Earlier this year, Chula Vista city officials quietly amended a contract with Motorola Solutions to provide the software that would power the police department’s real-time operations center.
The move followed a KPBS story in January detailing the privacy concerns raised by the contract — in particular how data from the police department's surveillance of residents could be handed over to the tech conglomerate with few strings attached.
Among other things, the contract gives Motorola control over data collected by surveillance tools such as drones and license plate readers. These methods, experts say, allow police to track the precise movements of residents.
The contract was changed after privacy advocates and members of Chula Vista City Council questioned city staff on issues raised in the KPBS story. Specifically, the contract amendment removes a provision allowing Motorola to license or sell data that had been stripped of identifying information.
The new language doesn’t improve privacy protections, technology and privacy experts say.
“Even with this change, the privacy protection is like a leaky ship,” said Albert Fox Cahn, executive director of the New York City-based Surveillance Technology Oversight Project. “They might have duct-taped one hole — but we still have water flooding in on the other side, allowing Motorola to profit off of Chula Vista data by selling it to other customers. And we have no idea who those customers are.”
That’s because Motorola still has a broad license to use customer data in a way that financially benefits the company, Cahn said. He points out that the contract still allows the company to analyze, publish, develop and improve commercial products and offer subscription services to customer data that passes through the police department's real-time operations center system.
“Even worse, there’s nothing here that blocks Motorola from selling this data to customers who then resell it to other people,” Cahn said. “Once you allow the data to be used in that way, it really is just available to the highest bidder.”
Motorola did not return a KPBS reporter's emails or calls. But, in a February letter to Chula Vista officials, the company told the city it does not “share or resell customer data.”
The company, however, is still allowed to take customer data and transform it to what’s called solution data, experts say. The contract stipulates that, once that happens, “Motorola, its vendors and licensors are the exclusive owners of all right, title and interest in and to” the data. And the company is not contractually barred from selling solution data, according to the experts.
Meanwhile, Chula Vista City Attorney Glenn Googins insists that the contract amendment does keep Motorola from selling data.
“Although the City was informed by Motorola that they don’t sell 'Customer Data' (regardless of what the contract says), we concluded, given the nature of the contract and the information, the contract shouldn’t allow it,” Googins wrote in an emailed statement. “We asked that they delete this provision and they agreed.”
'Window dressing'
Statewide privacy advocate Brian Hofer disagrees, calling the change “window dressing. ... It’s performative art. It’s meant to give comfort to people who aren’t paying attention.”
Hofer said the city’s explanation was dubious given that the most intrusive contract terms remain.
“If this had been the first instance, I would give them a pass and say it’s negligence,” Hofer said of city officials. “When it happens a second time and it's obvious that it’s a bad contract, it seems like there’s some intent to allow this to happen.”
Chula Vista Councilman Steve Padilla said he and his colleagues should have never approved the original Motorola contract. He added that city staff should have flagged key parts of the contract because the council members cannot be expected to read every page of every agreement due to the sheer volume of information that comes their way.
Even so, Padilla said he felt comfortable that the Motorola amendment protects the privacy of Chula Vista residents, based on what the police department, tech staff and the city’s lawyers have told him.
“Nobody's being spied on, and nobody's data is being collected, and nobody's data is being shared, and nobody's data is being sold,” Padilla said.
If, by chance, the city’s staffers are wrong, Padilla said, “then, obviously, I would personally have a big problem with that and would want to examine this further.”
Pedro Rios, who sits on Chula Vista’s new Privacy Advisory Task Force said he wanted the panel to scrutinize the Motorola agreement.
“These types of contracts are presenting real, viable threats to the privacy of the people of Chula Vista,” Rios said.
Googins said the Motorola contract and others like it were still under review by his legal team and the city’s IT staff. Asked whether such a review took place before the original contract and its amendment were approved, Googins wrote in an emailed statement:
“Significant city contracts are always reviewed by my legal group. Until recently, however, these types of provisions had not been an area of focus. They should have been and now very much are.”
