Update April 10, 2023: EFF is no longer hosting this data, due to regularly updated data now being available on OpenJustice.
Update, Feb. 27, 2023: Victory! The California Department of Justice has begun posting the data on OpenJustice.ca.gov again.
Update, Feb. 8, 2023: The California Department of Justice has provided EFF with updated search warrant data for 2020, 2021, and 2022, with personal information redacted. We have uploaded the data accordingly. An agency spokesperson said via email, "We are currently reviewing our procedures and we will follow up once the datasets are live on OpenJustice. We do not have an exact timeline, but our team is working on getting it back online as quickly as possible."
Update, Feb. 1, 2023: Out of an abundance of caution, EFF has temporarily replaced the CalECPA disclosure data from 2020-2022 with new versions provided by the California Department of Justice (CADOJ) that do not include the "nature of investigation" and "facts giving rise to the emergency" columns. Following our publication of the data, CADOJ alerted us that it had failed to properly redact potentially personal information from these fields. This is extremely alarming because CADOJ has known since at least 2017 that its data contains personal information. When EFF raised this problem with CADOJ then, an official told us staff would "begin a secondary screening of the produced data that should resolve this issue." That appears to either never have never happened or that it stopped happening sometime before 2020. It certainly did not happen in the five-week period it took CADOJ to produce the data in response to our public records request. The agency had an additional three months to catch the error before we published our blog post. We also gave the CADOJ advanced notice that we planned to publish our report. Yet, CADOJ apparently did not catch the problem until after we went live. It is long past time for CADOJ to have a process in place for redacting this information. A spokesperson says staff is currently reviewing the data and will provide us an updated dataset, with the columns returned but redacted, in the near future. CADOJ also committed to posting it on the OpenJustice website. We have posted their full statement at the end of the blog post.
When it was passed in 2015, the California Electronic Communications Act (CalECPA) was heralded as a major achievement for digital privacy, because it required law enforcement to obtain a warrant in most cases before searching a suspect's data, be it on a personal device or on the cloud. But the law also contained a landmark transparency measure: the legislature ordered the California Department of Justice (CADOJ) to publish a regularly updated dataset of these search warrants on its website.
Up until last year, CADOJ was doing a pretty good job at uploading this data to its OpenJustice website, where it hosts a number of public datasets related to criminal justice. Advocacy groups and journalists used it to better understand the digital search landscape and hold law enforcement accountable. For example, the Palm Springs Desert Sun analyzed the data and found that San Bernardino County law enforcement agencies were by a large margin filing more electronic search warrants than any other jurisdiction in the state. The Markup also published a piece highlighting a troubling discrepancy between the number of search warrants based on geolocation (a.k.a.geofence warrants) self-reported by Google and the number of search warrants disclosed by agencies to the California Department of Justice.
But then, last summer, CADOJ accidentally exposed the personal data of 192,000 people who had applied for a concealed carry weapons permit. Among the various actions it took in response, CADOJ suspended its OpenJustice website. Over the next several months, other datasets–such as data about use of force, jail deaths, complaints against officers, and threats to reproductive health providers–returned to the website.
But the electronic search warrant data is inexplicably missing, despite CalECPA stating that CADOJ “shall publish all those reports on its Internet Web site within 90 days of receipt.”
CADOJ’s failure to publish the CalECPA data is against the law, and EFF is calling on Attorney General Bonta to immediately put the data back on the website.
When asked for comment, a CADOJ spokesperson said, "We are working to bring OpenJustice’s other functions back online as soon as possible." They also said that in the meantime, we could submit requests for the data via email.
EFF did just that on September 30, 2022 through a California Public Records Act (CPRA) request. If CADOJ had been following the law, the data would have been available online instantly, but instead, we were forced to wait four weeks after CADOJ granted itself a deadline extension, and then missed that deadline by a week.
When looking at this data, it's important to note that it does not cover all search warrants for data, but only certain categories: when an agency does not know the identity of the person they are targeting or when they delay notification of the target of the search warrant.
For each of these search warrant, the agency must disclose information about its request, such as the nature of the investigation and crime, whether the warrant is targeting a device or an account, the name of any company who received the search warrant (such as Google or Facebook), the categories of data sought, and the start and end date for the information sought. After receiving the data, CADOJ must publish that data within 90 days, but they can also redact personal info from the data.
Researchers can use this data to seek copies of the search warrants themselves, either through a CPRA request or by visiting the courts. In some cases, the warrants or portions of the warrants will be sealed; previously EFF has litigated the issue, resulting in some records being released, while courts allowed other portions of the records to remain sealed indefinitely.
These search warrant files can reveal important information. In San Bernardino County, the data and search warrants revealed the use of cell-site simulators, devices that masquerade as cell-phone towers in order to track and grab information from cell phones. Based on the CalECPA data, we also obtained a copy of a search warrant that the UC Berkeley Police Department filed to obtain phone records for people who attended a protest.
The public should not have to file CPRA requests over and over again to receive this data. The California legislature wrote a law establishing that this information must be available online, and CADOJ must follow it.
The electronic search warrant data previously provided to you erroneously contained personally identifying information (PII) in some of the dataset’s hundreds of data fields. Our office is working as quickly as possible to thoroughly review the data to ensure PII is protected. We will provide redacted data to you, as well as post it on OpenJustice, as soon as it’s available.
Our office is working as expeditiously as possible and we take our duty to release electronic search warrant information as required under the California Electronic Communications Privacy Act extremely seriously. We greatly appreciate your assistance in this matter as we work to meet our statutory obligations and protect PII. We will follow up with you as soon as we have an update.