The CalGang Audit: Lessons Learned for Law Enforcement.

The following article is a continuation, of sorts, to our article ‘Intelligent Gang Intelligence’ on September 28…

CalGang is a California statewide database that law enforcement agencies use to store and disseminate information about gang activities and suspected gang members. The system has been in place for more than ten years, but has remained largely hidden from public scrutiny.

Shirley Weber, a California Assemblyperson has been working diligently to make CalGang more transparent, and her efforts have recently begun to pay off.

California Assemblywoman Shirley Weber

Last year, Ms. Weber requested an audit of the CalGang system. The database contains activities, addresses, names, aliases and other information related to people that are either known gang members or affiliates. According to an article by The San Diego Union-Tribune, the database has approximately 150,000 entries.

California law enforcement agencies are not obligated to notify individuals whose names appear in the system, unless that person is a minor. The average length of time that an individual had existed in CalGang was approximately 5.5 years.

CalGang can be accessed only by law enforcement officials for legitimate reasons only, and only on a need-to-know basis.

The CalGang audit requested by Ms.Weber was released in August of this year, and reveals that the database may contain a significant number of errors including the presence of dozens of individuals who were less than one year old when first added to the system. The audit also showed that hundreds of individuals that ought to have been removed from the system were, in fact, not.

The findings led Governor Jerry Brown to sign a bill in September that requires law enforcement to notify individuals whose names are added to CalGang, unless it can be shown that providing that disclosure would impact an ongoing criminal investigation.

The audit has shed some light on how gang databases are operated in general, and offers an opportunity for agencies across the country to improve policies and processes. Specifically, 28 Code of Federal Regulations (CFR) Part 23 (28 CFR Part 23) is a U.S. Department of Justice regulation that governs “the operation of criminal intelligence systems that are operated by and principally for the benefit of state, local, tribal, or territorial law enforcement agencies.”

CFR 28 Part 23

28 CFR Part 23 was designed as a regulation specific to multi-jurisdictional criminal intelligence (gang database) systems that receive federal grant funds. It is an excellent guide for intelligence agencies, as it attempts to fairly balance the intelligence needs of law enforcement with an individual’s rights to privacy.

Followed appropriately, 28 CFR Part 23 guidelines would minimize criticism of CalGang and other intelligence management systems.

“This report concluded that CalGang’s current oversight structure does not ensure that law enforcement agencies collect and maintain criminal intelligence in a manner that preserves individuals’ privacy rights,” wrote state auditor Elaine Howle in a letter to the governor and Legislature.

Of concern, the audit of CalGang also uncovered some instances where the data was used for purposes other than intended. Some agencies used the database for employment background screening, as an example.

The guidelines and regulations contained within 28 CFR Part 23 work to prevent these embarrassing and potentially unlawful scenarios by enforcing strict policies related to the input, storage, and dissemination of data.

28 CFR Part 23 regulations enforce how gang and criminal intelligence data is gathered, stored, and disseminated.

Gang and criminal intelligence data is defined within 28 CFR Part 23 as “data which has been evaluated to determine that:

A) it is relevant to the identification of, and the criminal activity engaged in by, an individual who – or an organization which – is reasonably suspected of involvement in criminal activity, and

B) meets criminal intelligence system submission criteria

The ‘submission criteria’ is essentially the basis for something to be entered into the gang intelligence system. The criteria include the following:

  • A reasonable suspicion that an individual is relevant to the criminal activity
  • Prospective information to be entered is relevant to the criminal activity
  • Information does not include data related to political, religious, or social views unless that information related directly to the criminal activity that formed the basis for focus on the gang or group
  • Information was not obtained in violation of any federal, state, or local law or ordinance
  • Information establishes sufficient facts to give trained law enforcement officials a basis to believe that an individual or gang/organization is involved in a definable criminal activity

Data that is deemed to be irrelevant and unimportant should be purged from the system. This is true even if the data is discovered to be noncompliant before five years.

Perhaps the most important element of a gang database system complying with 28 CFR Part 23 is that no information whatsoever from the database should be disseminated without a legitimate law enforcement reason, such as criminal investigation cases and charges being filed against a suspect.

CalGang is an important and vital part of California law enforcement’s ability to deter and investigate gang related activities. A system this large is bound to contain some errors – both in data and judgement. That said, following and adhering to the guidelines of 28 CFR Part 23 may just prevent other agencies from undergoing such a painful public flogging.

About the Author

Tyler Wood is Operations Director of Austin, TX based Crime Tech Solutions ( The company develops and deploys low price / high performance software for law enforcement including Case Closed investigative case management software, sophisticated Sentinel Visualizer link analysis and data visualization software, and CrimeMap Pro advanced crime analytics. The company also develops the popular GangBuster gang database, and IntelNexus criminal intelligence software for 28 CFR Part 23 compliance.

Leave a Reply

Your email address will not be published. Required fields are marked *