access is
reevaluated.

15

C3:
The auditor believes that our written policy for the re-establishment of
CalGang® services after a disaster or other catastrophic failure is lacking.
R3:



CalGang® data is replicated in near-real time to the central node at the
DOJ in Sacramento. It is backed up nightly both locally and off-site. If
the Sonoma Node (or any other California Node) is unavailable, the
data remains searchable at DOJ, or visa-versa.



We believe that our Service Level Agreement with the County
Information Systems Department, which is responsible for the data
center, addresses the re-establishment of all Sheriff’s services,
including CalGang® as part of the County-Wide Continuity of
Operations Plans.



All eventualities cannot be anticipated, nor do disasters fit neatly into
boxes. Re-establishment of services is dependent on many issues
which the Sheriff’s Office cannot control.



Sonoma County Sheriff’s Office has evaluated the ability to return the
CalGang® system’s functionality after a disaster and we are
implementing a plan to restore services.



CalGang® is not a mission-critical application, restoration can take a
lesser priority following a disaster. Should we experience a
catastrophic event, we could restore the system to full functionality
with 90 days subject to priority.

16

C4:
The auditor noted a discrepancy between CalGang® Policy and a since rewritten DOJ Guideline.

SCSO – Attachment A

Page 2

97

California State Auditor Report 2015-130

August 2016

R4:



CalGang® fully complies with Federal standard as required in Title 28,
section 23 of the Code of Federal Regulations as is evidenced in the
compliance letter from the Institute for Intergovernmental
Regulations dated February 7, 2006.



The committee policies dated September 27, 2007 were based on the
California Criminal Intelligence File Guidelines dated July 1, 1994. This
version of the State Guidelines does not include the overly onerous
review requirements outlined in the updated Model Standard and
Procedures for Maintaining Criminal Intelligence Files and Criminal
Intelligence Operational Activities, dated November 2007.



The November 2007 version, was revised by Deputy Attorneys General
(DAG) Harry Colombo and Rob Nash. DAGs Colombo and Nash were
the two Deputy Attorney Generals assigned as representatives to the
Committee.



These additional requirements were never recommended by Colombo
and Nash to be included into CalGang®.

C5:
A peace officer can make an arrest, depriving a person of their actual liberty,
based on probable cause. However the threshold for entry into CalGang® is
much lower, subjective reasonable suspicion, as defined pursuant to 28CFR23.
R5:



The detention, arrest and possibly their subsequent incarceration (or
release on their promise to appear, a citation) of a person only requires
the eventual sergeant’s review. There are considerably more personal
liberties and rights at stake.

C6:
The recommendation of this audit is that there are two or three more levels of
review to meet a much lower burden of proof.
R6:

“Gangs Section
[REDACTED]”

In May 2016, the Committee and the Board chose to exclude the
reference to the November 2007, DOJ guideline, Model Standard and
Procedures for Maintaining Criminal Intelligence Files and Criminal
Intelligence Operational Activities, in favor of 28CFR23 statute.

C7:
The auditor takes exception to how Gangs are documented in CalGang®.
R7:

SCSO – Attachment A





The auditor states that “[Sonoma] could [NOT] prove that it performed
the analysis required to establish reasonable suspicion.” However, in
Page 3

17

6

98

California State Auditor Report 2015-130

August 2016

the corresponding footnote, the report acknowledges, “Through our
review, we determined that Sonoma was able to demonstrate that the
gangs we reviewed currently meet CalGang® policy requirements.”

18

19

19

20

“[SONOMA DOES]
Not Have Adequate
Support for Sonoma
of the Individuals and
Many of the Criteria
They Entered into
CalGang”

The process is started by a communication from an end user to the
administrator requesting the gang be created. That communication
can be a standard form, an email, a phone call or face-to-face, as often
occurs in training classes when we bring new agencies onto CalGang®.



That gang can only be entered into CalGang® by the administrator. The
name, title, agency, contact information of the requestor is noted and
is available for follow up contact if necessary in CalGang®. If there is a
paper copy of the request, it historically has not been retained, as all
that information is included in the digital record.



Since this was discussed during the audit, those written requests are
being electronically attached to the Gang record, thus preserving the
request.



The status of that gang is then monitored at least three times a year by
the administrator to make sure the end user agency populates the
gang with members. If this population doesn’t occur, the gang is
purged.



As a gang is not an individual it has no privacy rights. The individual’s
connection to the gang is fully documented.

C8:
A fundamental flaw in the report is the inaccurate use of the term “support,”
instead of “supporting documentation,” e.g. the report reads that data entries
lacked support, instead of data entries lacked supporting documentation. This
improper terminology leads to a series of assumptions that data entries were
unsupported or inaccurate simply because no documentation was available at
the time of the audit to prove the entry criteria.
R8:

20





While this may be a legitimate point to encourage better
documentation procedures (where practical and feasible), the mere
lack of documentation (which the report explains by virtue of current
processes) does not necessarily mean that the entries were, in fact,
materially unsupported or inaccurate. The report includes numerous
conclusions that “inaccurate criteria entries” existed, which resulted in
a finding that “Sonoma is tracking people in CalGang who do not
appear to justifiably belong in the system.” This is not the case.

C9:
The auditors were offered a stand-alone, fully functioning laptop version of
CalGang® to audit. Instead they chose to look at the raw data in the database.
This caused numerous conflicts since the auditors “version” was incomplete.

21

SCSO – Attachment A

Page 4

99

California State Auditor Report 2015-130

August 2016

This was communicated to the auditor and they believed they at one point had
remedied the issue; however our CalGang® version still did not reconcile with
the auditors view. We were not consulted after that.
R9:



The report states only 40% of records were in compliance. In actuality,
only 40% were reviewed, and all of those were in compliance. The
balance were never reviewed because the auditor did not correctly
reconcile their version.

22

C10:
The auditor seems to accept our end users expert opinion(s) that certain
tattoos are gang related and specific locations are gang areas, but we continue
to disagree on what crimes are “gang related.”
R10:


“CalGang Records
Section [REDACTED]
[SONOMA HAS] Not
Established
Necessary Processes
for Reviewing and
Purging Records”

SCSO – Attachment A

We contend that crimes are gang related if they are in support of, for
the benefit of, or in association with a criminal street gang or its
members. The auditor insists that only the crimes in penal code
section 186.22(e) are gang related.



We hold that for intelligence purposes, beyond a subjective reasonable
suspicion many crimes can be gang related, based on the support of,
benefit, or association with doctrine.



Conversely, the crimes enumerated in 186.22(e) might NOT be gang
related.



We believe each incident is viewed in the totality of the circumstances
based on the 28CFR23 subjective reasonable suspicion standard.

23

23

23

C11:
The auditor notes that some of the aspects of the November 2007 version of
the Model Standard and Procedures for Maintaining Criminal Intelligence Files
and Criminal Intelligence Operational Activities, specifically expanded review
of data entry, is not incorporated into Sonoma County and CalGang® policy.
This is specifically addressed earlier in this response paper.
R11:


The Sonoma County Sheriff’s Office believes that the current level of
CalGang® oversight, which was originally recommended by the Senior
Assistant Attorney General assigned to CalGang®, remains
appropriate, in fact it is above and beyond what is employed in other
Criminal Intelligence Systems we are familiar with. It is proactive,
forward looking, and holds end users accountable. It also, as much as
is possible within the confines of 28CFR23, is transparent via the
CalGang® Executive Board which has for decades met publicly.

Page 5

1

7

2

100

California State Auditor Report 2015-130

August 2016

1

24

“[SONOMA] Lacks
Processes to Ensure
They Share CalGang
Information Properly
and Limit CalGang
Access as CalGang
Policy Requires”



CalGang® does not violate individual privacy rights; in fact, it protects
those rights by operating strictly within the confines of 28CFR23.



Records are purged automatically when they have not been
substantially updated within the five year statutory requirement.

The Sonoma County Sheriff’s Office responds generally, that end users are
trained that releases of criminal intelligence information is only to Law
Enforcement Personnel with a specific right and need to know.
Military recruiters and any other potential employers are specifically discussed
and are examples of those who may not receive CalGang® criminal intelligence
information, as are Attorneys (both prosecuting and defense, see Brady v
Maryland, 373 US 83(1963) and generally any member of the public.

25

Additionally, end users must affirmatively acknowledge these caveats EVERY
TIME they log into CalGang®, please refer to the attached document,
“EndUserPerso.pdf”

26

C12:
The auditor suggests that staff was not truthful when identifying external
requests.
R12:


26


25

27

“[SONOMA]
Cannot Demonstrate
They Follow CalGang
Training Policy or
Best Practices.”

SCSO – Attachment A

Our Sonoma County Sheriff’s Office policy is attached as criminalstreet-gang.pdf and the Sonoma County Chiefs’ Association policy
CRIMINAL STREET GANG INTELLIGENCE FILES is attached. 92-2.pdf

C13:
The auditor alleges that our Training curriculum is not approved by the
Committee and/or Board.
R13:




27

The Sonoma County Sheriff’s Office does track Public Records Acts
requests and Discovery requests. Those records are maintained in our
Central Information Bureau. End user auditing is maintained within
the CalGang® application. Our administrator did not receive any other
external requests for CalGang® information during the time frame
specified. All requests were made directly into the CalGang® system
and are tracked there in the systems extensive audit trail.

Our training curriculum was originally developed 20 years ago in a
collaboration between our node administrator and another qualified
node administrator and used by all trainers state-wide and presented
as a model for our interstate and federal partners.
It has always been certified by the California Commission on Peace
Officers Standards and Training (POST) and the California Board of

Page 6

101

California State Auditor Report 2015-130

August 2016

State Community Corrections, Division of Standards and Training for
Corrections (STC).

SCSO – Attachment A



Every end user has attended that Committee developed training.



We discussed the perceived discrepancy between CalGang® policy and
actual practice as it refers to our Committee developed, state certified,
Train the Trainer course.



20 years ago, our committee developed a state certified training
course that was 24 hours (three full days.) This was in an era that end
users needed to be trained in the basic use of a computer. Currently,
computer usage and familiarity is commonplace and instruction in
such basics is unwarranted.



Since then, the Committee agreed that this could be shortened to 16
hours. The Committee developed a Train the Trainer class as an eight
hour POST and STC certified course.



One of the pre-requisites for the Train the Trainer class is the
attendance of the FULL end user class, which was originally 24 hours,
and later shortened to 16 hours.



The intent of the policy is that a node administrator/trainer originally
trained the Train the Trainer student in the FULL class. The policy said
a full class was 24 hours and was not corrected to 16 hours. This is a
simple oversight and policy has since been corrected to reflect FULL
end user class.



This was explained to the auditors but not conveyed in their findings.

Page 7

27

27

27

102

California State Auditor Report 2015-130

August 2016

Blank page inserted for reproduction purposes only.

California State Auditor Report 2015-130

August 2016

Comments
CALIFORNIA STATE AUDITOR’S COMMENTS ON
THE RESPONSE FROM THE SONOMA COUNTY
SHERIFF’S OFFICE
To provide clarity and perspective, we are commenting on the
response that the Sonoma County Sheriff ’s Office (Sonoma)
provided to our audit. The numbers below correspond to the
numbers we have placed in the margin of Sonoma’s response.
Sonoma states that the audit did not unearth any actual privacy
violations it had committed. An actual violation of privacy is a
question for a court of law to decide and not one that this audit
was designed to answer. What the audit did reveal is that Sonoma’s
process for adding information to CalGang does not comply with
standards designed to protect individuals’ right to privacy. Further,
as Table 7 on page 32 shows, we reviewed 25 individuals associated
with Sonoma and found that seven did not have adequate support
for their inclusion in CalGang. As we state on page 31, when law
enforcement agencies cannot provide adequate support for the
inclusion of individuals in CalGang, documenting those individuals’
whereabouts, appearance, and associates in a shared database
could constitute or lead to a violation of their privacy or other
constitutional rights.

1

Sonoma’s use of the term “statutory guidelines” is misleading in
that neither CalGang, nor its applicable guidelines, are contained
in statute. Rather, CalGang’s governance bodies voluntarily adopted
certain federal and state criminal intelligence guidelines. Sonoma
is mistaken in its belief that it meets or exceeds these guidelines for
administering a criminal intelligence system. For example, as stated
on page 30, Sonoma could not demonstrate that it established
reasonable suspicion for four gangs it entered into CalGang.
Further, on page 32, Table 7 summarizes the number of individuals
and criteria for which Sonoma could not provide adequate support.
Finally, as we describe on pages 37 through 40, Sonoma lacks
necessary processes for reviewing CalGang entries for accuracy
and relevance.

2

On page 38 we describe that the node administrator agencies audit
at the committee’s direction and conclude that the committee’s
audit approach is weak and does not ensure that CalGang
contains only valid, accurate information. Of specific concern
was that the node administrator agencies audit their own records
and only orally report the results. On page 25 we describe how
one sergeant at Sonoma acts as a committee member, the Sonoma
node administrator, and as a CalGang user. He asserted to us
that he enters at least 95 percent of CalGang records for Sonoma.

3

103

104

California State Auditor Report 2015-130

August 2016

We conclude that playing multiple, conflicting roles highlights the
current weaknesses in CalGang’s oversight framework of which
the audits are a key part.
4

Sonoma points out that it was provided a redacted copy of the audit
report containing only information about Sonoma and prohibited
from discussing the report with outside parties including the board
and the committee. Our enabling statutes require us to keep all
substantive audit related information confidential while an audit
is ongoing. To comply with the law, we did not share draft report
text concerning other entities with Sonoma, just as we did not
share text concerning Sonoma with the other entities that were also
the subjects of the audit. We twice explained our confidentiality
requirements and protocols to Sonoma; once at the beginning of
the audit and again at the end. Moreover, we briefed pertinent
Sonoma staff repeatedly about our preliminary conclusions before
we drafted the report. We are confident that Sonoma was aware of
all the issues related to it that this audit report contains.

5

Sonoma is confusing law enforcement reviews of source
information, such as arrest reports or other field observations,
with the scrutiny needed to add information to CalGang. As we
state on page 35, we did not question the field observations of
law enforcement officers; rather, we questioned the accuracy of
the corresponding entries in CalGang. As stated on page 25, by
his own admission, Sonoma’s node administrator enters at least
95 percent of CalGang entries for Sonoma. No other person reviews
these entries and we found that 48 of the 119 criteria we reviewed
(40 percent) were not supported by source information as shown
in Table 7 on page 32. In some instances, Sonoma could not locate
the corresponding source information but in many other instances
we located the source information and it did not match the entry
included in CalGang, which is something a supervisory or quality
control review would ostensibly catch—if Sonoma actually had
these processes in place.

6

For nearly nine years since it published its September 2007 policies
and procedures manual, the California Gang Node Advisory
Committee’s (committee) manual indicated that CalGang will
comply with the California Attorney General’s intelligence file
guidelines—guidelines that were updated in November 2007 and
have remained unchanged. At no time has the committee clarified
that it was only the former Attorney General guidelines to which
the committee’s policies and procedures were referring. Only until
this audit began to question why CalGang users were not complying
with—and in some cases not even aware of—the Attorney General
guidelines, did committee members such as Sonoma begin saying
that it was only the former guidelines to which the committee had
agreed to follow. This revisionist view neglects the plain language

California State Auditor Report 2015-130

August 2016

of the committee’s policies and procedures, which offers no caveat
as to a particular version of the guidelines it indicates CalGang
will follow.
Sonoma is mischaracterizing board meetings as public. As we state
on page 24 neither the board nor the committee meet in public;
they do not post public notice of their meetings, post agendas
and minutes, or accept public testimony. All of these actions
are accepted as standard for public meetings government and
quasi‑government bodies hold. For Sonoma to maintain that these
meetings are “public”, despite the board not having any processes to
make them truly public, is further evidence to us that the statutory
changes we recommend are greatly needed.

7

The length of time to complete this audit was entirely sufficient for
us to understand CalGang and all related requirements. The State
Auditor’s Office has extensive experience reviewing the reliability
of all types of databases and examining the support for all types of
assertions, including those made by law enforcement agencies.

8

The audit’s recommendations are grounded in the evidence
we collected and examined over the course of the audit. That
evidence clearly undermines Sonoma’s continued belief that its
administration of CalGang is not deficient in any manner—despite
having the highest deficiency rate of any of the four agencies we
reviewed, as evidenced by Table 7 on page 32.

9

Given the emphasis Sonoma places on the value of CalGang to
protect its citizens, we find it disconcerting that Sonoma will
only use the system if it can continue to do so in its present
manner, an approach that our audit report demonstrates puts at
risk individuals’ rights to privacy and which is not in accordance
with safeguards necessary for a criminal intelligence system.

10

As indicated in Note 5, 40 percent of the Sonoma-related criteria
entries we reviewed were not adequately supported by appropriate
source information. Our recommendations are designed to reduce
this deficiency rate and thereby help CalGang be a reliable tool that
law enforcement can use to fight gang crime. If Sonoma cannot
accept a fair and honest critique of its current processes, and even
attempt to improve its procedures without threatening to walk away
from CalGang altogether, then Sonoma may not be suited to be a
CalGang node administrator.

11

The audit’s title is derived from the conclusions we drew from the
evidence we collected and examined over the course of the audit.
We believe the title aptly summarizes the audit conclusions and that
those conclusions are soundly supported by audit evidence.

12

105

106

California State Auditor Report 2015-130

August 2016

13

Sonoma has failed to understand the issue at hand. On page 25
we describe a lack of accountability and oversight because too few
people play too many roles. We use Sonoma’s one sergeant who
acts as a committee member, the node administrator and as a
CalGang user to make our point. As stated on this same page, he
asserted to us that he enters at least 95 percent of CalGang records
for Sonoma and then he audits his own work as node administrator.
We conclude that playing multiple, conflicting roles highlights the
current weaknesses in CalGang’s oversight framework.

14

We typically do not disclose the names of individuals in our
published audit reports. We discussed the account in question with
Sonoma staff during our fieldwork and have provided the account
user’s information to Sonoma.

15

As we discussed on page 27, Sonoma has not documented its policy
or procedure for modifying or removing CalGang user access
rights. In addition, we identified an active user account for an
individual that no longer worked for Sonoma.

16

As discussed on page 27, Sonoma’s agreement with its service
provider does not specify how quickly the CalGang information
would need to be restored in order to minimize the impact of an
interruption, as industry best practices indicate. Although Sonoma’s
assertion that it is implementing a plan to restore the system within
90 days is encouraging, it is important that Sonoma and its service
provider formally agree on this time frame to ensure that the
service provider is able to meet Sonoma’s needs.

17

Sonoma has mischaracterized the 2006 letter from the Institute for
Intergovernmental Research (institute), which predates CalGang’s
current policy and, thus, is no longer relevant to CalGang. We
introduce the institute on page 31 as the criminal intelligence
training vendor with which the federal government contracts. The
letter the institute issued to Sonoma opines on CalGang’s policy; it
concludes that the policies and procedures are in compliance with
federal regulations. However, the institute’s opinion is not relevant
presently because the committee updated the policy in 2007, after
the institute issued its opinion.

18

Based on Sonoma’s comment, we conclude that it did not
understand the report text. To avoid any further misunderstanding
we expanded the text on page 30 and removed the footnote. The
word ‘currently’ is italicized in that text as a way to stress that
in our subsequent review the gangs we initially reviewed met
the CalGang criteria as a gang. We thought it was important to
draw a distinction between the past and the present so that our
stakeholders do not conclude that the gangs we reviewed do not
presently meet the CalGang criteria. The fact that these groups

California State Auditor Report 2015-130

August 2016

presently meet gang criteria does not mean that law enforcement
agencies were justified in not maintaining support for why these
groups were originally added to CalGang.
Sonoma fails to understand that law enforcement agencies must
be prepared to demonstrate that a group meets gang criteria before
it can be entered into CalGang. In Figure 3 on page 29 we depict
the process that must be followed to add a gang to CalGang.
Federal requirements state that reasonable suspicion must be
established and CalGang policy requires, among other items, that
the group must have three or more members. Sonoma is further
mistaken that the monitoring it mentions are an effective tool to
identify gangs that do not meet CalGang criteria. We describe the
weaknesses in the committee’s audit process on pages 30 through 31
and 38 through 39.

19

Sonoma is failing to hear and adjust its understanding to the plain
language of our audit report. Criteria entries from Sonoma did not
just lack supporting documentation; many of its criteria entries
in CalGang inaccurately reflected the documentation that should
have supported the entry. On page 33 we provided an example of a
supposed gang member that, according to a Sonoma CalGang entry,
admitted to being a gang member during a custody classification
interview at a county jail. We obtained the written record of
this interview and found that he said he was not a gang member
and desired to not be housed with the gang to which he was later
connected in CalGang. We found similar problems with another
individual in our Sonoma selection and brought this to the attention
of the node administrator. He agreed that in three separate instances
the admission referenced in CalGang was not documented in the
relevant reports and he purged these criteria entries from CalGang.
Because we provided information on all deficiencies we found to
Sonoma, we do not understand why Sonoma would continue
to misunderstand what we are clearly communicating.

20

Although we appreciated Sonoma’s offer of a laptop version of
CalGang, obtaining raw data from CalGang allowed us to conduct
electronic analyses that would have otherwise been impossible
using a laptop version of CalGang. We obtained all CalGang data
to which we had legal access and that was necessary to conduct
our electronic analyses. We did not obtain certain documents
available in CalGang, such as photos and reports, because these
items typically make electronic files prohibitively large and because
we knew these items could be obtained from the law enforcement
agencies as needed. The only “conflicts” that occurred were when
we could not verify from the source documents we obtained
that CalGang criteria entries were supported. In these instances,
we asked the law enforcement agency or the applicable node
administrator for additional documentation or perspective.

21

107

108

California State Auditor Report 2015-130

August 2016

22

This response has no clear relationship to the redacted draft report
we provided to Sonoma. As we show in Table 7 on page 32, we found
that 48 of the 119 criteria we reviewed (40 percent) for Sonoma
did not have adequate support. In roughly half of these instances,
the deficiency we found was that Sonoma could not provide the
supporting document. For the remainder, we located the document
but the information contained therein was not supportive of the
conclusion indicated in the CalGang criteria entry.

23

As we describe on page 34, we used Penal Code 186.22(e) as a
benchmark for whether offenses were consistent with gang activity
because no other standard is offered in the committee’s policies and
procedures. Throughout its response, Sonoma continues to add
the term “subjective” to any description of the reasonable suspicion
standard described in federal regulations. By doing so, Sonoma
reveals its predisposition to reject any objective standard for which
offenses would actually be consistent with gang activity. Sonoma
provides an alternative definition in its response but, in practice,
does not attempt to prove that the offenses for which it entered
criteria into CalGang were indicative of gang activity. Sonoma used
offenses such as resisting arrest and violating probation to justify
including individuals in CalGang but did nothing to prove that
such offenses were in support of a gang or its members, unless by
“members” Sonoma is arguing that the offenders were in support of
themselves. If so, then Sonoma presupposes that these individuals
are gang members and therefore any offense they commit is in
support of that gang.

24

As we state on pages 40 through 41 we identified three separate
weaknesses with CalGang’s purge function including over
250 records that were not scheduled to purge from CalGang
for more than 100 years.

25

The attachments referred to in Sonoma’s response are available
upon request.

26

Sonoma has mischaracterized the audit report and is further
demonstrating its misunderstanding of CalGang policy. On
page 42 we state that Sonoma has no processes in place to capture
requests it receives for CalGang records that are internal to its
organization or from other law enforcement agencies. Sonoma’s
comment suggests that we consider staff to be untruthful when
in reality our audit standards require that we gather evidence to
support our work. An individual’s assertion is a form of evidence,
but considered less reliable than records or documents supporting
an entity’s actions. On page 42 we describe that the state guidelines
require Sonoma to have written policy regarding information
sharing, but that Sonoma’s written policy lacks all of the necessary
safeguards the CalGang policy specifies.

California State Auditor Report 2015-130

August 2016

Sonoma is making statements that it could not support during
the audit and thus, we dismissed as not relevant. The audit report
concludes that Sonoma could not demonstrate that the committee
approved the training materials that it follows. Sonoma was not
able to provide evidence of the committee’s approval as we state
on page 44; thus, we stand by our conclusion. The fact that POST
and STC certified the training is irrelevant given that the CalGang
policy states that the committee must approve the training and
neither the committee nor Sonoma could evidence that approval.
Moreover, Sonoma describes committee agreements that it
could not evidence and which are in direct conflict with current
CalGang policy.

27

109

 

 

Disciplinary Self-Help Litigation Manual - Side
PLN Subscribe Now Ad 450x450
BCI - 90 Day Campaign - 1 for 1 Match