Item #5 APD License Plate Reader Audit Report - May 2025

Public Safety Commission – June 2, 2025

Item #5 APD License Plate Reader Audit Report - May 2025 — original pdf

Backup

Thumbnail of the first page of the PDF — Page 1 of 21 pages

City of Austin Office of the City Auditor Audit Report APD License Plate Reader May 2025 The Austin Police Department (APD) has a new Automated License Plate Reader (ALPR) program approved under a trial period from March 2024-March 2025. As a part of departmental policy, APD’s Risk Management Unit audits the program against Resolution- informed criteria quarterly. APD Risk Management generally reported accurate ALPR metrics and ensured compliance with policy requirements. However, there were issues with missing or late data that could be fixed with increased clarity and scheduling in the audit process. Also, we found that APD’s ALPR program and audit requirements are generally aligned with selected peer police departments. Additionally, the City should make changes to APD’s contract with Flock Safety, APD’s ALPR vendor, to ensure that it could not lead to unauthorized data sharing in Resolution-directed instances. Audit Highlights May 2025 City of Austin Office of the City Auditor APD License Plate Reader Objectives The objectives of this audit were to: 1. Evaluate APD’s ALPR Risk Management audits for reliability and effectiveness 2. Compare the ALPR program with peer police departments 3. Monitor for additional emergent risks. What We Found We found APD’s Risk Management quarterly audits generally reported accurate numbers for the Resolution-mandated metrics and ensured compliance with policy requirements. We found some small discrepancies that were ultimately corrected. However, there were instances where there were gaps in required items due to not pulling data on-time, not requesting information from prosecution entities on-time, or from unfamiliarity with policy requirements. We also noted that there were several opportunities for APD Risk Management to improve their audit process, namely on 1) audit program roles, 2) user compliance review process, and 3) stakeholder communication. APD’s ALPR program is generally aligned with peer police departments. Most peers audit their ALPR programs, are governed by their General Orders, and assign someone at the Lieutenant-level to run the program. APD audits their program more frequently and has more frequent training than peers. Austin also has the shortest data retention of assessed peers at seven days. The City’s contract with the ALPR vendor, Flock Safety, may leave motorist data open to unintended use. The contract’s language in some sections is unclear and lacks definition of key phrases. This may allow Flock Safety to retain some elements of scan data beyond the seven-day deletion requirement and then share them with outside law enforcement agencies without following Resolution guidelines. The Resolution expressly prohibits sharing of APD ALPR data, except under very specific circumstances. What We Recommend The Chief of Police should ensure that APD continue their regular audits of the ALPR program by implementing additional formalized processes to enhance consistency and effectiveness. This includes automation of data pulls and data requests, establishing a written timeline for reporting the audit results to stakeholders, clearly describing staff roles and responsibilities for audits, and documenting audit procedures to ensure compliance with policy requirements. 2 Office of the City Auditor APD License Plate ReaderContents Objective and Background What We Found Recommendations and Management Response Appendix A: Resolution Required Audit Items Appendix B: Analysis of Peer Police Department ALPR Programs Scope and Methodology 3 5 13 14 15 16 Cover: Intersection at Congress and Cesar Chavez, Transportation and Public Works Flickr Objectives The objectives of this audit were to: 1. Evaluate APD’s ALPR Risk Management audits for reliability and effectiveness 2. Compare the ALPR program with peer police departments 3. Monitor for additional emergent risks. Background Officers are also only allowed to use ALPR data to make detentions or arrests if the alleged crimes are felonies, Class A or Class B misdemeanors, and/or Class C and D hate or sex crimes. Automated License Plate Reader (ALPR) programs are camera systems that automatically photograph and store license plate numbers, as well as the accompanying date, time, location, and vehicle type associated with each scan. This information is used to assist law enforcement personnel with finding suspects and completing investigations. ALPRs may be in fixed locations or mounted on a law enforcement vehicle. Austin Police Department (APD) previously had an ALPR program until it was suspended by Austin City Council (Council) in 2020. In September 2022, Council authorized APD to reinstate an ALPR program for a one-year trial period. The trial was implemented with the intention that after the trial period concludes, Council will decide whether or not to continue the program. The program was authorized in Council Resolution 20220915-056 and its amendment Resolution 20230608-085. Due to stakeholder concerns pertaining to data security and privacy, the Resolutions contain several regulations that govern APD’s ALPR program. Principally, APD is allowed to retain license plate data for seven days, after which it is automatically deleted. The City contracted with Flock Safety (Flock) to deliver the ALPR service. Flock is a private company that manufactures and operates license-plate readers across the country. In accordance with the Resolution, APD and Flock deployed 40 fixed cameras around Austin beginning in March 2024. In September 2024, APD also acquired and deployed over 200 additional vehicle-mounted cameras. As of April 2025, that number has grown to nearly 500. The vehicle mounted cameras were provided by Axon Enterprise (Axon), who also provides APD with body-worn cameras technology. 3 Office of the City Auditor APD License Plate ReaderAdditionally, the Council Resolution stipulated that the Office of the City Auditor (OCA) “audit APD’s license plate reader audit process and review the license plate reader data and program.” Specifically, the Council Resolution required the audit to be complete by the end of the pilot program and at a minimum include: A. The number of license plates scanned B. The names of the lists against which captured data were checked, and the number of confirmed matches and the number of matches that upon further investigation did not correlate to an alert C. The number of matches that resulted in arrest, prosecution, or location of a missing or endangered person D. The number of preservation requests received, broken down by number of requests by governmental entity versus by defendants E. The number of data sharing requests received, granted, and denied F. The number of data sharing requests resulting in arrest, prosecution, or location of a missing or endangered person G. The number of manually entered license plate numbers under Section 1, broken down by reason justifying the entry, and the number of confirmed matches and the number of matches that upon further investigation did not correlate to an alert H. Any changes in the Austin Police Department policy that affect privacy concerns Please view Appendix A for list of Resolution items with explanations of auditor interpretation. APD General Order 344, which governs the ALPR program, requires APD’s Risk Management Unit to conduct a quarterly audit of the ALPR program. These audits must cover all the Resolution-mandated audit items as well as additional elements included in APD General Order 344. The Office of Police Oversight (OPO) receives regular briefings from APD staff on the ALPR program. Upon request, the Public Safety Commission (PSC) may also receive updates of the program, including outcomes and statistics, successful cases, arrests, and what is going well with the program. 4 Office of the City Auditor APD License Plate ReaderWhat We Found Summary Finding 1 APD Risk Management’s quarterly audits generally complied with policy requirements but could be improved with greater formalization and scheduling. Scan metadata includes all license plate scan information that is anonymized and retained by APD Risk Management for audit purposes. We found that APD’s license plate reader audit process generally complied with Council Resolution No. 20220915-056 and No. 20230608-085. For the three audits reviewed, APD Risk Management generally provided accurate numbers for most required resolution items. Any exceptions we found were corrected during the audit. We noted some gaps in APD Risk Management’s audit process pertaining to audit program roles, user compliance review procedure, and communication with stakeholders. We also found that APD’s ALPR program generally conforms to peer police departments. APD’s training and audit frequency exceed that of its peers. Austin also has the shortest data retention period of assessed peers at seven days. APD Risk Management’s three quarterly audits established procedures to collect data for the Resolution-mandated items and ensure compliance with ALPR policy requirements. We noted that Risk Management’s quarterly audits sufficiently answered most policy-required elements, and the reported data generally matched with the original documents. However, there were data gaps in all three assessed quarters, as well as delays in addressing some required audit items. The audit discrepancies include the following: • Resolution Item A, License Plate Scans, had several data gaps. These gaps were caused by failures to pull metadata from Flock on schedule. • Resolution Items B & G, Lists and Matches & Manually Entered Plates, were first answered partially. APD Risk Management did not report the non-correlating alerts metric until the end of the assessed period and after a process suggestion from OCA. • Resolution Item C, Outcomes, experienced delays in the acquisition of prosecution information. APD Risk Management did not request information from the appropriate sources on-time for all three assessed quarterly audits. • We noted minor discrepancies in reported APD information such as slightly incorrect numbers for some metrics. These were corrected after OCA noticed them. A: The number of license plates scanned Resolution requires that we report the total number of license plates scanned across the pilot program. However, APD staff did not acquire all required metadata in time and instead developed estimates. Flock deletes all ALPR data after seven days. As such, for the scan data to be retained, APD or Flock staff must manually pull the data every seven days. Due to a lack of understanding of the deletion period and scheduling failures, all original data was not pulled and stored across all three quarters of the trial period. This led to gaps in the scan data ranging in length from half a day to multiple weeks. 5 Office of the City Auditor APD License Plate ReaderDespite these gaps, calculating the number of license plates scanned is a Resolution-required item. APD Risk Management created an estimation system to calculate the number of plate scans made across all three quarters. While it is impossible to verify the true number of Flock scans, we include APD’s estimate below for reference. Additionally, APD acquired and deployed over 200 Axon vehicle-mounted ALPR cameras midway through the trial period. The cameras were not activated until Quarter 3 of the trial period. The number of cameras has grown, and as of April 2025, is nearly 500. Metadata of scans from the Axon cameras is located in APD’s portal and was verified by OCA.The Axon data must also be anonymized. Exhibit 1: APD estimated they performed over 75 million scans Metric Quarter 1 Quarter 2 Quarter 3* APD Estimate of Total Scans Flock Scans Verified by OCA Axon Scans Verified by OCA 13,790,311 23,623,874 37,697,936 Not verified due to data gaps Not verified due to data gaps Not verified due to data gaps Not yet active Not yet active 10,975,751 *Includes both Flock and Axon scans. Source: Estimates from APD Risk Management, verification from OCA, March 2025 It should also be noted that there is a key difference between how Flock and Axon cameras count each scan. Flock scans and records each vehicle that passes a camera one time. One pass equals one record. However, Axon may scan a single license plate multiple times. For instance, if an Axon-equipped patrol vehicle is behind a car in traffic, the camera may scan and record that car’s plate multiple times. As such, the true number of encounters Axon records is likely lower than what their data suggests. B: The names of the lists against which captured plate data were checked, and the number of confirmed matches and the number of matches that upon further investigation did not correlate to an alert We found that APD’s ALPR program used 3 hotlists, found 13,122 matches, and resulted in 0 incorrect or unjustified stops. For all three assessed quarters, APD used the National Crime Information Center hotlist (NCIC), the National Center for Missing and Exploited Children hotlist (NCMEC), APD’s own custom hotlist, and APD’s non-custom hotlist to scan plates against. APD’s ALPR program consistently found more matches as the program matured. APD reported zero instances of incorrect or unjustified stops using ALPR data based on these lists. We verified this metric by reviewing all 286 Hit Stop Forms entered across the three quarters. We reviewed each stop justification, compared its rationale to Resolution requirements, and checked with APD for supplementary information where needed. We found zero incidents of incorrect or unjustified stops. 6 Office of the City Auditor The Hit Stop Form is the form required when an officer conducts or attempts a stop based on an ALPR hit. The officer must document the reason for their stop, among other metrics. APD License Plate ReaderExhibit 2: APD matches increased over time but did not result in any incomplete or unjustified stops Metric Quarter 1 Quarter 2 Quarter 3 Lists Used NCIC, NCMEC, APD non-custom hotlist NCIC, NCMEC, APD non-custom hotlist NCIC, NCMEC, APD non-custom hotlist Matches 3,099 4,685 5,338 Non-correlating alerts 0 0 0 Note: This Exhibit only includes information from the Flock NCIC/NCMEC hotlists. The APD custom hotlist match count is located in Item G. The Axon NCIC/NCMEC hotlist was omitted due to its inability to be verified as a true count of matches, as it scans single plates multiple times. Source: Flock ALPR data analyzed by OCA. APD metrics from Quarters 1, 2, and 3 Risk Management Audits, August and November 2024, and January 2025, respectively In the first two quarters of the trial period, APD Risk Management did not report the non-correlating alerts metric as required. APD Risk Management and OCA determined that the Hit Stop Form description could be used to assess whether a stop was or was not a correct match. APD retroactively reported this metric for all previous quarters. C: The number of matches that resulted in arrest, prosecution, or location of a missing or endangered person APD’s ALPR program resulted in 165 arrests, approximately 133 prosecutions, and 1 missing/endangered person recovered. The number of arrests based on ALPR data increased consistently over the course of the trial program. There was one instance of a missing or endangered person being recovered in Quarter 3. Exhibit 3: The Automated License Plate Reader (ALPR) Program resulted in both arrests and prosecutions Metric Arrests Prosecutions* Missing/endangered persons recovered Quarter 1 Quarter 2 Quarter 3 22 18 0 52 43 0 91 ≤72 1 *OCA and APD Risk Management relied on public information requests to report these numbers. These requests are a snapshot in time and may not capture the current status of legal proceedings. While these numbers may be accurate, they should be considered as estimates. Source: Flock ALPR data analyzed by OCA. APD metrics from Quarters 1, 2, and 3 Risk Management Audits, August and November 2024, and January 2025, respectively Initially, APD Risk Management was unable to report prosecution outcomes. To report this metric, APD Risk Management had to submit public information requests (PIRs) to the County and District Attorney’s Offices to have visibility into what happened to arrested individuals once they were passed into the justice system. APD Risk Management made these requests when we asked for the data for our audit. 7 Office of the City Auditor APD License Plate ReaderPreservation requests are to ensure data that is expected to be deleted is retained for an investigation. D: The number of preservation requests received, broken down by number of requests by governmental entity versus by defendants APD staff reported that there have been no requests for data preservation submitted to APD during the first three quarters of the trial period. E: The number of data sharing requests received, granted, and denied There have been three instances of data sharing in the trial period. All three of these instances were facilitated by APD personnel in the Austin Regional Intelligence Center (ARIC) and occurred in Quarter 3. The entities that requested and received data from APD are the Texas Department of Public Safety, the Bastrop County Sheriff’s Office, and the Austin Fire Department. Exhibit 4: APD only received data sharing requests in Quarter 3 of 2024 Metric Quarter 1 Quarter 2 Quarter 3 Requests Received Requests Granted Requests Denied 0 0 0 0 0 0 3 3 0 Source: APD Risk Management Sharing Request Forms, April 2025 For APD to share ALPR data with other law enforcement entities, the requesting organizations are required to comply with the requirements in the Council Resolution and City of Austin/APD ALPR policy. This includes the investigation pertaining to the same class of crimes authorized for ALPR use in Austin, storing the ALPR data securely, and signing a non-disclosure agreement. The requesting organization must request the ALPR data by completing a form detailing the data needed and the parameters of how it will be used. APD staff reported that they have had some additional interested parties, but that they have been unwilling or unable to complete the request process, likely due to Austin’s seven-day retention period and documentation requirements. F: The number of data sharing requests resulting in arrest, prosecution, or the location of a missing or endangered person APD Risk Management was not aware of the three granted sharing requests until late in our audit reporting period. As such, there was insufficient time for APD to request and provide the prosecution outcomes related to the three data sharing instances. However, the three reasons cited for the data sharing requests were for cases involving 1) the trafficking of persons, 2) theft of a motor vehicle, and 3) arson. G: The number of manually entered license plate numbers under Section 1, broken down by reason justifying the entry, and the number of confirmed matches and the number of matches that upon further investigation did not correlate to an alert We found that over the course of the trial period there were 27 instances when an officer requested a license plate number to be entered into APD’s 8 Office of the City Auditor APD License Plate ReaderFor each plate APD personnel wish to add to the custom hotlist, the requestor is required to complete the Manually License Plate Entry Form justifying the plate’s entry. custom hot list. Twenty requests were approved and entered into APD’s custom hotlist. Those entries generated 193 hits over the three quarters, and we found that they resulted in zero unjustified stops. The reasons behind the entry requests included BOLOs, exigencies, state/federal, and audit testing. APD’s custom hotlist saw more use as the program matured during the trial period. More entries were requested and approved over the trial period. The reasons for entry included: • BOLO, which stands for “be on the lookout” and is used for general monitoring • Exigency, which means extremely time sensitive, often used in conjunction with violent crimes • State/federal, which is an alert from state or federal authorities who want a plate entered sooner than normal • Audit test, which was a test used by APD Risk Management Exhibit 5: APD entered more plates and confirmed more matches over time Metric Quarter 1 Quarter 2 Quarter 3 Entries Requested Entries Approved 8 5 6 5 13 10 Entry Reasons 5 BOLO 1 BOLO 2 exigency 1 state/federal 1 audit test 9 BOLO 1 exigency Confirmed Matches Non-correlating Matches 0 0 26 0 167 0 Source: Flock ALPR data analyzed by OCA. APD metrics from Quarters 1, 2, and 3 Risk Management Audits, March 2025 Like Item B, Item G required reporting of instances in which a match “did not correlate to an alert.” Similar to Item B, we interpreted this to signify an instance in which the incorrect plate was inputted or should not have occurred, meaning an unjustified stop took place. We verified this metric by reviewing all 286 Hit Stop Form entries across the three assessed quarters and found zero incidents of incorrect or unjustified stops. H: Any changes in Austin Police Department policy that affected privacy concerns There have been changes to General Order 344, APD’s ALPR policy, but none of them affect ALPR privacy concerns. Both the first and second quarter of the trial period saw updates to General Order 344’s language. These changes include adding detail to some sentences, adjusting the required rank of the Chief Security Office, and making grammar adjustments. APD staff report that these changes were made to bring the General Order language more in-line with the Resolution language and requirements, and policy-writing best practices. 9 Office of the City Auditor APD License Plate ReaderAPD Risk Management Audit Process Improvement Opportunities In addition to reporting Resolution required metrics, we also assessed APD Risk Management’s internal audit process for their quarterly audits. We identified some gaps in the Risk Management audit process pertaining to audit program roles, review procedure for user compliance, and communication with stakeholders. Addressing these gaps will help to enhance compliance and effectiveness of the audit process. APD Risk Management’s audit program roles could be clearer There are not clearly written roles and responsibilities for those auditing the ALPR program. Much of the work is done by agreement and need. Establishing written guidance would aid APD in ensuring continuity of quality in ALPR program management in the event of staff turnover. The ALPR user compliance review process could be better organized We noticed that there were some instances where officers searching the ALPR database did not apply a case number to their searches, which is a requirement under the General Order. Additionally, some searches appeared not to include a reason to ensure compliance with Resolution or General Order requirements. In addition to conducting audits, APD Risk Management conducts reviews of user compliance with policy. In instances where officers do not appear to be complying with policy, APD Risk Management personnel reach out to those officers or their supervisors to correct the entry. However, these reviews do not have a prescribed frequency or methodology and are done on Risk Management’s availability and discretion. Formalizing the review process would ensure that reviews are standardized and reliable, providing stakeholders with an additional layer of assurance of program quality. It would also ensure that Resolution and General Order requirements are being followed closely. APD could better communicate ALPR outcomes with stakeholders Over the course of the trial period, APD Risk Management also took steps to communicate their audit findings to other stakeholders, including the Office of Police Oversight (OPO), Public Safety Commission (PSC), and the public. APD communicated with OPO and the PSC through meetings and presentations with its members. APD communicated with the public by maintaining Axon and Flock transparency portals that allows visitors to see metrics behind the ALPR program. However, the presentations and meeting with OPO and the PSC were not Resolution- or policy-mandated, and as such do not have a standardized frequency. Formalizing the audit reporting timeline and maintaining a list of stakeholders would help to provide assurance and support ongoing transparency. 10 Office of the City Auditor APD License Plate ReaderFinding 2 APD’s ALPR program is generally aligned with programs in peer police departments. We compared APD’s ALPR program and ALPR audit requirements with peer police departments. We assessed six peer cities, four in Texas (Dallas, Fort Worth, Houston, and San Antonio) and two out of state (Minneapolis, Minnesota and Seattle, Washington). See Appendix B for our complete analysis of characteristics between Austin and its peers. We also reviewed the Major Cities Chiefs Association ALPR best practices guidelines. We surveyed the selected cities in the following areas of the ALPR program: • Governance • Training • Data retention period • Data sharing • Reporting structure • Audit requirements Based on information collected, the ALPR program for Austin and majority of peer cities included best practices elements. We noted most peers audit their ALPR programs, are governed by General Orders, and assign someone at the Lieutenant-level to run their program. APD audits their program more frequently and has more frequent training than its peers. Austin also has the shortest data retention period of assessed peers at seven days. Austin’s ALPR program governance and reporting structure is similar to its peers. Four out of seven peer police departments, including Austin, have ALPR programs governed by General Orders. Five out of seven peer police departments’ ALPR programs, including Austin’s, are managed by a Lieutenant or Sergeant, which are equivalent to a supervisor or manager and report directly to a Commander or Assistant Chief. Austin has a more robust audit framework than it’s peers, conducting audits more often. Five out of seven peer cities, including Austin, audit their ALPR programs. Austin audits their program the most frequently (quarterly). All other peers audit their programs less often. Both out-of-state peers, Minneapolis and Seattle, use an external audit organization to audit their ALPR programs. Austin requires more regular training compared to its peers. Austin requires officers who use ALPR to complete training annually. Five out of six peer departments require personnel to complete ALPR training only once before they access the system. Austin retains ALPR data for the shortest period compared to peer cities. The retention period for the ALPR data that is not linked to a criminal investigation is seven days for Austin. Five of the six cities we surveyed have retention periods ranging from 30-730 days. 11 Office of the City Auditor APD License Plate ReaderAdditional Observation The City’s contract with Flock Safety may leave motorists’ data open to unintended use. The Council resolutions have a strong intent to protect motorists’ data from unauthorized use. The Resolution prohibits APD from using ALPR program data to investigate individuals for First Amendment activities, reproductive care access, and immigration status, among other restrictions. However, the language of the City’s contract with Flock Safety (Flock) could potentially allow the company to retain data that could be later used by other law enforcement entities, contrary to Austin’s intended purpose. Currently, the City’s contract with Flock includes language that may grant Flock the ability to retain data that could be later used by a third party to identify motorists. Section 4.4 of the contract’s Terms and Conditions grants Flock a “non-exclusive, worldwide, perpetual, royalty-free right and license… to (i) use and distribute Aggregated Data to improve and enhance the Services and for other development, diagnostic, and corrective purposes, other Flock offerings, and crime prevention efforts, and (ii) disclose the Agency Data (both inclusive of any Footage) to enable law enforcement monitoring against law enforcement hotlists as well as provide Footage search access to law enforcement for investigative purposes only.” This language allows Flock to retain some elements of scan data beyond the seven day deletion requirement. The contract states that Aggregated Data is compiled anonymous data which has been stripped of any personal identifying information (PII). Although the contract does require PII to be removed from retained data, it does not define what constitutes PII. Legally, if Flock has data that would aid a law enforcement entity in an investigation, they are required to share that information with the requesting entity. That data could then be used for investigations on matters that could include First Amendment activities, reproductive care access, and immigration status. This would constitute use of APD ALPR data inconsistent with the intent of the Council Resolution. 12 Office of the City Auditor APD License Plate ReaderRecommendations and Management Response The Chief of Police should continue conducting regular audits to ensure compliance with General Order 344 while implementing additional formalized processes to enhance consistency and effectiveness, including: 1 a. Automated data pulls and data requests, including automated anonymization of the data for audit purposes. If no automation is available, APD should adhere to a specific, written schedule for manually pulling or requesting required data for audits. b. Clearly described roles and responsibilities for staff involved with the Risk Management audits, including documented audit procedures so that the audit process can be replicated by future rotations of staff. c. Regular reviews of ALPR user compliance with policy requirements. d. A defined timeline for reporting the regular Risk Management audits, including a list of stakeholders to regularly share audit results with. a. Automated data pulls and data requests, including automated anonymization of the data for audit purposes. If no automation is available, APD should adhere to a specific, written schedule for manually pulling or requesting required data for audits. Management Response: Agree Proposed Implementation Plan: Since the Automated License Plate Reader (ALPR) pilot program began, APD has improved the data retrieval process, including plate scans and hits on NCIC/TCIC or hot lists. Before the pilot launch, Flock provided guidance on pulling this data which Flock stated they would retain for 30 days (the metadata only). Operating on this information, APD Risk Management staff discovered gaps in the plate scan datasets during the initial quarterly audit (which, despite the guidance provided by Flock, only contained 7 days of plate scans). To address this, APD took a proactive step and requested that Flock, the sole initial vendor, provide these datasets automatically to APD. Initially, the Flock vendor was unable to do so. However, with the addition of AXON (in the third programming quarter) and working in collaboration with both vendors, APD Risk Management now receives complete datasets weekly. The AXON dataset has 7 days of data due to the APD retention mandate, and no data (metadata or otherwise) is retained beyond this 7-day period. Additionally, the dataset must be sanitized manually (i.e., the plate data/information must be removed from the dataset), but the implementation for this step is not problematic. Since the automatic data push was fully implemented November 11, 2024, there have been no data gaps due to APD operations or processes. Another external dataset needed for the audit are “outcomes,” which necessitate collaboration with the District Attorney and County Attorney offices. This information is requested at the end of every quarter, no later than two weeks after the close of the audit period to meet the procedural mandate of the resolution. However, outcome data lacks significant or complete meaning because arrests made by APD can take years to fully move through the criminal justice system and cases are handled in a variety of ways, most of which are fully outside of APD’s control. The above-listed processes are documented in an internal APD ALPR Audit Operations Manual, which APD Risk Management maintains (and has provided to the City Auditor’s office). Proposed Implementation Date: Currently implemented. 13 Office of the City Auditor APD License Plate Readerb. Clearly described roles and responsibilities for staff involved with the Risk Management audits, including documented audit procedures so that the audit process can be replicated by future rotations of staff. Management Response: Agree Proposed Implementation Plan: APD Risk Management has created a manual with step-by-step instructions for conducting audits. This manual includes links to the pertinent datasets and links to a video walk-through that will assist staff (APD Risk Management Audit Coordinator or APD Auto Theft unit leadership) with conducting audits. The manual also includes a timeline for completing each step to ensure audits are conducted in a timely manner. This document has been provided to the City Auditor’s office for review. Managing the ALPR audit is the responsibility of the APD Risk Management Sergeant of Policy Development. This task is mandated in the Risk Management unit Standard Operating Procedure (SOP) manual as part of the Policy Development Sergeant’s responsibilities. Prior to staff turnover, the Risk Management Sergeant will cross-train any incoming employees— including the unit’s replacement Sergeant, the Risk Management Administrative Assistant, and Auto Theft Sergeant—to perform the duties required to aggregate the data and conduct quarterly ALPR audits. Proposed Implementation Date: Partially completed, full implementation anticipated no later than July 31, 2025 (at the completion of the next quarterly audit). c. Regular reviews of ALPR user compliance with policy requirements. Management Response: Agree Proposed Implementation Plan: APD recognizes that the City Auditor’s office noted issues with user compliance. APD reviewed the audit report and is committed to ensuring user compliance by addressing these issues through technological changes to the search interface, additional reviews of ALPR use by APD supervisors, and adjusting training to address documented concerns. Additionally, APD is committed to feedback from the Office of Police Oversight and other stakeholders and will work to adjust processes and usage accordingly to address concerns. APD Risk Management audits have found that a high degree of compliance exists amongst users. The gap in user compliance was mainly in the documentation of user searching of the system, with users not adding a case number AND a reason for the search (that would be readily identifiable as in line with the resolution) before searching the system. APD has addressed this issue in several ways, including: 1. In late April 2025, APD implemented a mandatory “Reason” field that lists reasons for the search that are in line with the resolution. APD is working with Flock to also mandate the case number for a search be entered before a user can search the system. Flock has acknowledged this request and anticipates implementation no later than October 1, 2025. 2. APD Risk Management reviews user search history as part of the quarterly audit to ensure the search “reason” and “case number” information continues to be captured. 3. APD Auto Theft Sergeants review Versadex reports, search history, and APD forms to ensure user compliance. Proposed Implementation Date: Partially implemented, full implementation upon Flock update. 14 Office of the City Auditor APD License Plate Readerd. A defined timeline for reporting the regular Risk Management audits, including a list of stakeholders to regularly share audit results with. Management Response: Agree Proposed Implementation Plan: APD Risk Management audits are conducted quarterly and are completed no later than 30 days after the audit period closes. APD Executive Staff will provide regular updates to the Public Safety Commission through quarterly departmental presentations. APD will also disseminate this information to the Office of Police Oversight, Public Safety Committee, and City Council. Additionally, in November 2024, APD added links to the Axon Transparency Portal and the Flock Transparency Portal to the Austin Police Department Open Data Portal. These online portals allow community members to view real-time ALPR usage, statistics, departmental policies and other information related to the ALPR program. Proposed Implementation Date: Currently implemented. 15 Office of the City Auditor APD License Plate ReaderManagement Response M E M O R A N D U M TO: Corrie Stokes, City Auditor FROM: Chief Lisa Davis, Austin Police Department DATE: May 9, 2025 SUBJECT: Austin Police Department License Plate Reader Audit Report, May 2025 The purpose of this memorandum is to provide a management response to the May 2025 audit report regarding the Austin Police Department (APD) Automated License Plate Reader (ALPR) program. APD is committed to complete transparency and procedural justice. In line with this commitment, we present the following summary in response to the audit report. In September 2022, the City Council granted APD authorization through Resolution 20220915-056 to resume ALPR programming for a one-year pilot period, with activity commencing in March 2024. This resolution required the City Auditor’s Office to complete a comprehensive audit of the system's use upon conclusion of the one-year term. The audit ﬁndings and recommendations are scheduled to be presented to the Audit and Finance Committee on May 19, 2025. APD leadership reviewed the audit and believes that the report demonstrates our overall commitment to compliance with the resolution. APD leadership: • provided accurate ALPR system data • • properly used the ALPR software and multiple hotlists, leading to 13,122 matches (zero incorporated best practices observed in peer police departments incorrect or unjustiﬁed stops) • adhered to Council data sharing limitations (data shared on three occasions), addressing three allowable categories: trafficking of persons theft of a motor vehicle - - - arson • completed 27 requests from APD officers for a license plate number to be entered into APD's custom hotlist (resulting in 193 hits, with zero unjustiﬁed stops) APD acknowledges that the audit report revealed areas for improvement. We appreciate your time in explaining each recommendation and discussing our solutions, which will soon be incorporated into practice alongside broader training for the entire Department. 16 Office of the City Auditor APD License Plate Reader Management Response PAGE: DATE: SUBJECT: 2 of 2 May 9, 2025 Austin Police Department License Plate Reader Audit Report, May 2025 APD remains committed to adhering to the resolution and the parameters established for the use of ALPR technology. APD leadership looks forward to ongoing program assessment and to recognizing the full potential of this investigative tool. Future updates will provide insight into crimes impacted by ALPR technology. To date, numerous investigative units have leveraged the system and its data to assist with the resolution of multiple counts of murder, aggravated robbery, and aggravated assault. cc: T.C. Broadnax, City Manager Eddie Garcia, Assistant City Manager Erika Brady, City Clerk Mary Jane Grubb, Municipal Court Clerk Judge Sherry Statman, Municipal Court CMO Executive Team Department Directors 17 Office of the City Auditor APD License Plate ReaderAppendix A: Resolution Required Audit Items Item Summary Name Resolution Language OCA Notes A Plate Scans Number of license plates scanned None noted B Lists Used and Matches Made The names of the lists against which captured plate data were checked, and the number of confirmed matches and the number of matches that upon further investigation did not correlate to an alert We interpret this item to ask: 1) which crime lists were used to generate ALPR alerts, 2) how many alerts were generated, and 3) how many times APD took a law enforcement action based on ALPR data that was incorrect or should not have occurred C ALPR Stop Outcomes D Preservation Requests The number of matches that resulted in arrest, prosecution, or location of a missing or endangered person The number of preservation requests received, broken down by number of requests by governmental entity versus by defendants None noted Preservation requests are to ensure data that is expected to be deleted is retained for an investigation E Data Sharing Requests The number of data sharing requests received, granted, and denied None noted F Data Sharing Outcomes The number of data sharing requests resulting in arrest, prosecution, or the location of a missing or endangered person None noted G APD Custom Hotlist Entries and Matches The number of manually entered license plate numbers under Section 1, broken down by reason justifying the entry, and the number of confirmed matches and the number of matches that upon further investigation did not correlate to an alert We interpret this item to be 1) the number of times a license plate was manually added to APD’s custom hotlist, 2) how many alerts on those plates were generated, and 3) how many times APD took a law enforcement action on ALPR data that was incorrect or should not have occurred H Privacy Policy Changes Any changes in Austin Police Department policy that affect privacy concerns None noted Source: Resolution 20220915-056 from September 2022, OCA interpretation, March 2025 18 Office of the City Auditor APD License Plate ReaderAppendix B: Analysis of Peer Police Department ALPR Programs Question Austin Dallas Fort Worth Houston San Antonio Minneapolis Seattle ALPR vendor used Flock Safety and Axon Enterprise Flock Safety and Axon Enterprise Flock Safety Flock Safety, Motorola, and ELSAG Axon Enterprise Axon Enterprise and Insight LPR Axon Enterprise Number of cameras +540 (40 fixed, ~500 in-car) 165 (fixed & in- car) 250 (fixed & in- car) 318 (fixed & in- car) 740 (in-car only) 30 (fixed & in-car) 360 (in-car only) Reporting structure Chief Security Officer who is the Lieutenant of the Auto Theft Interdiction Unit, who reports to a Commander Video Integrations and Technology Team, who reports directly to an Executive Assistant Chief Supervisor (Sergeant) of the Real Time Crime Center, who reports to Lieutenant Supervisor of the Technical Operations Group, who reports to Assistant Chief Sergeant of the Chief's Technology Team, who reports to Lieutenant Sergeant of the Business Technology Unit and supervisor who reports to a Commander Captain of the Technology and Innovation Unit, who reports to Chief Operating Officer Governance General Orders General Orders General Orders General Orders Department Policy State Statute and department policy City Ordinance and department policy ALPR training required and how often Yes, annually ALPR data audited and by whom Quarterly audits by APD Risk Management Unit No, request with NDA and data controls only Sharing over Flock allowed ALPR retention period No No Yes Yes, once before use Yes, once before use Yes, once before use Yes, once before use Yes, once before use Annual audit by the Real Time Crime Center Supervisor Semi-annual* audit by ALPR managers (or designees) Yes Yes No Yes Bi-annual** audit by independent party Periodic audits by the Office of Inspector General with assistance from PD ALPR admin Very limited No, request only 7 days 30 days 30 days 365 days 730 days 60 days 90 days *Twice a year ** Every two years Source: OCA analysis of peer police department responses, March 2025 APD License Plate Reader 19 Office of the City Auditor Scope The audit scope included the APD Risk Management Unit’s first three quarterly audit reports, and the audit process used for reporting of the Resolution-mandated program data. The assessed period spanned from March-December 2024. Methodology To complete this audit, we performed the following steps: • Interviewed staff from the Austin Police Department, the Office of Police Oversight, the Information Security Office, and the Law Department • Reviewed APD’s ALPR General Order, including changes during the trial period • Consulted the leadership of the Public Safety Commission • Accessed and reviewed APD Risk Management audit results against the Flock Safety ALPR system, including original scan data and APD Risk Management supporting documents • Researched best practices for managing ALPR program • Evaluated the City’s contract with Flock Safety • Benchmarked the City’s ALRP program against six peer police departments selected according to judged best fit • Compiled all Hit Stop summaries to assess that officers followed APD policy in law enforcement scenarios • Evaluated internal controls related to APD’s ALPR program • Evaluated the risk of fraud, waste, and abuse for the APD’s ALPR program Audit Standards We conducted this performance audit in accordance with Generally Accepted Government Auditing Standards. Those standards require that we plan and perform the audit to obtain sufficient, appropriate evidence to provide a reasonable basis for our findings and conclusions based on our audit objectives. We believe that the evidence obtained provides a reasonable basis for our findings and conclusions based on our audit objectives. 20 Office of the City Auditor APD License Plate ReaderThe Office of the City Auditor was created by the Austin City Charter as an independent office reporting to City Council to help establish accountability and improve City services. We conduct performance audits to review aspects of a City service or program and provide recommendations for improvement. Audit Team Neha Sharma, Audit Manager Jacob Perry, Auditor-in-Charge Kendall Byers Kathie Harrison Randall Jackson Mateo Macias City Auditor Corrie Stokes Deputy City Auditor Jason Hadavi Office of the City Auditor phone: (512) 974-2805 email: AustinAuditor@austintexas.gov website: http://www.austintexas.gov/auditor AustinAuditor @AustinAuditor Copies of our audit reports are available at http://www.austintexas.gov/page/audit-reports Alternate formats available upon request