Public records turned up by The Ellis Collective, a student-led research group, have revealed that the UC system shared data collected by automated license plate readers at multiple campuses with U.S. Customs and Border Protection and other federal agencies, in apparent violation of state law.

The collective also raised concerns about the possibility that UC Berkeley, which maintains data-sharing agreements for its system of six ALPR cameras, may have shared data that could have potentially wound up in federal hands.

In California, sharing data collected by ALPR systems with out-of-state agencies is illegal and could incur fines of up to $2,500 per instance of illicit sharing.

Reports from ALPR provider VehicleManager at UC Riverside and UC Merced show that data collected on campus was forwarded to “CBP - NTC,” an acronym for U.S. Customs and Border Protection’s National Targeting Center.

UC Office of the President spokesperson Stett Holbrook did not respond to a request for comment on the apparent violation of state law.

ALPR systems largely collect information about vehicles; however, that information can be matched to individuals and used by law enforcement agencies to locate them. That information has historically proven hard to control, as, depending on the terms of data-sharing agreements, agencies that access ALPR systems might share information they obtain with yet other agencies, allowing the data to outrun the privacy protections it may have at its source.

A report on data-sharing agreements from the Northern California Regional Intelligence Center, or NCRIC, a regional law enforcement agency, shows an agreement with UC Berkeley to access the campus’s collected ALPR data.

“Data doesn’t stay in one place. Data can be reshared with other agencies, which is exactly what fusion centers like NCRIC do,” The Ellis Collective alleged in an Instagram post. “Since UCB shares with NCRIC, every agency that has access to NCRIC can also see UCB Data.”

The NCRIC shares its data with a number of state agencies that have reportedly shared data with out-of-state or federal agencies in the past.

Campus spokesperson Dan Mogulof pushed back on the collective’s concerns, stating in an email that UCPD does not permit data sharing for immigration enforcement purposes, nor does it share data with federal agencies.

“UCPD shares access to its Flock Safety ALPR network with 208 California agencies,” Mogulof said. “This means if we grant access to an agency, we are only sharing data with that agency. It does not enable the agency to share access to UCPD’s network.”

Mogulof said the campus’s ALPR system — provided by Flock Safety as part of a two-year pilot program at student housing in Albany and Emeryville — has aided UCPD in solving violent crimes. Mogulof added that UCPD audits all uses of the Flock database for compliance with the law and privacy standards.

UC Riverside and UC Merced’s police departments did not answer questions about the nature of their ALPR systems and their data-sharing practices.

While the exact volume of data shared by many UC campuses remains unclear, external audit logs from UC Irvine show tens of thousands of searches of its database over the last year.

The Ellis Collective’s research project, which produced many of these revelations, relied on the provisions of the California Public Records Act, which requires government entities to keep and make available certain records.

The collective’s project is ongoing and recently embroiled in litigation.

Daniel Negrete, director of The Ellis Collective, recently filed suit against the UC Regents, alleging that UC Riverside had improperly responded to his public records requests. On May 20, Negrete threatened in an email to pursue legal action against UC Berkeley for similar reasons.

“The University of California has not been served with the complaint and will respond in court as appropriate,” Holbrook said in an email, responding to a detailed list of questions for the university about its ALPR practices in light of the suit.

Mogulof said the campus is working to fulfill Negrete’s request as consistent with the law.

In an interview, Negrete declined to say whether he or The Ellis Collective intended to file suit against the university over the alleged illegal sharing.

“I think at this time I don’t want to speak on it,” Negrete said. “But we will keep all options available, and we will be looking into everything.”