California Law Says Electronic Search Data Must Be Posted Online. So Where Is It?

When it was passed in 2015, the California Electronic Communications Act (CalECPA) was heralded as a major achievement for digital privacy, because it required law enforcement to obtain a warrant in most cases before searching a suspect's data, be it on a personal device or on the cloud. But the law also contained a landmark transparency measure: the legislature ordered the California  Department of Justice (CADOJ) to publish a regularly updated dataset of these search warrants on its website. 

Up until last year, CADOJ was doing a pretty good job at uploading this data to its OpenJustice website, where it hosts a number of public datasets related to criminal justice. Advocacy groups and journalists used it to better understand the digital search landscape and hold law enforcement accountable. For example, the Palm Springs Desert Sun analyzed the data and found that San Bernardino County law enforcement agencies were by a large margin filing more electronic search warrants than any other jurisdiction in the state. The Markup also published a piece highlighting a troubling discrepancy between the number of search warrants based on geolocation (a.k.a.geofence warrants) self-reported by Google and the number of search warrants disclosed by agencies to the California Department of Justice. 

But then, last summer, CADOJ accidentally exposed the personal data of 192,000 people who had applied for a concealed carry weapons permit. Among the various actions it took in response, CADOJ suspended its OpenJustice website. Over the next several months, other datasets–such as data about use of force, jail deaths, complaints against officers, and threats to reproductive health providers–returned to the website. 

But the electronic search warrant data is inexplicably missing, despite CalECPA stating that CADOJ “shall publish all those reports on its Internet Web site within 90 days of receipt.”

CADOJ’s failure to publish the CalECPA data is against the law, and EFF is calling on Attorney General Bonta to immediately put the data back on the website. 

When asked for comment, a CADOJ spokesperson said, "We are working to bring OpenJustice’s other functions back online as soon as possible." They also said that in the meantime, we could submit requests for the data via email. 

EFF did just that on September 30, 2022 through a California Public Records Act (CPRA) request. If CADOJ had been following the law, the data would have been available online instantly, but instead, we were forced to wait four weeks after CADOJ granted itself a deadline extension, and then missed that deadline by a week. 

You can download the data we obtained dating back to 2016 here.

When looking at this data, it's important to note that it does not cover all search warrants for data, but only certain categories: when an agency does not know the identity of the person they are targeting or when they delay notification of the target of the search warrant. 

For each of these search warrant, the agency must disclose information about its request, such as the nature of the investigation and crime, whether the warrant is targeting a device or an account, the name of any company who received the search warrant (such as Google or Facebook), the categories of data sought, and the start and end date for the information sought. After receiving the data, CADOJ must publish that data within 90 days, but they can also redact personal info from the data. 

Researchers can use this data to seek copies of the search warrants themselves, either through a CPRA request or by visiting the courts. In some cases, the warrants or portions of the warra