For years, a federal Border Patrol office based more than 400 miles away in Chula Vista had a window into data recording where Pleasanton drivers' cars were photographed, access that California law flatly prohibits, and the Pleasanton Police Department has acknowledged it did not know until a privacy researcher showed up at City Council with the records.
Mike Katz-Lacabe, director of research for the watchdog group Oakland Privacy, presented the findings at the July 7 council meeting, drawing on documents he obtained through public records requests.
The department's own Agency Data Sharing Report listed the San Diego Sector Border Patrol, the federal office responsible for 60 miles of the U.S.-Mexico border and 114 miles of California coastline, among the agencies able to access data from the city's automated license-plate readers, according to reporting by The Independent and the Pleasanton Weekly.
A law written to keep this data home
Automated license-plate readers photograph every passing plate, stamp it with time and location, and check it against hotlists of wanted vehicles. Pleasanton has used the technology since 2018, and in 2020 the city installed roughly 30 cameras from Motorola's Vigilant system at about a dozen intersections.
California Senate Bill 34, on the books since 2015, bars law enforcement agencies from sharing that data with federal or out-of-state agencies or private entities. The Legislature's concern was precisely the scenario Katz-Lacabe described: location records of ordinary residents flowing to agencies the state never authorized.
Police Lt. Nicholas Albert told the Pleasanton Weekly that under the old system, the San Diego Border Patrol office "was not prohibited from accessing our data as all other federal agencies were."
The reason, he said, was clerical: the office was listed in the sharing report under California rather than as a federal agency, so when the department stripped federal connections from the system, that one entry was overlooked. "It was extremely difficult to discern the fact it was a federal agency based upon how the agency was listed in the report," Albert said.
Whether anyone in Chula Vista ever actually ran a Pleasanton plate is unknown. Albert acknowledged the department has "no ability to confirm whether any data was actually accessed," and Katz-Lacabe told the Weekly the same: the records show the door was open, not whether anyone walked through it.
A contract that ended, and a system that didn't
The finding that has drawn the sharpest questions is not the mislabeled entry but what happened after Pleasanton terminated its Motorola Vigilant contract in October 2025. The system kept operating, and the audits that might have caught the problem stopped with the contract, The Independent reported.
The department's sharing report still showed the system as an active data source as recently as June, and at least one Vigilant camera remained physically installed as of July 14.
Albert said the cameras "have been deactivated and are in the process of being removed" and are no longer collecting data. The department said it has ruled out any internal misuse. "When issues are identified, we take them seriously, act promptly to address them, and review our processes," Albert said.
Katz-Lacabe was blunter. Either audits were not being conducted, he said, or they were "not thorough enough to check whether the police department is complying with California state law."





