Leaked documents reveal that the Albuquerque Police Department (APD) has engaged in a large-scale data and intelligence gathering operation since 2006 carried out entirely by private citizens and corporate partners. This privatization of data-gathering means APD has avoided community oversight and judicial review in the acquisition of this information, some of which would have required a warrant to collect. In addition, documents show this operation has been used on at least two occasions for explicitly partisan political purposes.
The documents were part of a June 19, 2020—Juneteenth—leak of police data by a group called Distributed Denial of Secrets (DDOS). Referred to as “BlueLeaks,” the leak included 269 gigabytes of information from more than 250 police departments that DDOS said it had received from the hacking group Anonymous. According to DDOS, Anonymous hacked into the servers of a private web hosting and software company called Netsential, a vendor of web-based software for hundreds of clients, including many local and regional police departments. Netsential confirmed its servers were compromised. And the National Fusion Center Association, the group that represents the state-run federal data centers at the center of the leak, confirmed the documents are real.
The Albuquerque Police Department hired Netsential years ago, with money from the Target corporation, to build a secure website called CONNECT. The City of Albuquerque calls the “Community Oriented Notification Network Enforcement Communication Technology or CONNECT… an interactive tool which links law enforcement to community partners to communicate about crime and public safety issues occurring in Albuquerque.” The DDOS release included APD documents related to CONNECT, which included reports, emails, membership rosters, and more.
Netsential built CONNECT so that APD could merge data gathering among its various anti-crime programs, which include retail, property and anti-gang units. One of these anti-crime programs, the Albuquerque Retail Assets Protection Association (ARAPA), is a previously little known “public-private partnership” between the Albuquerque police department and big box retailers such as Walmart and Target that began in 2006. APD officials have said little publicly about the program, but when APD officials have spoken on record, they have described it as relatively small in scale—a few hundred retailers— and focused on retail and property crime. But according to the recently leaked documents, ARAPA and its successor CONNECT are much larger than APD has claimed, and the focus of the data and information gathering operation includes much more than retail and property crime.
Private security forces, along with APD employees, have recruited retailers to join ARAPA since its inception. Once approved to the program, APD gives those members access to a secure website where they can upload videos, images, descriptions, or other information related to possible retail or property crime. But APD and its corporate partners place no limits on the information or data that retailers can upload, other than reminding members by email that “all subjects are innocent until proven guilty,” and also that “as a participant in this program it is your responsibility to protect the confidentiality of any material distributed.”
Uploaded information is immediately available to all ARAPA members, including a team of five APD investigators assigned to investigate ARAPA tips, according to APD. ARAPA and CONNECT information has been stored on APD servers, managed by Netsential, in a searchable database. Police officials have claimed that only a small team of APD investigators assigned to ARAPA access the information, along with a handful of other local law enforcement agencies. APD says this list is limited to the local sheriff, US postal inspectors, and the District Attorney.
The BlueLeaks documents paint a different picture. ARAPA, according to BlueLeaks documents, has grown from its modest beginnings in 2006 into a significant private-sector intelligence and data-gathering operation conducted on behalf of police. Big Box retailers upload photos, video, descriptions, license plate numbers, and more to a database owned by APD. Leaked files reveal a membership roster that includes thousands of Albuquerque residents, business organizations, neighborhood association block captains, apartment managers, hotel clerks, bank tellers, pawnshop owners, and more who have been, or currently are, engaged in information gathering for APD. And internal emails show that the operation was not solely about the investigation of alleged retail or property crimes but focused also on general data and intelligence gathering. APD encouraged ARAPA members to upload any information they had to CONNECT, including information on any activity that members deemed “suspicious.”
Albuquerque police have said little publicly about the program, but in 2010 APD officials told the Police Executive Research Forum, a police industry consulting firm, that ARAPA and CONNECT included a few hundred retailers and a handful of police from a small group of local police agencies. Officials told the Albuquerque Journal in a 2013 story that only a small team of APD investigators used the data. But the BlueLeaks documents show CONNECT has included 2,666 users across more than a dozen different data gathering operations. Nearly a third of all the names on the list are local, state, or federal law enforcement officers. Most with access to the information are or have been affiliated with APD, or the local sheriff’s office, but the list includes hundreds of officers from departments, including federal agencies, with no clear role in retail crime enforcement in Albuquerque.
The documents demonstrate that APD has not only privatized information and intelligence gathering but has also shifted the authority to determine policing priorities to the private sector. Since its inception, a vast majority of ARAPA or CONNECT representatives with the authority to approve business and law enforcement access requests have been private sector or non-police employees of APD. One of the founders of ARAPA, Karen Fischer, worked at APD as its Strategic Support Division Manager until her retirement in 2012. Another was a Target employee named Craig Davis, who now works in private security. Between the two of them, they recruited and approved hundreds of retailers, hotel clerks, apartment managers, and bank tellers, among others, to gather information for APD. In addition, they and other corporate agents vetted requests by law enforcement officers for access to the data, approving requests from agents who do not work on retail and property crime enforcement. These included a special agent for the US Forest Service, an intelligence coordinator and also an agent from the Drug Enforcement Agency’s New Mexico High Intensity Drug Trafficking Area, multiple special agents from the Department of Homeland Security’s (DHS) Immigration and Customs Enforcement (ICE), an intelligence research specialist from DHS Homeland Securities Investigations, a DHS Customs and Border Patrol agent, and a DHS agent in Intelligence and Analysis. They gave access to police officers from departments in eight states, police officers from the Albuquerque Public Schools and the University of New Mexico, a Bureau of Indian Affairs special agent, and a detective and two investigators with the 377 Security Forces Squadron from Kirtland Air Force Base.
Among those who Fischer or Davis recruited to collect data, most worked in the local retail or hospitality industry, but they also recruited or approved members with access to information unrelated to retail or property crime. And many of those members had access to information that would have required a warrant for APD to collect it. In 2008, APD approved membership to a woman named Anita Alatorre, the office manager at Metamorphosis of NM, a substance abuse treatment clinic in Albuquerque. In an internal message regarding Alatorre’s membership, Fischer wrote that she “Sent note to M. Conrad on 4-11-08 regarding approval. IS drug treatment program appropriat? [sic] Approved via e-mail by m. Conrad on 4-14-08.” M. Conrad is likely a reference to then Southeast Area Commander Murray Conrad, who is referenced elsewhere in the documents as Com. Conrad.
The documents also show that ARAPA has been used for political purposes. Fischer vetted, and Conrad approved, Erin Muffoletto, a business and political lobbyist from Muffoletto Consulting, LLC. No concerns appear to have been raised by either Fischer or Conrad about giving the owner of a “Business and Government Relations lobbying and consulting business,” as ARAPA characterized her, access to a law enforcement database. In addition, the documents include a February 2011 email from ARAPA to its private-sector members encouraging them to lobby the state legislature on behalf of a bill favored by the Albuquerque Police Department.
“Greetings ARAPA Partners! As many of you know, SB 223 is currently heading through the Judiciary Committee and will be heard this coming Monday, Feb 28th at 2:00pm at the Roundhouse in Santa Fe. We have received information that there will be a large presence of Trial Lawyer’s [sic] present to denounce this bill. IT IS IMPARATIVE [sic] that we have a Strong Showing from the Retail Loss Prevention / Retail Store Leadership present for the hearing in support of the bill. I’m asking that as many members of ARAPA that can show up, please be there. Let me stress that you do not have to Speak, just be there to raise your hand in support of this bill. I hope we can count on each of you to be present. The two bills going through are critical in our next steps to stem the tide of Organized Retail Crime in our City and the State of New Mexico! If you have any questions, please contact Ken Cox, Craig Davis or Karen Fischer.”
Fischer still worked at APD at the time she sent the email. And it’s not the only time an APD employee used ARAPA for political purposes. In a March 20111 email, Fischer forwarded a message to ARAPA members from Jimmie Glenn, then the President of the NM Retail Association, in which he referred to then Democratic Majority Leader Michael Sanchez as “our toughest obstacle.”
Fischer and others did not just control who gathered the data, they vetted and approved which law enforcement officers had access to the data and this pattern continues. In January of this year, Steven Roberts, an ARAPA member and a security division executive with Smith’s grocery stores, approved data access to a Homeland Security Specialist with the New Mexico Department of Homeland Security. Fischer, Davis, and Roberts, and other private industry representatives, have approved access to UNM and CNM students, two UNM professors, a past president of UNM’s Student and Family Housing Residents Association, religious leaders from Trinity United Methodist and Monte Vista Christian Churches, and the manager of systems support at the Albuquerque airport terminal RADAR. Private-sector ARAPA leaders encouraged neighborhood associations to join, suggesting that block captains persuade homeowners to link residential doorbell and security cameras to APD via CONNECT.
There is nothing particularly unique about public-private information gathering partnerships. Nearly every police agency, local or federal, relies on information collected from corporate or private security firms. Some police rely on information purchased from data aggregating companies such as ChoicePoint, which maintains enormous databases of information that it tailors for clients, including law enforcement. The Department of Homeland Security has developed a network of “fusion centers”—including one in Santa Fe—that serve as a public sector version of this data aggregation. But the BlueLeaks documents show the extent to which APD pursued its own, largely secret, and fully privatized, information gathering operation, merging multiple different data gathering operations.
The privatization of data and information gathering, and the private sector control of intelligence collected for police, raises troubling implications for a department already under intense scrutiny. In 2014, the Department of Justice concluded that APD had demonstrated a long-standing “pattern and practice of unconstitutional policing.” Since 2015, and following the federal investigation, APD has operated under a federal court-ordered settlement agreement that has imposed significant reforms on APD. Among the deficiencies identified by the Department of Justice in its 2014 report were “inadequate accountability standards.” In addition, the DOJ noted a pattern of “insufficient oversight” within APD and “external oversight” that DOJ concluded was “broken and has allowed the department to remain unaccountable to the communities it serves.” The BlueLeaks information, and previous reporting about Albuquerque police by AbolishAPD, shows that these issues run much deeper than what the DOJ revealed in its investigation.
An intent to avoid community oversight and judicial review may explain ARAPA’s unusual organizational structure. ARAPA registered with the New Mexico Secretary of State as a private, non-profit corporation in August 2012. The incorporation papers listed Fischer and Davis as among its three-person board of directors. Fischer retired from APD on Jan. 1, 2013. On the day prior to Fischer’s retirement, former APD chief Ray Schultz signed a $26,400 contract with ARAPA to manage APD’s data gathering operation. The contract between the City and ARAPA listed the ARAPA address as a post office box, which would establish it as an entity independent of APD, but in separate incorporation papers that Fischer and Davis filed with the state of New Mexico, they listed its address as 400 Roma Ave NW, Albuquerque, the same address as the Albuquerque police department.
Legal observers and Constitutional scholars point to a number of potential legal implications raised by public-private partnerships in policing. These include concerns over privacy and the lack of oversight and judicial review of policing activities when undertaken by the private sector on behalf of public police agencies, but also extend to worries that the privatization of information gathering by police might result in the privatization of public law enforcement priorities and practices. Do corporate retail interests, at least in part, determine police priorities in Albuquerque? The BlueLeaks documents suggest this may be the case.
The Target Corporation gave APD $100,000 for the creation of CONNECT. Its executives, along with executives from Walmart, have served in leadership positions at ARAPA and CONNECT from the beginning, and continue to do so. Executives from the two corporations determine who gets to join ARAPA, who collects information for APD via CONNECT, and which law enforcement agencies get access to the information. Though Walmart and Target are just two of thousands of retailers who have been involved with CONNECT since its inception, an overwhelming percentage of APD’s retail policing in Albuquerque takes place at these two retailers. We reviewed all misdemeanor shoplifting citations issued, and arrests made, by APD during the month of January 2020. Nearly 60 percent of all shoplifting criminal complaints filed with the court by APD came from Walmart or Target.
The City of Albuquerque recently announced its intent to petition the federal court to release APD from portions of its court-approved settlement agreement. The City’s Mayor, Tim Keller, claims the department has implemented new accountability measures and have established new and robust internal and external oversight mechanisms. He recently proposed increasing the police budget and has long promised to hire hundreds of additional police officers. But the BlueLeaks documents show that Keller proposes giving more money and more cops to a police department that has spent years implementing a data and intelligence gathering operation that it has used for political purposes, that it has designed to avoid oversight and accountability, and that it relies on to provide it and federal agents access to information without judicial review.