OAKLAND — BART’s governing board on Thursday unanimously adopted a new set of transparency and accountability rules to govern how it uses new surveillance technology.

The policy comes as BART is seeking to vastly expand its surveillance capabilities in the wake of violent incidents on its system, including the July stabbing death of Nia Wilson. A sweeping proposal with $25 million in upgrades to security on BART, along with $3 million in ongoing operating costs, was put on hold last month following public outcry over privacy and civil liberty concerns.

Chief among the concerns was the lack of a surveillance use policy, which an ad hoc group of privacy advocates had been working with the district to draft over the past two years and which the board adopted Thursday. The policy requires staff to present any new surveillance technology to the board before it is deployed, detailing what data will be collected, how long that data will be stored and which other agencies can access it. It also requires the district to draft an annual report explaining how the surveillance technology is being used.

Privacy and civil liberties advocates lauded the policy’s passage. Like similar policies in Oakland, Berkeley, Santa Clara County and Palo Alto, it allows members of the public to sue the district, following an internal complaint process, over documented violations.

“We’re in a great spot,” said Brian Hofer, the chairman of the Oakland Privacy Advisory Commission, who helped BART draft the policy.

Matt Cagle, an attorney with the ACLU’s Northern California chapter, hailed it as a “victory for every person who rides BART.”

“The surveillance ordinance holds BART accountable to the community it serves and empowers riders by giving them a seat at the table,” he said.

The vote Thursday came amid revelations BART’s police department had turned on license plate readers at the MacArthur station parking garage in January 2017 despite direction from its elected leaders nearly a year prior to delay using the technology until the surveillance use policy could be adopted.

Between January and August last year, BART sent pictures of 57,632 license plates to the Northern California Regional Intelligence Center (NCRIC), a federal database that shares information with federal agencies, as well as local law enforcement, according to public records Mike Katz-Lacade, a San Leandro resident and privacy advocate, obtained in November and later shared with this news organization.

The agency was sending that information as BART was drafting its “Safe Transit” policy, which mirrors other “Sanctuary City” policies statewide and directs police officers not to expend resources enforcing federal immigration laws. The board adopted the policy in June 2017.

At the meeting Thursday, BART’s police Chief Carlos Rojas said ICE doesn’t have access to license plate data, but NCRIC Executive Director Mike Sena confirmed the Department of Homeland Security does access the database. ICE is a division of Homeland Security.

“I absolutely have no information that there was any license plate data that was shared with the Department of Homeland Security or with ICE,” Rojas said. “I did text with the director of NCRIC this morning, and he told me they don’t have an information sharing agreement with ICE and have never had one.”

That’s because NCRIC doesn’t need an information sharing agreement with Homeland Security, Hofer said.

“Homeland Security and (Homeland Security Investigations) … are people who have access to our systems,” Sena said.

Public records previously obtained by the ACLU and shared with this news organization show Homeland Security and ICE did access the database in the past. The Department of Homeland Security queried license plate data 259 times between September 2013 and March 2014. ICE queried license plate data 28 times between October and December of 2013.

Sena said queries appearing to come from ICE were really from Homeland Security Investigations, which is described on ICE’s website as a division of Homeland Security and a “vital U.S. asset in combating criminal organizations illegally exploiting America’s travel, trade, financial and immigration systems.” Investigators use ICE email addresses, Sena said, but they’re prohibited from using the database for immigration enforcement.

Agencies are only allowed to query the database for criminal investigations limited to locating stolen or suspect vehicles, suspects for an arrest warrant, witnesses or victims of violent crimes, or missing people, according to NCRIC. It can also be used for protecting the public during special events and protecting critical infrastructure.

Using the license plate data for immigration enforcement, Sena said, is “not a lawful purpose.” The license plate reader use policy on NCRIC’s website, however, doesn’t specifically prohibit it.

“‘Just trust us’ is not enough,” Cagle said. “NCRIC needs to point us to a policy that prohibits President Trump’s deportation force from accessing the sensitive data of Californians.”

Sena said it’s been NCRIC’s policy for at least two years to not allow license plate reader information to be accessed for immigration purposes, though he did not immediately respond to a request to provide written documentation of that policy. He did provide language used in NCRIC’s most recent data sharing agreement, which he said was adopted last month.

It brings NCRIC’s data sharing policies in line with the California Values Act, a law Gov. Jerry Brown signed last year that “limits the availability of information … for the purposes of immigration enforcement.”