SAN FRANCISCO—The San Francisco Police Department (SFPD) has terminated access to its automatic license plate reader (ALPR) database after an organization was found in an audit to have sent query requests on behalf of federal or out-of-state agencies, SFPD said in a June 17 press release. 

During a routine audit in May, SFPD staff found 299 such searches over roughly a year, all initiated by the Northern California Regional Intelligence Center (NCRIC), an in-state law enforcement agency that was authorized to have access to SFPD’s ALPR database, according to the police.

California law prohibits law enforcement agencies from sharing ALPR data with out-of-state or federal agencies.

“SFPD immediately notified NCRIC supervisors and immediately terminated NCRIC’s access to our FLOC ALPR network pending further investigation.” SFPD chief Derrick Lew said in a Police Commission meeting on June 17.

These queries were made by analysts with the Western States Information Network (WSIN), which has been granted access during night hours through NCRIC, and similar queries stopped after May 12, SFPD officials said.

WSIN is one of six Regional Information Sharing Systems (RISS) Centers funded by Congress through the Department of Justice’s Office of Justice Programs. It provides de-confliction and intelligence analysis support for law enforcement in Western states.

The queries by WSIN on behalf of “three dozen” federal and out-of-state agencies involved the investigation of criminal activities, including serious crimes such as homicide and child sexual abuse, as well as gun and drug trafficking, according to Lew.

Lew named the Drug Enforcement Administration, the IRS, the Bureau of Alcohol, Tobacco, Firearms, and Explosives, and several state agencies operating out of Oregon and Washington state.

“The audit did not find any inquiries referencing immigration enforcement or reproductive rights investigations, and the federal agencies identified do not include Immigration and Customs Enforcement or the Department of Homeland Security,” Lew said.

These queries were also made on more than 500 other agency networks, Lew said in the meeting.

“SFPD was the first and only agency to discover this statewide issue through its audit and report these findings to NCRIC,” he said.

“No out-of-state or federal agencies ever had direct access to SFPD’s Flock system,” SFPD said in the statement.

SFPD started deploying its ALPR system by Flock Safety, based in Atlanta, Georgia, in 2024. Currently, the system has 518 license plate readers and other cameras, and the collected data is shared with 319 agencies in California.

The SFPD’s audit covered only about one year of logs, starting on May 1, 2025.

There were more than 1.7 million queries from 3,841 non-CA agencies from 2024 to 2025, according to Brian Hofer, executive director of Secure Justice, an Oakland-based civil-rights non-profit.

“By downplaying the significance of their repeated failures to maintain adequate security protocols, by falsely claiming that no federal or out-of-state agencies have ever had direct access (3,841 such agencies had access during our audit review period), this is just another reason why we shouldn’t be using this technology nor allowing data sharing to continue in this manner,” Hofer wrote in an email to The Epoch Times.

In February, the Mountain View Council voted to terminate its contract with Flock Safety and turned off its ALPR cameras after the Police Department found out-of-state agencies were accessing data.