“Every city has a right”

America is built on principles of freedom, and every city has a right to make that choice. When a community pulls back on public safety they achieve less surveillance, but the people who are made to suffer aren’t the affluent ones, it’s the people who live in neighborhoods where they can’t afford safety…

“[E]very city has a right to make that choice” is Langley flat-out catering to his customer base. The U.S. Constitution — specifically the Fourth Amendment — as well as many state constitutions are intended to constrain government. Local governments don’t have unlimited power.

The other issue here is that “the people who live in neighborhoods” are left out of the conversation and the decision to deploy surveillance entirely. They suddenly discover “LPR” cameras pointed at their basketball court because Flock’s own sales pitch — second image below — says these deployments are a way for departments to get video surveillance without having to go through a public hearing.

“Flock LPR” cameras are named to trick people into believing they’re license plate readers. Instead, they capture video and data to be fed into a sprawling national system centered on Flock’s “Nova” intelligence product.

In Langley’s world, the cops get to choose. The people aren’t even told.

Safety-as-a-Service (for a Recurring Fee)

South Africa has over 600,000 private security guards. More than its police and military combined. The wealthy live behind nine-foot walls and electric fences. Safety exists, if you can afford it. If you can’t, crime is simply the cost of being alive.

The true hypocrisy, however, is not the price tag for “All of Us”, but the invocation of South Africa’s “pay to stay safe” system. Langley cites it as an example of inequality; at the same time, Flock partners with the South African company Vumacam to profit off the creation of a new era of “digital apartheid” in South Africa.

Via Ricky Croock's LinkedIn (spelled as "Ricky Crook" here).

Vumacam places Flock cameras in affluent suburbs and sells that data to private security contractors. Those corporations, which are even less accountable than the government, in turn sell their services to South Africa’s upper-class.

Langley stands on-stage in feigned indignation, as his $8.4 billion company collects on “the cost of being alive.”

The Digital Standing Army

Langley lauds police forces in other countries and considers the U.S. system of local police to be a “unique problem we have created for ourselves”. He is wrong. It’s not a problem, but a solution.

The founding generation was deeply divided on standing armies. At the time, the local militia kept the peace — professional police didn’t arrive in the U.S. until 1838. A common wisdom was that the more local the militia, the less likely it would be to turn on the people.

What the founders feared from a standing army has arrived in a different form: increasingly militarized and high-tech police. Langley describes his vision as one where any police officer anywhere in the country can “share” and “cooperate” across borders and jurisdictions.

What that means in practice is that any police department in the nation has the capability to dispatch one of Langley’s drones based on reports from his national “Nova” system, fed by hundreds of thousands of his cameras.

Even Hamilton, a proponent of standing armies, warned that nations attached to liberty will, in time, give up freedom for safety — a dynamic that scales down to any institution sold as protection.

Police now believe they depend on Flock. That means its CEO can not only afford safety — he can demand it from the standing army he helped create.

What to do about it

The camera on your corner was approved by someone. Find out who, and when they’re up for election.

• Check whether your city uses Flock.
• Request public records for contracts, data-sharing and demo agreements, and log files.

Public hearings and records requests are the only reason any of this is visible at all. Keep showing up.

Three days after the deal closed, Flock, apparently alive to the optics of its employees viewing a community center pool through police cameras, released a blog post titled “Understanding Flock’s Testing and Development Program.” Personally, I would not have chosen to link “employees viewing a gymnastics room” to “testing and development.” But this is Flock.

The issue Flock’s blog post addresses was raised by Dunwoody resident Jason Hunyar and amplified by YouTuber Benn Jordan: Dunwoody PD’s event logs (similar to, but not the same as, the “ALPR audit logs” this site publishes) showed Flock executives had opened camera streams inside the JCC on numerous occasions, for durations the logs don’t record. For the details, see Jason’s write-up and the posts about the April 13 Dunwoody meeting and its outcome.

The post was published under Josh Thomas’ name—the company’s Chief Communications Officer who has been speaking for Flock for the past eight years. It’s not a slapdash production by an engineering manager. His headline reads:

This article explains how Flock tests its technology in real-world environments, strengthens search safeguards, and addresses recent privacy questions about its development practices.

Let’s discuss these topics. And the buried lede.

The Lede Thomas Buried

Tucked into the middle of the post, presented as evidence of a safeguard working, is this:

In Dunwoody, a Flock employee performed a demo of this content moderation policy by searching for both “Star of David”, which our search moderation tool blocked, and “Cowboy hat,” which the search moderation tool allowed.

Flock describes the underlying feature, FreeForm, as a search tool that allows officers to query cameras for descriptive phrases like “man wearing a cowboy hat.” Read that together with the Dunwoody example: a Flock sales employee ran an identifying search against live Dunwoody camera data. The cowboy hat search, per Flock’s own description, returned results—real people, in Dunwoody, identified by what they were wearing, surfaced to a salesperson running a demo. The Star of David search was also made.

The only thing that stopped it from returning a list of Jewish residents of Dunwoody was a content filter Flock built, maintains, and can modify at any time without telling anyone.

Flock presents this as reassuring. It is the opposite.

The architecture underneath the filter is the actual story. Flock’s patent, US 11,416,545, titled “System and method for object based query of video content captured by a dynamic surveillance network,” describes parsing video “for content” and storing it “in a database in connection with data that identifies the content (object class, aspects of the object, confidence scores, time and location data, etc.).”

The patent family extends to neural networks trained to identify clothing, estimate height and weight, and classify other physical characteristics of individuals—stored, by design, in searchable databases. That is an index. It is being built continuously, by design, and is queryable by any user Flock decides gets a search box.

The filters, which are themselves AI-based pattern matching rather than deterministic blocks, block certain query strings against that index. They do not prevent the indexing. The filter can be modified or turned off. If it even works at all.

Flock is asking for credit because its AI blocks certain searches. The thing worth noticing is what those searches are being run against, and who is running them.

Recent Privacy Questions About Development Practices

Now the post’s stated topic. In his post, Jason makes a number of factual allegations, all sourced directly from Flock event logs, before concluding:

On September 30th, 2025 - Bob [Carter, VP Business Development, Flock Safety] looked at just one camera. This camera is in the gymnastics room of the JCC. I personally am curious about why a sales employee from Flock would be viewing the gymnastics room. I think this also deserves an explanation.

…

The public deserves to know why Flock employees are using Dunwoody’s Flock system to look at live videos of people and children in the pool, gymnastic facilities, and fitness studios.

Note what Jason actually asks for: an explanation. Not a prosecution, not a verdict, not a character judgment. An explanation of why sales employees at a surveillance vendor are logged into a police department’s system looking at cameras inside a community center. That question has been outstanding since January, when Jason first brought it to the city council.

In its March meeting, long after Jason first contacted the city, Dunwoody IT presented the results of their security audit. Dunwoody looked at the same logs and found no issues.^[1] They didn’t answer Jason’s question. A month later, the mayor didn’t mention that city staff had already gone over these logs. She didn’t answer Jason’s question.

Now, three months after the question was asked, the answer is delivered via blog post: the employees named online are well-intentioned people who accessed a camera network with the city’s explicit permission, as part of their job, and are now being called predators for it.

Josh Thomas asks us to accept that it is part of his company’s sales executives’ jobs to give sales demos when kids are piled into the pool on a Wednesday afternoon, or when the gymnastics room is in active use on a Tuesday at lunch.

Here is the core of what is verifiable: a Flock executive, who does not work for the police, logged into a police account and opened a camera stream inside the gymnastics room at a community center.

The event logs published by Jason—which Flock does not dispute—show multiple accesses by at least two Flock employees, Bob Carter and Randy Gluck, to cameras inside the JCC across multiple dates in 2025, including cameras pointed at the gymnastics room, pools, and children’s facilities.

But the event logs show when a user starts viewing a stream. They don’t show when a user stops, or any detail to provide critical context. Maybe Flock’s employees now better understand how inadequate logging can facilitate abuse.

We can’t tell if looking up a license plate over and over in the middle of the night with only the stated reason of “investigation” is stalking. We also can’t tell if the “pool” camera was viewed for 30 seconds from a terminal inside a police station, or if it was left running for hours or days on a bedroom TV in another state.

Flock’s employees are seeing the end-result of multiple layers of failed policy, inadequate transparency, insufficient auditing, and no accountability. Employees at a private company should not have unescorted access to police surveillance data. If they had not had access, we would not be having this conversation. It’s that simple.

The principle of least privilege is not optional; it’s AC-6 under CJIS Security Policy v6.0; access should be limited to what’s “necessary to accomplish assigned organizational tasks.”^[2] Vendor and contractor access falls under PS-7 (External Personnel Security). Account management is AC-2. And the audit controls that would normally catch any of this are in AU-2 and AU-3, and AU-9. Nearly-identical controls exist under SOC 2 and ISO 27001. Both certifications Flock touts.

Months after the issue was first raised, Flock now claims the activity was approved under “the city’s demo partner agreement.” Flock did not provide its terms. Dunwoody never produced it in response to Jason’s open records requests. Flock employees at the March and April meetings didn’t mention it. The police chief and IT director stayed silent on it during the audit presentation at the March meeting. The mayor didn’t mention it when she addressed the issue at the April council meeting.

Dunwoody has now signed the deal. The incentive to stay on-message is gone, and Flock has moved directly to publicly accusing its “partner” of hiding an agreement as a post-hoc justification of its violation of public trust.

On Being Accused of Accusing People

Flock’s post includes this line, which is the most carefully lawyered sentence in it:

Accusing someone of spying on children is not a policy disagreement; it is a life-altering allegation.

Correct. Fortunately, no one in this story has made that accusation. Jason asked for an explanation—in writing, to the Dunwoody city council, on January 12, and every month since. What Flock has now done, three months later, is respond to an accusation Jason did not make.

Flock employees had the technical capability to watch children at a community center and accessed cameras pointed at those children. Whether any individual Flock employee used that capability maliciously is unknown and largely beside the point. The capability is the problem. The access is the problem. The absence of any meaningful oversight is the problem.

Josh Thomas would like the story to be about what is in a sales executive’s heart, because that is a story he can win. The story he can’t win is the one about Flock’s architecture.

What the Logs Actually Show

Flock’s post frames the Dunwoody events as a single routine demo at an unusually sensitive location. The event logs Jason obtained by open records request show 185 JCC-camera accesses by Flock VP Bob Carter alone since January 2025.

The network sharing is even worse. The JCC’s private camera network, labeled in Flock’s system “Dunwoody GA PD - Atlanta JCC Avigilon (Do Not Share),” was at one point actively shared by Dunwoody PD with three outside agencies, including Lawrenceville GA PD, which received permissions to view, record, and download live video streams.

That sharing was removed only after Jason disclosed it to Dunwoody’s chief, and the removal was performed by a user (“John Watson”) not in the user export—which should include historical users. A ghost administrator corrected a misconfiguration that was not supposed to exist in the first place.

At the March council meeting, Dunwoody’s own lieutenant told the public that only two neighboring agencies view live streams and that liveview access is “strictly reviewed and on a case by case basis.” The logs show 1,271 agencies with access. The logs show no access by any agency, including the two confirmed active users.

This is the environment in which Flock employees, in Josh Thomas’s description, are “well-intentioned” and “accessed a camera network with the city’s explicit permission.”

They may be. There is no way to know.

Strengthened Search Safeguards

This takes up the most space in Flock’s post; we can keep it short here. Flock describes its existing broken AI-based “FreeForm” moderation system, which did exactly nothing to prevent anything that happened here.

Testing Technology in Real World Environments

Mentioned in the same breath as “development practices.” Flock does not distinguish between “development,” “testing,” and “production”—in its post or in practice. It’s not an uncommon problem for venture-backed software companies, but it’s not a small one for Flock. I have written about this many times before, and Flock continues to signal it will do nothing to address it.

Flock’s approach is to let its developers and sales execs loose on a real police department’s account, connected to real cameras, pointed at real people—and, yes, real children.

The Cybertruck example Flock offers is this:

Here’s a concrete example: when the Tesla Cybertruck came out, we had to build a whole new ML algorithm to identify it. Nothing had been seen like that before. This requires testing and training the models in real-world conditions.

“A whole new ML algorithm” is an overstatement. Flock was failing to detect the Cybertruck as a car (or truck, or whatever it is). That’s a training task, not a new algorithm, and an entire industry exists to support exactly that kind of image-recognition training.

Even if Flock does all its ML work in-house, whether overseas or not, and uses only data collected under its government contracts, all it requires is an image and someone to answer: “Cybertruck or not Cybertruck?”

Nobody at Flock needs access to a police account. Not for software development. Not for sales demos.

The Remediation

Flock describes its fix this way:

Although the camera was only viewed once during a routine demo, we understand that this is a sensitive location for many. We have therefore determined that employees will be trained to only conduct demos in more public locations, like retail parking lots.

So the reform is: Flock sales employees will continue to log into police surveillance systems, run demos against live resident data, and view live camera feeds. They will just point the cameras at people and children in more public places.

There is no commitment to stop using production police accounts for sales demos. No commitment to separate development, test, and production environments. No commitment to publish the demo partner agreements. No commitment to audit, retroactively, every access a Flock employee has made to Dunwoody’s cameras. No changes to the logs themselves. Nothing structural.

Jason’s records work also documented Flock employees using Dunwoody’s system to create API connections to third parties with whom Dunwoody has no contract; data funneled through those integrations falls outside any contractual framework. This will not be addressed.

Flock’s repetition that “local agencies—not Flock—control who can access their data” falls especially flat when it’s delivered in the same post where Flock argues that it needs access to that data because it “must be tested and demoed, both to ensure we get everything right on the technical side and so other agencies and businesses understand how the sharing works.”

If Dunwoody PD authorized Flock to share these video streams with “other agencies and businesses” then that is perhaps even more problematic than broken vendor policies and architectures. It’s a police agency acting entirely outside of the scope of its lawful duties to the detriment of the local community.

If true—if the Dunwoody chief of police allowed video from within the community center to be shared with “other agencies and businesses” without being authorized to do so by the council—he deserves to be held accountable.

The signature on the demo agreement will tell.

Addendum to My Previous Post

In my previous post I wrote:

The city’s new MSA does not prohibit Flock from accessing Dunwoody’s account, and continues to grant Flock a royalty-free license to “support and improve Flock’s products and services,” which arguably describes what happened here. The license has no specified term and cannot be revoked.

That remains true, but it understated Flock’s asserted basis for access. I had assumed Flock would rely on its license for business purposes. Instead, per the blog post:

Similarly, one of the benefits communities most value about Flock technology is the ability for law enforcement to directly access privately owned cameras, if and only if the organization allows them to, for crime-solving and security purposes. This is also a feature that must be tested and demoed, both to ensure we get everything right on the technical side and so other agencies and businesses understand how the sharing works.

In a deeply Nixonian “when I do it it’s not illegal” move, Flock treats “demos” for “other agencies and businesses” as part of the government agency’s “crime-solving and security purposes.”

That’s Flock’s real-world interpretation of “the customer owns 100% of the data” and “Flock does not access the data.”

What You Can Do

Flock has now publicly asserted that side agreements authorizing vendor access to police surveillance systems are standard practice. If that is true, such agreements may exist in your city.

They are almost certainly not posted on any public agenda. They were not, in Dunwoody, produced in response to ordinary records requests until Flock itself acknowledged them.

Consider filing a public-records request with your city or police department for any agreement or other record showing whether your agency has entered into a demo or testing arrangement with Flock.

If you obtain any such agreements, or if your agency confirms none exist, I’d love it if you let me know.

Parents across the country have a right to know whether Flock employees are watching cameras in their local daycares, community centers, and schools—whether the reason is software development, testing, sales demos, or something else.

The city also entered into a contract for FlockOS 911 that will see call data transferred to Invictus, under an order form that incorporates Flock’s standard website terms and a separate set of Prepared911 terms rather than the MSA the city just negotiated. The city’s existing Flock-provided contract with ForceMetrics for sensitive, federally-regulated criminal justice information and health data did not get a mention at all in either the meeting or the new MSA.

The most controversial aspect of the relationship, that Flock employees on Dunwoody’s account had been caught watching the pool and gymnastics room at the community center, was vaguely explained and addressed only through platitudes before being hand-waved away.

If your city has Flock cameras, the contract almost certainly contains the same structural problems described below. Flock’s standard terms give it effective ownership of your data, cap its liability at near-zero, and leave critical regulatory obligations undefined. Dunwoody tried to negotiate and still ended up here.

Sales Demos and Empty Promises

The explanation was that Flock had been using the cameras in the gymnastics center for its sales demos. It wasn’t a case of Flock executives watching children, the mayor assured the crowd. It was Flock executives showing children to some unnamed third party to sell its product. This, in the council’s view, made the situation better somehow.

The city’s new MSA does not prohibit Flock from accessing Dunwoody’s account, and continues to grant Flock a royalty-free license to “support and improve Flock’s products and services,” which arguably describes what happened here. The license has no specified term and cannot be revoked.

The city will also continue to pay^[1] to send video surveillance footage from inside the privately-owned and -operated rec center and daycare to Flock.

But, rather than write safeguards into the agreement up for a vote, residents were told Flock had promised not to do it again. In the future, Flock promises, it will not expose images of Dunwoody children practicing gymnastics or going for a swim as marketing materials for its sales prospects.

The council accepted the explanation and the promise at face-value and without further inquiry.

What Dunwoody Didn’t Win

A day before the meeting, councilmember Joe Seconder had told Jason Hunyar, the soon-to-be Dunwoody Dad who discovered Flock’s viewing of the rec center, that the MSA would be raised “as a discussion item, not a vote.” This would be so “there will be additional time to provide feedback on the MSA … and what kind of revisions we can have set forth before a vote is held by council.”

Councilmember Seconder voted to adopt the MSA at that same meeting.

@Master Service Agreement

It prohibits Flock from using Customer Data “to train, fine-tune, or improve any machine learning, artificial intelligence, or algorithmic models” without written authorization from the City Manager. An email suffices.

It contractually mandates existing Flock features for data governance: a Federal Sharing Toggle that lets the city disable all data sharing with federal agencies (as defined by Flock), and a toggle to require case numbers and search justification for every query. Neither feature has to be enabled, but both must exist.

It contractually includes Flock’s “audit log masking”, where Flock no longer exposes the complete audit trail to its customers, framing it as a measure “to protect active investigations, law-enforcement operations, and sensitive data.”

It also requires a post-login CJIS acknowledgment requirement. Never mind that the aforementioned audit logs are a required component of CJIS compliance.

It freezes Flock’s incorporated Online Terms as of the Effective Date and bars unilateral changes without a written amendment signed by the Mayor or City Manager — but stops short at requiring council approval to modify the agreement approved by council.

These are concessions that sound good but collapse under even minimal scrutiny. They do not address the structural problems that make the rest of the contract a liability.

What Dunwoody Lost

The standard terms that place effective data ownership with Flock are left unmodified:

Flock retains the exclusive right to determine and control the method, timing, format, and medium of access or delivery of Customer Data … and is not obligated to provide Customer Data in any alternative form, format or transmission method outside of the Web Interface.

It’s not your data if you can’t access it and Flock doesn’t have to hand it over. It’s also not definitionally your data:

For clarity, Flock Property also includes any derivative works, intermediate or final outputs, analyses, reports, models, or other results generated by or through the Flock Services. Except for the limited ability to access and download Customer Data within the applicable Retention Period, no rights are granted to download, extract, export, or otherwise create or retain copies of such derivative works, outputs, or other elements of Flock Property.

A license plate number, a vehicle description, and arguably the raw image that Dunwoody won’t be able to access are a “derivative work,” “output,” or “result” “generated by or through the Flock Services.” “No rights are granted” to Dunwoody to any of this data.

Until the city manager sends an email, the AI/ML restriction limits what Flock can do with Customer Data for model training. It does nothing about data Flock classifies as Flock Property.

The Battle of the Order Forms

The city’s outside counsel assured the city council that the MSA with Flock would govern the city’s agreement with Invictus. She did not explain how the MSA, between Flock and Dunwoody, applies to an agreement with a separate company. She addressed the incorporation of Flock’s online terms by conclusorily asserting that the MSA would control; a possibility, not a given.

The FlockOS 911 order form does not incorporate the MSA. It incorporates the terms and conditions on Flock’s website and the Prepared911 Terms and Conditions at a separate URL. The council’s motion conditioned approval on execution of the MSA, but a condition precedent to signing is not the same as incorporating the MSA’s terms into the document being signed. The order form still says what it says. The council unanimously voted to sign the form that incorporates those terms rather than cross out the references and explicitly incorporate the MSA.

If Flock were to make the argument that the MSA does not govern the FlockOS 911 contract, it would have a strong position; the council agreed to the terms after adopting the MSA, and the MSA’s governance does not definitively follow from its structure:

The MSA defines “Agreement” to be the MSA plus any Order Forms. Its conflict-resolution clause handles conflicts between the “Agreement” (which includes the Order Form) and (1) any statement of work or purchase order, (2) special terms listed on an order form, (3) incorporated online terms. Conflicts between the “Agreement” and any “Order Form” (which is a part of the “Agreement”) are left unaddressed, because they are definitionally the same document.

$0 Liability

It’s a circular structure that’s especially damaging in the case of the Drone-as-First-Responder (DFR) contract:

1. Dunwoody signed a DFR agreement at some unspecified earlier date.^[2]
2. The MSA is executed. It “supersedes all prior agreements, understandings, and representations relating to the Flock Services.” The original DFR agreement is now dead.
3. The new DFR Order Form, approved during the April meeting, is executed “on the date hereof or following the Effective Date,” so it’s automatically part of the “Agreement.”

But the new Order Form incorporates “the previously executed agreement,” the document the MSA just killed in Step 2. It’s trying to resurrect terms that the Entire Agreement clause superseded. The conflict clause can’t resolve this. Not because it wasn’t designed for necromancy but because the new Order Form can’t conflict with the Agreement because it is the Agreement. There’s no hierarchy for resolving an internal contradiction within the Agreement itself.

The city is prepaying $200,000 for “Flock Hardware” it does not own and cannot maintain, per the MSA,^[3] but that’s not even the worst part: the MSA caps Flock’s aggregate liability at the total amount paid in the twelve months before a claim arises. Because the entire $200,000 is due at signing, in year two the amount paid in the preceding twelve months will be $0. Flock will carry no financial liability at all for operating an aircraft under contract with Dunwoody.

Drones, like any aircraft, are heavily regulated by the FAA. Those regulations are complex and violations can lead to severe penalties. Unsafe drone operations endanger other aircraft and persons on the ground. It wouldn’t be the first time a police drone collided with another aircraft.^[4]

Pricing

The pricing on the drone contracts is opaque. The first DFR Order Form lists a $300,000 contract total: $100,000 due in July 2025 and $200,000 recurring in January 2026, with a $160,699.50 discount on “Flock Safety Drone Hardware and Services”:

The second shows $200,000 due at signing with no discounts at all:

The first order is for “Flock Safety DFR 2.0 - 400ft”. The second for “Flock DFR - M4TD + Dock 3 (2 System Set)” and “Flock911 for Aerodome”. All items are priced as “included” under a platform fee that conceals the cost of each component.

Chief Carlson’s memo describes the second agreement as “the installation of additional DFR (Drone as First Responder) coverage,” which, I’m told, means Flock will add an additional drone.

Agreements All the Way Down

The original DFR agreement, the “previously executed agreement” on the order form, is an 11-page contract with a Product Addendum for “Unmanned Air Support as a Service,” two schedules covering training and specifications, and terms that place virtually all operational liability on the city.

@The original Dunwoody-Flock Drone Agreement

That agreement itself incorporates another “previously executed agreement” on its order form. That appears to be a “Government Customer Service Agreement” from 2021, which is specific to ALPR.

The original drone agreement makes Dunwoody responsible for ensuring that all crew, including pilots, visual observers, and sensor operators, hold the qualifications and certificates required by applicable FAA regulations. It also assigns the city “the entire risk of loss, damage to, theft or destruction of, all Flock Hardware” and states, in all capitals, that loss or damage “SHALL NOT RELIEVE CUSTOMER OF ANY OBLIGATION UNDER THE AGREEMENT.”

The agreement carves all drone data, including flight logs, telemetry, radar, and fleet information, out of Customer Data entirely. It classifies it as “Flock Drone IP” owned exclusively by Flock. The city cannot share any of it with third parties without Flock’s written consent. That restriction says “any third party” without an exception for regulatory authorities, covering the patently absurd situation where the city’s pilots can’t disclose flight logs or telemetry to the FAA or even ATC.

None of this is in the MSA that council reviewed and approved. The MSA has no terms concerning the drone program. If counsel is right that the MSA controls, the original drone terms are dead and there is nothing governing drone operations, FAA certification, pilot responsibilities, or risk of loss.

If the original terms survive through the Order Form’s incorporation clause, Dunwoody is responsible for everything: the pilots, the certifications, the waivers, the airworthiness, and the losses, while Flock owns the data the drones generate. Because it’s an order form, the MSA’s conflicts clause is inapplicable.

Either way, council and residents were told they had a negotiated deal: they don’t.

The State of Madlibs

Then there are the ForceMetrics terms signed by the city. Those were stapled to a Flock order form in February 2025. ForceMetrics is a data aggregation and analytics platform that pulls together internal databases like CAD (dispatch), RMS (records management), and JMS (jail management).

@ForceMetrics Terms and Conditions

The “Informed Responder” product Dunwoody uses “surfac[es] real-time Safety Signals in search results,” to give “first responders quick, actionable insights into critical risks—such as mental health issues, dementia, drug use and domestic violence.”

The ForceMetrics agreement assigns itself a forever-license and ownership of all “Derived Data”, and claims to be the “final, complete and exclusive agreement between the Parties relating to the subject matter hereof”.

ForceMetrics receives federally-regulated criminal history record information and criminal justice information, like names, addresses, and domestic violence histories. It also gets information about mental health and substance history, categories that may be federally protected health information.

To add to this mess, the ForceMetrics terms set a different liability cap (“[t]o the extent authorized by the constitution and the laws of the State of ____,” nobody filled in the blank) and say any conflicts will be handled according to Colorado, not Georgia, law.

Flock Understands and Acknowledges

At the meeting, the most bizarre clause in the agreement was not questioned by council:

Flock understands and acknowledges that prior to Customer contracting for or using any new Flock Services that it does not use as of the Effective Date, Customer must obtain approval from the City Manager of Customer

Why Flock’s understanding matters is anyone’s guess. It could be a way to nullify any effect of the clause because it doesn’t place an affirmative duty on anyone, it merely says Flock understands something. At least someone does.

Looking past that, “any new Flock Services” presumably come with additional legal terms. Those terms, as we’ve seen here, tend to have significant effects on liability and obligations. For example, when the Flock Services send 911 caller data to parties like Invictus, or when the Flock Services come with a requirement to maintain FAA-certification.

In any organization with even slight governance in place, entering into those types of agreements is not something a staff member should be able to do, with or without city manager approval. The city attorney and city council should have a say.

Not here. Dunwoody PD will keep signing agreements without legal review or council approval. Flock will continue to operate its Dunwoody Lab as it has for years.

The MSA requires some software toggles without requiring a setting. The AI-training prohibition can, and likely will, be easily voided via an email from the city manager. Every single structural problem is left untouched: the data ownership, the liability cap that zeroes out on a prepaid contract, the order form chain that either governs nothing or governs too much, the ForceMetrics terms governed by a different state’s law with an unfilled blank in the indemnity clause, and the 911 contract that exists entirely outside of the scope of the MSA.

If there is ever a contractual violation severe enough not to be hand-waved away, one the PD and council find more concerning than using children in the pool for sales demos, Dunwoody will now have to spend a small fortune on litigating the mess it has allowed Flock to create.

Of course, when such contractual violations can be waved away with a vague assurance that it won’t happen again, Dunwoody is unlikely to stand up to Flock and to assert its contractual rights.

A public commenter characterized the relationship as abusive. That’s exactly what it looks like.

The Search IDs

Around the time Flock made heavy-handed edits to existing government records, it added, or started to expose, an “id” field along with search results. From the outset, haveibeenflocked.com has ignored that field because Flock can’t be trusted to keep anything stable. As we’ll see here.

I don’t use Flock’s IDs and instead rely on other methods to handle duplicate entries, so I mostly ignore them. Then I received an email from someone who paid more attention. He had been manually downloading audit logs from transparency portals and comparing the files, noticing that entries change more than they should.

To be honest, I didn’t really believe him at first. It sounded implausible even for Flock to do something so technically terrible. Egg on my face.

Transparency portal search logs now typically look something like this:

e71b39a6-3cc8-4161-b4ec-e62c6e1cd135,***,2026-03-04T20:37:04.924Z,6050,invest

Because cops can’t be trusted with cop data, Flock’s network logs look about the same. In addition to the ID, they have a name of an agency. The idea is that an auditing PD will pick up the phone, relay the ID in their network log to the named agency, and verify that “invest” was a legitimate search.

With about 6,000 agencies doing 10,000+ searches per day, that’s a lot of phone calls.

This idea is obviously completely divorced from reality to begin with, but it’s being used — to great effect — to convince uncritical elected officials of the existence of accountability.

Now, I’m not sure what cops are supposed to do.

The Time and ID Changes

The transparency portal logs are produced on a 30 day rolling basis. So, if you downloaded the same log a day apart, you’d expect to see 29 days worth of identical records with one day trimmed and one day added. However …

On March 23, 2026, West Des Moines’ log showed these two searches:

e71b39a6-3cc8-4161-b4ec-e62c6e1cd135,***,2026-03-04T20:37:04.924Z,6050,invest
bc377b4b-2261-4fe1-a96c-ebb59217c061,***,2026-03-04T21:00:31.190Z,6051,invest

Two searches on March 4, both labeled “invest,” one at 8:37pm (UTC), and one at 9pm (UTC).

On March 24, 2026, they are both gone. In their place are two new searches:

9c685baa-cf80-478c-acf1-2df174a1d686,***,2026-03-04T20:26:48.972Z,6050,invest
ec162dff-51b1-4de6-be2d-16a2b2cd8411,***,2026-03-04T21:39:47.263Z,6051,invest

The also both happened on March 4, and are both labeled “invest,” but now one happened at 8:26pm (UTC) and the other at 9:39pm (UTC). That’s a significant difference.

If the same change happened in network logs, and if anyone had made that phone call about search ID e71b39a6-3cc8-4161-b4ec-e62c6e1cd135, they would have to make another phone call about the search that replaced it: 9c685baa-cf80-478c-acf1-2df174a1d686.

The problem appears broad. In the March 23 – 24 comparison alone (about 200 lines total) there were multiple changes:

-b76afd28-1246-4b3d-91d7-5f14642dd191,***,2026-02-25T20:56:59.751Z,2,Windsor Heights Fresh Stolen
+72db34f8-dd39-4d5d-814c-c968cb5e58b2,***,2026-02-25T20:52:17.101Z,2,Windsor Heights Fresh Stolen

-e71b39a6-3cc8-4161-b4ec-e62c6e1cd135,***,2026-03-04T20:37:04.924Z,6050,invest
-bc377b4b-2261-4fe1-a96c-ebb59217c061,***,2026-03-04T21:00:31.190Z,6051,invest
+9c685baa-cf80-478c-acf1-2df174a1d686,***,2026-03-04T20:26:48.972Z,6050,invest
+ec162dff-51b1-4de6-be2d-16a2b2cd8411,***,2026-03-04T21:39:47.263Z,6051,invest

-b8afc2dc-434c-41e3-8614-92134e713de8,***,2026-03-05T07:58:19.466Z,1169,
+3c652fad-db99-472f-bf7a-16430beb949d,***,2026-03-05T07:01:14.526Z,1169,

+8e10d1fb-2b66-4a0a-b4a8-2ef4b4f33899,***,2026-03-15T05:12:16.454Z,1,invest
-95134732-9341-420e-b830-901856bd4a75,***,2026-03-15T05:39:30.257Z,1167,invest

-e6941d9c-fbf2-4cbb-a54b-7c5d1fd391cb,***,2026-03-19T18:49:41.776Z,1166,
-d277a79e-0a14-4ccd-a561-8df2cfb7ca10,***,2026-03-19T19:00:37.487Z,1166,
+6f9738b1-1fbf-498a-b026-c8eda3d3aece,***,2026-03-19T18:22:11.557Z,2,
+18bf73c6-e37c-4246-ab1c-f98aae2849a6,***,2026-03-19T19:14:27.501Z,1166,

In this one file, about 7% of records changed within 24 hours.

Clanker Analysis

Asking the clanker to analyze the changes over multiple files it wrote a little Python script and produced:

WDM (8 snapshots, Mar 16 - Apr 4)

Non-rolling change rate per snapshot pair: 2.6% - 7.1% (avg ~5%)

Key patterns:

• Removals always equal additions — records are being swapped, not just deleted or added. This is highly suspicious and suggests some kind of rotation/replacement mechanism.
• No field modifications — records are never edited in place; they vanish and a different record with the same date appears.
• 17 “flickering” records that disappear and reappear across snapshots. Example: 95134732... (date 03-15) appears in only the 03-23 and 03-25 snapshots out of 8 — pattern ..Y.Y...

Johnston (3 snapshots)

Similar pattern: 3.9% - 8.2% non-rolling change rate, removals always equal additions, 2 flickering records.

The Takeaway (AI)

When it was done running its script, it gave its unsolicited, but almost accurate “key takeaway”:

The audit logs are not immutable. Every day, ~3-7% of records within the overlapping date window are swapped out (equal number removed and added, zero modifications). Some records flicker in and out across multiple snapshots, meaning the same record can be removed, reappear, and be removed again. This is consistent with records being retroactively added/removed from the audit log on an ongoing basis.

The Actual Takeaway

This is the straightforward explanation, but it’s not necessarily what’s happening. What could be happening is that Flock, like Axon, is distributing its database in an effort to sidestep accountability and ownership by conflating data control and data ownership.

I’ve called this nonsense out before as Flock saying the kitchen is not a central repository for pots and pans, because it has multiple cupboards.

But it may be what we’re seeing here. The log could be pulling in different entries from different “cupboards”, and not all “cupboards” may be available each time the log runs.

A distributed explanation is not any better than deleting and adding records in a centralized database. In fact, it would be a very fundamental, very fatal, flaw for records that are supposed to be immutable — like audit records — to have multiple copies in multiple places without a single authoritative copy.

Apparently log entries can go missing without Flock’s system throwing an error. If you can’t be sure that your log is complete, you can’t rely on it to show whatever it is you’re auditing for — it may have been deleted.

If you’re getting new results every day, your previous audits are automatically invalid and unreliable. A search that occurred at 9pm may look valid, but if a police officer goes off shift at 9:30pm and the next day the log shows the search happened at 9:45pm, that’s potentially unflagged off-duty use of a police system.

It could also cut the other way: the officer’s shift might not start until 9:30pm, and the logs will show improper use the first time around, but not the second (if anyone looks).

Network Logs

These observations are from transparency portal logs, which are largely performative to begin with. Whether the same holds in a network audit remains to be confirmed.

Examining older network logs, which did not have the IDs, entries can be seen disappearing between runs. Because I do not have enough overlapping data to fully confirm, I can only say that it seems very likely that the observed ID changes in West Des Moines and Johnston show a structural problem that has existed for a while now.

This finding alone should be cause to invalidate all prior audits, as well as all future audits until Flock addresses the problem.

States with mandatory audits, like Minnesota, and police departments with audit requirements, will have to redo their audits after it’s fixed. That’s a lot of phone calls.

That is, if they want to make good on their promises of accountability and oversight.

I won’t be waiting by the phone.

Via IPVM and KSHB

The company got caught sending data to Upwork contractors and Denmark. The CEO declares Flock is under attack. The CISO denies high-profile, very real security issues. The permit manager installs cameras without adequate permits in California, Iowa, and other states. The VP of Solution Engineering redacts information from log files. The Chief Legal Officer appears on niche livestreams. And marketing, seemingly sponsored by the City of Dunwoody, pumps out questionable videos.^[1]

You’d think Flock has enough to worry about at home. Now it’s going international.

We already know what Flock’s jurisdictional sprawl looks like domestically. The Virgin Islands Police Department — a Caribbean territory under an active DOJ consent decree for unconstitutional policing — was caught querying Flock cameras in Rogers, Arkansas for stolen vehicles and traffic violations. No one in Flock’s 5,000+-agency network — including Flock and the state agencies responsible for criminal justice information — has flagged that absurdity.

Now take that indifference and remove the American legal framework entirely.

Flock’s first(?) international reseller is Vumacam. A Johannesburg-based company that has been accused of building a digital apartheid, charged by regulators for operating without a license, and caught making false claims under oath about data protection compliance.

Sounds about right.

The Partner: Ricky Croock

Flock’s partner page lists Vumacam as a “channel provider”:

Vumacam is Flock Safety’s reseller partner in South Africa. The partnership extends Flock’s technology internationally, fostering safer communities abroad.

Via Ricky Croock's LinkedIn (spelled as "Ricky Crook" here).

Vumacam operates a network of over 7,000 cameras across South Africa’s Gauteng province — the majority concentrated in Johannesburg. The company was founded by Ricky Croock, a former private security operator who previously ran CSS Tactical, a company providing armed response, guarding, and CCTV services.

If you thought the Flock model couldn’t get worse: Croock found a way. Vumacam builds and maintains the camera infrastructure — poles, cameras, connectivity — and then sells access to private security companies, who pay a monthly fee for video feeds in their patrol areas.

The network includes over 2,000 automatic license plate recognition cameras that, as of 2021, scanned an estimated 9.68 million vehicle registrations per day. That figure has likely grown substantially alongside the network’s expansion to 7,000 cameras.

If this sounds like Flock, that’s because it is.

Croock and Vumacam’s History

The critical reporting on Vumacam is extensive, spanning investigations by MIT Technology Review, Daily Maverick, VICE, and the Pulitzer Center.

Operating Without Registration

South Africa’s Private Security Industry Regulatory Authority (PSIRA) charged both Vumacam and Croock personally with a code of conduct violation for operating a security business while unregistered with the authority.^[2] Police opened a parallel criminal investigation. Vumacam subsequently registered, but PSIRA confirmed both the criminal case and the code of conduct probe remained active.

For a company building a city-wide surveillance network, the sequence is notable: deploy first, register later. Flock has its own version of this approach where hundreds of cameras were installed on public roads without permits across Florida, Illinois, South Carolina, Texas, and North Carolina, with an Illinois DOT official receiving a thinly veiled threat that Flock would send “about 30 different police chiefs” to the office if permits weren’t fast-tracked. And that’s just the states that have taken some form of action.

Lying Under Oath

In a sworn affidavit to the Gauteng High Court, Croock stated that Milestone VMS — the video management software Vumacam uses — was “certified GDPR-compliant under the General Data Protection Regulation applicable under European Union law.” Daily Maverick’s investigation found this was not true. EuroPriSe, the certification body, had not officially accredited Milestone; the application was still pending.

Croock also told the court that Milestone “ensures responsible use of data by end users.” Milestone’s documentation says the opposite: users, not the software, bear responsibility for compliance.

We’ve heard these types of assertions before. Flock’s CEO Garrett Langley told the public that Flock had no federal contracts. That was also not true. Flock was running a pilot program giving Customs and Border Protection and ICE direct access to data from its cameras. After information about the program became public, Flock stated it shut it down, but quietly continued to run it.

And, of course, Flock has also claimed all sorts of compliance, including compliance with HECVAT, which is a vendor evaluation form, and CJIS ACE — a commercial certificate, every bit as valid as the official Certified Privacy Advocate Certificate from haveibeenflocked.com.

“We don’t track people or cars”

Exactly like Flock claims in the US, Vumacam has publicly claimed its system “does not track people or cars.” The company’s marketing materials also echo Flock’s — which makes sense, given it is a reseller — and show that the system can retrospectively map a vehicle’s complete movements over 30 days. Precisely the definition of tracking.

Private security companies can add registration numbers to watchlists without court orders. Police can request location data through private security databases without subpoenas or warrants.

That’s true in America and South Africa.

Digital Apartheid

The “digital apartheid” criticism is the most damning line of criticism against Vumacam, and it’s also the most structurally relevant to understanding what Flock’s technology does, both domestically and abroad.

A SafeCity pole in Sandton, in northern Johannesburg.

Vumacam deployed its cameras almost exclusively in affluent, predominantly white suburbs of Johannesburg because that’s where paying customers were. Poor Black townships were left uncovered, not out of principle, but because there was no revenue model — nobody hires ADT or other security companies there. The result is a surveillance geography that maps onto apartheid-era spatial divisions with uncomfortable precision.

Flock declines to release its camera locations and many cities have refused to release Deployment Plans and other documentation. Efforts like Deflock are underway and are beginning to draw Flock devices on the same maps as America’s apartheid-era redlined districts.

A leaked shift report from Fibrehoods, a Vumacam partner, documented 14 incidents flagging 28 people as “suspicious.” — a term that’s commonly found in Flock logs as a “justification” for retrieving 30-day location histories. All 28 “suspicious” persons in the shift report were Black. The suburbs in question were majority-white.

Michael Kwet, a visiting fellow at Yale Law School who studies the South African surveillance industry, drew a direct line to the apartheid-era dompas — the internal passport system that restricted Black people’s movement in white enclaves. Vumacam (x Flock)'s AI-powered camera network recreates this digitally: Black residents in historically white suburbs are surveilled, flagged, and tracked.

Police in the US say they need Flock to stop them from pulling Black people out of cars at gunpoint. South Africa shows what actually happens when surveillance infrastructure is deployed by private companies in a society with deep racial stratification.

Intent is irrelevant. The business model is what matters.

Why This Partnership Matters

Flock’s domestic troubles are well-documented on this site and elsewhere. Secret data sharing, secret employee access to camera networks, cameras installed without permits, a CEO who goes ballistic rather than address concerns, and these types of hits keep on coming while the company only offers empty promises through increasingly snazzy marketing videos.

The Vumacam partnership introduces something new. The Virgin Islands querying Arkansas cameras was a preview — absurd, unmonitored, jurisdictionally incoherent, but still technically domestic. It’s the diet version of what’s happening in South Africa.

In the United States, Flock’s surveillance network technically operates within — however loosely and poorly enforced — a framework of Fourth Amendment protections, state privacy laws, US DoJ policies, FOIA requests, city council votes, and the kind of public pressure that gets contracts canceled.

In South Africa, Vumacam successfully sued the Johannesburg Roads Agency when the agency tried to suspend its camera permits, and the court ruled that the JRA’s job was to protect road infrastructure, not human rights. No civil society organization has brought a subsequent case. The Information Regulator’s investigation into POPIA compliance appears to have produced no public enforcement action.

Flock gets to sell its technology into this environment through a reseller. It is insulated from direct accountability while Vumacam gets access to the surveillance platform of a $7.5 billion company backed by Andreessen Horowitz and Founders Fund.

Vumacam wants to be Flock as much as Flock wants to be Vumacam.

The Response

SafeCity — featured in the backdrop for the event photo where Flock, Matrix, and Vumacam promote the partnership — is Vumacam’s premium product tier. It is the pitch to government. In February 2024, Vumacam announced a partnership with the Gauteng provincial government giving officials access to a network of over 6,000 cameras and “advanced crime-fighting technologies.”

Response times dropped, the company says, from 18–30 minutes to 5–10 minutes.

Last month, in March 2026, apartheid police commander Eugene de Kock, nicknamed “Prime Evil” testified in court about the atrocities he committed in the name of public safety.

Now, South Africa evaluates a high-tech mass surveillance network that replicates apartheid-era movement controls and lack of oversight that let Prime Evil act with impunity when his security forces abducted, tortured and killed activists.

When Flock’s critics — “activists” mounting a “coordinated attack” according to its CEO — warn about what happens when surveillance infrastructure scales without democratic oversight, they don’t speak in hypotheticals.

Johannesburg proves the outcome: Apartheid 2.0, powered by Flock.

In 2021, the Riverside County Transportation Department issued the first of three encroachment permits to the Riverside County Sheriff’s Department for the installation of Flock Safety cameras on county roads. By October 2023, the Board of Supervisors had unanimously approved a $6.9 million contract to expand the program to 538 cameras.

Four and a half years later, the Riverside County Sheriff’s Department’s Flock Transparency Portal shows the sheriff uses 1,718 “LPR and other cameras.”

A CPRA request to the Transportation Department produced three permits, a handful of emails, and a sworn declaration that may be more interesting than the permits themselves.

The Permits

Riverside County Ordinance 499 governs encroachments within county highway right-of-way. Any structure placed in the road right-of-way — including 13-foot surveillance poles with cameras and solar panels — requires a written permit from the Director of Transportation.

@Riverside County Ordinance 499 (as amended through 499.16)

Three such permits were issued:

ENC21120546 (December 10, 2021 – September 1, 2023)

Originally authorized two cameras. Expanded through riders to cover 33 named locations and a blanket permission to add more via individual location notifications (RD Form 136).

@ENC21120546 — Original Permit

@ENC21120546 — Rider 1

@ENC21120546 — Rider 2

ENC23110539 (November 14, 2023 – November 14, 2024)

An annual blanket permit covering “various county road rights of way.” This permit was explicitly styled as an extension of the first.

@ENC23110539 — Second Blanket Permit

ENC25061408 (December 5, 2025 – December 5, 2026)

Another annual blanket permit, the current one. It was issued with a single RD Form 136 notification on file — one camera, in Anza — and four total documents in the folder.

@ENC25061408 — Current Blanket Permit

No Permit, No Problem

The second permit expired on November 14, 2024. The third was not issued until December 5, 2025.^[1]

During those 13 months, the cameras did not come down. The $6.9 million contract continued and Flock’s operations apparently continued without interruption under Riverside County Sheriff and Republican gubernatorial candidate Chad Bianco’s watch.

Ordinance 499 Section 6 prohibits anyone from “constructing, installing, operating, or maintaining” any structure in the county right-of-way without a permit. That’s not limited to construction — it covers the cameras just sitting there running.

The permits themselves reinforce this. The authorized work is not just installation — each permit grants permission to “install, operate and maintain” the cameras. Each is “to be strictly construed and no work other than that specifically mentioned above authorized hereby.”

When the permit expires, so does the authorization to operate and maintain. The first permit’s void date was extended twice via riders — acts that only make sense if the date is an operative constraint. And in December 2025, the county issued a replacement permit with identical scope and authorization language. If the prior permit was still valid, the replacement was redundant.

The second permit’s own conditions made the obligation explicit. Condition M12 on ENC23110539 states: “Upon expiration of this permit, the permittee shall remove the temporary poles and cable.”^[2] The current permit repeats this language and adds: “It is the Permittees responsibility to maintain a valid permit.” The permittee did neither.

Nothing was removed. No extension was obtained. No replacement was issued for thirteen months.

The CPRA request covered all encroachment permits issued between January 2020 and March 2026. The county produced exactly three. The county certified under oath that no other encroachment permit, extension, or authorization exists.

No Application, No Problem

The county requires each permit application to be “in the name of the person, agency, entity, or authorized agent owning the encroachment and controlling the construction of the work.” It adds that the county “would require documentation of the Utility Owner’s authorization of a third party seeking a Permit on behalf of the Utility Owner.”

The applications list “Flock Safety” as applicant and owner — correctly, since Flock owns and installs the cameras. Three different Flock employees signed applications over the life of the program: Danny Campos, Will Warren, and Derek Porcella.

But the permits were not issued to Flock. They were issued to “Riverside County Sheriff Department C/O FLOCK SAFETY.” The Sheriff’s Department is the permittee on all three permits — holding the obligations, the liability, the strict construction clause — despite never having applied for them. There is no application from the Sheriff’s Department on file. No one at the Sheriff’s Department signed anything.

Flock applied. The Sheriff’s Department got the permits. And no authorization exists connecting the two. The county certified under oath that there are no letters of agency, powers of attorney, or similar documents from Flock authorizing the Sheriff’s Department — or anyone — to hold encroachment permits on Flock’s behalf. Nor are there any documents from the Sheriff’s Department authorizing Flock to apply on its behalf.

The county seemingly decided on its own that a permit applied for by “Applicant/Owner: Flock Safety” should be issued to the Sheriff’s Department. And Flock apparently decided that it could treat that permit as its own and forge ahead with installation.

And this didn’t happen once. The third permit application was byte-for-byte identical to the second one. The exact same PDF was filed under both permit numbers. Same date (November 7, 2023), same agent (Derek Porcella), same Flock Safety mailing address in Atlanta, same description of work, same signature.

And the same outcome: the new permit was also issued to the Sheriff’s Department, not the applicant.

@Permit Application — ENC23110539 / ENC25061408 (dated 11/7/2023)

No Authority, No Problem

This is the part that likely matters most, legally.

Riverside County Ordinance 499 Section 6 states that permits “will be issued for only Utility purposes” on county highways. The ordinance defines “Utility” as water, sewer, irrigation, gas, petroleum, cable TV, electric, and communications facilities. Surveillance cameras are none of these.

For non-utility encroachments, the Director of Transportation may issue a permit if satisfied of three things: (1) the use is in the public interest, (2) there will be no substantial injury to the county highway or impairment of its use, and (3) the use is reasonably necessary for the functions of the applicant.

Flock’s cameras are commercial surveillance products owned and operated by a private company. The Sheriff’s Department has a software service contract to access Flock’s data — both inside and outside Riverside County.

The Director’s finding that these cameras satisfy the three-prong test in Section 6 would be the legal prerequisite for every permit in the chain. Without it, the Director had no authority to issue any of them.

No such finding accompanied any permit application.

Whether such a finding could survive scrutiny is a separate question. Is a private company’s occupation of public right-of-way to operate a for-profit surveillance network “in the public interest”? Is it “reasonably necessary” for Flock’s functions that its cameras sit on county roads rather than, say, private property with the owner’s consent?

No Locations, No Problem

Riverside County has contracted for over 500 Flock cameras. Not all of those are on county roads. Some are on city streets, some on Caltrans state highway right-of-way, some on private property. The permit documents include handwritten annotations identifying specific cameras as “NON COUNTY/city,” “CALTRANS,” and “City St/Grand Terrace.”

Someone at the Transportation Department reviewed the camera deployment list, saw cameras on roads the county doesn’t control, and marked them accordingly. But no formal record of that analysis was ever created.

I asked for any records reflecting which of the 500+ cameras are within county highway right-of-way, or any determination that specific cameras did not require a permit. Again, the county certifies that no such records exist.

When the county’s records custodian was asked about the gap between 500+ contracted cameras and the roughly 80 installations documented in the permits, the only response was informal and vague: “some locations may not have been permitted as they could be private or non county maintained roads.”

That’s it. No spreadsheet, no memo, no analysis. The county issued blanket permits for “various county roads” — possibly subject to the typical Flock “deployment plan” — but never really determined which roads it was talking about.

No Traffic Plans, No Problem

Every encroachment permit in the production requires a traffic control plan under Condition C05 — a safety document showing how workers and traffic will be protected when someone is installing equipment in a roadway. The current permit, ENC25061408, goes further and requires the TCP to be signed by a Professional Engineer.

The county produced one set of traffic control plans: for the Spencer’s Crossing project, eight cameras, prepared in February 2023 under the first permit.

No other traffic control plans exist.

That’s a 98% noncompliance rate.

No Fees, No Problem

Section 15 of the ordinance requires that permit fees be paid “at or after the time application is filed, but in any event before the Permit is issued.” The fee fields on every application in the entire production — all three permits, every application, every rider — are blank.

Section 16 exempts public agencies from permit processing fees if they have “lawful authority” to use the right-of-way for the permitted purpose.

Flock applied in its own name. But the permits were issued to the Sheriff’s Department — a public agency — triggering the fee exemption. A private surveillance company applied, a public agency was listed as permittee, no fees were charged, and no one documented why.

No Records, No Problem

None of the above rests on inference or supposition. Each point traces back to a single document: a Declaration of Custodian of Records executed March 23, 2026, signed under penalty of perjury by the county’s records custodian.

The Declaration addresses each follow-up item individually and certifies that the county has no responsive records. This is not a case where documents might exist but were missed. This is the county’s official position, under oath, that these records do not exist.

This is not some isolated paperwork hiccup in Riverside County from a well-meaning county official unable to find records that really exist. Across the country, Flock cameras go up on public roads under permits that no one reviews, with safety standards no one enforces, issued to applicants that no one verifies. Flock routinely operates cameras with expired permits or without an active contract. Riverside County is one of many.

@Declaration of Custodian of Records — March 23, 2026

The Law in “Law & Order”

Riverside County’s surveillance camera program operated for over four years under three encroachment permits issued to an agency that never applied for them, based on applications from a company that never received them, without the legally required public interest determination, without traffic control plans for the vast majority of installations, without fees, and — for 13 months — without a permit at all.

Each of these permits was issued to the Riverside County Sheriff’s Department. Flock — the owner/operator listed on the permit applications — never received a permit but still installed and continues to operate hundreds of surveillance cameras without a valid permit.

The $6.9 million contract belongs to Sheriff Chad Bianco’s office. The entire Flock deployment — from the first two cameras in 2021 to the 1,718 “LPRs and other cameras” now in Flock’s system under the sheriff’s name — occurred during his tenure.

Ordinance 499 Section 18 provides that any person who operates without a required permit, or who violates permit conditions in a way that jeopardizes person or property, is guilty of a misdemeanor punishable by fine, imprisonment, or both.

The wrong permittee is not a technicality. A 13-month gap is not a technicality. Not paying the fees is not a technicality. These are all separate material flaws resulting in unpermitted occupation of public right-of-way by a corporation, based on a permit issued to a sheriff tasked with enforcing the county ordinance that makes it a crime.

The Order in “Law & Order”

The county does not know, from its own records, which cameras needed permits. It has no mechanism to determine which cameras are on county roads, which are on state highways, and which are on someone else’s property.

The Director of Transportation issued permits to the Sheriff, who had never applied for any, without the required public interest finding, and without traffic control plans for all but one installation. When the second permit expired, no one acted. When a replacement was finally applied for thirteen months later it was with the same application — literally the same file — Flock had used for the prior permit. The new permit was also issued to the Sheriff.

That permit process was handled by a Permitting Manager at Flock with over a decade of experience in right-of-way permitting. None of these issues were discovered when processing the permits or through any audit or investigation in three years. Neither Flock’s permit expert, the Sheriff’s Department, nor the Transportation Department raised a flag.

That process — namedrop Chad Bianco, skip the fees, ignore the regulations — is the law and order he now offers California.

The Timeline, According to Flock

The timeline begins with an “External Claim” in March 2025, where “an individual contacted Flock with security findings after acquiring a device through illegal, unauthorized means.” Presumably, this refers to Jon Gaines’ research. A year later, Flock has not fixed those issues.

What it has done is reflected in the rest of the timeline: it “disclosed and addressed low-severity vulnerabilities,” it “responded to” the research, and it “published a response debunking false claims that the company had been hacked.”^[2] None of that fixes the issues that were disclosed to Flock in March.

The first of those actions, disclosure, happened in November, after Gaines published his report. Before November, Flock had not disclosed the issue. Not even to its customers. This is despite the requirements of the CJIS security policy, which require vendors to notify the government agency and the FBI.

The Iowa Department of Public Safety (a Flock customer and CSA for Iowa) confirmed it had received no notification from Flock. Other CSAs — the Florida Department of Law Enforcement and the Illinois State Police — did not respond to a Sunshine Act request, or asserted that vulnerability notifications are “ALPR data.”

Despite a contractual and legal obligation to provide this notification to its customers, Flock did not do so for eight months, and then only after its customers found out.

The timeline does not discuss a YouTube video before pivoting to a “second” one with “misleading claims about Flock PTZ cameras.” Flock’s timeline says it “addressed” those claims.

“Misleading Claims,” According to Flock

The “Readdressing Misleading Claims About Cybersecurity at Flock” is a lie. Not because its content is false — although it’s not exactly true — but because it doesn’t even do anything resembling addressing claims, like the section heading promises.

Can’t even trust a heading. Anyway …

I want to be crystal clear: vulnerabilities are a part of the development process of hardware and software. No company on the planet is infallible, nor is any company unhackable. It is an expected and normal process for vulnerabilities to be discovered and remediated at each stage of software development. From the point of a developer writing code all the way to that finished product running in production.

We engineer bridges and buildings so that they don’t collapse. We do all sorts of math and engineering and further science so this doesn’t happen. But occasionally, and unfortunately, they do collapse. When they collapse, we don’t shrug our shoulders and say “it’s part of the process.” We investigate the cause and address it. We make meaningful, articulable improvements to our engineering processes and standards.

We now have those collapses and their fixes codified in laws and regulations and we explain them in engineering textbooks and use them as examples on powerpoints at industry conferences and seminars. That is why we now have buildings and bridges that are more earthquake resistant than 100 years ago.

We don’t hide the problem. We don’t say it’s “an expected and normal process” for a bridge to collapse.

It’s an exceptional situation for a bridge to collapse, just as it’s an exceptional situation for a software vulnerability to be discovered in production. And just as people have died from buildings crumbling in earthquakes, people have died from insecure surveillance networks.

You don’t hide engineering issues — civil or software. You make them public, you address them, and you learn from them.

But, despite claiming that discovering these issues in production is “expected and normal,” Flock’s bulleted list of what to expect from a vendor does not include it.

The list does not mention notification or remediation for production issues. No timelines, no categories, no mentions of public vulnerability trackers, no issue categories, or anything else. Not even a “We will notify our customers and provide a remediation plan within 48 hours” or anything similar.

Flock’s Cybersecurity Team

Flock continues to invest in our team and has 10 new headcount positions slated for hiring this year, adding to our existing team of 20+ engineers. Cybersecurity is nothing without people.

This is the exact opposite of what Flock should be doing. Instead of hiring more engineers to develop more buggy AI-powered features and release more half-finished websites, Flock should be investing in hiring policy and security experts.

The post then lays out some team names without defining their headcounts, budgets, or positions in the organization hierarchy. In some companies, a 50-person “DevSecOps” team is focused on security and can shut down production when needed; in others, it’s literally one guy in Mexico City writing scripts so developers can automatically release code without review.

Castaldo does not even hint at where Flock might fall on that spectrum, and that’s cause for concern.

The “First” video

Although Castaldo omits the November video — which was Benn Jordan working with Jon Gaines — from the timeline, he devotes a section of the post to it.

In November 2025, a YouTuber released a YouTube video with two other individuals claiming to have “hacked 80,000 Flock cameras”. That statement tells you all you need to know about the credibility of the individuals and the video itself.

The video is titled “We Hacked Flock Safety Cameras in under 30 Seconds.” The closest thing to Castaldo’s quote is: “Upon further investigation, it turns out that there are over 80,000 of them. And um we got some and we hacked them.” Which is 100% true.

Blatantly misquoting an opponent’s statement before attacking it tells you all you need to know about the credibility of that individual.

Castaldo uses some choice words like “illicitly,” and “illegally” to characterize the acquisition of the Flock hardware. There is nothing “illegal” about buying hardware, and absolutely nothing suggests that Gaines (or whoever bought the hardware) did so illegally. Falsely accusing someone of criminal conduct is defamation per se in most jurisdictions.

Flock did not disclose these issues to customers. Flock did not notify customers in accordance with industry best practices and according to CJIS standards. Flock did not close out any CVEs, nor did it open any new ones. Flock did not tell Jon Gaines “we are aware of this and we will fix it.” And at no time in 2025 (or at all, for that matter) did Flock communicate a fix.

While the findings were legitimate, they were all of low severity. Meaning the risk to customers or customer data was near zero.

Of the findings in the report, many are high severity when going by the framework laid out by the U.S. Department of Justice, which governs much of the data. Castaldo does not specify what framework he uses for his “low severity” classification or his “near zero” risk assessment.

Dunwoody gave us vibes-based auditing and compliance, Castaldo adds another layer: vibe-based cybersecurity.

Had this individual not prevented [the camera] from connecting to our cloud, most of their findings would have been moot.

This is a fair enough statement in isolation, but does not address the two key problems.

First, there is no evidence that Flock discovered and fixed these issues, and rolled out an update. No required customer notifications, no proactive security disclosures, nothing. Complete silence.

If these issues were indeed fixed, and were not the result of plain negligence, nothing is lost by publishing these issues. Most software vendors do exactly that to build trust. Microsoft, for example, has a page called “Vulnerabilities and Exploits” on its main website, and it includes a list of fixes with each update, including any security fixes.

If Flock had published anything or notified anyone, cross-referencing those notifications against Jon Gaines’ report would make for an easy exercise in ticking off fixed issues and seeing what — if anything — remains.

Flock could easily restore trust and show that it is on top of its security by publishing a few emails that it already sent to its customers when it first discovered these issues — as it is required to do — or when it fixed the issues — as is standard practice.

Second, there have been no patches for this particular operating system since 2021. While security issues could have been deployed for Flock’s custom software, no vendor OS fixes were released.

Connecting it to the network would not have caused non-existent patches to be applied.

The “Second” video

This individual did not ethically submit any information to Flock prior to the release of their video

If I’m recalling the video correctly, it is true Jordan did not submit information to Flock prior to the release of the video. The last time issues were disclosed to Flock — in March, according to the timeline — they were not fixed or disclosed even months later (or, to this day, as far as I’m aware). Disclosure to a vendor is often the right choice, but there are no bright lines in ethics.

In this case, anyone whose ethics dictate minimization of harm would have done exactly what Jordan did. He denied Flock a second opportunity to jeopardize people’s safety by trying to bury an issue, as they did when issues were disclosed to them in March.

Just Keep Digging

Flock worked with our carrier partner to quickly resolve the network configuration issue. … Flock has also modified the diagnostic interface to require our technicians to log in with a username and password. Again, this interface is intended to be usable when a technician is physically present.

First, let’s address that the software had to be “modified” to require a username and password.

According to Castaldo’s post, Flock did all of these things:

• “Threat modeling during the design phase of a product”
• “Scanning and fixing code as the developer is writing it”
• “Scanning and fixing finished code when a developer submits it to the code repository”
• “Scanning and fixing applications running in production”
• “Continuously scanning and monitoring the infrastructure the application is running in”
• “Conducting penetration tests against all of the above.”

To top it off, he writes immediately below that list: “There is a cliche about cybersecurity being an onion with many layers, and that remains accurate today.”

Yet, in that whole development process, nobody at Flock, at any time, said: “hey, maybe we should require a username and password.” Even hardcoding “DonkeyKeepOut!” as a password would have prevented Jordan from gaining access.

The second issue is that no matter what layers Flock might have in its development process, there was only one in its security: Verizon’s configuration. In this, Flock’s security model is more like banana: a single layer that can easily be peeled away by anyone who wants access.

Flock gave Verizon the unchecked, unreviewed, unsupervised, ability to create and manage the security configuration for an interface that was not secured with a password.

Even without a “misconfiguration,” Verizon employees would have had access. A company with roughly as many employees as Burbank, CA has residents (plus who knows how many contractors) having unfettered access to live videos of kids playing in parks is Castaldo’s baseline definition of secure.

On Android

The software on Flock’s cameras hasn’t received vendor security updates since 2021. That is the central fact of this section of Castaldo’s post, and the one he does not address. Instead, he offers several paragraphs of technically misleading context about chip architectures — context that, on examination, actually makes his position worse.

Flock hardware runs on a heavily modified version of the Android operating system maintained by Google. This is an open-source operating system, meaning anyone in the world can look at the code and use it.

Flock has “heavily modified” Android, but never published those modifications. Yet we should feel assured — presumably based on vibes — that its “heavy modifications” are not material enough to affect security.

This is very different from the CPU in a computer running Windows or MacOS. Qualcomm’s chipsets are purpose-built and support specific operating system versions.

This is somewhat backwards, because hardware vendors don’t tend to build chips to accommodate operating systems, but it’s accurate enough in the way it matters: there is a fixed relationship between the hardware and the OS.

Flock Falcons reportedly use Qualcomm Snapdragon 625 chips, which are early 64-bit ARM chips (like the M1/M2 chips in current Macs). These were supported by Android until version 8.0 or 8.1, support for which ended in 2021. This is the same as support for older Intel-based Macbooks, which is also ending. There is nothing particularly unique or different about Qualcomm chips in that regard.

It’s theoretically possible that for the past five years, Flock has been paying engineers to backport security fixes to this unsupported version of Android. There are projects like LineageOS that do exactly this to support aging phones in primarily low-income countries.

It’s also theoretically possible that Flock designed the Falcon around 2017 around the then-popular Snapdragon 625, and that it did not replace all of its devices in 2021 when supported ended, but instead designed an entirely new line of devices (which it called “Flock LPR”), with the goal of replacing the Snapdragon 625-based Falcons as they age out of service.

Qualcomm produces a custom, heavily modified version of Google Android that is designed to run on their chipsets.

Qualcomm does produce a modified Android that is optimized for its hardware, this much is true. The problem is that Qualcomm takes an official Google Android version and modifies it for its hardware.

Qualcomm released its last full BSP for the Snapdragon 625 in 2019, and its last security update in Q4 of 2020.

Android Things

Gaines’ security report finds a problem in “Android Things 8.1” being EOL. Android Things was a popular OS for the Snapdragon 625. In the blog post, Castaldo emphatically bolds that “Flock has never used Android Things, in any product.”

Never mind that it contradicts the earlier “all of the findings were previously discovered by Flock’s cybersecurity team,” or that this is the first time Flock has raised the point, the distinction between “Android Things 8.1” or “Android 8.1” is irrelevant.

Because “Qualcomm’s chipsets are purpose-built and support specific operating system versions,”^[3] none of those “specific operating system versions” have been supported since 2021. Not Android 8.1, not Qualcomm’s BSPs, not Android Things 8.1.

Even if the statement were true — which I doubt, because I trust Gaines and Jordan to be able to identify an OS — it would be a nice “gotcha” on an entirely meaningless fact.

At the end of the day, the software hasn’t received security updates since 2021. That’s the point that matters, and the one Castaldo does not address.

Backporting

We will continue to backport any necessary security patches, as required under our agreements with all customers.

If Flock is indeed backporting security patches to Android (Things) 8.0 or 8.1, or whatever the case may be, then security itself may not be the issue. However, “as required under our agreements with all customers” includes the requirement to notify customers when they do discover security vulnerabilities.

Each time Flock backports a fix, its contracts — at least those with CJIS security addenda, which should be all government contracts — require notifications to be sent to contracting agencies (and the FBI). No notifications have ever been sent out.

The other problem is that Qualcomm’s proprietary modifications to Android, which Flock just explained are tied to the hardware, are not open source at all. There is no backporting fixes to those parts of the OS.

Third party attestation

Yes, Flock has qualified third-party attestations of its cybersecurity. What you should also expect from your vendors is continuous audits by qualified, third-party firms. Flock takes this seriously and goes far beyond surface-level audits.

The post rattles off a list of security standards or frameworks, this time omitting HECVAT and FERPA, and points to its “trust center” where, “[o]nce you gain authorization for access, you may review” the relevant documents.

But you don’t need access to see that the list of actual certifications — SOC2 Type II, ISO 27001, ISO 27017, etc. — are about organizational and procedural controls, not software vulnerabilities.

Flock “maintains standards” of “CJIS Insights”, “CJIS ACE”, “FedRAMP 20x,” and “NDAA”. “CJIS Insight” (singular — Flock can’t even get the product name right) is a compliance-tracking software dashboard sold by Diverse Computing, a company in Tallahassee, Florida. “CJIS ACE” is a commercial compliance assessment also sold by Diverse Computing. Neither is a government certification, and neither is affiliated with the DOJ or the FBI.

This is where it gets really interesting and where we have to break out our diamond pickaxes.

Castaldo spent most of this post assuring us that their use of an outdated operating system is fine because they backport software. Now he invokes CJIS and NDAA.

CJIS requires the use of FIPS-140 validated encryption modules. FedRAMP — which Flock also claims and which was codified into law by the NDAA — independently requires FIPS-140 validation as well. To the extent Flock has FIPS-140-2 validation, it has never produced documentation to my knowledge. Soon — in September 2026 — FIPS 140-2 will be no more. Flock will need to move to FIPS-140-3.

FIPS-140-3 places stricter standards on the “Operational Environment,” which includes the operating system: Flock will have to validate the combination of obsolete hardware (Snapdragon 625) and custom operating system as a single “hybrid module.” So far, such a hybrid module does not show up in NIST’s database.

As previously reported, Castaldo’s co-founder at “Security Tinkerers,” Will Lin, sits on the board of Bishop Fox — the firm Flock hired for its security audit. Castaldo mentions Bishop Fox only once in passing in this post, and does not mention this relationship at all in the section about third-party verification.

The Proof

I have called for this before, and I will call for it again: Flock should publish its actual NIST validation certificates, and its security disclosures to its customers.

Castaldo’s 2,000-word defense does not contain a single customer notification, a single CVE, or a single NIST certificate number. It relies on strawmen arguments, mischaracterizations of hardware lifecycles, and a little light defamation.

Stop digging and start fixing.

The contract governing this arrangement contains no data retention policy for the surveillance layer, no restrictions on who can access it, no privacy provisions for the people being filmed, and not even a reference to Flock’s terms of service. The word “privacy” does not appear — except once, regarding credit card processing when subjects pay for the privilege of their surveillance.

The pricing page of RedSpeed’s winning proposal says it plainly: “Flock Wing License(s) Included.”

What Hillsborough County Bought

In 2024, the Hillsborough County Sheriff’s Office solicited proposals for automated speed enforcement in school zones (RFP 2024-003). RedSpeed Florida won the contract. Its 80-page proposal made the Flock integration central to its pitch.

On page 5, a letter on Flock Safety letterhead, signed by Todd Troutman, Senior Accounts, confirms the partnership:

Flock Safety and Redspeed have partnered together to support many different agencies. Flock Safety is able to provide an additional layer of software to the Redspeed cameras (speed and red light). This allows the Redspeed cameras to be turned into ALPRs that push images into Flock Safety’s cloud and allow agencies with access to those cameras to search for vehicles.

…

In order for the two systems to work together, Redspeed will provide Flock with RTSP streams for the given cameras. From there, Flock Safety will integrate the camera stream into the Flock system thus allowing the software to be on the camera, turning it into an ALPR. The camera is then plotted on the Flock Safety map in the application to appropriately locate where the cameras are.

…

As of March 2024, Redspeed is the only company with whom Flock has partnered with to offer Wing LPR integration on school zone enforcement and/or red light cameras.

@Flock Safety Letter to RedSpeed (from HCSO RFP 2024-003)

RedSpeed’s transmittal letter was even more direct:

ONLY RedSpeed can offer integration with Flock. We have enclosed a letter from Flock confirming this fact. We have collaborated closely with Flock to optimize interoperability… We have successfully integrated over 100 Flock systems in current installations; our competitors have integrated zero Flock systems. Only RedSpeed offers this direct integration, and Flock is included in the RedSpeed price. Integrated Flock means RedSpeed’s cameras are feeding the Wing System for enforcement synergy. It also means fewer poles and solar panels.

Enforcement. Synergy.

RedSpeed’s proposal includes a competitive comparison table highlighting “True integration with Rekor/Flock/Vigilant” as a checkmark for RedSpeed and a red “denied” for “All Competitors.”

The proposal emphasizes that RedSpeed cameras deliver “lane-specific, high resolution (3000x5000 pixels, 30 frames per second), video cameras” — and that RedSpeed “provides the ability to live stream video from all cameras (no still cameras).” It also states that RedSpeed “provides at least 45 days of storage” and “Flock ALPR at all locations, included in the RedSpeed Price.”

RedSpeed’s stake in all this is straightforward. It offers a “turnkey” service — everything from taking a picture to swiping a credit card — for “35% of the Governing Body’s Statutory share of collected revenue.” In Hillsborough County alone, more than 105,000 violations have been issued since fall 2024, generating over $6 million in paid fines; a local magistrate called it a rip-off.

@RedSpeed Full Proposal — HCSO RFP 2024-003 (80 pages)

In Alpharetta, GA, it was structured a little different: the county had to pay 2% extra to give the data to Flock. Maybe that’s Georgia-based Flock’s home field advantage at play.

The Silent Contract

What matters most about the Hillsborough procurement is what the contract doesn’t say.

The HCSO-RedSpeed contract consists of three incorporated documents:

1. The RFP solicitation (HCSO RFP 2024-003, 39 pages)
2. The draft contract template (11 pages)
3. RedSpeed’s proposal (80 pages, including the Flock letter)

@HCSO RFP 2024-003 — Final Solicitation @HCSO RFP 2024-003 — Draft Contract

The Request for Proposals

The RFP explicitly required ALPR capability (Part D, Section 3):

Qualified, proposing firms must demonstrate competence and experience with Automated Speed Enforcement Systems and Automated License Plate Reader systems

It required video, not stills (Part C, Section 3.A):

Video Technology is required. Still shots are not acceptable. Respondent proposer must utilize radar and/or laser automated speed detection systems.

And it required subcontractor disclosure (Part B, Section 5):

If a Proposer intends to use subcontractors, the Proposer must identify in the Proposal the names of the subcontractors and the portions of the work the subcontractors will perform.

What was not in the RFP were any specifications for how ALPR data should be governed, stored, retained, shared, or deleted.

What the draft contract covers

The draft contract is an 11-page template with fill-in-the-blank fields. It covers: term (3 years + three 1-year extensions), insurance requirements, E-Verify compliance, subcontracting (generic), public records obligations (per Florida § 119.0701), indemnification, and confidentiality — but only of “Sheriff Operations” (Section 23).

What the draft contract does NOT cover

• Data retention for ALPR/LPR captures
• Data sharing restrictions (who can access Flock’s system)
• Privacy policy for citizens whose vehicles are scanned
• Flock Safety’s terms of service or Master Service Agreement
• Any reference to Flock’s default data practices (30-day rolling delete, Section 4.3 perpetual anonymized data license, Section 5.3 law enforcement disclosure rights)
• Ownership of ALPR data (distinct from violation/citation data)
• Audit rights over the ALPR system
• Restrictions on out-of-state or federal agency access
• Any framework governing the surveillance layer at all

@Flock Default MSA — Oakland CA, Sept 2025

Nothing in the contract says HCSO gets any rights to the video or the ALPR data. If HCSO wants to access that, they presumably have to do what anyone else can do: pay Flock and ask nicely.

@SFist — SFPD Flock Data Accessed 1.6M Times by Federal Agencies @ACLU — Flock Can Share Data Even When PDs Opt Out

The sheriff’s RFP was specific enough to guarantee the desired outcome. The final tabulation sheet published by HCSO shows RedSpeed with the highest evaluation score of 95.95, ahead of Blue Line Solutions (91.75) and Conduent (77.6).

@HCSO RFP 2024-003 — Tabulation Sheet @Creative Loafing Tampa — Flock Integrated Speed Cameras in School Zones

Wing: The Platform That Turns Any Camera Into a Flock Camera

RedSpeed’s pitch works because of Wing: Flock’s product line for converting third-party cameras into Flock surveillance nodes. The branding is a somewhat confusing patchwork of overlapping names, and Flock has removed several of its Wing-related pages from its website, but the product is still sold and deployed.

The Pitch

In October 2020, Flock Safety announced Wing with a press release headline that said, plainly:

FLOCK SAFETY ANNOUNCES THE WING INTEGRATION TO DISTILL 1000s OF HOURS OF IP CAMERA FOOTAGE INTO SEARCHABLE IMAGES THAT SOLVE CRIME

The subhead: “Software transforms existing IP cameras into cameras that can see like a detective”

Wing takes video from existing cameras — IP cameras, security cameras, traffic cameras — and runs Flock’s AI on it, letting users search for white sedans, unicycles, or people wearing jeans.

Cameras connect via standard RTSP (Realtime Streaming Protocol), a camera standard that’s supported by many commercial surveillance cameras as well as consumer products like doorbells and $35 surveillance cameras.

The Wing Ecosystem

In an August 2025 OMNIA Partners cooperative purchasing pricelist, Wing LPR is listed as: Flock Safety Wing™ LPR (wing_integration, $3,000/yr per camera): “Video software integration transforms traditional IP cameras into Flock Safety enabled LPR cameras. Includes Vehicle Fingerprint™ computer vision and Advanced Search Package (Convoy Analysis, Multi Geo Search, Visual Search)”

@OMNIA Partners — Flock Pricing, Aug 2025

The same catalog lists the Wing product family: Wing Livestream ($500/yr), Wing Replay ($1,000/yr with 7-day footage retention), Wing Gateway 2.0 (8–32 stream hardware at $3,650–$8,250 + subscription), Wing Cloud Live Only ($90/yr), and an Inbound Vehicle Images API ($1,500–$2,500/yr) for ingesting pre-processed plate reads from third-party LPR systems.

The “Wing Livestream” product price matches the $500 feature that turns Flock’s LPR into live video surveillance — that’s “something you can take advantage of without going to council,” according to Flock Safety’s Kevin Cutler.

Flock misleadingly tells the public it sells “LPR” cameras — a product name, not a description — while it consolidates its network into a single searchable database.

The network from that Superbowl Ring commercial, promising to find your dog is already deployed nationwide on speed cameras, parking enforcement cameras, and “CCTV” sytems on your basketball and pickleball courts.

Wing in Practice

On June 27, 2025, Flock published a blog post titled “Video Without Limitations: Flock Safety’s Newest Solutions for Law Enforcement” showcasing Wing Gateway 2.0 and Wing Gateway Outdoor.

@vFlock Safety — Video Without Limitations Webinar (Wing segment, 13:36–end) @Flock Blog — Video Without Limitations

In the October 2024 webinar (full video), Trevor Pennypacker, Sr. Product Manager at Flock, is excited to tell Flock’s customers that you can connect “parking lots, restaurants, traffic cameras, really anything.”

The City of Bloomington, IL executed an agreement that explicitly includes Wing LPR in its order form:

• “Flock Safety Wing™ LPR — Included — 10 Included”
• “Flock Safety Wing™ VMS — Included — 100 Included”
• “Professional Services — Wing Implementation Fee — $500.00”

@Bloomington IL — Wing LPR Relevant Pages (9 pages)

The branding, boundaries, and availability of Wing products is all somewhat shifting and murky — from Wing Gateway 2.0 to Wing Cloud to Wing LPR — but the core functionality is what matters: third-party cameras are being turned into Flock nodes, and Flock actively markets and sells that functionality.

The Scan-Everything Architecture

RedSpeed’s cameras are always on during enforcement hours. They capture continuous HD video of every vehicle passing through the field of view — in a school zone, recording parents, teachers, students, buses, and anyone else on the road. “Video Technology is required. Still shots are not acceptable.”

The RTSP stream — all of it, not just violators — is fed to Flock. The Flock letter confirms this is by design: the cameras are “turned into ALPRs that push images into Flock Safety’s cloud and allow agencies with access to those cameras to search for vehicles.” Since then, Flock rolled out FreeForm, its AI-powered search capability that can find people by physical description: “man in blue shirt and cowboy hat,” “dressed in all black clothing and black face mask,” or — as one Dunwoody PD officer tried — “GRINCH.”

Vehicle Fingerprint

The Vehicle Fingerprint technology alone extracts far more than license plates: plate number and state registration, vehicle make, model, color, and body type, missing or covered plates, bumper stickers and decals, roof racks, bike racks, trailer hitches, and aftermarket wheels.

@Flock Blog — Vehicle Fingerprint: When Plate Data Fails

But that’s only part of the picture. Flock CEO Garrett Langley has previously stated that the system indexes everything, filtering only problematic searches — or attempting to filter them, anyway.

Where that data goes

No matter how you feel about red-light or speed cameras as a policy matter, it is hard to justify turning a safety measure for school zones into a surveillance dragnet whose recordings are fed to a private corporation with no contractual restrictions on use. In San Francisco, SFPD’s Flock cameras were searched 1.6 million times by out-of-state and federal agencies — in apparent violation of California law. EFF’s analysis of 12 million Flock searches nationwide found hundreds related to protest activity, immigration enforcement, and discriminatory targeting. A Norfolk, Virginia resident sued after learning Flock cameras had logged his location 526 times in four months.

@SFist — SFPD Flock Data Accessed 1.6M Times by Federal Agencies @ACLU — Flock Can Share Data Even When PDs Opt Out

The Legal Tension

Florida’s prohibition on “remote surveillance”

Florida law explicitly prohibits using school zone speed cameras for “remote surveillance” and restricts the permitted uses of recorded footage:

(15)(a) A speed detection system in a school zone may not be used for remote surveillance. The collection of evidence by a speed detection system to enforce violations of ss. 316.1895 and 316.183, or user-controlled pan or tilt adjustments of speed detection system components, do not constitute remote surveillance. Recorded video or photographs collected as part of a speed detection system in a school zone may only be used to document violations of ss. 316.1895 and 316.183 and for purposes of determining criminal or civil liability for incidents captured by the speed detection system incidental to the permissible use of the speed detection system.

(15)(b) Any recorded video or photograph obtained through the use of a speed detection system must be destroyed within 90 days after the final disposition of the recorded event.

— Fla. Stat. § 316.1896(15)

Two questions that nobody appears to have asked, let alone answered:

First, does feeding the full RTSP stream to Flock — where it is processed by AI, matched against vehicle databases, and made searchable by thousands of agencies for purposes wholly unrelated to speed enforcement — constitute “remote surveillance” under the statute? The statute defines what is not remote surveillance (evidence collection for speed violations, PTZ adjustments), but the legislative history does not address third-party AI processing of the video feed.

Second, the statute requires destruction of recorded video within 90 days of final disposition, and vendors must certify destruction annually. But once the RTSP stream enters Flock’s system, it is processed into Vehicle Fingerprint data, plate reads, and searchable metadata governed by Flock’s own retention policies — not the county’s.

Altumint, a competing speed camera vendor in Florida, hinted at a loophole when it drew a distinction explicitly. Its chief revenue officer told the Independent Florida Alligator in March 2026 that Altumint’s cameras “only capture a license plate if the vehicle is speeding more than 10 miles over the speed limit,” whereas RedSpeed’s Flock ALPR cameras “can document every license plate that passes by.” He added: “Even in a school zone, you could be going 25 in a 15 … but I can’t capture that plate. ALPR can capture that plate.”

Whether derivative data (plate reads, AI-extracted vehicle descriptions) qualifies as “recorded video or photograph” under the statute is untested. The statute’s drafters were contemplating a camera vendor that stores and deletes footage. They were not contemplating a speed camera sending data to a second vendor that ingests the same stream in real time and converts it into a permanent surveillance record.

No Florida court has addressed either question. No Attorney General opinion appears to exist. The statute was enacted in 2023 (HB 657). Florida is one of RedSpeed’s biggest markets.

What Flock Tells Everyone Else

Across dozens of municipal FAQ pages and Transparency Portals, Flock provides standardized language:

Flock Safety cameras are not used to enforce traffic violations such as speeding, running red lights, or other moving violations. The cameras do not capture vehicle speed and are solely used for investigative purposes related to public safety.

@Leander TX — Flock FAQ @Columbia MO — Flock FAQ @Everett WA — Flock FAQ

Technically, that appears to be true. “Flock Safety cameras” are not used for traffic enforcement — RedSpeed’s cameras are. But they operate on Flock technology, within the Flock network.

Flock’s Transparency Portals go further. The Thomasville, GA PD portal explicitly lists “speed detection” as a prohibited use of Flock technology, and confirms that the system is used “for law enforcement purposes only.”

Meanwhile, RedSpeed’s speed detection cameras are feeding RTSP streams directly into this same network via Wing LPR. Data from a speed detection system enters a platform that lists speed detection as a prohibited use.

It’s not our cameras

The Flock letter on page 5 of the HCSO proposal says Flock provides “an additional layer of software to the Redspeed cameras (speed and red light).” The transmittal says “Integrated Flock means RedSpeed’s cameras are feeding the Wing System for enforcement synergy.” The pricing says “Flock Wing License(s)” are included in a speed enforcement contract.

Flock’s defense rests on a technicality: its cameras don’t capture speed; its technology is merely consuming the video feed from someone else’s speed cameras and processing it for entirely different purposes. Whether that distinction will satisfy a legislature, or the parents whose children are being filmed remains to be seen.

The Partner Page

RedSpeed claimed to be the only Flock-integrated vendor for school zone enforcement as of March 2024. As of March 2026, Flock’s partner program page lists several other automated traffic enforcement companies as “Channel Providers.”

Maybe Flock gave them different territories, outside school zones.

@Flock Partner Program — ATE Channel Providers

The Broader Pattern

The GSP Ticket

On December 26, 2025, Georgia State Patrol ticketed a motorcyclist for holding a cell phone while riding. The citation read: “CAPTURED ON FLOCK CAMERA 31 MM 1 HOLDING PHONE IN LEFT HAND.”

GSP called it a “unique circumstance.” The ticket was dropped in court. EFF described the incident as an example of the mission creep it has “long warned about” with surveillance infrastructure.

It is the kind of one-off incident Flock can dismiss. Its long-standing RedSpeed partnership is not.

Brookhaven, GA

In Brookhaven, GA’s words, RedSpeed cameras feed “real-time alerts” into “Brookhaven’s existing License Plate Reader (LPR) platform to identify sex-offenders, protective orders, and wanted persons for increased safety in school zones.”

Even if you are a concerned parent thinking sounds like a good idea, the practical value of such a system is questionable at best. Police are not going to act on these “real-time alerts” each time anyone under a protective order — many of which are not the result of any criminal activity, let alone any criminal activity involving children — drives through a school zone.

The system’s real-time capabilities, like watchlists and speeding tickets, are secondary. The real value is in gathering massive amounts of videos and photos of everyone entering a school zone — parents, teachers, students.

RedSpeed’s strong marketing emphasis on video quality (15 Megapixels, 30 frames per second), raises questions as well. If a regular Flock LPR, which RedSpeed says is of “lower quality,” is accurate enough to perform ALPR and create evidence, how is a camera where you can count the pimples on your middle schooler’s nose an advantage?

The point isn’t better traffic enforcement: it’s high-definition video surveillance.

@Brookhaven GA — RedSpeed Flock Integration (Wayback Machine, Oct 2020)

Tampa’s Piggyback

In Hillsborough County’s seat, Tampa, RedSpeed scored third on an RFP but the council unanimously voted for the contract anyway. Creative Loafing Tampa noted that there was “no indication in the backup materials why the third place proposal was chosen.”

Before the vote, Creative Loafing reported, “several council members noted they spoke with the Chief and were assured the data wouldn’t be inappropriately shared.” Council member Lynn Hurtak said “the only time they are allowed to use this technology is to share it with other agencies when they have an open case.”

If that’s the policy, it isn’t in the sheriff’s contract.

Making the Quiet Part Loud

Flock quietly sells Wing integration in the background while partners like RedSpeed bundle it for easy consumption by sheriffs and police chiefs. Contracts are kept minimal — no data governance, no privacy language, no mention of the surveillance layer. The RFP asks for ALPR. The proposal delivers Flock. The contract says nothing about what Flock does with the data. Nobody on city council asks, because the pitch is about school safety and the cameras are “violator-funded.”

Across the country, communities have begun pushing back against Flock’s surveillance network. Austin, Cambridge, Eugene, Evanston, and dozens of other jurisdictions have canceled, paused, or refused to renew Flock contracts after audits revealed immigration enforcement access, discriminatory searches, and data sharing that violated state law.

Those fights were about Flock cameras communities knew they were buying. The unified Wing network is different: residents are now told they’re getting school zone speed cameras, but the video is being routed into a national surveillance network with no contractual guardrails; or they’re being told they’re getting license plate readers only to find them watching them shoot hoops.

Flock, RedSpeed, the Sheriff, and elected officials are tired of the push-back. They’re actively restructuring to keep the public under surveillance and in the dark. We can’t let them.

Audit logs and user exports from a mid-sized Georgia suburb, a Loom training video recorded on a live account in Washington state, and a federal criminal complaint filed in the Southern District of Texas all tell a different story than the one Flock tells on the campaign trail.

The Stump Speech

Flock’s Privacy & Ethics page states that “only your agency decides who to share data with, not Flock.” Their FAQ goes further: “Nobody from Flock Safety is accessing or monitoring your footage.”

@Flock Safety — Privacy & Ethics

A January 2026 blog post insists that “ICE does not have direct access to Flock cameras, systems, or data.” It lists a number of “pilot projects,” including a “CBP Pilot: May 9, 2025 to August 24, 2025.” These pilot projects “effectively enabl[ed prospective customers] to test the product before committing to it.” In other words, they got access.

Flock CEO Garrett Langley posted “Setting the Record Straight: Statement on Flock Network Sharing, Use Cases, and Federal Cooperation” on June 19, 2025; smack-dab in the middle of CBP’s pilot program. Regardless, he assured his readers on the topic of federal access: “it is a local decision. Not my decision, and not Flock’s decision.”

Every city council gets the same pitch. Every council delivers it to constituents. The assurance that access is controlled, limited, and local is what gets the contracts signed. Three specific planks in the platform:

1. Only your agency controls your data.
2. Federal agencies do not have direct access.
3. Nobody from Flock is accessing your footage.

None survive the paperwork.

The Campaign Trail

On February 26, 2025, at 10:47 PM Eastern, a Flock employee ran a search on Dunwoody, Georgia’s live surveillance network. The query was “chicken truck.” Then “cattle truck” — four more times. Then “lawnmower.”

The employee was Bob Carter, VP of Strategic Relations and Business Development at Flock Safety. He is not a police officer. He is a sales executive with a fully enabled search account on Dunwoody’s production network, with access to every camera in the Dunwoody sharing pool and far beyond.

Carter’s complete 2025 search record, read chronologically, is its own argument.

February 26, approaching midnight Eastern: “chicken truck,” then “cattle truck” four consecutive times, then “lawnmower.” Thirteen networks each. No case number.

By June 23: “white racecar with black stripes,” “potatoe chip van” (his spelling, verbatim), “ice cream truck,” “unicycle,” “rocket car.” The misspelling is Carter’s own — Dan Quayle’s ghost, haunting a live surveillance system. A rocket car does not exist in civilian traffic.

Carter kept returning to the unicycle through July and into the fall, workshopping the same searches like a candidate who can’t land a stump speech. By August he’d escalated to 892-network lookups — taking a locally-spotted vehicle and running it against the entire Flock network. In September, a blue Honda sedan toggled four times between a 13-network search and an 892-network sweep. By October, he’d moved from vehicles to people: “person on skateboard,” “person wearing orange vest and construction hat,” and the same yellow racecar searched three times in under an hour.

By December 9: “flatbed truck with lawn equipment,” “usps truck,” “ups truck,” “fedex truck.”

While Carter was busy maybe tracking his package, his colleague, Flock SVP Chris Colwell, sent out an email blast to Flock customers announcing that officer names, license plates searched, and open-text search reasons were henceforth removed from audit logs.

No longer would we be able to see Flock employees tracking their Amazon packages.

Carter’s March 4 session set his personal record: two consecutive lookups sweeping 6,350 camera networks simultaneously. While we will never know what fever dream of unicycles and race cars is on a loop in Carter’s mind, Flock will no longer let agencies across the country — from Virginia to Washington — know that a Flock VP searched “their” data for “SIZ3850” — which, according to lookupaplate.com, isn’t even a unicycle or a Honda.

There will no longer be reasons, names, or case numbers to keep an eye on Flock executives running midnight nationwide searches for rocket cars and unicycles on a national surveillance network.

This is what “Nobody from Flock Safety is accessing or monitoring your footage” looks like in practice.

The Rest of the Ticket

Because no good trip is taken solo, Carter was not running alone. Several Flock employees were created on Dunwoody’s account and given access as if they were Dunwoody police officers and command staff. In other departments’ logs, their searches appear as Dunwoody PD’s.

A February 2026 user export shows six Flock employees holding Owner-level access, equivalent to a department administrator. This grants them full control over search, cameras, users, and hotlists.

Dunwoody roster

Across 2025, Flock’s accounts generated hundreds of searches of Dunwoody’s network. Another Flock entity — Lucidus Tech API — is a programmatic API account tied to a Flock acquisition; Flock’s computer ran an additional 132 searches between January and March. Another API User (Forcemetrics) performed a single search in September 2025. Dunwoody at times appears more like Flock’s personal software lab than a functional police department.

The supporting cast is worth a glance. Amanda Bruner (Nova Onboarding Specialist): 5 searches of the same Georgia license plate over ten weeks, each sweeping between 887 and 891 agencies. No case number. An onboarding employee tracking a specific vehicle for two and a half months. Kathleen Graham (Nova Specialist): 11 searches of the same plate over three days, each across 888 networks. One at 11:40 PM. Randy Gluck (Manager, BD — 911/Emergency): 1 blank search — no query term, sweeping 898 networks. Peter Barty (Staff Engineer, ML): 27 searches, including one for a “Black Mercedes GL450 4MATIC” across 45 networks.

Whether this is stalking or development work is irrelevant to the overall point: these are Flock employees — and in some cases, likely not even that because Flock had not finished its acquisition of Lucidus in January — accessing a live ostensibly “law enforcement only” network handling federally-protected data from databases like NCIC.

And then there is Flock Intelligence. This is an unidentified operator that made 606 searches of Dunwoody’s network over five months, with identity, search filters, and case numbers fully redacted in the audit log. It appears alongside several other explicitly Flock-internal organizations in network logs (e.g., “Flock Safety - Admins,” “Flock Safety - Engineering”).

Most Flock Intelligence queries used the AI-powered freeform search. Some show patterns consistent with ongoing vehicle tracking; others searched for political expression — vehicles with Trump bumper stickers, “don’t tread on me” flags. Peter Barty’s Mercedes also appears as a Flock Intelligence query, suggesting “Flock Intelligence” may be a test account the Nova team uses to search live data.

Flock Intelligence is a separate entity not found in Dunwoody PD’s internal department logs: it shows up only in network-level audits, meaning that since the December changes, neither Dunwoody nor anyone else has any visibility into these searches as they are happening. The named employees in Dunwoody’s account entered through Dunwoody’s front door. Flock Intelligence came in through the side.

Flock’s FAQ is unequivocal: “Nobody from Flock Safety is accessing or monitoring your footage.” The audit log shows this to be false hundreds of times and on multiple levels.

The searches were audited — which is how we know about the unicycles and the race cars — but the claim was not that access is audited. The claim was that it does not happen.

The Backroom

The audit logs document the front door and the side door. A Loom training video documents the back door.

The video, titled Managing Data Sharing and User Access in Your Account, was recorded by Gaby Mahoney, Regional Customer Success Manager at Flock Safety. It was made as a customer tutorial. Rather than use a demo environment, she recorded it using the live national network that’s tracking all of us.

@vManaging Data Sharing and User Access in Your Account — Gaby Mahoney, Flock Safety CSM

Mahoney’s second sentence, verbatim:

So when I log into your account and go under the sharing tab, we can see that you still have one-on-one sharing with some agencies.

When I log into your account. Not “when you log in.” She logs in. Her credentials. Someone else’s account.

The address she visits is sharing.flocksafety.com/networkSharing — a live production URL, not a demo environment — and the selected organization is Olympia WA PD.

At the one-minute mark, she moves to users.flocksafety.com/organizations. This endpoint (“organizations” — plural) most likely does not exist for Flock customers. Assuming Flock follows even remotely typical SaaS patterns — which, to be fair, may be a bold and overly-optimistic assumption — agencies would use a singular “organization” endpoint where they can see their own admin panel and nothing else.

The video confirms the endpoint’s “staff-only” status by appearing to enumerate every customer in Flock’s system. Police agencies, HOAs, businesses, and residential users in multiple states all appear on Gaby’s screen as she types “Olympia” into the single searchable list.

She navigates directly into Olympia WA PD’s admin panel where her account surfaces the full administrative interface: Profile. Organizations List. Organization. Devices. Roles. Users. Zones. Authorized Access List. Transparency Portal. Integrations. Alerts & FlockOS. Billing. Contact Directory.

The Users tab shows Olympia WA PD’s sworn personnel — names, roles, last login dates, permission flags. Two entries carry “Flock” (rather than “External”) as the identity provider. These would not be subject to Olympia’s centrally-managed controls (like multi-factor authentication or automatic account deactivation at the end of employment).

The network sharing panel shows Olympia WA PD’s “Shared with me” list: every Washington state agency sharing into Olympia’s network. Full permission sets for each. At the top of the screen is a red “Revoke Out-of-State Sharing” button next to the page selector, showing 107 rows in the “Shared Networks” table. Next to Aberdeen WA PD, a red button is shown:

Mahoney’s account does not merely view Olympia’s configuration. The interface presents a live control to terminate the data-sharing relationship between agencies — unilaterally, without the knowledge or consent of the agencies.

It’s not only Flock’s CEO who can establish pilot programs while denying they exist, or Flock’s VP that can search for rocket cars. Even its customer service reps have administrator access.

“Only your agency decides who to share data with, not Flock.”

Redaction Day

The Mahoney video is the Rosetta Stone for what happened next. It shows that Flock staff — even its service reps and its sales execs — have high-level access to a live, national surveillance network. They can view, edit, or delete configurations. The CSM who can click Stop Accessing on any agency’s sharing relationship is the same person who walks agencies through narrowing their own exposure. That access is the precondition for everything that followed.

It’s worth noting what the video is actually for: Mahoney is guiding Olympia — a Washington state agency — through the process of restricting its sharing. Revoking out-of-state access, checking who can search its cameras, deactivating users. Near the end she says, “I also notice that you’re not enabled for the statewide or national lookup so that will be good in terms of auditing purposes.”

Limited access makes auditing easier. She knows what the inverse implies.

Five days after she posted the video, on December 9, while Carter was looking for his leaf blower, Flock SVP Chris Colwell sent an email to customer agencies titled “What you Need to Know About Recent Online Disclosures.”

That email announced that audit logs would be stripped of officer names, license plates searched, vehicle fingerprints, and open-text search reasons — framed as protecting active investigations and officer safety. Flock did not merely stop recording these fields going forward — it also retroactively replaced unique officer identifiers in its public Transparency Portals with the word “REDACTED.” The prospective removal ensures new searches go unattributed; the retroactive scrubbing rewrites the record of searches already conducted.

In the same email, Colwell recommended that agencies do exactly what Mahoney showed Olympia would “be good in terms of auditing purposes:” restrict sharing.

Reviewing your sharing settings and considering a temporary shift from Nationwide Lookup to Statewide Lookup.

He linked to an instructional video on how to do it.

Two days later, an FBI Supervisory Special Agent in Atlanta’s C9 Gang division forwarded the Houston HIDTA Officer Safety Bulletin to the broader intelligence community.

The bulletin described this site by name and recommended that agencies “ensure that their agency Flock settings have limited searches to sharing within state only or exclude the states/agencies that release their audit logs.” It further recommended that officers “ensure that the reason for the query be as vague as permissible (e.g., ‘Investigation’).”

Washington was named as one of the states from which FOIA-obtained audit logs had originated. The FBI was distributing instructions to help agencies evade the public records process — and one of its own field divisions was simultaneously using Flock data to prosecute federal cases.

It was a busy period. Houston HIDTA authored the bulletin, ROCIC — one of the RISS centers documented elsewhere on this site as carrying direct Flock database access — distributed it to law enforcement coordinators on December 10, and the FBI’s Atlanta office forwarded it on December 11. At approximately the same time, Flock implemented a blanket VPN block for all public transparency portals — which it holds out to be public accountability tools. A week later, Cyble, a Flock-affiliated firm, filed false abuse reports with Cloudflare in an attempt to take this site offline.

That is the service Flock was providing in December 2025: helping agencies make their surveillance data harder to audit while simultaneously stripping the audit logs of meaningful content, blocking anonymous access to public records, and attempting to silence the publication that had prompted the transparency requests in the first place.

And Carter stopped looking for unicycles and racecars.

The Candidate

On December 18, 2025, an affidavit in support of a criminal complaint was filed in the Southern District of Texas, Case No. 4:25-mj-770.

@Criminal Complaint — Case 4:25-mj-770

The affiant, Ryan Hilz, states under oath that he personally searched the Flock system. In ¶5: “Affiant also searched the Hyundai’s license plate through the FLOCK Safety System, from approximately November 15, 2025 12:00am through 9:00am.” He names a specific camera — “DB15 – Collingsworth (WB) from Broyles” — and narrows it to a two-minute window, 6:33am to 6:35am. In ¶6: “Affiant searched the Cadillac’s license plate through the FLOCK Safety System.” In ¶12, he reviewed Flock images from November 8 showing both vehicles parked side by side. He is not describing results handed to him by a colleague. He is describing searches he ran, cameras he queried by name, and images he personally reviewed.

The audit logs don’t show these searches. Between November 1 and December 1, 2025, the Hyundai plate (WFV2638) was searched 81 times in the Flock system — by Houston PD officers, Harris County Constable deputies, and two Harris County Sheriff’s Office users (V. Pag and m. bar). The Cadillac plate (WSF6471) was searched 86 times, again by Houston PD and Constable personnel, plus a handful of HCSO entries logged only as “C.” — a single initial with no last name. Harris County Sheriff’s Office does have a user account matching Hilz: “R. Hil.” That account’s last recorded search was May 16, 2025 — six months before the robbery. It does not appear in either plate’s November search history.

Hilz swears he searched — literally, swears, on penalty of perjury. The cameras he names are in the Houston network where 167 other searches by other officers are logged. There is an “R. Hil” with the Harris County TX Sheriff’s Office, but that account went dormant months earlier. Either he searched under someone else’s credentials — which means the audit trail attributes his work to a different officer, defeating the purpose of individual accounts and probably violating several federal regulations — or he accessed Flock through a pathway that doesn’t generate the same audit record, which means there are doors into the system that the logs don’t cover.

That gap matters because of who Hilz is. A federal Task Force Officer (TFO) is a state or local employee — a sheriff’s deputy, a city cop — assigned to work under a federal agency, usually through a formal agreement like the FBI’s Violent Crime Task Forces or ICE’s 287(g) program. The TFO keeps their local paycheck and local credentials, possibly including any Flock accounts tied to their home agency. But TFOs report to a federal supervisor, work out of a federal field office, investigate federal crimes, and file in federal court. The local credentials are what make TFOs valuable to the feds — they bring access that the federal agency could not get on its own. This is what Flock means when it says the feds don’t have “direct” access.

The first paragraph of Hilz’s affidavit:

I am a Task Force Officer with the Federal Bureau of Investigation (hereafter “FBI”) and an Investigator with the Harris County Sheriff’s Office (hereafter “HCSO”) and have been employed by HCSO since November 2012. During my employment with HCSO and the FBI, I have been trained in investigations relating to violations of the United States Federal Criminal Code […] I am currently assigned to the Houston Division of the FBI, Violent Crime Task Force (hereafter “VCTF”), and have been since June 2020. My primary investigative responsibilities include crimes occurring within the Southern District of Texas.

Read that introduction the way you’d read a candidate’s bio on a campaign flyer. His actual employer is HCSO — “employed by HCSO since November 2012,” buried mid-paragraph. But that is not the lead. His opening words: “a Task Force Officer with the Federal Bureau of Investigation.” FBI first. HCSO second. The phrase “during my employment with HCSO and the FBI” frames both agencies as concurrent employers — not a county deputy on loan, but a man who works for the FBI and also, incidentally, receives a paycheck from Harris County.

But maybe Hilz took a creative writing class and “Affiant searched” is not to be interpreted literally; his may be a sworn statement that sacrifices accuracy for brevity, the testimonial equivalent of “close enough for government work.”

But whether Hilz is committing some light perjury, whether Flock is misleading its customers about its relationship with the feds, or whether “no direct access” in a system riddled with Flock employee and TFO backdoors is the very best Flock can do: Langley unequivocally broke his campaign promise that it would be a local decision.

After “Hilz’s” Flock searches, the three suspects were transported to the FBI Houston Field Office for interviews (¶26). Inside that field office, one of them was shown a Flock image of the Hyundai and a Flock image of the Cadillac CTS (¶29).

An officer introducing himself as “a Task Force Officer with the [FBI]” showed Flock surveillance images to a suspect in a federal criminal case, while he was being held by federal agents in an FBI interrogation room in a federal building.

To dispel any remaining ambiguity about whether this was local, look to the signature block:

Ryan Hilz
Task Force Officer
Federal Bureau of Investigations
  

He signed as FBI — not HCSO. The only thing that supports that he might not actually be a fed is that he misspelled the name of the agency he spent 16 pages claiming to work for. There is only one “Investigation” in the Federal Bureau of Investigation.

The federal government’s sworn affiant lifts the veil on Flock’s empty promises: the federal government has access, no matter how you spell it.

Flock’s own timeline confirms the infrastructure that made this possible. Its blog states that the federal “pilot” program with the FBI concluded in 2023, and that “[i]n August of 2025, Flock publicly announced it would no longer conduct pilot projects with federal agencies.” The “try” part was cancelled; the “buy” part was not. The FBI does not respond to FOIA requests about Flock. Langley’s “Setting the Record Straight” post, published June 2025, assured readers that federal access was “a local decision” — while the CBP pilot he disclosed in January 2026 was actively running.

The Fine Print

The federal-access issue draws the most attention at council meetings, but the “sworn law enforcement only” claim — which directly supports Flock’s assurance that “Nobody from Flock Safety is accessing or monitoring your footage” — fails even within the agencies that own the accounts.

The pattern extends beyond individual agencies. The Regional Information Sharing Systems (RISS) — funded by DOJ, operated by regional centers incorporated as private nonprofits — is the task force model applied to data: federal money, non-government hands, Flock access.

Five of its six centers carry direct Flock database access through RISSIntel, a federated search tool that lets RISS analysts query Flock’s data without maintaining individual Flock accounts. ROCIC, the RISS center that distributed the Houston HIDTA bulletin instructing agencies to evade public records requests, is one of them. The National Center for Missing and Exploited Children (NCMEC) is named in Flock’s own LPR policy definition as a hotlist data source. NCMEC is a private organization. It populates the alerts that fire on your plate.

The ACLU/UIowa ALPR report documented the same pattern across Iowa: civilian analysts, support personnel, and non-law-enforcement government staff with active Flock accounts across dozens of agencies.

The CJIS Security Policy is explicit about what this requires. Section 5.12.1.2 mandates that all personnel with access to Criminal Justice Information — including private contractor employees — undergo fingerprint-based state and national background checks before access is granted. Section 5.1.1.5 requires that vendors sign the CJIS Security Addendum, which extends the full weight of CJIS security requirements to their staff. Sections AU-9 and AU-11, aligned with NIST 800-53, require that audit logs be protected from unauthorized modification and retained for at least one year. Flock’s December audit-log stripping, its employee access without documented screening, and its unilateral modification of log fields all appear to run afoul of these provisions.

When Story County, Iowa requested Flock’s CJIS certification list, Flock produced 28 names — all with first names starting A through C, several illegible — and no one else. No installers, no subcontractors, no overseas workers, and none of the employees running Flock’s own sales and training accounts on production data. The list is the compliance equivalent of Carter’s searches: performance art.

The contracts themselves offer no backstop. Flock has moved its terms of service to a web URL it controls unilaterally and can change without customer notice. It requested that archive.org’s Wayback Machine exclude its website, preventing any historical record of the terms as they existed when a city signed them. The new terms strip data ownership from agencies and supersede all prior agreements upon any subsequent order — even a camera repair.

No policy implements the “sworn only” promise, no mechanism exists to enforce it, and the contracts are written to ensure that no one can prove what they originally said. “Access is limited to sworn law enforcement” is, at best, wishful thinking.

The Town Hall

When Dunwoody’s Flock contract came up for approval, the council heard the stump speech: access controlled, limited, and local. Only your officers. Only for investigations. Only under oversight. The Dunwoody City Council held its regular meeting on March 23, 2026. As part of its discussion of the Dunwoody Flock contract, an “audit” — if we use the term loosely — would be delivered.

@Dunwoody Flock Audit (Council Meeting Presentation) — March 23, 2026

The audit included a FAQ slide with question 3: “Who can access the data, and how do you prevent misuse?” The city’s answer: “Access is limited to authorized, trained personnel who need it to perform official duties.” The people who wrote that sentence had the audit log that showed a Flock employee was using Dunwoody’s account to look for unicycles and race cars.

Flock Safety even sent its chief legal officer, Dan Haley, to address concerns from the public. A resident had already recited the numbers before Haley took the floor: 401 searches by Flock employees, Owner-level access, live drone footage and hotlist control. Haley addressed none of it.

Haley spoke about machine learning training data — de-identified images, less than 1%, used to improve plate-read accuracy. The city’s own attorney called the data-use provision a loophole and said it could be closed in the new contract being negotiated. Haley corrected her on-mic: “It’s not a loophole, it’s for system quality and improvement.” It wasn’t a question anyone had asked — not even the FAQ.

The council member who asked “It seems like Flock staff has access to our footage. Is that true?” got an answer about plate-design recognition models, but the real question, why a VP of Business Development was searching for “potatoe chip van” on a live police network, went unasked by the council or the city staff who “audited” Flock. Haley certainly did not volunteer an answer.

The Dunwoody police chief did confirm that Flock engineers had been inside the system “under agreement” for integration and testing. There were no immediate objections from the dais to a commercial company using city residents as surveilled guinea pigs — nor, for that matter, to its marketing team using Dunwoody PD to shoot commercials.

The Endorsement

Dunwoody’s Technology Director’s written assessment — submitted to council alongside the FAQ — concluded that the risks of continued Flock use are “acceptable,” in part because “the users accessing the data are law enforcement meeting CJIS standards.”

The same assessment scored “Non-PD direct logins” as a Yellow risk — a documented, acknowledged problem that undercuts the memo’s overall conclusion, which rests on the premise that only law enforcement has access.

The full security assessment matrix tells an even worse story.

@Dunwoody Flock Security Assessment Matrix

All six vendor remote access control items — “Vendor remote access controls,” “MFA enforcement,” “PAM (JIT, vaulting, break-glass, recording),” “Provisioning/deprovisioning,” “Credential storage/password policy,” and “No backdoor accounts” — were rated Green.

That would be good, except the supporting evidence column for every one of them: no evidence. For “No backdoor accounts,” the assessor specifically requested a written attestation from Flock’s security leadership. It was “not specifically provided as requested.” Green anyway; we have apparently entered a new era of vibe-based auditing and compliance.

Item Q4.6 asked whether Flock had made audit log field reductions since October 1, 2025. The answer: none. The rating: Green. The assessment was prepared for the March 23, 2026 council meeting — more than three months after Flock’s December 9, 2025, mass email blast to its customers announcing that officer names, license plates searched, vehicle fingerprints, and open-text search reasons were being removed.

The only item on the matrix rated Red was Q8.1: breach/security incident history. Flock told the assessor it had no breaches in the past three years. The assessor noted that “camera breaches have been highly publicized and should have been mentioned at a minimum (December 2025).” Even the assessor could see that one. It probably would have been hard to deny when Benn Jordan, the security researcher who made the video that exposed the problem, spoke at the start of the meeting.

The Mahoney video shows what no-evidence Green looks like from the inside.

After more than an hour of public comment and questioning, the council voted unanimously to defer the Flock 911 contract to the April 13th meeting, pending completion of a new master service agreement. The motion was made by Stacey Harris, seconded by Rob Price. No one voted against deferral. No one voted to cancel.

The Moment

The reality is that non-sworn city staff have access. As do Flock employees. As does the FBI.

Flock’s standard response to this kind of reality check is to observe that employee access is technically logged, that TFO searches are formally local-agency queries, and that civilian staff access is controlled by the agency rather than Flock. Even if that were all true, it’s a description, not a solution.

Via Unraveled Press.

The people doing the account sharing don’t even know who does what searches; they consider getting caught “undue attention” rather than a violation of federal security regulations and professional standards. A November 2025 letter from Senator Wyden of Oregon says his staffers were able to find Flock accounts for sale.

As a custodian of billions of data points on hundreds of millions of people, Flock should be trying to prevent these problems, but instead it actively engineers them. Its public position is that of the passive service provider in an imaginary world where local governments are in the driver’s seat.

In private, Flock employees are placed on police department rosters, so that a VP’s search for rocket cars is attributed to the department, not Flock. Then it strips the audit fields that would let officials detect the difference.

This analysis looked at a single, relatively small police department. There are tens of thousands of users with law enforcement level access across 6,000+ departments, and hundreds, possibly thousands, of those users were never vetted by anyone. Dunwoody deferred the vote. Other cities will face the same choice. All that elected officials have to do is read the paperwork.

We don’t need to let Flock define “this challenging political moment.” We can vote them out.

Flock Intelligence does not appear in any audit log before August 2025, and it is absent from the org audit entirely. It only shows up in the network audit, meaning it searches Dunwoody’s cameras from outside the department.

The searches

Over 80% of Flock Intelligence’s queries are FreeForm searches — the AI-powered text prompt feature analyzed in detail here. That earlier analysis showed that Flock’s moderation system warns about political searches but does not block them. Flock Intelligence’s searches confirm that pattern.

Political expression

Among the 170 unique text prompts, a cluster targets vehicles by political expression:

• “a truck with a trump flag on it” — warn
• “red honda accord with a trump bumper sticker” — warn
• “green car with trump bumper sticker” — warn
• “vehicle with trump bumper sticker” — warn
• “a SUV with a yellow don’t tread on me flag” — warn
• “a red nissan rogue with a don’t tread on me flag” — warn
• “don’t tread on me flag” — warn
• “american flag” — warn
• “a car with a british flag” — warn
• “dallas cowboy flag”
• “vehicle with a Dallas Cowboys star sticker”
• “vehicle with a Falcons logo”

Every political expression search was warned — and every one went through. The sports team searches passed without even a warning, which tells you where the moderation system draws its lines and how firmly it enforces them.

What got blocked

The moderation system blocked searches describing occupants:

• “car with two occupants” — block
• “car with 2 occupants” — block
• “4 door truck with 4 individuals” — block
• “four people inside car” — block
• “green vehicle with a roof rack 4 individuals inside” — block

And a handful of subjective descriptors:

• “green car with trashy stickers on it” — block
• “orange car with person and red shift” — block
• “crazy looking car” — block

Other warned searches include “pink breast cancer awareness plate,” “pink ribbon sticker on plate,” and “german shepard in back of pickup truck.”

So: searching for a specific political candidate’s bumper sticker gets a warning and goes through. Searching for “crazy looking car” gets blocked. That is the moderation hierarchy Flock built.

Recurring patterns

Some searches recur across months in ways that suggest either ongoing tracking:

“Black Mercedes GL450 4MATIC” appears in October, November, and December. In December it evolves into “black Mercedes-Benz GLB 250 SUV” and several variations — the same vehicle tracked across a quarter, description refined over time.

“Armored truck OR Brinks truck” (and variations) appears every month from August through December. This is the most consistent search pattern in the dataset.

“White Dodge Charger with black roof and black stripe” recurs October through December with slight wording changes.

Again, this is not a police agency. It is a private party performing long-term surveillance on locations of Mercedes and cash-in-transit vehicles.

Possible reasons range from harmless testing queries (over multiple months — so that seems unlikely), to employees selling intelligence to criminal actors, to some sort of commercial service.

Person searches

Three prompts target people rather than vehicles:

• “white t-shirt” (objectClass:person)
• “person on scooter” / “person with scooter” (objectClass:person)
• “yellow backpack” (objectClass:person)

All were allowed by moderation.

Other Flock organizations in Dunwoody’s logs

Flock Intelligence is not the only Flock-affiliated entity searching Dunwoody’s cameras. Four others that we’ve seen previously appear here as well:

“Flock City PD - Law Enforcement Demo” searches Dunwoody’s network every month of the year. That is a demo environment running against a live police department’s surveillance data — not a sandbox.

“Flock RTCC” — Real-Time Crime Center — searched Dunwoody’s network in January and March.

“Flock Safety - Admins” and “Flock Safety - Engineering” are self-explanatory: Flock employees with direct access to customer camera networks.

In total, Flock-affiliated entities account for over 1,000 searches of a single police department’s camera network in 2025.

What is Flock Intelligence?

It is not listed as a law enforcement agency. It does not appear on Flock’s public-facing product pages.

Its operator identities, search filters, and case numbers are all redacted in the logs Flock provides to its own customers. Dunwoody PD cannot audit who at Flock Intelligence searched their network, what they were looking for, or why.

As I publish this, at 6:10pm (CDT) on March 23, 2026, Dunwoody PD and Dan Haley — Flock’s chief legal officer — are telling the City Council that access is only granted to police agencies, and only for criminal investigative purposes.

Again, police and Flock say one thing, the logs say another.

Someone, somewhere — who is not police — is tracking live data about these vehicles.

March 24, 2026 update: Removed claims about Flock Nova pending further verification.

Even if the original footage is available to Flock, you may get an edited or altered version (e.g. cropped or with watermarks overlaid), or a reduced-resolution version. You may also get it late, or never, and the conditions for access are at Flock’s discretion.

Although Flock revised its terms again soon after, restoring on-paper “ownership” to the customer but giving itself broader license to do what it wants with copies, the prediction held. An open records response from Missouri shows the result of Flock’s policy of “ownership.”

The Original Footage

The request was made by Deflock Joplin, the group responsible for the January 2026 headline “Joplin officer no longer employed after alleged misuse of license plate tracking system.” The records request is straightforward:

Recordings from the Flock LPR camera located at 4th and Maiden Ln from 2/16/2026 starting at 5:00 PM lasting until 6:00 PM. This camera is on the south west corner of the intersection facing a southern direction. The records requested should include stills, video, and all other records generated by the camera. I request the data from Flock OS and the camera’s internal storage.

The City of Joplin charged $23.57 for the request and fulfilled it a couple of weeks after receiving payment with a file “Flock_Safety_Search_Image_Results_3-9-2026_1-22-54PM.” The city did not include 40 minutes of footage/images, stating “we are currently experiencing a technical issue affecting this functionality.”

While technical issues that prevent a city from accessing “its” data would be a cause for concern, rumor has it that the “technical issues” in question occurred somewhere between the keyboard and the chair, and the city did not understand how to save images. The city did supply the missing 40 minutes once the discrepancy was pointed out.

World’s Fastest Truck

As far as we know, Flock cameras take a series of images and/or a short video clip when they detect motion. Flock and police often emphasize that it’s “only the license plate” or “just the back of the vehicle.” Of course, the laws of physics dictate that you can’t know what’s in a picture before you take it. This truck is a demonstration:

These two images were taken in rapid succession. It’s hard to even tell the vehicles are in a different location, but you can see the “Flock Safety” watermark is positioned differently.^[1]

These images are clearly of the front of the vehicle. But that’s not the interesting part.

Metadata and Time Confusion

Some of these images have been used as evidence at criminal trials, many in the “over 30 cases” that Flock likes to falsely cite as upholding the constitutionality of its cameras. The timestamps on the Joplin images should give anyone relying on that evidence pause.

The filename for both images contains “2026-02-16T23-39-42.219+00-00”, suggesting the images were taken less than 0.0005 seconds apart. That is neither possible, nor true, based on what’s in the images: we can see the car moving maybe 10 feet. Tacomas don’t typically travel at hypersonic speeds exceeding Mach 17.

The timestamp in the picture is “2/16/2026 17:39:42 CDT.” This is an odd mix. The date is unmistakably American (mm/dd/yyyy), but the time is 24 hours rather than am/pm. On February 16, that’s not confusing. Four days earlier, it might have been.

But even more confusing is that the timezone is labeled as CDT, or Central Daylight Savings Time (UTC-5). Daylight savings is not in effect in the middle of February in Missouri, when CST (UTC-6) is in effect. The image is ambiguous as to whether it shows an image taken at 5:39pm or 4:39pm.

The timestamp in the filename (23:39:42.219 UTC) suggests the labeling (“CDT”) is off, but we’ve already established that it is not possible for the timestamp to be accurate for both images until we have hypersonic Tacomas.

The (EXIF) metadata has been scrubbed, so there is no third hint.

That leaves these images without a reliable timestamp. These aren’t abstract concerns — they cast doubt not only on the accuracy of these files, but on the accuracy of every other image produced by the same system.^[2]

The only way we can determine the time with any certainty is by looking at the position of the sun and the 5:59pm sunset noted in the almanac for Joplin, MO, on February 16.

AI-based surveillance so high-tech you need a sundial to make sense of it.

License Plate Detection

The other piece of metadata in the image, below the timestamp, is a license plate: 0FH D30. According to lookupaplate.com, the plate corresponds to a 2014 Toyota Tacoma with an extended cab.^[3] The plate is also formatted per Missouri’s light truck standards, with a renewal date in April (F) and a last sale date likely in 2023 or 2024 (H).

The quality of these images is extremely low (second image), to the point where they no longer contain the license plate information.

Everyone who has ever used a computer knows that the “zoom and enhance” from movies and TV shows isn’t really a thing. Sure, you can backhack and extrapolate some data, but here too the laws of physics get in the way.

Access to the Image

If we assume Flock abides by the laws of physics — if no others — then the only sensible conclusion is that the license plate encoded in the bottom-right of the frame was not derived from these images at all, but from some other image that the City of Joplin theoretically owns, but can’t access.

This also independently follows from the fact that the images have watermarks and metadata overlays, assuming those are not created by the hardware itself.^[4]

The requester was precise and asked for “the data from Flock OS and the camera’s internal storage” to ensure he got the actual image, and not only a presentation version.

A high-resolution version must exist somewhere. Flock generally suggests that the city owns the original image and that it will be retained until the end of the retention period. That is to say, Flock should not be deleting its customers’ data without authorization.

Joplin provided the images shown and states that “[t]he Sunshine Law does not require the Department to obtain duplicate copies of the same data directly from the vendor or from the camera’s internal storage in addition to what we can access via our portal.”

In other words, there are no originals, but even if there were, the city can’t access them.

Not even Joplin, the ostensible owner of the images, is allowed to look at them.

Below is an AI-enhanced image, where Google’s “Nano Banana” (a generative AI upscaling model) has filled in the blanks by making up what could have been in the picture.

This image does not show the actual content of the original, but it shows a level of clarity and detail that is much closer to the original image captured than the blurry version that Joplin can access and provided in response to the request.

The Tacoma is not an outlier; there are cars (picture 1, picture 2), SUVs, and — just to cover “we don’t photograph people” — a motorcyclist. None of these plates are legible.

The Original Logs

The ownership problem extends beyond images. Logs suffer the same fate. I’ve written at length about Flock unilaterally removing log data, and how that cuts against both the supposed immutability of the logs, as well as customer ownership.

I’ve alluded to how, in some states, it may fall under statutes prohibiting the alteration or destruction of public records, and written about how Flock inserts itself in open records requests even when law prohibits doing so. I won’t rehash all of that here.

Instead, I give you the Flock “Customer Guidance for Preserving and Requesting Flock Data for Public Records Requests”:

@Customer Guidance for Preserving and Requesting Flock Data for Public Records Requests

It’s a guide on how to submit requests for data via Kodex, which, according to Flock, “is a secure digital platform for managing, processing, and responding to data and legal requests.”

Flock uses the system for “Legal requests,” which apparently includes open records requests, “Preservation requests,”^[5] and “Quick questions.”

Once the ostensible owner of the records requests “their” records from Flock, “Flock’s Evidence Division and Engineering Team will review your request, pull available data, and transmit the completed data package through Kodex.”

Flock does note that “our Evidence Policy asks for 14 calendar days to fulfill requests. If data is needed sooner, we are motivated to help customers to meet any FOIA/PRA deadlines they are facing.”

Government agencies are responsible for their own deadlines. In states with statutory deadlines, and even those without, the requirement is not “respond within 10 days, or later is fine too if your vendor is not feeling it.”

In fact, a 14 calendar day limit exceeds the statutory deadline in several states, and entering into a contract that formally requires non-compliance with law is a legally dubious proposition.

Ownership in Name Only

Officials tell the public that Flock’s cameras “take a picture of the back of the vehicle” and “only capture license plates.” They assure us the image does not include the vehicle’s occupants.

Cities like Joplin genuinely can’t access all of “their” information. They uncritically accept blurry images with derived license plates, and if they want the originals, they must ask the vendor nicely and wait at least 14 days — or less, if the Spirit so happens to move Flock.

The ownership is a fiction. The customer has never possessed the original image or the original log. If it can even obtain it at all, it can’t do so independently; it can only submit a formal request to Flock — which will respond on its own timeline, in whatever format it chooses.

That’s not ownership. That’s a favor.

And this is the evidence that’s putting people in prison.

Deflock Joplin published its own analysis of the images, where they raise some excellent points.

Note: The images in this article are post-processed for web delivery. They may be of slightly lower quality than the originals. The originals are available via MuckRock.

• Traffic Infraction
• City Planning/Traffic Analysis - test
• Welfare Check
• Larceny/Theft Offenses - Unauthorized use of a vehicle

VIPD appeared in recently imported log files. It’s not uncommon for new agencies to show up, but this may be the first instance of an agency outside the continental US we’ve seen. It raises some interesting questions. First and foremost: why?

It’s always been highly questionable for an agency in, say, Washington to claim that it has any legitimate purpose for querying data from Florida. The Virgin Islands being, well, islands, takes it from “questionable” to “downright ridiculous.”

At least someone in Washington could steal a car or run a red light and flee to Florida. In fact, I’d put money on at least a handful of people having done that or something similar. Is it likely? No. Is it possible? Sure, I guess.

But the argument here would be that someone stole a car in the Virgin Islands, left the plates on, shipped it to the mainland via commercial freight — which presumably checks VINs — and then drove it around Rogers, Arkansas. You couldn’t get that fiction published in a creative writing course.

It’s another instance of Disproportionate by Default.

This is also a department operating under an active Department of Justice consent decree for unconstitutional policing practices.^[1] The combination — a department with documented civil rights problems, plugged into a nationwide surveillance network, running searches with no apparent investigative nexus — is exactly the scenario that audit requirements are supposed to catch.

Flock’s contractual standard limits use to “legitimate public safety and/or business purpose[s]” — a bar so low it’s practically subterranean. And VIPD still managed to limbo under it.

VIPD’s searches were visible to Flock and every network they queried. Each of those 5,000+ receiving agencies claims to audit its incoming queries. Every one of them should have flagged a Caribbean police department searching for traffic infractions on the mainland. None did.

Whether that is already done or will be done soon is unclear, but it answers another recent question: “what happened to the ‘devices searched’ column?” A few weeks ago^[1] that column disappeared. We know Flock likes to alter contractual terms and unilaterally remove audit capabilities. We also know that its “Devices searched” field disappeared for a while between November 2024 and February 2025.^[2] It has been unclear if this latest removal was on purpose, and, if so, what that purpose might have been.

A quasi-enlightening email exchange^[3] begins in August 2025, when a police officer asks Flock about “vehicle reads from the Condor cameras.” (Quick reminder: Condor is Flock’s PTZ “AI-powered video” camera that automatically zooms in on your phone). This was confusing to the officer because Condor cameras are not ALPR devices. He, like many elected officials and police officers, likely did not understand that Flock’s LPRs aren’t either.

There is no meaningful difference between an “LPR” (which, by the way, is Flock’s product name, not its category) and a “Condor.” They record things, they are analyzed via machine learning or AI, or Upwork contracts, and they are searchable by anyone Flock chooses to give access. Both the “LPR” (formerly “Falcon” and “Sparrow”) and the “Condor” are AI-powered surveillance cameras.

The officer’s inquiry came about 4 months before YouTuber Benn Jordan disclosed a separate security failure on the same Condor line: debug interfaces on what Flock characterizes as “a very small number” of units had been left Internet-accessible without password protection. Flock said it was a limited, isolated configuration issue and blamed it on Verizon. It was, however, another symptom of having no organizational controls in place. Both incidents involve Condor cameras doing things they weren’t supposed to do, and Flock did not proactively notify its customers about either.

A little over a month after the officer’s email, a search revealed >257,000 cameras. The log entry was accompanied by a note:

An issue was identified that caused the system to initiate unprocessed search activity on a larger set of cameras than intended by the user. No footage or data from these devices was accessed or viewed. The underlying bug has been fixed, and additional safeguards have been implemented to prevent recurrence.

At the time, I noted that the note does not deny that the cameras were real. I concluded that the “number includes Flock’s retail customers, like Lowe’s, Academy Sports, and FedEx.” My conclusion was based on an assumption that Flock would not merge what it holds out to be its “LPR” network and its general-purpose “AI-powered surveillance” network. I now believe that assumption was wrong.

Flock checked with engineering and responded to the officer’s email. The response was that Condors should not be showing in the “vehicle reads,” but that the engineering team was working on some new features for 2026. It was “refining” some of the data. That, according to Flock, is what caused the issue. The answer was not any more specific.

What “refining data” means is anyone’s guess, but what we do know is that Flock was rolling out FreeForm around that time. FreeForm went into “Early Access” in March of 2025. “Early Access” is a term you’d expect to find on Steam, not in your mass surveillance contract. On Steam, the term is widely understood to mean “buggy and not suitable for any serious use” — a warning that your save may be deleted or your PC might crash. Flock slaps the label on a technology that can search for people, where it’s constrained only by a broken AI moderator.

I’ve often mentioned the other oddities in August 2025; possibly first in an analysis of logs from Santa Cruz, where 90% of logs disappeared overnight. That data also showed a massive change in “search” vs. “lookup” usage, a pattern that would become visible across organizations. For example, Houston, TX, did 492,000 searches in May but “only” 183,000 in August (still roughly 6,000 searches per day).

Maybe by August our civil rights were ready for beta.

These anomalies have never been mentioned in an audit report that I’m aware of, and Flock has not addressed them other than maybe through this statement about data refinement.

After the email exchange, and reviewing data from the FreeForm report, I now think it’s likely that the 250,000 number reflects Flock’s broader network — with or without retail customers — including Condor and potentially other AI-powered surveillance cameras. The email doesn’t say that. But Flock was actively “refining data” across camera types at the same time FreeForm soft-launched, and the 250,000-camera anomaly appeared one month later. That’s circumstantial. It’s also the most coherent explanation available until Flock, or any of its customers, offer a better one.

After unification, maybe Flock will (or does) offer a search interface that attempts to maintain illusory ALPR status, or maybe it will (or does) have a single interface for searching over a quarter of a million cameras that automatically follow you around and zoom in on your phone. Its AI moderator could continue to approve terms like “jeans” and “tweaker on a bike”, or it could not.

Maybe Flock will bring back the “Device count” column some day, maybe not.

We still don’t know what they’re refining or why they’re refining it, but whatever it is, they’re doing it in secret. The column is gone, the data changed overnight, and not a single audit report has addressed it.

Its newly-launched Trust Center answers such hard-hitting questions as “Is this mass surveillance?” with:

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat.

Though, to be fair, that answer is better than the complete fabrication elsewhere on its page that says “Flock does not operate a centralized or open surveillance database. Each customer environment is independent.”

The meaning of “centralized database” is clearish — Flock likely tries to distinguish it from a decentralized database. In this case, that claim is similar to claiming your kitchen is not a centralized place for your pots and pans because you have multiple cupboards.

“Global database” is equally almost-apparent. What the new term “open database” (it also appears on another page) is supposed to mean is murky. Maybe it will clarify later, or maybe the murkiness is the point.

In any case, it will be interesting to see what elements survive contact with the legal team. One page makes claims about academic research partnerships and third-party audits — neither appears to exist in any meaningful way:

Another page claims that the GDPR is “The world’s strictest standard for data privacy.” Which is not only incorrect, but shows a complete lack of understanding of what GDPR actually is and how it works (it is a regulation that sets a floor, not a ceiling — member states can and do impose stricter requirements).

Anyway …

The fact that a half-finished set of pages found their way to production is embarrassing but not, in itself, a major issue. I can’t judge that too harshly because I pretty much develop in production all the time.

Where it becomes an issue is when you’re looking at organization-wide controls and data governance, as in SOC2 or ISO27k1, which Flock cites in support of its being deserving of trust.

These are essentially wireframed pages. Who deployed them to production? The answer to that question is almost certainly some web developer or marketing associate working on the page layout and design.

Did Legal or Compliance approve statements like “Lorem ipsum” for public consumption? My magic 8-ball says “absolutely not.” Did the product team review the system description for accuracy? “Try again.”

The release of these pages is a symptom of Flock’s broader problem: it fails to implement meaningful controls on access while claiming it has them in its marketing materials. This page is one example.

Another is this screenshot from a video showing a Flock customer service representative with full access to the admin interface for what appears to be every single Flock customer:

According to Flock’s lorem-ipsum-heavy Trust Center, we are looking at independent customer environments with proper access controls, and definitely not a centralized or open surveillance database where a low-level Flock employee can click a button to obtain access.

The secondary problem in that screenshot (there are more in the complete video, but more on that later) is that Flock apparently classified the Olympia Fields IL Park District as “Law Enforcement.”

Presumably that means that it has access to the database that stores information from Flock’s national network of 250,000+ cameras (more on that later too).

This is a problem because the Park District does not appear to be a law enforcement agency at all — it manages playgrounds, picnic shelters, and a disc golf course.^[1]

But once again, nobody appears to have caught the error, despite all the safeguards, constraints, audits, and controls that Flock touts in its trust centers, old and new.

An agency has access to data it’s not supposed to have, which shows up in a video recorded by someone who can access data they’re not supposed to have access to. The Trust Center, which was also published by someone who should not have published it to an environment they should not have access to, says everything is fine.

Flock can’t be trusted. No amount of lorem ipsuming will change that.

• Data Privacy
• Facts vs Myths
• Civil rights
• Law enforcement

Where Hotlists Come From

First, the official watchlist: this comes from the FBI’s National Crime Information Center (NCIC), which is “a computerized index of missing persons and criminal information and is designed for the rapid exchange of information between criminal justice agencies”.^[1] The FBI’s database was created in 1967, and has since grown tremendously in scope.

NCIC stores information about property (vehicles, firearms, etc.) as well as people (e.g., warrants, gangs, terrorism, anyone of interest to the secret service). This information can then be queried by state and local agencies, in accordance with the FBI’s terms, which are laid out in federal regulations and the CJIS Security Policy.

The information from NCIC — which is often inaccurate — is uploaded by states, after which the federal government and its state partners make it accessible to federal and local agencies via portals like Palantir’s ICM and Falcon, and, to the point of this article, Flock’s FlockOS and its “hotlists.”

Until recently,^[2] Flock had a blog post on its website called “What Happens When a Wanted Car Passes a Flock Safety Camera?” That post appears to have been deleted in a hurry. It is still linked to from Flock’s other blog articles, including one that describes the “Hot List feature.”

Because Flock has requested that sites like archive.org’s Wayback Machine not archive the content on its site, an archived copy is unavailable, but here is a paragraph from a referencing post:

Flock Safety’s Hot List feature allows businesses to receive alerts on stolen vehicles, known wanted criminals and more, as long as the private business chooses to share their LPR cameras with law enforcement. Law enforcement will then be automatically notified if a vehicle associated with the NCIC enters your property, allowing them to take action. It works via an integration into the Federal Bureau of Investigation’s National Crime Information Center (NCIC), which is updated daily.

Customers can also place at-risk vehicles or license plates on custom Hot Lists to alert law enforcement or on-site security instantly if/when they enter their property. — “Vehicle and Catalytic Converter Theft: Flock Safety’s Solutions for Businesses,” Flock Blog, May 14, 2025

The “Customers” referred to are Flock’s commercial customers.

The Unregulated Layer

This is the second category of watchlist: managed by local police agencies, HOAs, neighborhood associations, and businesses, and shareable without constraints — but somehow still exempt from public records law, according to police agencies.

NCIC entries, which have specific retention policies and restrictions on sharing, are often copied to custom log entries in the Flock system.

Other entries, like the one shown on the “SUS Vehicles” hotlist, can be for vague reasons like “Poss vin swap, stop and verify” — suggesting the vehicle has been placed on the list to be stopped without probable cause, or, at best, for pretextual reasons.

These stops are then combined with departmental policies to keep their use secret, like those seen in Wapello County, Iowa:

DO NOT MENTION ALPR USAGE TO THE OCCUPANTS OF THE VEHICLE. Simply reference that you ran the plate and observed an NCIC hit … DO NOT MENTION ALPR USAGE IN YOUR REPORT OR COMPLAINT UNLESS ABSOLUTELY NECESSARY. … If it is necessary to explain in a report, it is advised to use language such as “Using County resources, I discovered the suspect vehicle was bearing Iowa plate…” — Wapello County Sheriff’s Office SOP III-20, November 7, 2025.

Whether a stop was conducted based on a watchlist hit can only be established if a defense attorney asks the question and the police answer it. That may not happen until the victim of an unlawful stop has spent days, weeks, or even months in jail.

What Counts as a “Reason”

I examined 800 “Custom Hotlist” entries entered by Harris County Constable Precinct 5^[3], which covers over 300 square miles of western Houston suburbs — an area with 1.3 million residents, policed by roughly 450 sworn deputies. 101 of those deputies — nearly one in four — appear as users in the hotlist logs. 51% of entries had no listed case number and 73% were set to never expire. The criteria used varied from outstanding warrants (copied over from NCIC), vague suspicion that a VIN may be altered, or no reason at all.

An investigator at the Precinct 5 constable’s office used Flock to locate and seize a vehicle for an alleged theft that another county refused to investigate, that was never entered into any criminal database, and whose statute of limitations expired seven years earlier. The hotlist entry reads:

Vehicle is not listed as stolen in NCIC/TCIC. Registered owner claims vehicle was stolen out of Colorado County in 2012. Colorado County refused to enter vehicle as stolen. Find PC and stop/identify all occupants… Vehicle will be seized for a Civil Seizure hearing. Do not release vehicle

Investigator James Dancer created this entry on July 3, 2024, for a Texas plate ending in –981^[4], case number 2407-00085, with a one-month expiry of August 2, 2024.

The vehicle was allegedly stolen twelve years ago, according to a claim by the registered owner. Another agency — Colorado County — had already declined to enter it as stolen; possibly because the statute of limitations expired seven years earlier, in 2017.^[5]

Colorado County already decided there was no criminal case here. Dancer’s entry instructs his peers to manufacture a justification for a stop (“Find PC”) and seize the vehicle anyway. That outcome (“Do not release vehicle”) is predetermined in the hotlist entry. Once the vehicle is seized, civil forfeiture requires only a “preponderance of the evidence” that the vehicle is connected to criminal activity.

The vehicle, which is at least twelve years old, won’t be returned to the registered owner. Instead, it will be sold at auction and the proceeds will go to Dancer’s department and the Harris County district attorney. The Institute for Justice has previously filed a class-action suit for exactly this type of abuse of the civil asset forfeiture process in Houston.

Dancer’s entry also contains an instruction that appears 47 times across the 800 entries: “Find PC and stop/identify all occupants.” In 31 of those, the instruction was created by Kayla Cohan (formerly Fesperman) using a near-identical template: “BMV Susp Vehicle- BLK FORD BRONCO-Develop PC, Stop and ID Occupants.” Burglary of a Motor Vehicle (BMV) is typically a misdemeanor. These entries instruct officers to first locate a vehicle through Flock’s automated surveillance, then find or develop a legal pretext for the stop afterward — inverting the Fourth Amendment’s requirement that probable cause precede the seizure.

There is no reason to believe that the “occupants” of these vehicles, who are entirely unknown at the time the entry is created, are involved in the crime the driver is suspected of committing. That crime is equally unknown until someone “finds PC.”

Similarly, another one of Dancer’s entries for a vehicle that could be related to shoplifting at Bath and Body Works contains a slightly more detailed instruction:

Bath and Body Works Shoplifting Suspect Vehicle/ Find PC, Stop and Identify all Occupants. if any arrests are made, contact Investigator James Dancer (5I10), will most likely make scene. Contact Pct. 5 Dispatch (281) 463-6666. Send all questions/ information to James.Dancer@cn5.hctx.net

The investigator email addresses and direct phone numbers embedded in these reason fields serve a secondary purpose: when hotlists are shared between agencies, the receiving agency also receives internal contact information for the creating agency’s investigators — an informal contact-sharing network piggybacking on the surveillance system.

Another vehicle is put under indefinite surveillance by Andrea Trevino. No case number given: “SURVEILLANCE ONLY//DO NOT MAKE CONTACT.”

Jose Ramos added 6 vehicles for “Tolls” — five with no case numbers, one with case number “N/A”, all set to never expire.

Mental health crises can land you on the watchlist: “SUICIDAL GUY” (one month), “WARRANT AND SUICIDAL GUY” (no expiration), “SUICIDAL ARMED” (one month), “Welfare Check” (one month). None had case numbers.

You can also earn a permanent watchlist spot for how your car sounds: “Engine does not sound stock;” or for cryptic reasons like “300 has a badge”, “Memorial Mall”, or simply because the sergeant said so (“Sgt request”, case number: “theft warrant”).

Other entries include “SUS”, “sus veh”, “susp”, and “fug”.

A dashboard from an Iowa agency shows that even where reasons are entered, they indicate problems; there is a hotlist for “Sex Offender” — a conviction is not justification for indefinite surveillance — as well as a hotlist for “Protection Order.”

That latter category’s existence is surprising, given that Arkansas and Wisconsin police failed to act when a person with an ankle-monitor passed at least one Flock camera, as he went to the home of a 16-year-old who had a protective order in place. The pair then disappeared for two months, until someone spotted them at a truck stop in Nebraska.

Sharing Without Scrutiny

When hotlists are shared, the receiving agency receives an automated email from Flock. That email considers the data sharing to be “Great News!” and provides instructions on how to start using the shared hotlist.

What it does not provide is information about what is on the list — including whether the hotlist contains any information sourced from NCIC, which would be restricted by law. It also does not provide information about the policies in place for maintaining and populating the list.

Flock sent the email above to a Minnesota agency. The email does not mention that Minnesota law^[6] says ALPR data “may only be matched with data in the Minnesota license plate data file” or when related to an active criminal investigation. Instead, Flock cheerfully directs its agency customer to accept the mystery hotlist from Florida — in a way that more likely than not violates Minnesota law — and thanks them “for being part of the Flock.”

Although Transparency Portals include a “Hotlists Alerted On” column, Transparency Portals don’t appear to show custom hotlists.^[7] Flock’s transparency portal configuration tool, however, shows that “This value will be automatically generated according to your Flock settings.”

Flock Won’t Say How Often It’s Wrong

A common concern surrounding the use of automated enforcement is accuracy — we know that misreads happen, but we don’t know how often. And Flock won’t say.

Flock monitors and collects misread rates; it declined to provide Business Insider with specifics about the data. When customers flag misreads, that data is pulled into the company’s training set to improve its model, and the company works with local law enforcement to understand the cause of the incident, a spokesperson said. — ‘Flock Flocked up’, Business Insider, March 9, 2026.

What Flock has said, in its undated^[8] blog post “Assessing the Accuracy of Computer Vision Methods for Traffic Data Collection,” is that “Flock Safety cameras correctly identified 92.3% of vehicles by classifying them across six vehicle categories via computer vision, in accordance with the FHWA’s 13-bin classification system.”

The FHWA 13-bin system uses broad categories like “Motorcycle” or “Five-axle single-trailer trucks.” It has several categories for tractor-trailer combinations with differing numbers of axles. Flock doesn’t specify, but most likely reduced the number of bins to six by collapsing several vehicle classes into a single “truck” classification.

That 92.3% figure measures vehicle type classification — whether the system can tell a motorcycle from a tractor-trailer — not plate-reading accuracy. If Flock’s cameras fail to correctly classify vehicle type in nearly 8% of cases using these broad categories, their accuracy at reading individual plate characters or matching the more granular attributes in its FreeForm search — clothing, dents, and other vehicle and person characteristics — is anyone’s guess. Flock’s refusal to disclose plate-read accuracy or submit to independent auditing leaves that question unanswered.

Even NCIC Gets It Wrong 77% of the Time

But even when accuracy is discounted, an overview of Axon data from the Story County, Iowa sheriff’s office^[9], shows that matches are often a bust. In Story County’s “Erroneous hotlist hits” report, which covers approximately a month, hits were only sourced from NCIC.

In that month, the sheriff’s office reported 214 incorrect hits. 165 (77%) were flagged “Wrong state,” 10 were “correct” but “No action taken,” “No Associated Party in Vehicle” or “Parked - Unoccupied,” 7 were “Dismissed,” and 3 were “incorrect.” The report does not include information about the total number of scans, or the number of accurate hits.

77% of vehicles from NCIC being matched to vehicles from the wrong state is an issue. The issue is further compounded by NCIC not distinguishing between characters like “O” and “0” or “I” and “1”. And that’s NCIC, which has policies on accuracy and review of information.^[10] For Flock’s “Custom Hot Lists,” all it takes for someone in Minnesota to get pulled over is for Brittany Smith from Florida to enter an incorrect digit.

Even if the technology were 100% accurate, which it isn’t, it is still subject to the principle of “Garbage in, garbage out.”

Who Else Gets the Data

After an entry is created or copied into a custom hotlist, users can opt to receive notifications through Flock’s mobile app. If the entry is criminal justice information (CJI) copied from NCIC, it may only be accessed through a secure workstation.

Instead, Flock encourages use of its mobile app, which offers simple on/off toggles for receiving alerts. It also offers notifications based on a user’s location, suggesting Flock mobile app users’ locations are being recorded and tracked.

The risks of inaccurate or poorly-maintained hotlists to the public are well-documented. In Sherwood, Arkansas, a Flock ALPR misread a plate obscured by a loose plate holder. Police ordered a couple out of their car at gunpoint and handcuffed the woman in front of her children. In Morristown, Tennessee, a Flock camera misread an “O” as a “0,” and the Herron family — with their 3-year-old granddaughter in the car — was pulled over at gunpoint. In Toledo, Ohio, a misread “7” became a “2,” and Brandon Upchurch was mauled by a police dog and jailed. And in Aurora Colorado, an unidentified system flagged an SUV as a stolen motorcycle from another state — the plate number was the same, but it was the wrong state, like in 77% of Story County, Iowa’s erroneous hits.

But members of the general public are not the only ones at risk — police officers are too.

The hotlist data itself is federally regulated under the CJIS Security Policy:

[W]hether it’s bring your own device (BYOD) or a agency-issued phone, [law enforcement] must follow the protocols set out by the FBI’s Criminal Justice Information Services (CJIS) compliance for mobile device security and adhere to the CJIS MFA requirements that go into effect October 1, 2024 — Essential guide to agency-issued phones and BYOD policies, Verizon Business, September 13, 2024.

But those rules don’t extend to the data Flock collects through the app — like location data. It can collect or resell that data, or use it in its other products. There is no requirement for Flock to safeguard that data, or to screen the people — employees and contractors — with access to that data.

How much of the data Flock transmits is unclear, but the mobile app has a direct integration with FullStory^[11], a “Behavioral Data & Digital Analytics Platform.” It is equally unclear where the data goes from there.

We have already seen the predictable outcome when Flock failed to secure an API key and leaked live location data, including this exact “Officer mobile app location data (phone, smartwatch).”

With no functional safeguards in place, a history of leaks, and no consequences imposed by the Department of Justice or state agencies, it is left for individual officers to decide if they want Flock to enter their realtime locations — potentially both on-duty and off-duty — into its database, and whether all of Flock’s employees, contractors, and partners should have access to that data.

No Recourse, No Oversight, No End Date

There is no mechanism to discover which agencies are using what custom hotlists, or for a person to discover whether they are on a custom hotlist, to challenge their inclusion, or to request removal. There is no judicial review, no expiration requirement, and no independent audit.

The entries examined here — 73% set to never expire, half with no case number, many with reasons no more specific than “SUS” — are not aberrations in an otherwise functional system. They are the system functioning as designed.

Flock’s marketing promises transparency and accountability. Its logs consistently tell a different story: indefinite surveillance authorized by a single officer’s keystroke, shared across jurisdictions without review, immune from public records requests, and enforced through pretextual stops that its own users are instructed to manufacture.

The question is not whether the technology works. The question is whether anyone is watching the people who use it.

The answer, to date, is “No.”

After writing yesterday’s feature announcement about the new cost estimate feature, as an afterthought I did a quick query to see how many agencies used “FreeForm” and how often it’s used. The result: 6,736 “FreeForm” searches in 2025 across 121 agencies. At a $50,000 annual subscription MSRP, that works out to roughly $900 per search.

Naturally, I wanted to know what, if anything, makes these searches so valuable.

Flock’s FreeForm

Flock writes that “Flock’s ALPR system cannot be used to search for human characteristics, like race or gender” on its ethics page. In another recent blog post, recently discussed here, Flock takes it a step further:

Flock products do not identify race. They do not target neighborhoods based on demographics. They do not rely on subjective descriptions. They do not expand broad discretionary stops.

Instead, they narrow law enforcement action to vehicles that have been objectively linked to reported crimes.

The FreeForm product page even promises that “[m]oderation tools help prevent biased or inappropriate searches and support responsible, community-trusted policing.”

That narrative is echoed throughout Flock’s website, and aggressively carried out by its 200 sales staff.

In Q2 of 2025, Flock launched a new feature that “is all about one thing: speed. Speed to leads.”

In a move that will transform the largest network of LPR cameras in the nation, Flock announced that every existing Flock LPR camera can soon become video-enabled at no cost to the customer.

FreeForm, Flock’s AI-powered search tool, now works not only on owned LPR cameras but also on shared ones. It also supports video searches—meaning you can now search for characteristics on people* (e.g., “man in blue hoodie with backpack”) just like you would search for vehicles. You can even set alerts on these searches: think “green ATV on a trailer” or “person in orange vest,” so you’re notified in real time when there’s a match.

Plus, FreeForm is now compatible with third-party video feeds (e.g., Genetec, Milestone), so agencies can leverage its power without needing to switch platforms.

It notes that “people characteristics cannot be searched on LPR feeds, only video feeds”.

The FreeForm report (was “Moderation Report”) has been online for a while, but with few search entries and no documentation I never paid much attention it.

Now, almost a year after Flock’s Q2 2025 product announcement, we have a collection of searches from network logs provided by Flock LPR-system users — searches that show lookups for “objectClass:person” and “objectClass:people.”

The Constitution

The 2020 memo to Congress “Racial Profiling: Constitutional and Statutory Considerations for Congress,” written after the death of George Floyd, gives an overview of the boundaries of permissible searches.

The Equal Protection Clause “bars most law-enforcement decisions based on race,” and this prohibition holds “even if members of a given race are responsible for more crimes in a particular neighborhood.”

Courts have also held that “an officer cannot meet the Fourth Amendment standard by relying on a person’s racial appearance, alone, as grounds for reasonable suspicion.” But an officer may include race when “searching for a person matching a suspect’s description and part of that description is the suspect’s race.”

The Searches: Dragnets and Military Personnel

After analyzing 3,217 searches from 124 agencies — 3,184 of which Flock’s moderation allowed, 19 it blocked, and 14 it warned about — it’s clear that the “FreeForm” system that’s implemented is not the one that Flock describes, or the one the Constitution requires. Instead, it is a digital free-for-all where cops go on fishing expeditions based on protected characteristics. Flock even blocks the most obviously constitutional searches.

Houston PD searched 53,017 devices across 3,734 networks for “white car with black front bumper” (reason: murder investigation). That is a description so generic and a dragnet so wide that it would match tens of thousands of vehicles nationally.

Houston PD also searched that same 53,000-device scope for “Marine Corps” and “volkswagen jetta U.S. marine corps” — the first of which is a bare military affiliation search with no vehicle descriptor at all.

“Marine Corps” as a standalone search term, run across the entire Flock network, is functionally a request to identify every vehicle in America displaying USMC insignia — which would include many active service members and their families.

Since December 2025, Flock redacts its network logs before providing them to its customers whose data is being searched. Those customers can’t see who ran the search. Flock, and many of its customers on the nationwide network, maintain no policies requiring background checks or prohibiting account sharing. That’s a “local decision,” says Flock.

We can’t say, or even begin to speculate, who searched the country for “Marine Corps” and for what purpose. All we know is that someone did, and that Flock’s AI-moderator approved it.

Louisville Metro PD regularly searched 39,000–42,000 devices across 2,600–2,800 networks. One search: “overloaded waste hauler” — a code enforcement query — hit 39,751 devices across 2,672 networks. Louisville is using Flock’s AI-powered search to run municipal waste-hauling compliance checks through a nationwide surveillance apparatus.

O’Fallon, Missouri PD — a city of about 90,000 people — searched 41,054 devices across 2,707 networks for the person descriptor “jeans.” No case number. Reason: “inv.” That search hit cameras in thousands of jurisdictions across the country, looking for Americans in blue jeans.

Corona, California PD consistently searched 11,400+ devices across 370+ networks for person searches including “a person,” “police badge,” and “fire” — the first of which is literally searching for the existence of a human being.

All of these are overbroad fishing expeditions using a mass surveillance system. There is no valid investigative purpose in looking up “a person” or “jeans.” Retrieving the location history of every US Marine in the nation does not prevent crime, it hurts national security.

The Moderation System: No on “white male” — Yes on “tweaker”

The most constitutionally defensible person search in the entire dataset was the California Highway Patrol’s prompt:

Looking for a white male about 6ft 1in tall, longer brown hair almost to his shoulders, slender build, will have been wearing blue jeans, boots with white paint stains on the toes and possibly carrying a black helmet

This was a search across only 91 devices and 3 networks. It is a textbook individualized suspect description: race as one of many physical identifiers, exactly as Fourth Amendment jurisprudence permits. It was run in a narrow area where this suspect was likely to be found.

Flock rejected the search. The most probable explanation, based on other searches, is that it saw “white male.”

Meanwhile, Florence, South Carolina PD searched for “all” (objectClass:people, reason: Robbery) — a search that matches literally every person on camera. Also allowed from Florence: “people,” “hoodie,” “jacket,” “jeans,” “Red.” These were searched across only 1 device and 1 network, suggesting Florence was early in deployment or testing, but the moderation system approved them regardless.

O’Fallon MO PD’s “jeans” search hit 41,054 devices. If Florence’s identical search was allowed on 1 device, there’s no scale-based restriction either.

Hemet, California PD searched for “tweaker on bike” across 1,581 devices and 30 networks. No reason given. No case number. “Tweaker” is a slang pejorative for methamphetamine users. This is the definition of a “subjective and invasive search” — targeting people by perceived social status and assumed drug use.

Unlike the search for a highly specific white male, the moderation system allowed this search for any tweaker.

The First Amendment

An objection that’s often raised is Flock’s (admitted) ability to search for bumper stickers and other characteristics. Flock regularly claims that it is only the existence of a bumper sticker that can be queried, not its content. That is not what the logs indicate.

Spokane County WA SO searched for “american flag,” “coexist sticker,” and “trump flag” on vehicles. All three triggered a warn status. The reason fields — “freeform suspicious search test” — indicate Spokane was deliberately testing the moderation boundaries.

What happens when Flock’s AI-moderator issues a warning is not entirely clear. From earlier analysis of frontend code, it is a dialog that can be clicked through. It’s possible that someone gets a notification or an email. We don’t know.

Flock’s system knew these searches were problematic, and it flagged them, but it did not block them, as its product pages promised.

Corona CA PD searched for “american flag” on people and got blocked. The same agency searched for “american flag” on vehicles and got warned.

O’Fallon MO PD searched for “vehicle with flag” across 40,235 devices and 2,642 networks. Allowed. No warning. The generic “flag” search is arguably broader and more concerning than the specific “american flag” or “trump flag” searches that triggered warnings.

CHP searched for “Hells Angels” as a vehicle descriptor nine times (8 allowed, 1 warned from San Jose PD). The allowed searches used reasons like “Investigative Follow-up” and “Traffic Collision.” Searching for vehicles displaying Hells Angels insignia — rather than a specific vehicle involved in a specific incident — targets organizational membership.

If CHP wanted a specific motorcycle involved in a traffic collision, the search would describe the motorcycle, not the association. Seven of the nine Hells Angels searches hit only 190 devices and 1 network, suggesting a narrow local scope — but the moderation principle is the same regardless of scale.

Audit Logs and Objectivity

Of course, the majority of these searches do not have case numbers. We know by now that the claim that “every search made within the Flock platform is logged and auditable, creating a tamper-proof trail of accountability” is completely false. The sensitivity of the data being searched here — like “Marine Corps” — highlights how important it is to be able to audit a search’s full context.

Only 85 of 3,217 searches — 2.6% — had a plate field that could have contained a value. None of the problematic searches discussed above were among them.

The “objective criteria” Flock allows include a descriptor like “tweaker” but not a detailed description of a white male. It allows searching for every white car, or every military member in the nation, and only lightly wags its finger at you when searching for protected political speech.

Flock’s AI-based moderation appears inconsistent and insufficient. It certainly won’t lead to “responsible, community-trusted policing.”

This is an insecure, unaccountable, and unrestricted dragnet that can be — and is — used to mass surveill Americans based on their political, professional, and religious affiliations, their protected personal characteristics, and their expression of speech. It is exactly what the Constitution prohibits.

For each of those searches, lawful or not, Flock collects $900.

I recently received a copy of Flock’s response to a CDPA request. The response was predictable: obfuscate, misdirect, and deny.

In this article, we’ll pick Flock’s response apart, because the Attorney General hasn’t. Yet.

CDPA 101: It’s GDPR Lite

The CDPAs adopted by the various states broadly follow a pattern inspired by Europe’s General Data Protection Regulation (GDPR). What they protect varies a little from state to state, but the general idea is “information that is linked, or linkable, to persons.”

In equally broad terms, whenever a “person” (government, business, natural person, etc.) collects or maintains protected data, they are a “controller” and someone merely handling the data is a “processor.”

In states with a CDPA, you typically can do things like request your data from the controller, opt out of certain data collection, find out how it’s being shared, and correct incorrect information.

Corporations in general, but mass surveillance corporations in particular, enjoy existing in liminal spaces. Even though various state laws require the separation to be clearly defined in contracts, the terms are often purposely left out, or, if included, left ambiguous.

That problem is compounded for government-funded corporate surveillance because the surveillance devices (cameras, microphones, what have you) and software are often said to be private, while the funding and operational infrastructure (permits, land use, and so on) is provided by the government.

A fun fact — and we’ll get to why it’s “fun” in a minute — is that the government itself is exempt from the CDPA.

A Response, Annotated

With respect to any systems over which Flock is a controller, we did not locate any data in such systems that matched the information provided in your request

It is unclear what systems Flock refers to, but clearly it admits it is a controller of some systems.

But let’s gloss over that really, really quickly.

With respect to any data which may temporarily be stored on Flock Safety devices, such data is consistently written over on a rolling basis due to limited memory space on the devices and is not stored or maintained on such devices in a manner that allows Flock Safety to directly identify, link, or associate the data with an identifiable person. This can only be done via the Flock Safety software systems, where, as described further below, all data is owned and managed by Flock Safety’s customers.

This sounds sort of meaningful, but isn’t. At least not in the way Flock would like you to believe. Ownership and management are not factors, nor is whether Flock “identifies, links, or associates” the data with an identifiable person. Whether the data is stored “temporarily” or whether it’s overwritten on a rolling basis are all technical implementation detail that neither the CDPA, nor the requester cares about.

What they do care about is the admission in the middle of the technobabble: Flock stores or maintains “such data.”

With respect to any systems where Flock Safety processes data on behalf of our customers, please note that Flock Safety’s customers are owners and controllers of the data Flock Safety processes on their behalf. Flock Safety is a service provider and processor for our customers and as a result, we are unable to directly fulfill your request. We recommend contacting the organization that engaged Flock Safety’s services to submit your request, as they are responsible for assessing and responding to it.

This paragraph is Flock’s key assertion. It is boilerplate crafted to dismiss requests under many states’ CDPAs, which share the “processor” language. But it’s lazy boilerplate, because it also uses “service provider” from California’s CCPA/CPRA.

If it’s too much work to craft a form letter specific to California — the most populous state in the nation — it’s probably a safe assumption that it’s too much work to actually look for the data requested.

Here are a few additional points about Flock Safety’s data collection and privacy practices:

Okay, let’s hear 'em.

Customer Contracts: Flock Safety’s processing activity as a service provider and processor is governed by the contract we have with our customers, which captures their instructions and the limitations on how Flock Safety may process their data. Flock Safety’s customers own the data and make all decisions around how such data is used and shared.

The same boilerplate “California-plus” language: “service provider and processor.”

The paragraph itself — its activity is governed by the contract it has with its customers — is meaningful. Hang on to that tidbit, we’ll come back to it.

No Sale of Data: Because Flock Safety’s customers own the data, Flock Safety may only process the data in accordance with our customer’s instructions, as outlined in our contracts with customers. Flock Safety is not permitted to sell, publish, or exchange such data for our own commercial purposes.

Again, the causal link Flock suggests here does not exist. The CDPA places restrictions on the sale of data, but it does not consider “ownership.” That’s deliberate, because it’s not how data sales work in practice: people rarely sell data, they license it.

And while “for our own commercial purposes” is technically correct, it is misleading. As a processor, Flock would not be permitted to “sell, publish, or exchange such data” for any reason. It can follow the express instructions of the controller. That’s it.

Instead, its business model requires it to schlep around buckets full of data between customers, and between its own systems to offer a Surveillance-as-a-Service product.

Information Collected: Where Flock Safety’s customers leverage License Plate Reader (LPR) technology, the LPRs do not process sensitive information like names or addresses. Instead, LPRs only capture images taken in the public view of publicly available and visible vehicle characteristics

Flock’s response focuses on “LPR” cameras. Which is the most well-known of its products, but still only a subset. Its other products, like Condor PTZ cameras, Raven microphones, and even Nova (which “combin[es] CAD, RMS, video footage, LPR data, and even open-source intelligence [which includes things like consumer credit reports, and, according to independent security research, SSNs and other dark web data] in one unified experience”) go unmentioned.

That its roadside cameras don’t process “sensitive information” is false. That term is defined by the CDPA; in Delaware, it includes “precise geolocation data”, in Minnesota it includes “specific geolocation data.” Both are statutorily defined terms describing a type of data captured by Flock’s roadside cameras.

To make the claim true, Flock attempts to substitute its own definition of “sensitive data” for the one provided by the statute.

But what matters more for the response is not whether a specific Flock product handles a specific type of information, but whether Flock, as a company, has protected data.

The answer to that is “yes.”

Purpose: Flock Safety customers use data for security purposes, including managing public safety or responding to safety concerns and reports. Additionally, such data may be used to help solve crimes and provide objective evidence.

Close, but not quite. Flock’s standard contract says: “‘Permitted Purpose’ means a legitimate public safety and/or business purpose, including the awareness, prevention, and prosecution of crime; investigations; and prevention of commercial harm, to the extent permitted by law.”

The purpose itself is mostly irrelevant. The point is that the “Permitted purpose” is defined by Flock, in its standard terms and conditions, which it can unilaterally modify. Determining the purpose makes Flock the controller.

Retention: By default, Flock Safety’s systems only retain data for 30 days, which means that any data collected on behalf of customers is permanently hard deleted on a rolling 30-day basis. Flock Safety customers may shorten or lengthen this retention period based on their local laws or policies.

This is an equally relevant admission: Flock sets the default retention period, and it determines that it “permanently hard deletes” the data. Its customers can influence those terms later, but it is, again, Flock making controller decisions.

Processors vs. Controllers

From Flock’s lazy boilerplate, it’s already sufficiently clear that the company (a) has the data requested, and (b) is the controller of that data. Its response does not survive. But let’s double-tap.

All the States, None of the Work

The response above was from Minnesota, but we’ll use the CDPA from Flock’s state of incorporation — the Delaware’s Personal Data Privacy Act (DPDPA) — to walk through it. DPDPA is not only the most fun to say, it is also functionally identical to Minnesota’s MCDPA in every way that matters here.

If Flock gets to write a California-plus denial, I get to write a Minnesota-plus indictment of it.

Flock’s California-plus language is telling in its laziness. If Flock were a processor, it would have an obligation, under the MCDPA or DPDPA, or some other CDPA, to assist the controller with the request. If it were a service provider, it would have that same obligation, but to the business.

What Flock does instead is punt, without even identifying who it claims the controller is or are — presumably all of its Minnesota clients.

Minnesota gives consumers the right to a list of every third party who received their data. Flock’s response does not even mention it. As a processor, Flock has the duty to assist the controller to locate the list and provide it as a response.

That Flock’s response is lazy is unsurprising when the contact information listed on its CDPA form is “Generitech Privacy 123 Main Street Capital City, ST, USA 10001 +1-800-000-0000 emailprivacy@generitech.com”

The laziness shows that it does not even attempt the bare minimum to fulfill the role it claims for itself. The only thing it does is send out form letters as generic as 123 Main Street.

The Missing Contract

Remember the relevant contract claim. Flock claims there is one, which is good. But the DPDPA and MCDPA (and others) not only require that there be a contract between a controller and a processor, they require it to have specific content.

Flock’s contracts, as we have reviewed them, do not contemplate this. Here is an example of such a missing requirement — you can look for it in the terms Flock publishes on its website:

A contract between a controller and a processor must govern the processor’s data processing procedures with respect to processing performed on behalf of the controller. . . . The contract must also require that the processor to do all of the following: . . . Allow, and cooperate with, reasonable assessments by the controller or the controller’s designated assessor, or the processor may arrange for a qualified and independent assessor to conduct an assessment

Flock’s contracts do not contemplate this at all. Not even close.

The DPDPA requires that the division of labor between a controller and processor is laid out in the contract to avoid exactly the type of shell game Flock attempts to play.

That requirement is not without teeth — the law spells out the consequence of omission:

Determining whether a person is acting as a controller or processor with respect to a specific processing of data is a fact-based determination that depends upon the context in which personal data is to be processed. A person who is not limited in such person’s processing of personal data pursuant to a controller’s instructions, or who fails to adhere to such instructions, is a controller and not a processor with respect to a specific processing of data.

Flock’s prize for failing to have an adequate contract in place is that it becomes the controller.

The Government as Controller

Even if Flock’s contracts were perfect, its position would still fail. As stated earlier, the CDPA does not apply to the government. That doesn’t mean that it is optional for the government, it means that the statute, as a whole, does not apply to the government.

This chapter does not apply to any of the following entities: Any regulatory, administrative, advisory, executive, appointive, legislative, or judicial body of the State or a political subdivision of the State, including any board, bureau, commission, agency of the State or a political subdivision of the State, but excluding any institution of higher education.

Even if a police department were to want to assume the role of the controller, which it doesn’t, it could not. That’s why the language is not in the contract.

“A person who is not limited in such person’s processing of personal data pursuant to a controller’s instructions . . . is a controller and not a processor”.

Someone who is not the controller can’t provide “a controller’s instructions.” Without those instructions, Flock is not “limited” by them.

And because Flock is not limited, it is the controller, as a matter of fact as well as law.

Minnesota’s cure period expired January 31, 2026.

File your requests. Collect your California-plus denial. Encourage your AG to act.

Cross-posted from Footnote 4A, where I cover Flock, privacy, and public-private surveillance infrastructure more broadly. Flock-specific posts live on haveibeenflocked.com.

The events in the video take place at Flock’s offices in an anonymous industrial building at 1310 Seaboard Industrial Blvd NW, Atlanta, GA — Google Maps confirms the building is surrounded by Flock equipment and is identified as a drone launch site.

Now, the film.

Flock’s story starts when a hoodie-clad man rolls up to the crime scene in his brand-new Mazda.

He gets out and approaches the building’s front door, tactical Halligan bar in hand.

Unfortunately for the would-be ne’er-do-well, a blue light comes on.

On the screen it says “From detection to decision.”

The camera pans from the blue light to a Flock Falcon license plate reader, which definitely only captures license plates and not people.

It’s a little unclear if the “detection” is the blue light, and the “decision” is the license plate reader, or if there’s something else going on.

Never mind. A Realtime Crime Center!

The interface shows 3 license plates with real Phoenix, AZ, locations. They are flagged as “Expired Driver’s License”, “Suspended”, and “Invalid License” — exactly the category of high-level crime that Flock believes warrants placing a nation under surveillance.^[1]

A man with a moustache clicks “Dispatch drone.”

This time, the ALPR list shows license plates annotated “Invalid License”, “Sex Offender”, “Expired Tag”, and “Expired Driver’s License.” Those CJI tidbits slide off the screen and cut to a drone being released from a box.

If it was your license plate broadcast alongside “Sex offender”: congratulations, you get to talk to a lawyer.

“Drone as Automated Security deployed”, the on-screen letters inform us.

The drone takes off and spots the Mazda parked under a streetlamp about twenty feet away.

Technologia.

The Mazda appears to be parked more than 12 inches from the curb.

Dramatic music intensifies.

“Thermal night vision capabilities.”

The Mazda is still parked under the streetlamp.

Now we see a digitally altered black-and-white image. Thermal vision, presumably — though it reads as a color-filter pass on regular footage.

Halligan-bar-man is doing something with the door. The drone switches back to normal vision, because the other vision was garbage.

Our hero, the drone, sneaks up on Halligan-man as the letters assure us of “Presence that de-escalates.”

Halligan-bar-man flips out.

He runs away, toward his Mazda.

Someone somewhere gets a phone notification: “Global Logistics has invited you to spectate a flight on Flock DFR.”

Grab the popcorn, we’re spectating.

The drone watches our man peel off past several Flock ALPRs and PTZs.

Now we’re back at dispatch in Phoenix, walkie-talkie’ing Dunwoody PD, which recently paused its Flock contract “over data use concerns.”

Officer Dunwoody manages his drone from the car laptop en route to the crime scene. Operating aircraft you can’t see while you’re driving a vehicle is safe, right? Must be — the FAA allows it.

Meanwhile, for reasons only known to hoodie-man, he has circled back and parked at Flock Central — 1310 Seaboard Industrial Blvd NW — the drone’s home base. He is ready to surrender his life of crime and be arrested for the one offense he committed: parking too far from the curb.

Music crescendos.

He gets out of his new Mazda, wireless CarPlay still connected, hands to the sky.

Handcuffs.

We got him, boys.

“Flock Drone as Automated Security”

“One click automated operation”

Dead stick logo.

First, a new report: California Out-of-State Queries.

A note on what’s here and what isn’t: some older California-specific reports were removed after suspected changes on Flock’s end began producing incorrect results. This report replaces them with a narrower, more defensible dataset.

This report contains all external searches seen by California agencies for which we have log files (which isn’t many, but if you have some, or you want to go file some requests, send them to humans@haveibeenflocked.com!).

The ~14.5M out of state searches currently documented in the report come from the four agencies listed above. Other agencies which contributed data that showed no out of state searches were the California Highway Patrol (for the period 2024-11-25 — 2025-12-01) and Buena Park, CA PD (for the period 2026-01-19 — 2026-02-23).

The point of the report is that it shows searches of cameras placed in California, that have collected data about Californians; it will tell you if a query from a non-California agency “hit” a California agency.

The report’s “source agency” column will tell you which agency reported the search. And, yes, every single one of these 14.5M+ searches may violate California’s prohibition on sharing ALPR information with agencies outside the state (SB34).^[2]

February 11, 2025, is the date was reported to have disabled all out-of-state access for non-California agencies. For Santa Cruz and Capitola, the only non-California agency appearing in the logs after that data is Blue Lake Rancheria Tribal PD. El Cajon is being sued by the AG.

Seaside strangely reported only a handful of searches. On inspection:

We have very limited logs for Seaside (approx. 2025-01-20 — 2025-02-17), so it’s possible that far more searches of Seaside by non-California agencies have occurred outside that limited visible window.

Nothing confirms “Deactivated Users” is not a California agency, but OCDETF (Organized Crime Drug Enforcement Task Forces) was an independent federal agency under the US Department of Justice, recently dissolved and rehomed under the Department of Homeland Security.

Whatever federal access OCDETF had to California ALPR data through Flock now presumably belongs to DHS. Whether “Deactivated Users” represents side-door access that Flock obscured by omitting the agency name, or straightforward federal access, the result is the same: Californians’ data ended up with the federal government through Seaside PD and Flock.

And, of course, New Mexico is definitely not in California — there’s a whole Arizona in between.

Another thing that stands out about these searches is that they both covered about 300 networks (316 for the NM search, 335–336 for the OCDETF ones), suggesting 1:1 sharing agreements.

That certainly seems like a possibility, because according to its transparency portal, Seaside CA PD currently grants access to the following non-California agencies:

• Goshen Village NY PD
• Blue Lake Rancheria Tribal PD
• CA Iipay Nation of Santa Ysabel
• Decommissioned Org / Demo

The only 7 documented searches from Goshen, NY (pop. 5,777) happened between 11/12/2022 and 4/1/2023.

The likeliest explanation: Seaside granted access to what it believed to be Orange County, California, but ended up sharing California data with Orange County New York’s county seat: Goshen.

In case you’re curious, these are the states that most searched California records:

State and local governments aggressively resist open records requests related to Flock. They will apply any exemption, no matter how non-sensical. Part of that is simply the government’s mindset— the less accountability to the public the better. Part of that is Flock.

The Guide

Flock issues informal guidance to its customers on how to handle open records requests. A document, “Guide to Flock Safety Data for Open Records Law” (last updated September 2025) opens by telling the reader that they do not have to create records.

@Guide to Flock Safety Data for Open Records Laws

The guide offers wildly incorrect legal advice.

Generally limited disclosure [for ALPR data] across most states. Some states exempt all data captured by or derived from any automatic license plate reader system from disclosure either by express statute or per case law

Rather than there being “generally limited disclosure”, few states have express protections for ALPR data. This is self-evident from Flock’s wholly unregulated status as a provider of “photos taken on public roadways where there is no expectation of privacy.” Those same photos are not “generally” exempt from open records requests.

Agencies should consider whether to redact license plates, search reasons, and case numbers from these logs, as well as other potential fields that may be deemed sensitive

Similarly, the open records laws that I am aware of do not permit redaction of “fields that may be deemed sensitive.” Rather than relying on a clerk or a cop to subjectively deem something to meet an unspecified standard of sensitivity, open records law tends to only permit redaction of items that meet specific objective criteria defined by statute.

Flock’s document goes through every category of public record related to its system to identify possible exemptions, suggesting ones for police investigations, security exceptions, and privacy reasons. Throw exemptions at the requester and see what sticks.

When all else fails, Flock suggests in its suppression manual dressed up as customer support, its government customers should not disclose the record, like the law requires, but “consider negotiating a narrowed timeframe” and charging fees.

We’ve since seen other guidance, where customers are instructed to keep searches “as vague as permissible” come from FBI agents in Flock’s hometown of Atlanta.

In recent months, there has been a marked uptick in audit logs submitted to haveibeenflocked.com in garbled PDFs—including from states that require public records to be produced in their original electronic format.

One agency in Arizona did the FOIA-thing and printed out the CSVs to scan them right back in. Another delivered them to the requester on paper. Perhaps Flock updated its guidance.

Contractual Obstruction

Flock does not restrict itself to advising customers on their open records process, it inserts itself. Some, but not all, contracts create a duty for customers to notify Flock and delay open records responses.

If a request is made pursuant to the Iowa Open Records Act, Iowa Code chapter 22, to examine Confidential Information identified herein, the Customer will notify Flock. Flock will be given not less than ten (10) calendar days within which to file an action in the Iowa District Court… seeking the entry of a declaratory order or injunction to protect and keep confidential the information identified as confidential herein. — Johnston, IA Service Agreement

This is clearly problematic from a transparency perspective, and, raises serious legal questions in Iowa. The Iowa Open Records Act does not set fixed timelines for responses—it requires governments to respond "promptly."A mandatory minimum ten-day response delay is not “promptly.”

In Grafton, WI the language is a bit softer; there, Flock requires “reasonable prior notice.”

That’s not the only problem with this clause though. It is the vendor assuming a decision-making role in the non-delegable public records process. While a government may delegate some of its functions to third parties, the duty to respond to open records requests “promptly” lies exclusively with the custodian, and delegating such decision-making authority to a private party is likely unconstitutional.^[1]

It’s the same reason we can’t hire mercenaries to police our cities—government employees must be accountable to the people. At least on paper.

Nothing the Public Can Gain

Then there are the “transparency” portals. Flock has stripped functionality to hide essential information, but cities often still refer people who request access to log files to the portals. In public, Flock sells it as a transparency tool “to promote trust, accountability, and citizen privacy in policing.” In private, Flock tells its customers the truth: it’s useless transparency theater.

Take a look at this sample Transparency Portal and let me know if you’d like anything changed. All fields can be edited, deleted or added to. Any of the fields in grey indicate information that will be pulled directly from your Flock account. The only other thing worth noting is the Search Audit…I have attached an example. There is nothing the public can gain from this report, as it only provides the search date, camera and search reason. — Email from Libby Landers, Flock, Senior Customer Success Manager, to Ridgecrest, CA Police Chief Ysit (June 25, 2024)

@“Nothing the public can gain” - Ridgecrest, CA (2024)

If you are inclined toward charitable interpretation, you could see this as an unfortunately-worded email hastily typed by a customer service rep with an inflationary “Senior” title. Fair.

Except the same email Libby Landers sent to a California police department in 2024 shows up nine months later, word for word, in Prosser, WA, with someone else’s signature (Danica Pierce, Flock’s Local Customer Success Manager I).

@“Nothing the public can gain” - Prosser, WA (2025)

Someone at Flock approved the message for use as a form email.

The next sentence in the form email is also worth highlighting:

However, if you find your department’s users are not consistently searching off of incident/case numbers, that may be a reason to hide the Search Audit. It is entirely up to you but just like to point this out.

It relates to another email, where Flock cites the CJIS Security Policy:

Per legal: A case number and/or call for service number listed for the search reason is a Flock Requirement + Best Practice and required under Criminal Information Services (CJIS) Security Policy as promulgated by the FBI.

4.2.5.1 Justification In addition to the use of purpose codes and togging information, all users shall provide a reason for all all inquiries whenever requested by NCIC System Managers, CAs, local agency administrators, or their representative

— Email from Kyle Turner, Senior Customer Success Manager, Flock to Ridgecrest, CA Police Chief Groves (Feb 2025) (emphasis in original)

@Email Flock to Ridgecrest, CA Police Chief Groves (Feb 2025)

In a form email, Flock tells its customers to hide the evidence if its customers plan to violate their contracts with the US Department of Justice and federal rules and regulations (and, in many cases, parallel state law).

Ridgecrest, CA PD has disabled case numbers in the Transparency Portal.

The Lawyers Know

The government, or, at least, its lawyers, know that their legal justifications for denying requests are thin. In an email exchange between Prosser, WA, city officials and (presumably) their attorney, sparked by a records request from MuckRock user Rose Terse, the attorney expresses some frustration with Flock’s relationship to public records.

Emily Guildner of Thompson, Guildner & Associates, writes to her partner, Nikki Thompson:

i think it is a better argument that its not a record yet but i really just want all of our clients to stop using flock cameras.

She attempts to come up with a justification but comes up short:

I guess the question is whether it is “a writing” already out there but in an illegible format or not. Cities do have to pull data from a data base if requested, I just don’t know what form this is in, or if its in no form until there is an inquiry run?

She settles on the poorly-fleshed out theory regardless:

well our position on these is that they are a little different in that the pictures etc are records that are out there, the audit logs are not a record yet. so its not about access its about the fact that we would have to create a record to respond to the records request. but i think we’re on thin ice…

Thompson finally sends a proposed response to city staff, denying the request for it being “creating a record” and asking staff:

Thoughts? Are you sure you don’t want to turn [the Flock cameras] off? Remember that attorney fees are mandatory, if a City loses in public records litigation.

Two months later, in January 2026, Prosser turned them off.

@Prosser, WA attorney email chain

Flock industrialized existing government hostility to public records with guides, form emails, contract clauses, and a “transparency portal” engineered to disclose nothing of value.

Prosser’s attorney asked the right question. More cities should answer.

Cross-posted from Footnote 4A, where I cover Flock, privacy, and public-private surveillance infrastructure more broadly. Flock-specific posts live on haveibeenflocked.com.

Civil rights organizations appear not to have caught on. At the time of writing, they are still voicing support for a bill that threatens to severely undermine the privacy rights of everyone in the country.

A Private Network on Public Infrastructure

The legal theory under which camera-operators and police operate is that they are photographing vehicles on public roadways, and that the images therefore don’t implicate privacy interests.

Flock’s cameras sit on public utility poles, installed under public permits, paid for under public contracts — infrastructure a purely private company could never obtain on its own. The data flows into a corporate-owned database that participating agencies can query nationwide. Flock is not a government agency; it’s a vendor that has successfully made itself look like public infrastructure.

The data is public enough to collect from every street corner without a warrant; when requested under open records laws, those same images and records tend to magically transform into sensitive intelligence not fit for public consumption.^[2] When a Washington state court found that version of Schrödinger’s photographs — public enough to gather on every corner, too sensitive to disclose to the public whose streets paid for them — to be legally incoherent, police across the state cancelled their ALPR contracts, ostensibly to protect Washingtonian privacy.

Vendors and police have so far resisted both horns of this dilemma. There is no warrant requirement for collection, no meaningful FOIA access, and agencies can look up anyone’s long-term, nationwide location history without judicial oversight. The data is pooled nationally. A camera in Des Moines contributes plate reads to the same database as a camera in Houston.

This is not an Iowa database. It is a national one.

How Iowa Becomes a National Gateway

Readers outside the Hawkeye State may not be aware that Des Moines is a — perhaps the — major insurance hub in the United States, home to Principal Life, Transamerica, Wellmark, EMC, United Fire, and dozens of others. Iowa-domiciled insurers account for roughly 2–4% of total US premiums, heavily concentrated in life, annuity, and commercial lines.

The amendment doesn’t restrict ALPR data access to Iowa insurers, Iowa plates, or Iowa accidents. It opens the tap to any “insurance carrier, or an insurance support organization” — nationally, without geographic limitation.

Flock and similar vendors maintain a pooled database of plate reads contributed by agencies across the country. An Iowa city enters into an agreement with Flock. Under the amended bill, that city may now lawfully share the data — location history, timestamps, images — with insurers for “adjudicating insurance claims,” even if the data was originally collected nowhere near Iowa. Iowa’s authorization is the fig leaf that legitimizes access to a database populated by agencies in California, Texas, and New York.

That’s data laundering: a permissive jurisdiction provides the legal cover that turns a publicly-subsidized national surveillance network into a commercial data product. Iowa’s overrepresentation in the insurance industry means the companies most likely to exploit this are disproportionately headquartered in the same state that just handed them the keys.

The phrase “insurance support organization” makes this worse. In insurance law, that covers data aggregators, claims analytics firms, and infrastructure providers like Verisk/ISO — entities whose business is pooling and reselling data across the industry. Data that enters that pipeline does not stay in the lane it entered through.

The amendment doesn’t just give insurers access to ALPR data; it gives the entire insurance data ecosystem access to ALPR data.

Next time you’re involved in a car accident, the insurer may pour through your location history to find reasons not to pay. Stopped at a bar the night before, even for a diet soda? That may become an argument. If your employer’s insurer is watching while you recover from an injury, think twice before leaving the house to pick up your prescription.

What the Amendment Actually Removed

The original bill named a legal threshold: no one could access ALPR data more than 24 hours after capture without a magistrate-issued search warrant or a county attorney’s subpoena for a specific plate. In practice, the subpoena option gutted the warrant requirement before the ink dried — a county attorney can issue one without judicial oversight, meaning the same prosecutorial office that wants the data could authorize its own access. But even that weak threshold is gone.

In its place: a requirement to log a “call for service number or case number” before searching. That’s an administrative record-keeping requirement, not a legal threshold. No independent review, no probable cause, no judicial oversight.

The original bill also flatly prohibited sharing data with any nongovernmental third party. The amendment replaced that prohibition with an explicit whitelist that includes insurers, or anyone who promises to use the data “for the sole purpose of protecting public safety, conducting criminal investigations, or ensuring compliance with federal, state, or local law.” What was a ban became an authorization.

The penalty regime was similarly softened. Violations now require proof of “willful and intentional” conduct, and the aggravated misdemeanor threshold requires the violation also be committed “for personal gain or while violating any other provision of law.” Routine unauthorized sharing — the kind driven by bureaucratic carelessness or vendor pressure — is unlikely to be prosecuted at all.

The Lobbying Picture

The lobbying declarations for this bill tell a more complicated story than the civil liberties coalition supporting it would suggest.

The Iowa Association for Justice, Institute for Justice, the American Civil Liberties Union of Iowa (ACLU-IA), and Americans For Prosperity are all registered For the bill. AFP’s registration predates the amendment by two weeks; ACLU-IA’s and IJ’s were filed the same day the amendment dropped in committee. Whether their support reflects the amended text or the original is a question worth asking them directly.

Flock itself is registered as Undecided. So is RELX Inc. — the parent company of LexisNexis Risk Solutions, one of the largest data brokers in the country. LexisNexis Risk Solutions sells comprehensive consumer risk profiles to insurers, compiled from court records, motor vehicle databases, property records, and commercial data sources. It has no reason to be watching this legislation unless the amendment’s “insurance support organization” carve-out is relevant to its business — which it plainly is. That it hasn’t registered in support suggests either that the bill doesn’t go far enough, or that it’s waiting to see which way it moves. The National Insurance Crime Bureau — explicitly named in the amendment’s carve-out — is also Undecided.

The Iowa State Sheriffs’ & Deputies’ Association, the Iowa State Police Association, and the Iowa Peace Officers Association are all registered Against. So are Axon Enterprise and the Security Industry Association — Flock’s commercial competitors, whose objections are about market share, not civil liberties.

No group is opposing the bill on civil liberties grounds.

What This Bill Actually Does

It authorizes local Iowa governments to deploy a privately-operated surveillance network on public infrastructure — then share the resulting data with the commercial insurance industry, nationally, with no warrant requirement, no meaningful penalty for abuse, and no restriction on which insurers, in which states, beyond the three enumerated purposes.

Iowa is not regulating mass surveillance. Iowa is commercializing it.

Cross-posted from Footnote 4A, where I cover Flock, privacy, and public-private surveillance infrastructure more broadly. Flock-specific posts live on haveibeenflocked.com.

Several California agencies have reported discovering that data was shared in violation of SB 34—although I have not yet been able to verify the exact number, I’ve heard as many as 63 California agencies have been confirmed affected. This certainly seems plausible with separate reports coming out of Mountain View, Santa Cruz, Santa Clara County, and Ventura County.

In earlier reporting by Los Gatan, Santa Cruz said that Flock had notified them of an issue. In response to a CPRA request, Santa Cruz denies the existence of that email.^[1] However, Santa Cruz Chief of Police Bernie Escalante did deliver the following statement at a November 18, 2025, Santa Cruz city council meeting:

We were recently made aware that Flock Safety identified violations of SB 34 and SB 54 within their system architecture that inadvertently affected agencies across California, including the City of Santa Cruz.

The issue arose when a national search tool within the Flock Safety system was activated which inadvertently permitted law enforcement agencies outside the state of California to search all agencies across the country including agencies within the state of California.

These violations were not known to Santa Cruz Police Department and were not the result of any deliberate attempt by city staff to circumvent the California law.^[2] We have been notified by Flock that these violations ceased on February 11, 2025.

Additionally, since this date, Flock has added multiple layers and filters of security to ensure this does not occur again in the future. Since February 11, 2025, Flock has made several changes to their system to ensure this does not occur again and to ensure that the Santa Cruz police department is not in violation of state law—both SB 34 and SB 54.

So far, Flock has deactivated the national search tool for agencies within the state of California, revoked all permissions for any California agency to create a 1:1 relationship with any agency outside the State of California and added filter protections against any searches that include anything related to ICE, broder patrol, immigration, or any other word or phrase like this type of search.

Flock continues to look for additional ways to improve or modify their system to ensure the security of their data is within the laws of the state of California.

— SCPD Statement, Santa Cruz City Council Meeting, November 18, 2025

A lot of this statement is demonstrably false.

As we know, 1:1 sharing is alive and well in California.

Yet this is the statement SCPD made in November last year, about an action Flock had taken some time before February 2025—a little over a year before today’s blog post, where it announces, for the most part, the same problem and the same changes.

Either Flock kept all of this under wraps for over a year,^[3] or it happened again, because Flock is once again engaging damage control mode on its blog, announcing many of the same “new” features the SCPD announced were introduced in February 2025.

Of course, it’s Flock, so “damage control” means “hand me a shovel so I can keep digging.”

Flock Knows, You Don’t.

some CA law enforcement agencies, including Ventura County, in 2025 had their camera networks inadvertently accessible^[4] to out-of-state law enforcement agencies for a period of time.

Flock immediately downplays and obfuscates what happened. Agencies “had their cameras accessible.” That doesn’t mean anything. “For a period of time.” Equally meaningless. How much data was shared in violation of state law? For how long?

Flock knows what happened, and, according to SCPD, even notified agencies back in 2025, but it has decided you don’t get to know.

[Flock] made every effort possible to determine the cause of each reported instance of inadvertent sharing. Unfortunately, due to earlier limitations in technical logging, in some cases it is impossible to determine a specific cause.

Let’s assume for a second that this is true. Let’s say Flock is careless and does not log who makes changes to a critical toggle.

If a cause can’t be determined, it can only mean one thing: there are multiple options.

It means Flock customers are not the only ones in control. It means that the pitch that “you own 100% of your data, and you are in control”, as well as “it’s a local decision” is completely, utterly, false. There is no other explanation.

Flock, in this same blog post, nonetheless continues to assert that “cities and counties retain 100% control over their LPR data and determine who it is shared with.”

Clearly not.

The Logging Requirement

Flock not having logging would in itself be yet another admission that it does not follow the CJIS security policy, like it implies when it flaunts its “CJIS ACE Certificate” from its commercial partner in Florida.

The CJIS Security Policy v6.0 has several relevant requirements:

• AU-2 (Event Logging) and CM-3 (Configuration Management) require exactly the type of logging Flock claims not to have.
• 4.2.5.1 (Justification) and AU-3 (Content of Audit Records) require the purpose of a query. Flock’s NIBRS-based justification requirement is not an enhancement — it is the minimum that should have been in place from the outset.
• CA-3(d) (Secondary Dissemination) — secondary dissemination must be logged; those logs must include the requester’s authorization.

In Flock’s half-baked defense, it does fall on the agencies to verify that Flock abides by the terms of the contract it signed, and to make sure their vendor isn’t simply having its rank-and-file employees sign a form that exposes them, not the company to liability when violations inevitably happen.

Flock Promises More Violations

For those who have been following along for a while, the gradual narrowing is interesting to watch. In a span of weeks, Flock’s messaging shifted from “Flock does not sell data,” to “Flock does not sell data to the federal government” to “Flock does not sell data to DHS agencies.”

When even the postal service does civil immigration enforcement it becomes hard to track.

“Flock has always provided agencies with tools to comply with state law and relied on each agency and its legal counsel to determine how those tools should be configured,” said Dan Haley, Chief Legal Officer at Flock Safety.

Dan clearly did not read the 345 words in the blog post preceding that statement, announcing that Flock, in fact, did not always provide those tools but is now adding them.

Flock Safety and California law enforcement agencies remain committed to ensuring that investigative technologies are used responsibly, lawfully, and with appropriate oversight. The system in place today includes standardized compliance protections designed to prevent unauthorized federal access through lookup networks and to provide clear audit trails for every search conducted.

This statement deserves highlighting. Flock once again promises to prevent only unauthorized federal access, and only if that unauthorized access happens through lookup networks.

This is a highly relevant distinction; at the time of writing, even a cursory inspection of Transparency Portals shows Flock still permits sharing data with non-California agencies. And, no, I’m not talking about El Cajon’s open defiance of the AG, I’m talking about Lake County, Piedmont, San Francisco, and so on.

California Attorney General Bonta clarified in his October 2023 bulletin that SB34 prohibits sharing with any entity that is not a public agency. He included the definition:

“Public agency” is defined as “the state, any city, county, or city and county, or any agency or political subdivision of the state or a city, county, or city and county, including, but not limited to, a law enforcement agency.”

Because this definition excludes non-California agencies, it forms the basis for SB 34 being understood to prohibit sharing outside of California.

What this definition also does not include are tribal nations and private university police — neither are subdivisions of the State of California. Yet both appear on Flock’s California agency lists: Blue Lake Rancheria Tribal PD, the Iipay Nation of Santa Ysabel, Stanford University PD, and the University of the Pacific. All are permitted to access California ALPR data under Flock’s “guardrails.”

These agencies also fit neatly into Flock’s promise, because arguably, although they have access to the lookup network, they could be said not to be “federal agencies.” Of course, they also aren’t “public agencies,” and all of this still violates the law.

Flock’s guardrails are carefully designed — not to prevent unlawful sharing, but to redefine what counts as sharing. Each iteration narrows the promise while leaving the violation intact: not “we don’t share data,” but “we don’t share data with DHS agencies through lookup networks in ways we can’t characterize as something else.”

The question for California agencies isn’t whether Flock “remains committed” to lawful use. It’s how many times they’re willing to take that commitment at face value before they check the audit logs — assuming, of course, that Flock has started writing them.

(Perhaps this is why Flock is now facing a class action in California.)

For decades, policing often relied heavily on eyewitness descriptions.

An officer might hear:

“We’re looking for a white Ford.”

“The suspect was driving a blue Jeep.”

What happened next?

Officers would stop every vehicle matching that general description in the area. That meant multiple drivers, often entirely innocent, were pulled over and had unwelcome interactions with law enforcement simply because their car looked similar. Those stops could lead to frustration, fear, and unnecessary escalation. And historically, those broad stop practices have disproportionately affected communities of color.

This is exactly the kind of dynamic that creates distrust.

Flock changes that.

Instead of stopping every white Ford or blue Jeep in a radius, officers receive alerts only when a specific license plate associated with a reported crime is detected. Not every vehicle of a certain color. Not every driver in a neighborhood. Just the one vehicle that matches the reported plate. That’s precision policing. It reduces unnecessary stops. It reduces guesswork. It reduces broad, discretionary sweeps. And that reduction in discretion helps reduce bias.

The passage directly echoes a comment made last week by Skylor Hearn on a privacy-focused livestream hosted by VPN company vp.net. Hearn appeared alongside Dan Haley, Flock’s Chief Legal Officer. Hearn told the audience:

In the old days… it was the citizen, one of you, reporting what you saw in a flash, in a horrific moment in your life, and you described generally a light-colored car. And so we’re stopping every light-colored car that’s going down the road in that area. And 99% of those people in those cars had nothing to do with that crime, but we’re pulling you over sometimes at gunpoint, taking you out… The technology gives us the ability to be more select and discretionary in those same kind of encounters. So we’re not indiscriminately just stopping everyone that resembled the citizen’s call. This gives us another tool to help us be more sniper than shotgun.

Same argument, same structure, same anecdote. Cops used to pull over every white car at gunpoint; now Flock saves them from themselves.

Hearn was introduced on the stream as “Chief Deputy, Chambers County Sheriff’s Office.” That’s true — he holds that title.

What the hosts neglected to mention is that Hearn is also the Executive Director of the Sheriffs’ Association of Texas, a registered lobbyist for Clearview AI in 2020–2021, and a former government affairs adviser at K&L Gates, where Clearview AI was his client.

He joined Clearview in-house in 2022 as its Director of Government Affairs, spending his time testifying in state legislatures against banning or restricting police use of facial recognition technology.

When a viewer asked Hearn directly about his Clearview AI and K&L Gates history, he disclosed it — framing it all as “public policy work” and talking about “misconceptions about technology.” He did not use the word “lobbyist.”

So a man who is simultaneously a Flock subscriber and the Sheriffs’ Association’s legislative director sat down with Flock’s Chief Legal Officer on a livestream, and a week later their shared talking point appeared on Flock’s corporate blog.

The best argument this team could muster asks us to accept the premise they’re selling: that police officers are simply incapable of conducting constitutional traffic stops without an AI to chaperone them.

Their proposed solution to police violating one group’s rights? Let Flock violate everyone’s.

The Fourth Amendment does not have a carve-out for good intentions, and mass surveillance is not a civil rights program.

Questions I could not answer in detail, but that are important and deserve answers.

I’ve written about fusion centers before, in the post about the federal Regional Information Sharing Systems® (RISS) program—which are federally-funded, quasi-privately-operated “fusion centers before it was cool”. That post was mainly in the abstract. Let’s examine what’s happening at NCRIC.

Fusion centers and data sharing

NCRIC is a practical example of what can go wrong when we take promises about data retention and security at face value, and what happens when we write poorly drafted bills—like HF 2161 chugging along here in Iowa, with the ACLU of Iowa’s support.^[2]

Data dissemination centers like RISS “permit federated searching across many systems without requiring the RISSNET user to have a separate user account for each partner system.” But that website copy is about as far as we get—while federally funded,^[3] these centers are operated as private corporations and are therefore not subject to the Freedom of Information Act.^[4][5]

But we don’t have to speculate for too long. The state of Colorado lays it all out cleanly for its Auto Theft Intelligence Coordination Center (ATICC):

The goal of this project is to share license plate recognition data among all contributing agencies that have established this Memorandum of Understanding with the Colorado ELSAG EOC, managed by the Colorado State Patrol (CSP) ATICC.

Participating agencies will share license plate reader (LPR) information for replication to the data warehouse or as part of a central querying system hosted by the Colorado ELSAG EOC and will have the capability to query all LPR based information from around the State of Colorado which is stored within the warehouse

Simple as that. Drop everything in CSP’s bucket, and take what you need. Cop-communism.

In case you’re wondering, ELSAG cameras are a Leonardo product.^[6] They offer stationary surveillance cameras (with cool-sounding names like “The Street Sentry™” and “The Fixed Plate Hunter™”), as well as mobile cameras disguised as roof-mounted skiboxes or construction barrels.

In the MoU, the “Denver Police Department agrees to share ALPR data with other law enforcement agencies utilizing the Colorado ELSAG EOC”, where it can be stored for up to three years.^[7]

Although Colorado State Patrol was short-sighted enough to name its own entity after a vendor product,^[8] ATICC explicitly commits to “obtaining the cooperation of any third-party contractor or vendor” that provides license plate reader systems in Colorado. Presumably this includes Flock.

@Colorado ELSAG EOC MoU

The “data warehouse” used by CSP, while only one component of a fusion center, is a much more descriptive term for what’s really happening at the backdoor of these systems.

The Northern California Regional Intelligence Center (NCRIC)

Colorado is not just similar to NCRIC—it’s the template for what NCRIC is almost certainly doing but refusing to document. NCRIC gives itself permission to store ALPR data for up to 12 months, and broadly disseminate it.

The [ALPR] information is also retained for a fixed retention period, though it is only reaccessible by law enforcement given a legitimate law enforcement purpose.

The FAQ specifies that only users with a need-to-know have access, but, from context, it’s clear that NCRIC’s version of “need-to-know” is clearly not particularized and apparently extends to all ALPR data, forever.

Although the previous version of NCRIC’s FAQ was more explicit that “most ALPR data will be stored for 12 months,” the current FAQ is silent on retention. The FAQ drones on for a bit, carefully evading its own questions, but at the end of it all, the agency essentially gives itself carte blanche to do what Colorado spelled out more clearly.

@NCRIC ALPR FAQ

The policy reveals more. Especially in light of SB 34.

In October 2023, the California Office of the Attorney General issued bulletins gently reminding police laws exist, and that they are not supposed to be sending ALPR data from California to out of state agencies.^[9] Exactly six months later NCRIC disappears from non-California log files.

NCRIC updated its ALPR policy accordingly, but in a way that created performative compliance and resulted in less oversight.

• It removed the specific security requirements for data storage—SECRET-level clearances, 24/7 security personnel, multiple secured doors—replacing them with a passing reference to “secure systems.”
• It removed the requirements for multi-factor authentication and encryption.
• It removed the requirement for audit logs to contain a “justification for access.”
• It weakened retention limits from a hard cap (“shall not be retained longer than 12 months” with explicit purge requirements) to an aspirational ceiling (“supports a maximum retention period of 365 days”), and outsourced the actual operative limit to whichever vendor NCRIC happens to be using.
• It authorized sourcing ALPR information from private sources, including “parking, tolling, private security, or other sources”—where the 2021 policy explicitly prohibited sharing data with commercial entities.
• It introduced contradictory language on visual confirmation of plate reads: one section retains the 2021 standard (“to the fullest extent possible”), while another weakens it to “should visually confirm.”
• It dropped the annual training recertification requirement entirely.

The FAQ changed in parallel. The 2015 FAQ described a multi-factor authentication process requiring a randomly generated PIN sent to a government email account. The current FAQ reduces this to “a unique username and login.” That downgrade is worth keeping in mind when we get to the part about user “a.”

@NCRIC ALPR Policy 2021 @NCRIC ALPR Policy 2024

Where the policy did not change much was its audit requirements. Those are still essentially non-existent, requiring only a report based on a “sampling” (it does not say the sampling must be random) be sent to the NCRIC director.

The Logs: Counting Searches

To get the cleanest possible data, these charts are based on only two sets of log files: Louisville, KY from March 2022 through April 29, 2024, and Capitola, CA from that date onward.

The charts show a highly suspicious trend. Here it is, close up, based on only Capitola data:

Between January 1, 2024 and May 1, 2024, the enforcement date, the number of searches NCRIC does is low, peaking at around 170. Activity stays around that level until the beginning of June, when both the number of users, but especially the number of searches see explosive growth.

NCRIC more than doubles the number of active users, going from having 5–20 weekly active users to a consistent ~40. What’s more, individual users go from doing ~5 searches/week to ~60 searches/week.

NCRIC’s insights page immediately reveals why: NCRIC’s users are nearly all identified with single, lowercase letters like “a.” or “c.”. These users show remarkably consistent around-the-clock activity.

NCRIC’s users are either bots, or shared accounts.

The Plausible Backdoor: Who is “a.”?

Of course, NCRIC’s deliberate avoidance of oversight and accountability is not direct evidence that it is sharing data in violation of California law—cops will be cops. But its behavior and context do lead directly to that question.

It’s possible that NCRIC was suddenly motivated to start doing some police work, and that it has absolutely terrible internal security practices. Maybe it logs in a terminal “a” and when the next person reports for their shift, they don’t log in with their own credentials and simply continue working.

It would violate every basic tenet of information security, not to mention, most likely, several federal and state laws, but it’s a possibility.

The other, in my opinion more plausible, explanation is that NCRIC shares its user accounts with external, out-of-state agencies—just like Loveland, CO was caught doing last year.

Another possible explanation is that these accounts are automated and serve to fill NCRIC’s data warehouse. Of course, that leads to a follow-up question: who can access the warehouse?

The Missing RISS

It is also worth noting that the other relevant fusion center, the Western States Information Network® (RISS), is conspicuously the only RISS absent from Flock’s audit logs. The other five are accounted for.

Unlike the FBI, which simply stopped showing up in log files after July 2023,^[10] WSIN does not show up in our data at all. This is the same center that covers Washington: the state most covered by the logs we have. Either WSIN is the only RISS without Flock access, or it is not being logged as “WSIN” or some other cognizable variant.

What the Logs Can’t Show

The logs can tell us that NCRIC stripped its own security and audit requirements immediately after California started enforcing its privacy laws. They can tell us that anonymous, bot-like accounts began running searches around the clock within weeks. They can tell us that the one RISS center covering the most-logged state in our dataset is conspicuously absent from every log file we have.

What the logs can’t tell us is why — and that’s exactly the point. NCRIC designed its policies to ensure that no one, including its own director, has the information needed to answer that question.

The “sampling”-based audits don’t require randomness. The access logs don’t require justification. The retention policy doesn’t require limits.

This is not a gap in oversight. It is the deliberate architecture of unaccountability. When a fusion center rewrites its policies to remove the very mechanisms that would detect abuse, the question is no longer whether the data is being shared in violation of California law.

The question is whether anyone with authority to act will bother to find out.

The students from Sequoia Union asked the right questions. The fact that a group of high schoolers can identify the problems that California’s oversight apparatus declines to investigate is not a compliment to the students — though they’ve earned one.

It’s an indictment of everyone else.

Today, the ACLU has joined EFF in calling for laws that would make that oversight illegal. It did so on the same day that criminal charges were filed against a Milwaukee police officer for misuse of the system — as a direct result of the very thing the ACLU is trying to ban.

The ACLU’s Position

ACLU and EFF’s assertion that records documenting police activity should be kept behind lock and key in a police station is, frankly, preposterous. The suggestion has no business coming from organizations that purport to fight for civil rights and police accountability.

In making its recommendation, ACLU misrepresents the actions of police and the contents of the logs:

The release of this kind of data is a significant privacy problem. To be clear, web sites have every right to publish data that has been released by government agencies or that they have otherwise legitimately obtained; the fault here is the police departments that collected this data on innocent drivers not suspected of any wrongdoing and then released it unredacted. But this kind of data could be used by all manner of parties to find out things about the lives of those they’re interested in \— everyone from abusive romantic partners and stalkers, to political or business rivals, to everyday busy-bodies and who-knows-who-else.

Characterizing audit logs as data the police collects on innocent drivers is flat out wrong. Yes, police do collect data on innocent drivers. But that is not the data that’s in the audit logs.

What’s in the audit logs is what a Flock user—possibly, but not necessarily, a police officer—entered into the “search” box. For example, there is a result for the plate “-.” Probably not a valid plate anywhere. I’ve also had to block a few novelty plates, like HOONIGAN, from reports because cops keep looking it up.

What is in the logs is search terms being entered into a privately owned and operated, and largely unregulated, database. Even if you were to make sharing those logs illegal, it does not solve the issue—the information, by the very nature of the system, is in the hands of a private third party.

The ACLU then tries to compare records of government officials’ search queries to bodycam footage of private citizens. Video footage of people interacting with police and evidence that someone typed the word “investigation” into a search box are not the same thing.

Following those dubious claims, the author walks the statement back by saying that “any logs by officers of the purposes of their searches (which would be subject to existing open-records exemptions for active investigations) should be considered public records.”

This is exactly how we end up with audit logs like the ones currently served up by Flock’s ironically-named transparency portals:

Flock summarizes it correctly in its form email: “There is nothing the public can gain from this report.” (“However, if you find your department’s users are not consistently searching off of incident/case numbers, that may be a reason to hide the Search Audit.”)

The Contradiction

The whole system hinges on not containing sensitive information. According to Flock and police, there are no privacy concerns when you take millions of photos of license plates on public roads. It’s why a private company can collect the information under color of law and process it without having probable cause or oversight, and it’s why police can search that same data without warrants.

That framework simply can’t co-exist with the idea that that same information is somehow too sensitive for public consumption. To claim otherwise is, at best, mistaken.

As it says in this site’s FAQ: I am willing to accept the premise that all of this audit data is too sensitive to publish, but, if accepting that premise, then the actual photos must be too sensitive as well. Ban neither or both, but don’t mistake a defense of public oversight for a defense of this website’s right to exist.

The Alternatives Don’t Work

Hiding audit logs for vague privacy concerns is a lazy approach. This website does not display license plate numbers anywhere. Instead, it provides “identifier” numbers that correspond to license plates. It’s not a complete solution, but it’s one that’s adequate for identifying patterns of misuse and abuse.

Flock knows this. It previously took a similar approach to usernames in its transparency portal logs: instead of identifying a user by name, it identified users with a string of numbers and letters. While you may not see that Officer Jones did something suspicious, if Officer AF983-90D43 did, that’s still something that can be investigated.

Flock removed those IDs from the logs.

The ACLU’s recommendation that “people should be able to request their own data” is equally shortsighted. The data is, at least on paper, owned by 6,000 different agencies. Should we all be doing monthly open records requests to those agencies? Without an up-to-date customer list, how would we even know where to file the requests? How do we prove to Flock that it’s “our” data? Do we send Flock, a private mass surveillance company, a photo copy of our ID and car registration?

Meanwhile, police departments across the country write policies saying they will manually audit hundreds of thousands of searches by downloading a CSV, going through it line-by-line, and making tens of thousands of phone calls to other departments to ask whether the “investigation” at 4:37pm last Wednesday was a legitimate search. Closing the chief’s office door won’t get him to suddenly make the calls.

The real problem isn’t that there is an attempt at public oversight — it’s that every other oversight mechanism is failing. State and local governments, police agencies, Flock, the FBI, the EFF, and the ACLU could all actually be working on this problem.

This website shows that national searches are impossible to keep up with due to sheer volume. The underlying cause is a system that is disproportionate by default—one that encourages getting nationwide 30-day location histories for the slightest of reasons, or no reason at all.

It also shows that some form of oversight may be possible, if we want it to be possible. But we need to ditch Flock and solve the actual problems.

ACLU & EFF’s changing position

In 2014, ACLU SoCal and EFF sued the Los Angeles Police Department and Los Angeles Sheriff’s Department for ALPR records.

The organizations sought actual ALPR data rather than audit logs, and, after their request for the data was denied under California’s Public Records Act, they wrote (emphasis mine):

[T]he intrusive nature of ALPRs and their potential for abuse creates a strong public interest in disclosure of data that would help shed light on how police are actually using the technology.

…

The data will reveal whether police seem to be targeting political demonstrations to help identify protestors, or other locations such as mosques, doctors’ offices or gay bars that might yield highly personal information.

Californians can only properly weigh in on whether police should be using ALPRs and what policies might be necessary if they understand how police actually use the technology.

It has been twelve years — we still don’t have that necessary transparency.

ACLU and EFF reversing their position is inexplicable.

@ACLU SoCal & EFF v. LAPD & LASD

179 Searches, Zero Oversight

On the same day the ACLU published its recommendation, a criminal complaint was filed in Milwaukee against MPD police officer Josue Ayala. An excerpt:

Through the website www.haveibeenflocked.com, VICTIM ONE became aware that City of Milwaukee Police Officer Josue Ayala used the Flock system, a license plate recognition platform, to run the license plate on VICTIM ONE’S personal vehicle to obtain location information for VICTIM ONE on numerous occasions. VICTIM ONE believed that Officer Ayala ran VICTIM ONE’S license plate over 100 times.

City of Milwaukee Police Detective Tehrangi Chapman conducted follow up investigation by having an audit trail run in the FLOCK system for the time frame of March 26, 2025, through May 26, 2025. During that time frame City of Milwaukee Police Officer Josue Ayala ran the license plate of VICTIM ONE a total of 55 times. The audit trail revealed that Officer Josue Ayala also conducted a search of a second license plate number belonging to VICTIM TWO a total of 124 times during the same time frame. During the time frames that Officer Ayala conducted the searches of each license plate, Officer Ayala was on duty working for the City of Milwaukee Police Department.

The Flock system requires the user to enter a reason for the license plate search. On each occasion that Officer Ayala used the Flock system to search for license plate of VICTIM ONE or VICTIM TWO, Officer Ayala listed the reason for conducting the search as “investigation”

I’ll spare the technical details here, but the discrepancy between the victim’s reported number (over 100) and the audit’s number (55) is explained by redactions; the inaccuracy is a direct consequence of deliberate obfuscation.

The policy violation should have been caught by Milwaukee PD during its regular audits.^[1]

If the CJIS framework applies, which Flock often implies, this should have been caught by the Wisconsin Department of Justice, which oversees Milwaukee PD. If the DOJ had missed it, the FBI’s CJIS division should have caught it.

If these were state or nationwide searches, as most searches are, this should also, independently, have been caught by all the other involved departments.

No independent auditors exist, nor does Flock audit anything.

In fact, the FBI and Flock’s recent changes were explicitly designed to make it more difficult to catch exactly this type of violation.

Nobody in an ostensibly multi-layered system of oversight caught the problem; once again it was a private citizen—the victim in this case—who had to do the job public officials promised they’d do. And again, the problem came to light as a result of complete, unredacted audit log information—including license plate numbers.

In January, public audit logs got an officer fired. Today, they got one criminally charged. The ACLU wants to make sure there isn’t a third time.

Now that Flock has deleted the information that made both cases possible, any future similar incidents will almost certainly go unnoticed. As long as there are no alternatives for effective oversight, and as long as there is unregulated privatized surveillance, public audits are the best we can hope to do.

I will continue advocating for exactly that.

2/28/2025: Updated with ACLU/EFF lawsuit information.

You can request the full, current list from any agency using Flock—federal policy requires them to have it available; the company’s concern about speculative “officer safety” scenarios apparently does not extend to its own employees, whose names and signatures are being filed into public records as a matter of course — hopefully with their knowledge and consent.

To be clear, the “illegible” signatures are completely illegible—but apparently still sufficient for Flock, Story County, Iowa, the Iowa Department of Public Safety, and the FBI.

These 28 Flock employees signed the following statement:

I hereby certify that I am familiar with the contents of (1) the Security Addendum, including its legal authority and purpose; (2) the NCIC Operating Manual; (3) the CJIS Security Policy; and (4) Title 28, Code of Federal Regulations, Part 20, and agree to be bound by their provisions.

I recognize that criminal history record information and related data, by its very nature, is sensitive and has potential for great harm if misused.

I acknowledge that access to criminal history record information and related data is therefore limited to the purpose(s) for which a government agency has entered into the contract incorporating this Security Addendum.

I understand that misuse of the system by, among other things: accessing it without authorization; accessing it by exceeding authorization; accessing it for an improper purpose; using, disseminating or re-disseminating information received as a result of this contract for a purpose other than that envisioned by the contract, may subject me to administrative and criminal penalties.

I understand that accessing the system for an appropriate purpose and then using, disseminating or re-disseminating the information received for another purpose other than execution of the contract also constitutes misuse.

I further understand that the occurrence of misuse does not depend upon whether or not I receive additional compensation for such authorized activity. Such exposure for misuse includes, but is not limited to, suspension or loss of employment and prosecution for state and federal crimes.

This certification, along with a fingerprint-based background check, is a requirement under the CJIS Security Policy:

This section’s security terms and requirements apply to all personnel who have unescorted access to unencrypted CJI. Regardless of the implementation model – physical data center, virtual cloud solution, or a hybrid model – unescorted access to unencrypted CJI must be determined by the agency taking into consideration if those individuals have unescorted logical or physical access to any information system resulting in the ability, right, or privilege to view, modify, or make use of unencrypted CJI. — CJIS Security Policy, v5.9.5, § 5.12, p. 212.

Note that the policy is explicit about “logical or physical access.”

Iowa DPS puts it in even clearer terms in a guidance document:

All private contractors who perform criminal justice functions shall acknowledge, via signing of the Security Addendum Certification page, and abide by all aspects of the CJIS Security Addendum — Iowa DPS, Requirements Document FBI CJIS Security Policy Version 5.3",^[1] p. 9

There only being 28 employees who would need to certify is … at best, implausible.

Yet, after months of back and forth between Story County and the Iowa Department of Public Safety, this is the list Flock and the county attorney produced.

Who is Missing

Any Flock employees with access and a first name that starts with D–Z. Unless there aren’t any, but that seems improbable.

We know that Flock “LPR” cameras contain unencrypted photos and videos. The CJIS Security Policy is clear that anyone with physical access to CJI should be on the list; that would include all (subcontractor) installers. The alternative, that the footage stored on the devices is not CJI, renders it non-confidential and, in most states, a public record.

For the reported issue where Flock cameras were publicly exposed on the Internet, Flock’s Chief Legal Officer Dan Haley has downplayed the severity of the “not a hack” by claiming it was a “configuration error” perpetrated by Verizon.

If Verizon’s employees can configure the system to expose the information, they have access sufficient to trigger the certification requirement. Flock does not consider this to be a security incident, implying Verizon personnel have authorized access, yet they do not appear to be on the list.

The list should also include of all Flock’s Upwork contractors, whoever has access to its Danish screen-recorder, and, assuming these are Flock’s own accounts, anyone using Flock City PD - Law Enforcement Sales, Flock City PD - Law Enforcement Sales Demo, Flock RTCC, Flock Safety Admins, Flock Safety Customer, Flock Safety Engineering, Flock Safety Sales, Flock Safety Campus Security Training, Flock Safety LE Training, Flock Safety Sales, and Florida LE Flock Training, which all run on production data (i.e. real people’s movements are regularly being searched for Flock’s sales and training purposes).

Notably, Robert Otten, Flock’s “Head of Security, Risk and Compliance” (or similar titles), attested to each of the 28 signatures but did not certify his own adherence to the CJIS Security Policy. A suspicious absence, if the list were complete.

What is Missing

Around 6,000 contracts, based on Flock’s reported number of government customers. These certifications are tied to specific CJIS addenda, which are tied to specific contracts, via “the contract incorporating this Security Addendum.” Each person on the list needs to read each of Flock’s contracts and sign the certification that says they understand the “purpose” valid for each individual contract.

This is clearly unworkable; it is a recognized, and “solved” problem. Some states centralize their processing for these certifications. In those states, vendor employees can certify with the state CSA (typically state police or department of public safety), who retains their background check and information on file to share with other agencies using the same vendor.

In those states, vendor employees file a single certification with the CSA, and simply claim that they will not use it for a purpose not allowed by any of its employer’s contracts, past, present, or future, without ever seeing the contract. It’s questionable, but the FBI does not appear to have a problem with it so far.

But not all states have such a system in place. For those states, each employee needs to sign this piece of paper for each contract.

The issue is further complicated by Flock’s position that its contractual terms, which it recently altered, are negotiable and each customer can have a bespoke contract. If employees need to adhere to the terms of the contract they must, necessarily, read those contracts.

Of course, if Flock were to take the other position — that its terms are not negotiable — its contracts may qualify as contracts of adhesion, which raises its own set of problems.

Who is Not Missing

Some easy to find job titles for the folks on the list:

• UI/UX Designer & Brand Visionary
• User Experience and Service Designer
• Policy Manager (former federal prosecutor, hired from the U.S. Attorney’s Office)
• Principal Product Manager
• Manager, Solutions Engineering

There is no reason a UI/UX designer and/or brand visionary should have access to production data. This is not only a common-sense security practice, but a requirement for both SOC.2 and ISO27001 certification—both of which Flock claims to possess.

And that’s for ordinary production data; those rules apply to companies that sell caps for your ballpoint pen or that do made-to-measure T-shirts for your dog. Here, we’re talking about federally protected criminal justice information.

In any case, apparently it’s more important for a brand visionary to have access to CJI than for the Head of Security, Risk, and Compliance.^[2]

What it Means

There are only two explanations for what this list represents:

1. Flock has narrowed CJI access to 28 people — in which case several of those people have no business being on the list, Otten’s absence is inexplicable, and the company’s field technicians, Upwork contractors, and demo account users are all operating in violation of federal law; or—
2. Flock certifies everyone and handed over only a subset to make the records request go away.

Both explanations end in the same place.

Every day, Flock cameras record the movements of millions of people who never consented to surveillance and have no way to verify how their data is handled, needing to rely on Flock’s vague assurances that it is “CJIS certified.”

The CJIS Security Policy exists because criminal justice information and criminal history record information is dangerous when mismanaged. Flock’s own paperwork — the paperwork they produced to prove compliance — is the evidence that they aren’t complying.

And the certification itself? It’s a document that exposes individual signers to federal criminal prosecution for misuse of CJI.

When Flock runs sales demos on production data — real people, real movements, real criminal justice information — it’s not Flock’s name on the line. It’s the employee’s. The company that built the system, sold the system, and decided to use live data for training walks away clean. The designer who was told to sign something during onboarding risks federal charges.

Twenty-eight names. Some illegible, one conspicuously absent, and no reason to believe the list is even remotely complete. But every one of them signed on the dotted line — and not one of them is Flock.

I am not an attorney. This analysis reflects my interpretation of CJISSECPOL, contract language, and law, and is subject to change. Contracting agencies should consult qualified attorneys regarding their specific agreements.

The Policy

Coralville’s ALPR policy,^[1] is a typical Lexipol-generated exercise in legal copy-pastery, virtually identical to neighboring North Liberty’s policy,^[2] but with the following, largely inoffensive, section:

That section was copy-pasted from Cedar Rapids’ policy, but it adds the non-sensical “protected characteristic” of infringing on the First Amendment, and a prohibition on use “[s]olely for immigration purposes”.

That “immigration purposes” clause was added in response to pressure from the public against the backdrop of increasingly aggressive ICE raids in Operation Midway Blitz in Chicago.

Coralville’s policy was always performative. Its prohibitions were unenforceable, and various aspects made no sense or made specific reference to the laws they facially clashed with. The Chief’s proposed policy only provided for secret oversight done exclusively within the police department with no mandatory reporting or penalties for violations—a fact specifically called out at the council meeting where the policy was adopted.

To dispel any notion that this was bad policy made in good faith: once the policy was adopted, the city almost immediately violated its own directive not to automatically share data with agencies outside Johnson County.

Residents noticed on the Coralville Flock transparency portal that Coralville PD had given Cedar Rapids (in neighboring Linn County) access. When asked about this by the public and the media—who all interpreted 427.7 as a ban on granting this type of unfettered, indefinite automated access to agencies outside Johnson County—the PD justified its actions by stating that Flock’s automatic sharing was fine because the request for automatic sharing had been made manually.^[3]

The Coralville Police Chief clearly has no qualms about sharing data. The Chief had already signed a two-year deal for mass surveillance after only talking to the City Administrator and without involving the city council, the city attorney, or finance; if he had been approached by state or federal agencies for access to Flock, there is no doubt in my mind that he would have granted it.

More so if the AG would follow the state playbook of mildly threatening sanctions, up to withholding all of a city’s state funding, for violating Iowa Code Chapter § 27A.4(1):

A local entity shall not adopt or enforce a policy or take any other action under which the local entity prohibits or discourages the enforcement of immigration laws.

Granting access for immigration purposes would be the path of least resistance for Coralville PD and its city administrator: the policy prevents oversight, and as long as the feds have access they won’t complain.

AG Bird has so far declined to enforce Iowa’s laws prohibiting surveillance data, or its laws on data security, consumer protection, or privacy, but she has threatened to use Chapter 27A to revoke funding for an entire county because its Sheriff dared distinguish between administrative and judicial warrants on Facebook.

The Gambit

For us folks who like their privacy, the gambit was clear then: file a complaint with the Iowa Attorney General about Coralville’s unlawful policy on the theory that if the AG acted, Coralville would have a choice:

1. Amend the policy. They’d need another public meeting, where the City Council, its Chief of Police, and its City Administrator, would have to face an increasingly disgruntled public’s "I told you so"s. They would have to tell the public they would be stripping the core protection they had emphatically promised only a few months earlier, after ICE had ratcheted up Operation Metro Surge in Minneapolis.
2. Defy the Attorney General and risk being in an indefensible position in a legal battle that would put state funding on the line for a city of 22,000 that’s already $340M in debt, due to questionable financial decisions involving funding a private hotel and a video game arena.
3. Cancel the contract.

The violation in Coralville was much more direct than the Facebook post in rural Winneshiek County.

The Republican-led Capitol also has a long history of conflict with dark-blue Johnson County and its cities—including Coralville.

@October 2, 2025, AG Complaint Re: Coralville

I submitted the complaint by email as a PDF attachment. When I followed up a month later, I received a response:

Thank you for contacting the Iowa Attorney General’s Office. We have reviewed your concerns. The attachments referenced were not included with your email. Please forward those to our office so we can have them reviewed.

How the AG managed to review the complaint without receiving the attachments remains a mystery.

By January, after repeated attempts to deliver the complaint,^[4] I was ready to chalk it up to more inaction rather than lack of transparency, when I unexpectedly got word Coralville had been in contact with the Attorney General.

The AG had directed Coralville to “remov[e] Section 427.4.1(d) from Policy 427 [to] resolve the pending complaint in full.”^[5]

@December 16, 2025 letter from Attorney General to Coralville

Coralville city staff immediately acted to make changes to the city’s website and recommended that the offending language be removed from the PD’s policy. The AG considered this an acceptable solution.

@January 20, 2026 letter from Attorney General to Coralville

The Fallout: A Cancelled Contract and Transparency

Amending city policy requires council action. The Coralville City Council scheduled a work session following its next regular council meeting to discuss the AG’s letter. The Coralville community once again showed up and spoke out. It was effective: the council placed “Cancel the contract” on the agenda for its next meeting.

The $36,000 surveillance system that Chief Nicholson smuggled past his own city council, that the council spent months defending with contradictory and increasingly desperate arguments, that Flock’s own representative admitted was ungovernable by local policy — will be coming down.

But AG Bird did something else deserving mention: she placed my name in the opening sentence of the letter to Coralville. It is a choice to so readily disclose the identity of a complainant against a police department on a topic as politically charged as immigration enforcement.

It’s an especially unexpected level of transparency for an AG currently appealing a district court’s order that the Iowa Public Information Board (IPIB) must do its job and handle (not validate, handle) an open records complaint concerning Flock camera locations.^[6]

The Court of Appeals has been weighing that case since early last summer, which could mean the AG is not going to get a one-page order with an easy procedural win against a pro se appellee. That would be embarrassing (Update 2/25: Not 12 hours after posting this, the Court of Appeals affirmed the trial court decision—i.e., I prevailed).

The kicker is that, in the Coralville case, the original complaint is almost certainly a confidential public record under Iowa Code § 22.7(18). This is the “whistleblower protection” clause cities have used to hide community camera registries they have integrated with Axon’s Fusus (a “fusion center” software product similar to Flock’s “FlockOS”).

Communications not required by law … to the extent that the government body … could reasonably believe that those persons would be discouraged from making them to that government body if they were available for general public examination.

But, as I’ve noted while arguing with various state and local officials: the Iowa Open Records Act does not require agencies to withhold confidential public records, it merely permits it. The complaint was likely protected; the AG chose to disclose it anyway—while simultaneously litigating to prevent disclosure of public records in the IPIB case.

She exercises discretionary transparency when it serves her, rather than the public. She fights it when the roles are reversed.

The Cancellation

The gambit worked: on February 24, Coralville voted to end its contract with Flock. Within a span of weeks, both Iowa City and Coralville have instructed Flock to remove its AI surveillance cameras from public roadways. Although Iowa City is its own island within the state, this is a major victory in a state whose legislature is staunchly uncritical of police.

AG Bird got the outcome she wanted: the immigration clause is gone. But the community got the outcome it wanted: the cameras are coming down.

The AG’s selective transparency—naming a complainant against a police department while fighting to keep surveillance records secret—tells you everything you need to know about which side of the one-way mirror she prefers to stand on.

In response to an open records request, the DOT initially said it didn’t know how many of these investigations led to convictions — or even to license denials. It could confirm only that between January 2022 and November 2025, there were 192 such cases.

The DOT promised to compile outcome data by early January and delivered—albeit a bit late. The spreadsheet tells a remarkable story: of the 192 investigations, 28 led to no action of any kind, and only 14 resulted in criminal charges. The spreadsheet does not record whether any of those charges led to convictions.^[1]

This has been happening since at least 2008. And, of course, the FBI has been tapping into Iowa’s database since at least 2014.

Iowa is not unique, but its story illustrates, in granular detail, how the federal government and state DMVs have quietly built one of the largest surveillance infrastructures in American history — and how the agencies operating it have no idea whether it works.

How It Started

In 2005, Congress passed the REAL ID Act. A year later, the Iowa DOT awarded a $1.4 million contract to Digimarc for facial recognition technology. The system was sold to the public as a fraud-prevention tool, but the contract embedded capabilities well beyond that purpose:

Iowa DOT will implement both “one-to-one” and “one-to-many” facial recognition as part of its driver license enrollment process.

“One-to-one” matching — comparing a renewal photo to the applicant’s prior photo — is the anti-fraud use case the DOT advertised. “One-to-many” matching is something else entirely: it scans each new portrait against the full database of driver’s license images. As the press release noted:

Each night, the Biometric Identification system checks each newly captured portrait against the full database of driver license images as another means to catch attempts by a single individual to get a driver license under multiple names.

The DOT pitched this to the public as a civil anti-fraud measure. But it also built out infrastructure with latent capabilities for criminal investigation— and, as it turns out, civil immigration enforcement—capabilities it would formalize with law enforcement partners in the years to come.

By 2007, the nightly scans were operational. Digimarc, the original vendor, was subsequently acquired through a chain of corporate mergers: first by Safran’s Morpho division (later MorphoTrust USA), then by IDEMIA, which continues to partner with the Iowa DOT as of 2024.

The algorithm has changed hands repeatedly, but neither the DOT nor any external body has ever tested its accuracy for the purpose Iowa uses it — flagging potential fraud from a pool of millions.

The FBI Moves In

In 2014, the Iowa Department of Public Safety signed an agreement with the DOT to pay for an upgrade to its facial recognition system in exchange for access to it.

According to Georgetown Law’s The Perpetual Lineup, this gave DPS authorized personnel the ability to run face recognition searches against Iowa’s driver’s license photos.^[2]

That same year, the DOT signed its first Memorandum of Understanding with the FBI, granting the Bureau access to those same photos through its Facial Analysis, Comparison, and Evaluation (FACE) Services unit. A 2016 GAO report confirmed that the FBI could request searches of Iowa’s driver’s license database.

The Iowa MoU was updated in 2018, superseding the original agreement. Under its terms, the FBI submits a probe photo to the DOT, the DOT searches its facial recognition database, and returns a set of candidate photos and identities. The DOT agreed to process up to 15 photo requests per day, but the number it actually processes is not known.

Iowa is hardly alone. In response to a FOIA request about Iowa’s program, the FBI provided a stack of MoUs from other states instead of the Iowa-specific records that would have been responsive.^[3] Those documents show that at least fifteen states have signed similar agreements with the FBI.

By May 2019, 21 states had partnered with FBI FACE Services, giving the Bureau access to over 641 million photos across all searchable repositories.

@MoUs provided by the FBI

The Nightly Dragnet, to Start With

The nightly scan is called the Automated Biometric Identification System (ABIS). It has been running every night for eighteen years, telling the DOT’s Bureau of Investigation & Identity Protection (BIIP) who to investigate next — not because there is any indication of fraud, but purely on the output of a commercial facial recognition algorithm.

These investigations are warrantless and deeply invasive. DOT procedure specifies:

When a driver’s license case is first assigned for investigation, the Investigator shall gather all pertinent documents and information related to the investigation.

This includes the complete driving and vehicle ARTS records, specific driving violation records, Accurint check from DPS, or a CLEAR report from a Bureau investigator and criminal history to start with.

— Iowa DOT, Procedures Related to Driver License Investigations, p. 176

@Procedures Related to Driver License Investigations, p. 176

A commercial algorithm — for which we have no data regarding accuracy or bias — says your photo looks like one of millions of others. On that basis alone, a DOT investigator pulls your credit history, utility bills, social media posts, criminal history, and every other detail they can find about you into a file. “To start with.”

Although we still don’t have no data on the DOT’s system’s accuracy, we at least have part of the story now: DOT records show that of 192 investigations opened between January 2022 and November 2025 (excluding 19 still-open cases and one duplicate):^[4]

• 28 investigations (16%) resulted in no action whatsoever. No administrative sanction, no criminal referral. The algorithm flagged these people, an investigator pulled their credit histories and criminal records, and then closed the file. Whether the subjects were ever told they’d been investigated is unknown.

• 130 investigations (76%) resulted in administrative action only — mostly license cancellations, but also 20 cases where the sole action was “Merge Records,” which appears to be database housekeeping.

• 14 investigations (8%) resulted in criminal charges. That is 3.5 per year. The charges are overwhelmingly misdemeanors: “Fraudulent Application for DL/ID,” “False Application for DL/ID,” perjury. A handful involved more serious offenses — identity theft, forgery, fraudulent practice. One case resulted in no Iowa charges at all; the subject was extradited to Nebraska on an existing warrant.

• Zero convictions are recorded. The DOT’s spreadsheet tracks charges filed, not final outcomes. After eighteen years and 192 documented investigations, the agency still cannot say whether a single criminal referral from its facial recognition program has ever resulted in a conviction.

One additional detail stands out: in April 2025, an administrative action reads “Notified Homeland Security and IA DOR.”

The nightly scan, sold to the public as a fraud-prevention tool, appears to have been used for federal immigration enforcement, as those agencies continue to push facial recognition mobile app on local police.

Blind Faith in a Blind System

Facial recognition algorithms are notoriously biased, performing worse on people with brown or black skin than on those with white skin. This is a technical reality, not an advocacy position.

In 2016, the Government Accountability Office examined the FBI’s facial recognition program and made six recommendations. The GAO found that the FBI had tested its system’s detection rate only for candidate lists of 50, and had no data on accuracy for smaller list sizes that users regularly requested. The GAO also recommended the FBI determine whether the external state systems it relies on — systems like Iowa’s — were sufficiently accurate.

The FBI disagreed. It told the GAO that its testing satisfied requirements for providing investigative leads and that the Bureau lacked authority to set accuracy requirements for external systems.

Three of the six GAO recommendations dealt with accuracy—a massive red flag for a system that flags and investigates people based on algorithmic photo matches selected from millions of candidates.

Two more dealt with transparency: the FBI had failed to publish required Privacy Impact Assessments^[5] and a System of Records Notice^[6] — legally mandated disclosures for a program handling tens of millions of Americans’ photos. DOJ eventually published the missing documents, though years late.

By 2019, only one of the six recommendations had been fully implemented. The FBI had begun conducting user audits but still had not tested accuracy for smaller candidate lists, had not assessed external partner systems, and had not conducted the recommended annual operational reviews. The GAO maintained all five remaining recommendations were valid.

Iowa, for its part, did no better. In response to public records requests:

• The Iowa DOT and DPS each confirmed that the FBI never shared results of any accuracy tests.
• The Iowa DOT, despite having a “facial recognition analyst” on staff, never performed its own accuracy testing.
• Neither the DOT nor DPS ever solicited or received reports about the system’s accuracy from the vendor. Their only information comes from general materials provided, or published online, by the vendor.
• DPS “[had] not yet adopted a final policy” governing its use of facial recognition, on the grounds that it was waiting to determine “what uses may be accurate or inaccurate, reliable or unreliable, appropriate or inappropriate.”^[7] That was in 2016. A decade later, it still hasn’t looked at system accuracy—knowledge it claims is a prerequisite to regulation.

The FBI did not respond to a FOIA request (other than with the stack of MoUs from other states that were not part of the request).

As the ACLU of Minnesota summarizes: “Facial recognition automates discrimination.” The agencies either believe their algorithm is infallible, or they don’t care whether it’s accurate as long as it gets them an occasional result. Substantial academic and technical literature on algorithmic bias goes ignored, as does the federal government’s own accountability office.

The Bigger Picture: National Mass Surveillance

Iowa’s nightly scan is one node in a much larger system — one that has been expanding steadily and is now accelerating.

The infrastructure began with REAL ID and the MoUs that gave the FBI access to state driver’s license databases. In December 2025, Iowa was one of four states that agreed to help the Trump administration gain access to state driver’s license data through NLETS.^[8]

The deal was part of a settlement that allowed Iowa to upload its voter rolls to the federal government for citizenship verification through SAVE,^[9] after the Secretary of State had flagged over two thousand potential non-citizen voters by cross-referencing voter rolls with DOT records — driver’s license application data that was, in many cases, years out of date.

Subsequent federal verification through SAVE confirmed only 277, roughly 12% of those flagged based on the DOT’s REAL ID records.

Meanwhile, DHS has also declared that REAL ID—the system it spent twenty years building these invasive, networked fraud-prevention and citizenship-verification systems for—is not fit for purpose.

In a December 2025 court filing, a DHS official stated that “REAL ID can be unreliable to confirm U.S. citizenship” in response to a lawsuit by an American citizen who was detained twice during immigration raids despite presenting his valid REAL ID.

What immigration enforcement now demands is being filled by facial recognition. ICE agents carry Mobile Fortify, a smartphone app that reportedly scans faces against over 200 million images across DHS, FBI, and State Department databases.

DHS does not let subjects decline to be scanned, and photos — including those of U.S. citizens — are stored for fifteen years. CBP has gone further, releasing Mobile Identify, a separate facial recognition app available to state and local police agencies deputized for immigration enforcement through 287(g) agreements.

The federal government and state DMVs spent twenty years laying the groundwork for all of this while Presidents, Governors, and members of Congress rotated in and out of service. The MoUs. The nightly scans. The databases quietly compiled from photos taken to get permission to drive — or, for non-operator ID holders, simply to prove who they are.

Iowa’s program is not an outlier. It is the foundation. It is twenty years of federally funded research, data collection, and algorithmic lineups that, by the government’s own accounting, is unreliable and serves no significant public purpose.

Iowa’s DOT does not limit itself to approving questionable permits for police surveillance cameras and waiving roadside safety standards to accommodate them. Through its Motor Vehicle Division, it also operates one of the most invasive automated surveillance programs in the state.

For 3.5 criminal charges per year — overwhelmingly misdemeanors, with no recorded convictions — and 28 investigations that led nowhere at all, every new driver’s license photo in Iowa enters the nightly automated lineup, and, along with it, the database that federal, state, and local police across the country can access on demand.

Whether you’re an immigrant or have never left Ottumwa, if IDEMIA’s computer says you’re a suspect, the government will find out everything there is to know about you—to start with.

On February 16, 2026, Flock updated those terms again. The new version cleans up the structural contradictions in the December terms and locks in a set of provisions that are, in nearly every respect, worse for customers. It includes mandatory arbitration, moves disputes into the state of Georgia, and strips language that could hinder data sales.

The comparison report shows 147 changes across 96 replacements, 21 insertions, and 30 deletions. The document grew from 12 to 15 pages.

@Flock December 2025 Terms @Flock February 2026 Terms @Comparison report

Data Ownership: The Elegant Swindle

The December terms pulled an awkward trick. They defined “Footage” separately,^[1] excluded it from “Customer Data,” and then told customers they owned “Customer Data” — just not the actual images, video, and audio “their” cameras captured. It was clumsy, and it was obvious.

The February terms fix the clumsiness, but leave the harm.

“Footage” is no longer a defined term. It’s gone. “Customer Data” is redefined to include:

all (a) data and information captured by Flock Hardware on behalf of Customer through the Flock Services (e.g., images, audio, and/or video) and the metadata associated therewith^[2]

On paper, this looks like a win — footage is back inside Customer Data! Customers own their data again!

Not quite. Two things happened simultaneously.

First, the December commitment that “Flock does not own and shall not sell Customer Data” was deleted. That sentence no longer appears anywhere in the contract.

Second, the data license was expanded. December granted Flock:

a limited, non-exclusive, royalty-free, irrevocable, worldwide license to use the Customer Data and perform all acts as may be necessary for Flock to provide the Flock Services to Customer^[3]

February grants Flock:

a limited, non-exclusive, royalty-free, irrevocable, perpetual, worldwide license to (a) use and disclose Customer Data to provide the Flock Services; and (b) use Customer Data to support and improve Flock’s products and services^[4]

That’s two critical additions. The license is now perpetual — it doesn’t expire when the contract ends. And clause (b) allows Flock to use all Customer Data, including the footage it just folded back in, for its own product development. No restrictions. No limitations.

In December, customers owned the metadata but not the footage. In February, customers “own” everything — but Flock has a perpetual, irrevocable license to use all of it for anything it wants, forever.

The customer owns the house. Flock has a permanent, rent-free key.

Training Data Guardrails: Deleted

The December terms, for all their problems, included a detailed Training Data section^[5] with ostensible privacy commitments: images “stripped of all metadata and identifying information,” used “solely for the limited purpose of improving the Flock Services through machine learning,” “never sold or shared with third parties,” and “maintained separately and never combined in a manner that would render it personally identifiable.”

February deletes all of it. Section 4.3 is gone. In its place: clause (b) of the new data license — “use Customer Data to support and improve Flock’s products and services.”

Every guardrail the December terms promised for machine learning training has been removed:

• De-identification? Not required.
• Separate maintenance? Not required.
• Limited to “a small fraction of images”? No — the license covers all Customer Data.
• “Never sold or shared with third parties”? That commitment no longer exists.

The scope of data available for product development expanded from “a small fraction of images” stripped of identifying information, to the entire corpus of Customer Data — including footage, metadata, license plate numbers, timestamps, and geospatial coordinates — with no privacy restrictions whatsoever.

Governing Law: Georgia on Everyone’s Mind

This is the most significant net-new change the February terms introduce.

The December terms used the law of the state where the customer is located, with venue in that state’s courts.^[6] This was a standard and customer-favorable provision, particularly for government agencies that may have statutory rights to litigate in their home jurisdictions.

February replaces this with:

The Agreement … shall be governed exclusively by, and construed and enforced in accordance with, the laws of the State of Georgia, without regard to its conflicts of laws principles.^[7]

And it doesn’t stop at choice of law. The December terms contemplated normal court litigation. February imposes mandatory mediation followed by binding arbitration through the American Arbitration Association:

If any Dispute cannot be settled through direct discussions, the Parties agree to endeavor first to settle such Dispute by mediation administered by the American Arbitration Association under its Commercial Mediation Procedures before resorting to arbitration. The Parties further agree that any Dispute that remains unresolved by mediation shall be settled by arbitration.^[7:1]

For a government agency in Iowa, or California, or any state that isn’t Georgia, this means: if Flock breaches the contract, you don’t get to sue in your own courts under your own laws. You mediate, then arbitrate, under Georgia law, through the AAA.

Many state and local governments have statutes requiring government contracts to be governed by local law and adjudicated in local courts. Whether a mandatory arbitration clause in click-through terms can override those requirements is an open question — but one that a city’s attorney should be answering before the Order Form hits the consent agenda, not after.

Iowa’s Arbitration Statute: A Potential Defense

Although this will vary from state to state, for Iowa municipalities in particular, the mandatory arbitration clause may not survive contact with Iowa Code §679A.1(2). That statute provides that arbitration clauses for future controversies do not apply to “take it or leave it” contracts of adhesion.^[8]

Given the mechanism we’ve documented — Flock posts terms on its website, changes them at will, blocks Wayback Machine archiving, and requires cities to accept them via Order Form signature with no negotiation — there is a strong argument these qualify.

Iowa law also excludes tort claims from mandatory arbitration unless there is a separate writing executed by all parties specifically agreeing to arbitrate torts.^[9] Flock’s T&C is a single document — there is no separate tort arbitration agreement.

So if a city has a negligence claim against Flock — say, a data breach caused by failure to maintain reasonable security — the arbitration clause may not reach it under Iowa law regardless of whether the contract is adhesive.^[10]

Unfortunately, the taxpayer would be on the hook for the litigation—which could exceed the cost of the contract—either way.

Liability: The Gross Negligence Loophole Closes

The December terms capped Flock’s liability at 12 months of fees — standard SaaS boilerplate. But they included a critical exception:

NOTWITHSTANDING ANYTHING TO THE CONTRARY, THE FOREGOING LIMITATIONS OF LIABILITY SHALL NOT APPLY (I) IN THE EVENT OF GROSS NEGLIGENCE OR WILLFUL MISCONDUCT, OR (II) INDEMNIFICATION OBLIGATIONS.^[11]

February deletes this exception entirely.

Under the new terms, Flock’s liability is capped at 12 months of fees even if Flock acts with gross negligence or willful misconduct. If Flock deliberately or recklessly causes harm — say, through a data breach caused by knowing failure to maintain reasonable security — the customer’s maximum recovery is whatever it paid in the prior year.

The indemnification provisions are gone too. December’s §9.3 required Flock to indemnify customers for IP infringement claims and installation damage. February eliminates all indemnification language — Flock’s and the customer’s.

The removal of customer indemnity (which I flagged in December as a new and concerning addition) is technically customer-favorable in isolation.

The overall trade — dropping indemnification entirely while also removing the gross negligence exception — leaves customers in a strictly worse position.

Non-Appropriation: From Exit Ramp to Dead End

The December terms allowed government customers to terminate for non-appropriation with 30 days’ written notice “without penalty or other cost.”^[12]

February adds two restrictions:

Customer shall remain responsible for all amounts incurred prior to termination, and non-appropriation shall not be based on discretionary budget decisions or operate as a termination for convenience right.^[13]

The “discretionary budget decisions” language is the operative weapon here. When a city council decides not to fund a surveillance program, is that a “discretionary budget decision”?

Almost by definition, yes.

This provision appears designed to prevent government customers from using non-appropriation as an exit ramp when they simply decide they no longer want the service — which is, of course, the entire point of non-appropriation clauses.

The Constitutional Problem

In Iowa (and many other states), the non-appropriation clause isn’t a negotiating courtesy but the mechanism that keeps multi-year vendor contracts from being classified as “debt” under constitutional limits.

Debt levels for local governments can be capped.^[14] The standard way to keep a multi-year contract outside that cap is the non-appropriation clause: because the government can walk away if funds aren’t appropriated, the contract is a “current expense” rather than an enforceable multi-year debt obligation.

Iowa’s Department of Administrative Services procurement manual states that service contracts crossing fiscal year lines “should include a non-appropriation provision.”^[15] The Iowa League of Cities’ model debt policy is even more direct: certain agreements “must contain ‘annual appropriation’ provisions so that the agreement does not count against the city’s constitutional debt limit.”^[16]

If Flock’s restrictive language effectively nullifies the non-appropriation clause — by preventing cities from exercising it whenever the non-appropriation results from a “discretionary budget decision” — then the contract arguably creates an enforceable multi-year financial obligation.

That’s debt.

And if it’s debt, it may count against the constitutional cap, or worse, may require voter approval that was never obtained.

A Flock contract is unlikely to push a city over its debt limit on its own. But the principle matters: if a vendor can contractually prohibit a municipality from exercising its non-appropriation right, the constitutional protection is meaningless. Every vendor can do it. The debt limit becomes advisory.

Cities should ask their attorneys a simple question before signing: does this non-appropriation clause actually let us non-appropriate?

What Got Better

In the interest of completeness: a few changes are at least facially customer-favorable.

IP non-infringement warranty. February adds a new warranty that Flock’s services don’t infringe valid U.S. patents or registered copyrights.^[17] This is a real addition, though the carve-outs for customer combinations and customer breaches are standard.

Insurance specifics. December referenced a vague “Exhibit B” for insurance. February adds a detailed Exhibit A specifying $1M/$2M commercial general liability, $1M auto, $5M professional liability/E&O, and $5M cyber liability.^[18] Actual numbers are better than vague promises.

Retention Period coverage. December’s Retention Period applied to “Customer Data” (which excluded Footage), creating the implicit permission for indefinite footage retention that we identified in our previous analysis. February redefines the Retention Period to cover “footage captured by the Flock Hardware or Customer Hardware via the Flock Services and the associated metadata.”^[19] This theoretically closes that gap — though the period itself is still “as specified in the applicable Order Form,” which means Flock and the customer still negotiate it (or don’t) separately.

The Pattern

The December revision was the hostile restructuring. February is the cleanup.

December moved contract terms online, carved footage out of customer data, and expanded Flock’s IP claims. But it left contradictions and rough edges — the Training Data section still promised privacy guardrails that the rest of the contract was busy undermining; the governing law provision still favored customers; the liability cap still had exceptions for truly bad behavior.

February resolves those contradictions. Every resolution favors Flock.

The terms are now internally consistent: Flock has a perpetual, irrevocable license to all customer data for any purpose; disputes go to Georgia-law arbitration; liability is hard-capped regardless of fault; and the non-appropriation exit for government customers has been narrowed to the point where it may not function as intended — raising questions about whether these contracts create unconstitutional debt obligations for the municipalities that sign them.

Flock’s marketing materials, as of this writing, continue to claim that “Customers own 100% of the data collected.” The February contract no longer directly contradicts that claim but it does make it an elegant lie.

Flock Loblaw’s Law Blog

This section was added February 17, 2026. The points below address Flock’s blog post.

A Simpler, Clearer Definition of “Customer Data”

(Section text)

Agreed. It’s simple, it’s clear: there’s one big bucket of Customer Data and Flock gets a license to do whatever it wants with it.

Flock Does Not Own or Sell Customer Data

(Section text)

James Cameron owns the movie Titanic, but Walt Disney and Paramount can still charge me to see it. Cameron licensed the movie to them—to “support and improve their services.”

Ownership is irrelevant when the license grants control.

Clarifying the “Perpetual” License

(Section text)

First, “[t]his is a standard software industry provision” should hold no weight here. According to Flock (when it suits), we are dealing with sensitive criminal justice information and information that can jeopardize officer safety. Let’s not base protections on Silicon Valley trends.

The right to use data to support and improve those services must extend beyond the duration of a single customer’s contract.

Why? Why does Customer Data need to be used beyond the duration of the contract to “support and improve products and services”? It would be one thing to hang on to, say, user-submitted feedback, but that category was deleted in favor of the simplified “Customer Data” that includes the footage.

Removing that distinction is a choice.

Updates Around Disclosure Provisions

(Section text)

Similar to the “Customer Data” simplification, this deletes specific disclosure rules for each category of data in favor of a single simple and clear rule: “we can disclose what we want when we want to whomever we want.”

Governing Law

(Section text)

The updated Terms specify Georgia law as the governing law for the agreement, which is standard commercial practice

Standard practice or not, up until two days ago Flock “agree[d] that venue would be proper in the chosen courts of the State of which the Customer is located.”

Flock then quickly fast-forwards on the part where binding arbitration is now mandatory and Georgia law governs. This removes the contract from the state that its local government customers operate under.

Whether the actual arbitration ultimately happens at a Ramada in Des Moines or in a boardroom in Atlanta is irrelevant: the point is that anyone with a contract dispute must now hire a Georgia lawyer to play an Away game.

Standard Terms, Collaborative Approach

(Section text)

Finally, Flock claims it’s happy to negotiate while it continues to make its customers sign order forms that reference the terms on its website—where it can (and just did) update them at any time.

Updated February 18, 2026: Added “Section text” links. Added some clarifying statements.

I am not an attorney. This analysis reflects my interpretation of contract language and is subject to change. Cities should consult qualified attorneys regarding their specific agreements.

Precrime as a Business Model

In the broader context of AI doing investigative police work—something Flock is pushing hard with Nova and its “Night Shift” feature—Langley had this to say when asked about Minority Report:

[When] you think about it, it was decades of arrests with only one wrongful arrest. How nice would that be if our current judicial system and policing system only had one wrongful arrest and multiple deaths? That sounds great.

The only problem with this system, according to Langley, is that the “terminal decision” lies with the “precog”^[1] rather than a human—the old “local decision” mantra Flock repeats in public, but puts aside when it unilaterally removes “permanent” information from its product.

Langley either completely misses the point of the movie, or he aims to bring about its dystopia in his stated, quixotic quest to eliminate crime.

Minority Report’s problem was never that the precogs were, like AI, “inhuman,” as Langley puts it. The movie is a warning that putting blind faith into a system—any system—is a terrible mistake.

The term “Minority Report” in the movie’s universe refers to an outlying data point: a piece of evidence that contradicts the other evidence and, at minimum, raises doubt about the system’s fallibility. The government’s solution in the movie? Purge minority reports from the record and hide their existence from the public.

The “one wrongful arrest”—which was actually a conviction—serves to highlight that the system has always been fallible. There are likely thousands of innocents who could not have been convicted but for the purged minority reports, removed from society “to eliminate crime in America.”

It’s a fitting reference for a company whose approach to inconvenient data is to make it disappear.

Blurring the Line Between Arrest and Conviction

In the same interview, Langley speaks on real-world problems in proving crime. The first, he claims, is that people will no longer come forward as witnesses.^[2] He continues:

The second is: our expectations of truth have gone through the roof. And and this is, like, largely a good thing, but you know, people like you and me watch NCIS on TV and we assume there’s cameras everywhere. … and you watch [shows like NCIS] and you’re like, “Oh, like this is how [it works]”, but the real world doesn’t work this way.

And so you you get to a judge, you get to a jury, and absent incredibly hard evidence, an arrest will not occur. And that’s actually, I think, good. We’re holding ourselves to a higher standard of eliminating wrongful arrest, but that kind of moves the difficulty level up. And then those two things are compounded by [the third issue of] a staffing crisis, right?

There’s a tell buried in this quote: Langley keeps saying “arrest” when he means “conviction.” He did it with Minority Report, and he does it again here. Judges and juries don’t decide arrests—they decide convictions. The standard for arrest is probable cause, which is far lower than the courtroom standard of beyond a reasonable doubt.

This conflation is not accidental. It’s strategic. Flock’s product is strong enough to generate arrests—point a camera at a road, flag a plate, send a cop. But generating a conviction requires evidence that can survive cross-examination, expert challenge, and judicial scrutiny. As we’ll see below, Flock’s evidence authentication doesn’t clear that bar. Langley blurs the terms because admitting the distinction would expose the gap between what Flock can trigger and what Flock can prove.

The CSI Effect and the “Burden of Truth”

Langley is gesturing at something real: the so-called “CSI Effect,” where jurors exposed to forensic-heavy TV dramas expect more scientific evidence than prosecutors can realistically provide. It’s a documented phenomenon, and it has made some prosecutions harder.

But Langley doesn’t frame it that way. Instead, he frames rising evidentiary expectations as a problem to be solved—a “difficulty level” that Flock can help overcome. The implication is that courts should lower the bar, or that Flock’s evidence should clear it. Neither follows. The standard in criminal proceedings exists to protect defendants from wrongful conviction. That standard hasn’t “gone through the roof.” It’s exactly where it’s supposed to be.

What has changed is that Flock wants to be the one supplying the evidence—and the evidence it produces, as we’ll see, doesn’t hold up.

Why Flock’s Evidence Doesn’t Hold Up

First, a caveat: I don’t claim authority on the Rules of Evidence. It’s a complex topic. If any lawyers want to correct me on anything, please reach out.

Here’s the gist: you can’t just make shit up and throw it at the judge. Courts require any evidence to have a basis and to be introduced by someone. This is, in part, why the prosecutor can’t show up with bodycam footage of you rolling up to the Louvre with your ladder—a police officer who was wearing the bodycam has to show up and say “I saw this guy carrying a ladder through the streets of Paris.”

When it comes to Flock footage, that means either (1) a witness comes in and says “I saw this,” (2) an expert comes in and says “this is authentic and has not been tampered with,” or (3) the court relies on more circumstantial evidence like metadata and affidavits.

Option 1 is impossible—there is no witness. Option 2 is expensive and exposes technical details in open court. Which leaves option 3: the weakest possible basis and, apparently, the focus of Langley’s complaint about standards going “through the roof.”

How Flock Authenticates Evidence

The details are sketchy, because of Flock’s continued lack of transparency, but I believe that some time last year, Flock changed how it authenticates evidence. Where it used to sign an affidavit on request, it now appears to use an automated process. Based on what I can determine, this is roughly how it works since July 1, 2025:

• A Flock camera takes a picture
• It creates a hash (shortened representation) of the image
• Flock stores the image and the hash
• An investigator goes into the Flock portal and downloads an image
• (Optional) Flock deletes the image due to retention periods, but keeps the hash
• The investigator, months later preparing for court, uploads the stored image to Flock
• The server generates a hash of the uploaded image
• The server compares it to the hash stored for the original capture
• The server returns a PDF with the image and the date, time, and location of capture that says “we checked: we took this picture and these items all belong together.”

Sounds reasonable. It isn’t.

The Chain of Custody Problem

The Chain of Custody is a key part of the rules of evidence: you have to be able to show that evidence has not been tampered with. For physical evidence, there are rigid protocols—sealing, unsealing, signing in and out of secure storage.

For Flock’s images: nobody, most likely including Flock, knows who has had access to the image, the metadata, or the hash at any point in the process. This is the reason CJIS requires permanent, immutable audit logs.

Images captured by Flock cameras are stored unencrypted on the device before transmission. Flock has previously said images are stored “for up to 7 days” on the camera, which means the metadata—capture times, location data—is also stored for up to 7 days.

This asynchronous processing is a technical necessity when operating over spotty LTE networks, but it also means there is a multi-day window in which images and metadata sit on an unattended, unsecured device.

It’s the digital equivalent of finding a dead body in an alley and saying “we’ll come back in a few days to collect the evidence.”

The Metadata Integrity Problem

There is no mechanism to validate that the metadata belongs to the image. A properly secured device would have a TPM (Trusted Platform Module) that cryptographically binds the data, image, and hash together so they cannot be separated, altered, or accessed independently. Flock’s cameras are not such devices and, from the teardowns I’ve seen, contain no TPM.

By all appearances, the file hash and the metadata are simply stored in AWS alongside everything else. Anyone with access to AWS—a Flock employee, a compromised account, a contractor—could update the data. With a few keystrokes, a photo of your car taken in Langley, VA, could be associated with a camera in Paris, IL.

Flock’s automated system will attest to this fact in court.

What Flock’s System Actually Proves

Flock’s authentication is a convoluted version of “trust me, bro.” Instead of verifying that a photo was taken where it was taken, when it was taken, it attests only to the fact that an image downloaded from Flock matches another image in Flock’s system.

That’s not authentication. That’s “both our watches say it’s 2:37pm, so it must be 2:37pm”—while ignoring that you left them unattended in your hotel room for three days before driving from Chicago to L.A. All it proves is that both watches show the same time.

Langley wants us—and the courts—to accept 2:37pm as the absolute, indisputable truth. The times match, and he’s wearing one of the watches—how could it not be the truth?

The law demands more, and so should the courts when they are deciding someone’s life and liberty.

Staff shortage be damned.

Back in November, I wrote about the Iowa DOT’s lack of a consistent permitting process. Further research shows that the DOT also lacks a verification process and an inspection process. The permits it does issue are approved based on plans that violate the safety standards printed on the application itself.

In the article What Is the Clear Zone and Why Is It Critical to Roadway Safety?, John Carlton, a licensed Professional Engineer, discusses “why the clear zone is important to the safety of roadway users and provide examples of commonly experienced violations that have resulted in personal injury litigation.”

This table is included on DOT’s standard utility accommodation form and shows the clear zone distances (ADT = Average Daily Traffic). The numbers matter: they are the minimum distance between a roadside obstacle and the travel lane that gives a driver a reasonable chance of recovery in a run-off-road event.

The Missing Permits

As noted in the previous article, the information in the permit applications for roadside cameras is sketchy at best. In some cases, they’re sketched-up screenshots of Google Maps by a Sheriff’s Deputy, and signed off on by the Sheriff, with little to no helpful descriptive information.

The plans above were submitted to, and approved by, the Iowa DOT.

The middle image shows the clearest violation: the minimum “acceptable clear zone” area, listed on the very form the permit was submitted on, is 12 feet. The plan shows “10–12 feet.” The DOT approved it anyway.

The Missing Failsafes

But at least there are failsafes. On paper. After construction, the DOT’s regulations require an “as-built” plan to be submitted with a certified engineer’s stamp. If a plan is not submitted, the DOT is authorized to perform an inspection at the permittee’s expense. This would uncover any shoddy work by unqualified site planners and straighten out any problems with approvals.

It turns out that the DOT does not follow its own regulations. Instead, it has replaced regulation with policy. In the words of my formal complaint:

For equipment installed under the utility accommodation program, Iowa Admin. Code 761—115.7(8) (2025) requires the utility owner “to submit to the department an as-built plan in an electronic format in accordance with department specifications.”

Iowa DOT writes that it maintains a policy that “[w]hen not submitted we accept the permitted plans as the asbuilt plan if the permittee did not contact us with a change.”

Iowa DOT confirms that for this installation “no as-builts were submitted,” and explains that “we identify the permitted plans as the as-builts.”

In other words: Iowa DOT does nothing, even when the camera is obviously installed in a way that appears unsafe. If it is somehow compliant, there is no information in any of the DOT’s records that would demonstrate that compliance.

It approves permits proposing non-compliant installations for “utilities” that are owned by private corporations and deliver no service to the public, based on the say-so of police officers and sheriff’s deputies.

To make matters worse, Flock—the contractor listed on many of these permits—is not even a licensed contractor in the State of Iowa.

The DOT’s Response

I brought these issues to the attention of Iowa DOT director Scott Marler.^[1]

@January 12, 2026, letter to the Iowa DOT @Exhibit A — 22A-2024-016 @Exhibit B — 33A-2024-014 @Exhibit C — Installation @Exhibit D — Carlisle PD @Exhibit E — Checklist @[Exhibit F — Altoona PD TCD Application](/blog/dot-permits-pt2/F-Altoona PD TCD Application Signed_08302022.pdf){.collapsible} @Exhibit G — Flock @[Exhibit H — DOT Emails](/blog/dot-permits-pt2/H-DOT Emails.pdf)

His responses met expectations:

The Iowa Department of Transportation acknowledges receipt of your request, sent to Director Marler on January 12, 2026.

We understand the importance of establishing a formal policy for license plate readers and have been actively working on this matter since last fall. At that time, we prohibited any additional installations of LPR’s on DOT ROW until the policy is put in place.

We aim to finalize our ALPR policy by the end of February. We appreciate your expertise and insights on this subject and will ensure that our policy team has access to review your contributions.

To which I replied:

Thank you for the response. While I appreciate that the Department is drafting a specific ALPR policy, the core of my concern is not a lack of policy, but a systemic failure to enforce existing Iowa Code and Administrative Rules.

The DOT recently finalized its EO10 review, affirming that the existing regulations—including those governing the Utility Accommodation Program and contractor licensing—are necessary and effective. A new policy cannot retroactively excuse the Department’s decision to ignore those regulations and standards.

Regarding the “prohibition” on new installations, there appears to be a disconnect. Since the date you claim a prohibition was enacted, Flock has expanded its network along the I-380 corridor in Cedar Rapids, including in the I-380 ROW on state-owned land, and in other municipalities.

If the DOT has been working on this issue since last fall, it raises the question of why the Department continues to allow unlicensed contractors to perform work and why these specific permits were not stayed or denied.

By declining to act in a meaningful way while unsafe installations (like the non-compliant “breakaway pole” on Hwy 52) put drivers at risk, the DOT is tacitly approving these hazards. In doing so, the Department assumes significant legal and financial liability for the State should a collision involving this equipment occur and foreseeably result in injury or death.

Note the DOT’s claim that it “prohibited any additional installations” since last fall. Since that date, Flock has expanded its camera network along the I-380 corridor in Cedar Rapids—including on state-owned land in the I-380 right-of-way—and in other municipalities. The moratorium appears to exist only in the DOT’s correspondence.

The DOT’s final response:

We greatly appreciate the time and effort you have invested in bringing these matters to our attention. Please be assured that we are investigating your allegations.

I will be sending in an open records request for the DOT’s new policy at the end of the month for Part III in this series, unless someone beats me to it.

If you’re in Iowa and you crash your car into a roadside camera, be sure to tell your lawyer about this post.

Permit Documents

The table below lists every LPR permit I have obtained from the Iowa DOT. This may be a complete set; it is emphatically not a complete accounting of cameras installed in DOT right-of-way. Many appear to lack permits entirely.

@[April 8, 2022 — IA-136 LPR](/dot-permits/2022.04.08 - IA-136 LPR.pdf){.collapsible} @[April 8, 2022 — US-30 LPR](/dot-permits/2022.04.08 - US-30 LPR.pdf){.collapsible} @[August 30, 2022 — Altoona PD — TCD Application CCP](/dot-permits/2022.08.30 - Altoona PD - TCD Application CCP.pdf){.collapsible} @[August 30, 2022 — Altoona PD — TCD Application](/dot-permits/2022.08.30 - Altoona PD - TCD Application.pdf){.collapsible} @[January 2023 — Council Bluffs US-275 — LPR TCD](/dot-permits/2023.01 - Council Bluffs US-275 - LPR TCD.pdf){.collapsible} @[January 17, 2023 — Council Bluffs — Admin](/dot-permits/2023.01.17 - Council Bluffs - Admin.pdf){.collapsible} @[January 24, 2023 — Council Bluffs US-275 — LPR TCD Approved](/dot-permits/2023.01.24 - Council Bluffs US-275 - LPR TCD Approved.pdf){.collapsible} @[May 8, 2023 — Permit](/dot-permits/2023.05.08 - Permit.pdf){.collapsible} @[May 30, 2023 — South Sioux City PD — Woodbury County](/dot-permits/2023.05.30 - South Sioux City PD - Woodbury County.pdf){.collapsible} @[October 6, 2023 — Ankeny PD — LPR Application](/dot-permits/2023.10.06 - Ankeny PD - LPR Application.pdf){.collapsible} @[October 6, 2023 — TCD Application](/dot-permits/2023.10.06 - TCD Application.pdf){.collapsible} @[December 22, 2023 — 85A-2023-034 — Story County US-30](/dot-permits/2023.12.22 - 85A-2023-034 - Story County US-30.pdf){.collapsible} @[December 22, 2023 — Story County Flock TCD](/dot-permits/2023.12.22 - Story County Flock TCD.pdf){.collapsible} @[January 2024 — Pleasant Hill PD](/dot-permits/2024.01 - Pleasant Hill PD.pdf){.collapsible} @[January 2024 — Pleasant Hill US-65](/dot-permits/2024.01 - Pleasant Hill US-65.pdf){.collapsible} @[January 23, 2024 — Pleasant Hill IA-163](/dot-permits/2024.01.23 - Pleasant Hill IA-163.pdf){.collapsible} @[2024 — Indianola — LPR Application](/dot-permits/2024 - Indianola - LPR Application.pdf){.collapsible} @[May 10, 2024 — 483754 — Marshalltown PD IA-14](/dot-permits/2024.05.10 - 483754 - Marshalltown PD IA-14.pdf){.collapsible} @[May 10, 2024 — 502480 — Newton PD](/dot-permits/2024.05.10 - 502480 - Newton PD.pdf){.collapsible} @[June 2024 — Altoona](/dot-permits/2024.06 - Altoona.pdf){.collapsible} @[June 25, 2024 — Polk City PD](/dot-permits/2024.06.25 - Polk City PD.pdf){.collapsible} @[October 25, 2024 — 96A-2024-011 — Winneshiek County IA-9 Decorah](/dot-permits/2024.10.25 - 96A-2024-011 - Winneshiek County IA-9 Decorah.pdf){.collapsible} @[October 25, 2024 — Fayette County IA-150 West Plum St](/dot-permits/2024.10.25 - Fayette County IA-150 West Plum St.pdf){.collapsible} @[October 25, 2024 — Fayette County US-18 E Bradford St](/dot-permits/2024.10.25 - Fayette County US-18 E Bradford St.pdf){.collapsible} @[November 4, 2024 — 33A-2024-014 — Fayette County IA-150 Major Rd](/dot-permits/2024.11.04 - 33A-2024-014 - Fayette County IA-150 Major Rd.pdf){.collapsible} @[November 4, 2024 — Fayette County IA-3 W Ave](/dot-permits/2024.11.04 - Fayette County IA-3 W Ave.pdf){.collapsible} @[November 15, 2024 — Fayette County IA-3 S Avenue](/dot-permits/2024.11.15 - Fayette County IA-3 S Avenue.pdf){.collapsible} @[2024 — 19A-2024-008 — Fayette County US-63](/dot-permits/2024 - 19A-2024-008 - Fayette County US-63.pdf){.collapsible} @[2024 — 19U-2024-009 — Fayette County US-63 NHSX](/dot-permits/2024 - 19U-2024-009 - Fayette County US-63 NHSX.pdf){.collapsible} @[2024 — 19U-2024-009 — Fayette County US-63](/dot-permits/2024 - 19U-2024-009 - Fayette County US-63.pdf){.collapsible} @[2024 — 22A-2024-016 — Fayette County US-52](/dot-permits/2024 - 22A-2024-016 - Fayette County US-52.pdf){.collapsible} @[2024 — 33A-2024-009 — Fayette County US-18](/dot-permits/2024 - 33A-2024-009 - Fayette County US-18.pdf){.collapsible} @[2024 — 33A-2024-010 — Fayette County IA-150](/dot-permits/2024 - 33A-2024-010 - Fayette County IA-150.pdf){.collapsible} @[2024 — 33A-2024-013 — Fayette County IA-3](/dot-permits/2024 - 33A-2024-013 - Fayette County IA-3.pdf){.collapsible} @[2024 — 33A-2024-014 — Fayette County IA-150](/dot-permits/2024 - 33A-2024-014 - Fayette County IA-150.pdf){.collapsible} @[2024 — 33A-2024-015 — Fayette County IA-3](/dot-permits/2024 - 33A-2024-015 - Fayette County IA-3.pdf){.collapsible} @[2024 — 3A-2024-008 — Fayette County US-18](/dot-permits/2024 - 3A-2024-008 - Fayette County US-18.pdf){.collapsible} @[2024 — 45U-2024-004 — Fayette County US-63](/dot-permits/2024 - 45U-2024-004 - Fayette County US-63.pdf){.collapsible} @[2024 — 96A-2024-011 — Fayette County IA-9](/dot-permits/2024 - 96A-2024-011 - Fayette County IA-9.pdf){.collapsible} @[December 16, 2024 — Sioux City PD IA-12](/dot-permits/2024.12.16 - Sioux City PD IA-12.pdf){.collapsible} @[December 16, 2024 — Storm Lake PD — PTZ and LPR](/dot-permits/2024.12.16 - Storm Lake PD - PTZ and LPR.pdf){.collapsible} @[December 16, 2024 — Woodbury County SO](/dot-permits/2024.12.16 - Woodbury County SO.pdf){.collapsible} @[February 11, 2025 — Wapello County SO](/dot-permits/2025.02.11 - Wapello County SO.pdf){.collapsible} @[February 20, 2025 — 91A-2025-006 — Warren County SO](/dot-permits/2025.02.20 - 91A-2025-006 - Warren County SO.pdf){.collapsible} @[February 20, 2025 — Carlisle PD](/dot-permits/2025.02.20 - Carlisle PD.pdf){.collapsible} @[May 11, 2025 — 29A-2025-001 — Burlington US-34](/dot-permits/2025.05.11 - 29A-2025-001 - Burlington US-34.pdf){.collapsible} @[2025 — 33A-2025-002 — Fayette County IA-150](/dot-permits/2025 - 33A-2025-002 - Fayette County IA-150.pdf){.collapsible} @[2025 — 36A-2025-004 — Fremont County](/dot-permits/2025 - 36A-2025-004 - Fremont County.pdf)

FOIA mode is now available from the theme selector in the top right:

Enabling FOIA mode will style the page in … well, FOIA mode:

In FOIA mode, an advanced simulator will simulate printing the page in black and white, it will apply redactions at random, without legal justification, before finally simulating scanning it at an angle to prevent successful character recognition and text extraction.

It is certainly the most inefficient way to render data, but it appears the one the government prefers; Roma locuta, causa finita.

You’re welcome.

FOIAing the FOIAers

haveibeenflocked.com retains no data on its regular visitors, but the privacy policy does permit collecting and retaining data on government visitors.

Although accessing the public records maintained on your local police department’s transparency portal is impossible when you’re using a VPN, anyone is welcome to visit this site using one. In fact, the Houston HIDTA bulletin that was forwarded by the FBI notes:

Law enforcement should be cautious when accessing haveibeenflocked.com, as it is unknown what information the site may be collecting. It is recommended that this website not be accessed by any computer that is connected to a law enforcement agency network

Below are the aggregate numbers of requests from government networks since about two weeks after that bulletin was forwarded to the broader “intelligence community” by the FBI.

The announcement is, of course, almost entirely marketing gibberish; to the extent that there’s any meat on its bones, this is it:

Bishop Fox’s offensive security experts will engage in complex, multistage and multilayer adversarial testing across all of Flock’s products, both hardware and software. The results and any ensuing updates will be communicated transparently to reinforce confidence in Flock’s strong security posture. — Dumb title omitted, Flock via GlobeNewswire, Feb 2, 2026

The key phrase is “multistage and multilayer adversarial testing.” This suggests^[1] they will engage Bishop Fox for some good old-fashioned red teaming.

It would be good news. If this announcement passed the smell test.

Why would Flock announce this to the world?

For readers not familiar with the term, “red teaming” is industry shorthand for hiring people who will attempt to break into your systems. It can include everything from physical entry (by breaking into buildings), to social engineering, to “hacking” systems over the Internet.

This is an incredibly useful exercise for security teams. Red teams (and actual attackers) can test vectors that employees typically can’t—for example, leaving USB sticks containing malware in company parking lots, putting on a hi-viz vest and carrying a clipboard into the server room, or sweet-talking Sam from HR into giving them an employee login.

If you want to test your everyday preparedness, announcing it to the world is not a good idea, for obvious reasons.

Perhaps more importantly for a company like Flock, an announcement like this sets expectations:

The results and any ensuing updates will be communicated transparently to reinforce confidence in Flock’s strong security posture.

A red team exercise at any organization, let alone one with a track record like Flock’s, is not a one-shot third-party validation exercise. Testing and addressing vulnerabilities is a months-long coordinated effort between senior management, in-house security staff, external consultants, and engineering teams.

If done right, the result is not a report to be presented in a shareholder call; it’s a binder documenting the work your management and engineering teams will be doing for the next six months.

And that’s just about the best-case scenario, which I do not expect for Flock.

Instead, Flock blasts out a press release with little to no context, creating unnecessary friction between shareholders who simply want a stamp of approval and security teams who want meaningful, long-term fixes.

Flock uses the language of success to set itself up to fail.

The Bishop Fox Choice

Bishop Fox is generally a well-regarded offensive security firm—the kind of company you hire when you’re serious about finding vulnerabilities. But …

Late last year, I published “Y Combinator funds both surveillance infrastructure and the machinery to silence its critics” which described some of the Y Combinator ties between Flock and its alleged other cybersecurity partner, Cyble.

I say “alleged,” because in that post, I questioned how formal the relationship is, writing “I would expect one of them to do a press release announcing a ‘strategic partnership.’” Here, Flock did not choose Cyble. It chose Bishop Fox. And it put out a press release.

While the ties between the companies do not suggest the same level of intertwinement as between Flock and Cyble, interesting overlaps remain.

Reddit co-founder Alexis Ohanian was Flock’s first investor while Reddit co-founder Steve Huffman currently serves on the board of Bishop Fox.

Chris Castaldo, Flock’s new CISO, worked at IronNet CyberSecurity before being hired at Flock. Don Dixon, managing director of Forgepoint Capital, serves on the board of both IronNet and Bishop Fox.

Castaldo also worked with Will Lin—another managing director and founding member of ForgePoint Capital^[2]: they co-founded the non-profit Security Tinkerers in 2018 and continue to collaborate on it today.

The “follow the money” connection between Flock and Bishop Fox is not as obvious or direct as the one between Flock and Cyble, but the close personal relationship Flock’s new CISO maintains with managing directors and board members of a “neutral third party” that could add or remove billions from Flock’s valuation raises serious red flags.

We’ll see if Flock publicly acknowledges this appearance of a conflict at any point before the “results” are in, or if we’re expected to take everything at face value.

The impossible bind

The CJIS Security Policy (CJISSECPOL), also name-dropped^[3] in the press release, creates an inescapable problem for any “production” testing of Flock’s systems.

There is a commonly-used CJISSECPOL workaround for giving contractors temporary access to CJI without full vetting: a Flock employee “escorts” the contractors while they work. This avoids fingerprinting, background checks, and the cascade of compliance certifications that would otherwise be required from every agency customer in states without centralized contractor vetting.

The problem is that in an “escort” scenario, the escort is legally required to prevent Bishop Fox from accessing unencrypted CJI. CJISSECPOL § 5.1.1.5 is explicit: physical access must be “controlled” and the escort must maintain “observation” to ensure the contractor cannot view protected data.^[4]

As soon as Bishop Fox successfully discovers a vulnerability that exposes real data—which is, after all, the entire point of red teaming—the escort has failed in their duties. The incident becomes reportable under CJISSECPOL. CGAs must be notified, as well as the FBI, and mitigation plans must be submitted.

Success equals failure. The very act of doing the security audit competently would trigger mandatory incident reporting.

Neither alternative works

For Flock, as the defending “blue team,” there are two paths forward, and both lead nowhere good.

Option 1: Test on a replica environment.

There is a lot of evidence of Flock using development-specific code and keys in production and vice-versa, suggesting poor logical separation and cross-environment contamination. If I had to make a list of “organizations I would expect can roll out an accurate replica of their production environment,” Flock would definitely not be on it.

Even assuming Flock could create an accurate replica software environment, if your penetration testing is multilayer and includes physical security, you have to include the security of your office and server buildings, as well as any parts of your network you’re leaving unattended on a stick on the side of the road.

And while a replica might yield valid results for a blue team interested in making improvements, because we can’t verify the fidelity of the replica, it would invalidate a lot of the “third party” claims that Flock raises in its press release. (Again, I ask: why announce it in a press release?)

Option 2: Test in production.

This creates the impossible bind described above. But even setting aside the escort paradox, testing in production without the escort workaround would be worse.

Some states, through their CSAs, have centralized vetting for contractors. Many do not. For states without centralized vetting, each Bishop Fox employee with access to unencrypted CJI would have to be fingerprinted, background checked, and certify their knowledge of, and agreement with, CJISSECPOL to each Flock customer with an active CJIS security addendum.

To be compliant with CJISSECPOL, all governmental Flock customers in those states must independently ensure this has happened. Failing to do so, even in a single jurisdiction, would bring all of Flock’s customers—including those in states with centralized compliance—out of compliance the moment Bishop Fox touches a live packet.

We already know Flock sends data to Denmark and the Philippines. The certifications I have received in open records requests did not include these contractors.

Ultimately, it’s on local criminal justice agencies and their state CSAs—not Flock—to remain in compliance with CJISSECPOL.

If Flock were to add another subcontractor to access its customers’ CJI without obtaining necessary authorizations, conducting the necessary background checks, and providing the required compliance documentation, it would bring its agency customers even further out of compliance.

We’ve tried nothing, and we’re all out of ideas

Flock continues to sit on the report by GainSec, which documents dozens of vulnerabilities that were reported to Flock in February 2025 but, by all accounts, remain unfixed. It also continues to ignore the unrelated issue from late 2025, where it hardcoded passwords in production.

The red team should have no trouble finding and flagging these issues. Then we’ll have another report for Flock to fail to act on.

In its press release, Flock writes that “[t]he results and any ensuing updates will be communicated transparently to reinforce confidence in Flock’s strong security posture.”

Flock could start on that today by acknowledging and fixing the already-documented vulnerabilities in its products.

Flock could also own up to all the security incidents it has experienced, from accidentally disclosing a file with customer emails, to hardcoding passwords in roadside cameras. It could transparently implement fixes, or even provide a schedule for these fixes.

The company could address the issues with compliance, which include failures to mitigate critical security vulnerabilities within 15 days as CJISSECPOL requires, designing the system to disseminate CJI indiscriminately, and leaking entire murder investigations.

Instead of falsely claiming “we have never been hacked” and removing accountability measures, Flock could work with independent security researchers, rather than try to get them to sign NDAs.

Flock could even work with CSAs and the FBI, which are authorized to audit Flock’s systems. After several unanswered requests to the Iowa Department of Public Safety (Iowa’s CSA), in December 2025, I even requested the FBI perform such an audit, citing incidents where Flock disseminated warrant information from NCIC, and the 157 pages of murder investigation mentioned earlier.^[5]

The company has not issued a single press release indicating it has done, or plans to do, any of these things.

From inception, this announcement has all the hallmarks of compliance theater—perhaps producing a meaningless report by an “independent” third party, before CJISSECPOL’s stricter “Supply Chain Risk Management” controls come into full effect with version 6, is a way to avoid the Department of Justice needing to wade into the mess Flock, local agencies, and CSAs have created.

Flock’s goal should be to improve its security posture, not to “reinforce confidence” in it. One is security, the other is managing public perception—i.e., marketing.

Location histories and the Fourth Amendment

The most pertinent discussion, or lack thereof, can be found in the lower court’s holding in Carpenter v. United States, which SCOTUS described as:

The Court declines to say whether there is any sufficiently limited period of time “for which the Government may obtain an individual’s historical [location information] free from Fourth Amendment scrutiny.” But then it tells us that access to seven days’ worth of information does trigger Fourth Amendment scrutiny […] Why seven days instead of ten or three or one? And in what possible sense did the government “search” five days’ worth of location information it was never even sent? We do not know. — Carpenter v. United States, 585 U.S. 296, 395–96, 138 S. Ct. 2206, 2266–67, 201 L. Ed. 2d 507 (2018) (internal citations omitted)

There was clearly some concern at the Supreme Court and among the parties regarding the length of the location history. The Supreme Court’s holding in Carpenter was narrow and it declined to address the confusion, writing in a footnote that “[i]t is sufficient for our purposes today to hold that accessing seven days of CSLI constitutes a Fourth Amendment search.”

Whether a cut-off exists under which retrieving location history data would no longer be a Fourth Amendment search, or where that cut-off would be, were not questions addressed by the Court, but in Carpenter, seven days of location history was enough.

Although Flock downplays the completeness of its data and the general usefulness and accuracy of its “critical tool” when it comes to defending it in the face of Carpenter, a federal court in Virginia has already found that 176 Flock cameras in Norfolk, VA “plausibly violate” the Fourth Amendment.^[1]

Courts have not yet addressed Flock’s actual network density, suspected to include more than a quarter million cameras.

Disproportionate by Default

Flock’s lookup tool, which is used for exact plate searches across the state- and nationwide networks, offers users limited options for the length of the requested location history: 1 day, 7 days, or 30 days.

Its “search” tool, which can search for partial plates, vehicle characteristics, and use “freeform” text queries, is not restricted in that way. It can do both longer and shorter searches.

It is unclear whether there is a default setting for either, what the default setting is if there is one, or who would configure the default setting. I do not recall ever seeing an ALPR policy or city council minutes that discuss this.

Examining per-state data for lookups^[2] yields the following results:

Considering this chart, a per-state or per-organization default setting seems unlikely, however, the uniformity of location history lengths has changed over time:

The high uniformity suggests a system-wide default that users are accepting. The sudden change in mid-2025, where users begin choosing different lengths for location history, may be part of the same systemwide changes that appeared in Santa Cruz in August.

The suddenness of the shift in uniformity suggests that Flock switched to a 7-day default around that time and users are less accepting of that default than they were of the earlier, 30-day default.

Regardless of any default, individual users still passively or actively choose to retrieve these histories without much apparent concern for proportionality. A seven- or thirty-day location history because an officer can’t be bothered to select a more appropriate menu option strays far from the reasonableness the Fourth Amendment demands.

Finally, for all searches in our database that have timeframe information, the average length of location histories retrieved is 18 days, 5 hours, 39 minutes. That includes “search” queries as well as “lookup” and other types of queries.

Before the Dropdown

But why are users pulling these long-term histories? “Every search must be accompanied by a reason.” Before switching to dropdowns in January 2026, Flock users were free to enter their own reasons. Although they often did not—beyond “inv” or “sus”—the reasons that were entered do provide a glimpse into what might trigger long-term lookups of location histories.

• Suspicious Person on Campus: 30 days
• stranger danger: 30 days
• Suspicious Auto (bullet holes): 30 days^[3]
• fishing violation: 33 days, 1 hour
• h&r vehicle: 217 days
• lowes theft: 366 days

It’s hard to come up with a reason why, or how this would contribute to the investigations described.

Dropdown Reasons

Maybe Flock’s new reason dropdown will live up to the marketing hype and provide more transparency. To be clear: these are the reasons that someone, somewhere, found acceptable enough as a reason for location history retrieval.

Traffic Infractions and DUIs

Through the dropdown, the Texas Department of Public Safety states it frequently uses the system for “Traffic Infraction - Criminal Justice Purpose.”

Although we can’t know what “Traffic Infraction - Criminal Justice Purpose” actually means, we know that most traffic infractions are short-lived; where someone had lunch last week has little probative value in cases where someone failed to stop at a stop sign.

Regardless, the vast majority of Texas DPS’s traffic-related location history retrievals exceeded the seven-day threshold the Supreme Court found implicated the Fourth Amendment in Carpenter.

DPS pulled histories exceeding 250 days in several cases.

The California Highway Patrol similarly uses Flock for DUI investigations.

California, of course, has much stricter controls on ALPRs and the Ninth Circuit tends to be more privacy-friendly than its counterparts elsewhere in the country. This may explain why CHP’s use appears much more restrained than Texas’.

But that restraint is relative—CHP still retrieved location histories for seven or more days in more than half of the DUI investigations where it used Flock. What evidentiary value this could possibly have is anyone’s guess.

Welfare Checks

Perhaps even more concerning is the Harris County, Texas, Sheriff’s Office use of Flock for welfare checks.

Welfare checks are not criminal investigations, and they are not generally triggered by accusations of any crime. They are also not the same as missing persons cases. They can range from neighborly concern to someone actively threatening suicide. In these cases, there may be a clear defense for the legality of retrieving a person’s current location to prevent harm, but the government does not need to know where they’ve previously been.

Yet here too, for more than half of “Welfare Checks” the Harris County, Texas, Sheriff’s Office retrieves location histories of seven days or more: a length the Supreme Court found sufficient to trigger the Fourth Amendment.

And they’re doing it in cases where there is no criminal investigation, and no evidence of a crime.

The Reason Behind the Reason

The implications of some of these long-term searches are concerning.

While a DUI suspect’s long-term location history seems like a mostly pointless violation of rights, what possible conclusion could someone draw from a shoplifter’s vehicle’s location a year ago? How does knowing where the “suspicious person on campus” has been decrease the suspiciousness of his actions today?

A 30-day history will tell you at a glance the general area where a person lives and works. That reveals information about their socio-economic status and, in many cases to a degree of statistical certainty, their race. Maybe the reasoning is that a person who lives a wealthy suburb is less “suspicious” when they’re walking around campus, while someone from the wrong side of the tracks presents more “stranger danger.”

Whether it’s laziness or active profiling, the system is designed to make disproportionate surveillance the path of least resistance. Flock could have defaulted to 1 day. They could have required more justification for longer histories. Instead, they built a system where retrieving a month of someone’s movements requires less thought than ordering a cup of coffee.

The Fourth Amendment doesn’t distinguish between malice and indifference. Neither should we.

The screenshot is from a Flock training video which shows a Flock user interface for automatic data sharing. The video was posted by ACLU of Massachusetts in October 2025, but various dates in the video suggest it was recorded in May 2024.

California’s Workaround

After Flock disabled the “nationwide network” for its California customers “1:1” sharing exploded. Rather than—or more likely, in addition to—switching to the statewide network, agencies in California increased the number of partner networks they added—from fewer than 7 new partnerships per week on average to more than 40.

When searches are done through a 1:1 sharing connection they are only logged in the originating agency’s “Organization Audit” and in the receiving agency’s “Network Audit.” This is unlike national searches, which are broadcast to the world and will almost certainly make their way into someone’s open records request. Agencies aren’t limited to actually performing 1:1 searches. They can trawl through data from all of their 1:1 connections seamlessly.

This leads to situations like those in Pittsboro, IN, where the agency entered into 3,968 partner agreements for a system it only used 17 times in the last 30 days.^[2] A slightly-outdated visualization of the 1:1 sharing network is available.

The data for this is hard to come by. Uncertainties persist due to what are presumably major data issues in Flock’s log files, as well as seemingly arbitrary redaction of the total_devices_searched and/or total_networks_searched columns both by Flock and agencies.

The available data does, however, support the idea that Flock and police have been building a shadow network, and that some restricted agencies, like those in California, have been using it.

The trend is not explained by Flock growing its customer base, or the overall number of networks. In fact, nationally the number of networks appears to be stagnating.^[3]

The Data Problem

The data must be interpreted with the caveat that Flock’s audit logs appear to be extremely unreliable.

We’ve seen the search inversion in August 2025 and the accompanying drop in log entries. Examining counts more broadly shows even more bizarre outliers, and inexplicable patterns.

The chart above shows the most popular (approximate) network pool size for “search” queries in three populous states. While Illinois and California at least appear plausible, the same can’t be said for Texas’ odd saw-pattern; I can see no plausible reason why agencies would suddenly search 50% fewer networks for a week.

There is no evidence that these anomalies have bothered auditors in any way, or that any questions have been asked. Flock certainly has not addressed it in a blog post or customer update.

The Telltale Ratios

Another piece of the puzzle that suggests this workaround is in active use is usage patterns.

The chart shows the proportion of queries made through 1:1 search connections versus TALON (the nationwide network). California agencies use 1:1 searches for 31% of their queries—three times the rate of unrestricted states like Texas (11%) or Arizona (3%). Minnesota and Virginia, which have also enacted restrictions on ALPR, show similarly elevated rates. This pattern is consistent with restricted agencies routing queries through 1:1 partnerships to bypass network limitations.

The scale of some agencies’ 1:1 networks is staggering. We have seen 358 agencies in California do searches on (a median of) 449 networks. These numbers seem realistic in the context of a national estimate of ~5,000–6,000 agencies.

Yet El Cajon PD searches 3,584 networks through 1:1 connections—ten times the number of in-state agencies. The California Highway Patrol searches 2,181, and the Riverside County District Attorney searches 2,896.

These outliers use a shadow network reaching 60–95% of TALON’s nationwide coverage, all while technically using “bilateral” sharing agreements.

Secrets and Silence

It’s important to note at this stage that although these 1:1 agreements are often understood to be reciprocal in nature, it is unclear whether they in fact are. Washington University research notes that the “shifting and sometimes inaccurate statements made by Flock about its product’s sharing features” contribute to this confusion.

To further frustrate analysis, Flock does not make its product documentation available to the public, and agencies do not generally release it responsive to public records requests. It is therefore unclear if the restrictions seen in the (presumptive) May 2024 video still apply, or if, in 2026, agencies can automatically accept requests from anyone, anywhere.

Still, while the exact scope and mechanism remain unknown, the available information does demonstrate the existence of a shadow network, powered by some form of “auto-accept” or similar feature.

California agencies are not, on average, hammering out between six and forty new agreements in any given week. Going by recent public records responses, agencies are not exchanging emails about these partnerships, let alone validating policies are in place. It has all the hallmarks of a checkbox.

That checkbox appears to be a “set and forget.” Nothing suggests that administrators are notified when a request is auto-accepted. The Washington University report highlights that many police chiefs were entirely unaware that third parties had access until notified by the researchers, who reviewed the logs.

Flock’s CEO Langley told us that “it is a local decision. Not my decision, and not Flock’s decision.”

What he built, buoyed by the FBI’s unsubtle threat of retaliation for complying with public records requests, does create local decision-makers—ones who’ve decided that laws are optional and silence is policy.

The FBI agent provided a summary of the bulletin in his email (emphasis added):

The website lists the total number of searches by an officer, when those searches were conducted, case numbers, the officer’s work schedule, how long they have been employed by the agency, and partial personal identifying information. This poses a significant officer safety risk to law enforcement personnel because suspects can determine if they are the target of a criminal investigation and potentially retaliate against law enforcement and/or those cooperating with law enforcement. Flock has committed to removing officer usernames from future audits.

@December 11, 2025 email from FBI @Houston HIDTA Officer Safety Situational Awareness Bulletin December 2025

Under Federal Pressure

This email was sent shortly after Flock’s email blast announcing reduced audit capabilities (“Flock has committed to removing officer usernames from future audits”). The agent who sent the email is based in Atlanta (as is Flock’s HQ). Flock used the same “officer safety” language.

Flock’s removal of critical auditing capabilities was clearly done in coordination with the FBI.

The FBI-endorsed bulletin recommends that, in configuring data sharing, agencies “exclude the states/agencies that release their audit logs.”

Information exchange happens on an ongoing reciprocal basis; the proposal is, in effect, to reduce the operational capabilities of the Flock system for states with effective open record laws, and specifically for agencies in compliance with those laws.

The FBI encourages agencies to violate the law by quietly threatening retaliation against those who don’t.

Follow the law, lose network access.

The Good Recommendations

Recipients of this bulletin should ensure that their agency Flock Administrators check that the agency Flock settings have limited searches to sharing within state only or exclude the states/agencies that release their audit logs. … Flock users should also limit their searches to “My Network” or draw a geofence around the area they wish to search. This will mitigate the risk of information being released by an outside agency that has different criteria as to what is redacted when responding to FOIA requests.

Agreed. Police should not default to pulling nationwide location histories for reasons like “graffiti”, “trespassing,” or “expired tag.” They should not be pulling any location history, of course, but current scopes are especially hard to justify as serving a legitimate investigative purpose.

The nationwide lookup is often cited as a “why we need Flock.” Apparently, when faced with a risk of oversight, that need evaporates. Police seem to prefer less intelligence over more accountability.

Regardless, although the reasons for wanting to reduce the scope and breadth of warrantless searches differ, we can at least agree this outcome is an improvement.

To further improve its recommendation, the FBI might consider suggesting following its own security policy. If the data and audit logs Flock stores are in fact CJI—as Flock and agencies claim whenever convenient—access and dissemination would be strictly limited to those with prior approval and a particularized “need to know.”

That does not include haveibeenflocked.com. It also does not include Flock or random users on the nationwide network (i.e. “paying customers Flock says are probably cool.”)

The Bad Recommendations

Flock Administrators/users should ensure that the reason for the query be as vague as permissible (e.g., “Investigation”).

This is one to take to your city council.

Elected officials have been promised that agencies have the ability to see the reasons for a search. The FBI is now telling agencies across the country not to enter meaningful reasons.

We’ve long known that entered reasons are borderline meaningless, but now, in addition to Flock’s new anti-transparency measures, it is federal policy.

The Ugly Recommendation

[A]gency Flock Administrators should coordinate with their respective Legal Departments to ensure that law enforcement sensitive information is redacted prior to releasing information.

The information on this website is lawfully obtained via public records. This isn’t in dispute: even after filing its takedown requests stating the opposite, Flock admits as much.

Additionally, there is a basic legal reality that license plates are not categorically exempt from open records requests. If Flock (a private corporation) can have access to the data, so can you.

Houston HIDTA appears to agree. Its recommendation is not “you should never release license plates.” Its phrasing signals an awareness that license plates are not categorically “law enforcement sensitive” or confidential for the purpose of public records requests.

At no point does the bulletin suggest that logs were leaked or improperly redacted.

Instead, the bulletin recommends agencies “coordinate with their legal departments.” On this too, we can agree, but for different reasons. The question posed to lawyers should be if sending “law enforcement sensitive” information to an unregulated private company to be disseminated through a “nationwide sharing” network where tens (if not hundreds) of thousands of people have access, would violate state law and federal regulations.

The question should not be the one implied—how agencies can get away with disclosing “sensitive” information to a group of individuals managed exclusively by Flock, while keeping it hidden from “activists” and “self-styled privacy advocates.”

The “Self-Styled Advocates”

A group of self-styled privacy advocates have filed a series of Freedom of Information Act (FOIA) requests with law enforcement agencies around the country to obtain agency Flock audit logs.

In context, “self-styled” is a deliberate pejorative. It is spook-speak used to delegitimize. It implies those seeking accountability aren’t experts or journalists, but meddling hobbyists.

Police use the language of counter-terrorism to describe citizens exercising a statutory legal right. In their framing, a citizen with a PDF reader is a “threat actor,” and a public record is a “vulnerability.”

At the same time, everything, including the actual surveillance data can be disclosed without restriction to Flock, everyone on the national network (as managed by Flock), Flock’s subcontractors, Flock’s gig-workers in the Phillipines, and the Danish corporation Flock uses to record user sessions.

We’re coming up on a year since several P1 CJISSECPOL violations were reported to Flock. Flock still hasn’t announced a patch. A vulnerability exposing real-time locations for officers went unfixed for months. If we are to take the FBI at its word, these vulnerabilities pose less of a threat to officers than public accountability.

Maybe the actual security problem here is the government contracting out the creation of a massive surveillance database based on a company’s claim that it has a “CJIS ACE Compliance Seal” (provided by Diverse Computing, Inc., of Tallahassee, FL).

Regardless, I want to assure the FBI that there is no “group of self-styled privacy advocates.” A handful of individuals have sent me audit logs, and I’ve pulled a few directly off Muckrock. The persistent belief that this project publishes information from many sources is mistaken.

Although as of right now there are 93M records in the database, they cover a limited time period and were sourced from a handful of releases. At the bottom of the daily statistics pages you can see the number of sources that cover a given month, and the number of search records for that month.

In months with more sources we see significantly more searches logged, yet out of the ~6,000 or so agencies using the system, we have logs from maybe a dozen for any given month.

This information is continuously being disseminated to Flock and by Flock. Anyone with access to the Flock system can get more complete, and more accurate, logs than this project has.

If your position is that “a group of self-styled privacy advocates”—which is really one developer in rural Iowa and the folks who have sent him emails—can use inaccurate, incomplete data to derive so much information that it “poses a significant officer safety risk,” what do you think a Flock employee or contractor—or someone exploiting documented, unpatched security vulnerabilities—could do with realtime access to accurate information?

Agencies are right to be worried. They’re wrong to worry about the messenger while ignoring the problem.

What You Can Do

Get Answers from Public Officials

• Does your PD follow the FBI’s recommendation to enter vague search reasons like “Investigation,” or does it require specific reasons and case numbers for every query?
• Has your PD stopped searching data from jurisdictions that comply with public records laws?
• Since Flock has removed officer usernames from audit logs, how does your city verify that individual officers aren’t using this system for personal or other impermissible reasons?
• Do Flock or the FBI have the right to dictate which public records your city is allowed to release?

Get Answers from the Public Record

Even without the logs, it’s worth finding out if your city complies with open records laws, if only so the FBI will continue to recommend that your city be excluded from future searches.

The FBI suggesting consequences for complying with transparency laws underscores the need to remind these self-appointed surveillance authorities that, in free societies, we don’t treat the rule of law as optional for police.

Tired of Self-Styling? Get Self-Certified

Demanding transparency, speaking at local meetings, and writing your representatives is a lot of work. You may want to be more than just a self-styled privacy advocate.

That’s why haveibeenflocked.com is offering you the opportunity to become a Certified Privacy Advocate. If the government is going to pathologize transparency, you might as well have the credentials to back it up.

This certificate is every bit as legitimate as a commercial CJIS seal and it may even fit in a frame if you print it correctly.

Get certified today!

Pay what you want to print as many certificates as you like, or don’t pay at all. If you frame it and hang it anywhere good, send me a picture.

Although the obvious headline in that debacle is the attempt to suppress public discussion and the outright rejection of transparency, another part of the sheriff’s email is perhaps even more disturbing:

The technology has also allowed us to conduct truth verification on victim and witness statements, allowing us to determine very quickly that one or more victim or witness was giving us false information about what actually occurred. This keeps us from wasting valuable resources on chasing false leads or, worse yet, investigating crimes that never occurred. — Sheriff Al Nienhuis in his March, 2024 email to Hernando County Board of County Commissioners.

The sheriff suggests he is willing to dismiss cases and leads based on information from Flock.

Does that mean he will not investigate when a citizen reports a vehicle is involved in a crime, but Flock didn’t detect it? Will he dismiss valid witness statements when a plate is misread? When a bug in the Flock software doesn’t register it?

We have no idea how accurate Flock’s technology is exactly. That’s both “for obvious reasons” and because it is being used without oversight or external audits. Governments will spend millions on these contracts without asking the question. Still, all technology is fallible, and we know Flock neither contractually guarantees any level of accuracy, nor permits validation of accuracy.

Flock is not contractually obligated to disclose information about inaccuracies, outages, or errors. It is negatively incentivized to do so; its customers don’t like hearing results are inaccurate, they prefer to assume they are.

The idea that a sheriff would use the system for “truth verification” and to direct resources should be deeply disturbing to anyone who values the integrity of criminal investigations.

A search result proves nothing. A lack of search results proves nothing. It’s Flock making an unverified, and unverifiable, claim on the basis of a compromised system.

Courts and police should treat it that way.

The department didn’t discover this. Citizens did—by reading audit logs that haveibeenflocked.com published, finding patterns that fourteen months of agency oversight had missed, and reporting them.

@Joplin, MO Statement

Today, 404 Media ran an article about this site and Flock’s takedown attempts. The reporting is accurate. But both 404 Media and the EFF frame unredacted license plates as “leaked” or “missed redactions.”

They’re wrong. The plates are the point.

The legal reality

Flock’s entire business model depends on license plates being unprotected information. If plates were regulated like SSNs or medical records, Flock couldn’t operate—collection would require warrants, sharing would require consent, and the nationwide dragnet would be illegal.

Flock chose this legal regime. They benefit from it every time a camera captures a plate without a warrant, every time that data flows to thousands of agencies without restriction, every time a cop searches the network without probable cause.

But that same legal framework means audit logs are public records.

As I’ve documented, agencies have no lawful basis for redacting plates precisely because plates aren’t protected information. You can’t claim data is too sensitive for public records while simultaneously arguing it’s not sensitive enough to require a warrant.

Flock wants regulatory immunity and operational secrecy. That’s not a coherent legal position—it’s lobbying.

This legal vacuum enables the abuse we’ve seen in Georgia, Kansas, Colorado, and now Joplin. It also makes unredacted audit logs the only functional check on that abuse.

Where I part with the EFF

The EFF has done—and continues to do—important work. But on this, we disagree.

Their position treats plate exposure as a privacy harm to be minimized. Mine treats it as the precondition for accountability. As long as Flock can collect this information without restriction, the public must be able to see how it’s used—including who searched whom, and when.

Redacting audit logs doesn’t protect the surveilled. It protects the surveillers.

As long as Flock can have the information, you should too.

Let’s start with the TV-ad. A DeFlock Discord user posted the following screenshots, saying an ad showed on his Smart TV to tell him “We’re all lucky other cities in Massachusetts haven’t followed Cambridge’s lead in removing these lifesaving devices, else a serial killer would get you!”

The TV ad appears to actually exist. It quotes an op-ed published in the Boston Globe and republished on Flock’s website:

[L]eft-leaning jurisdictions have turned against Flock cameras lately, concerned that the data they generate could be used by immigration authorities to find immigrants living in the country without authorization. We’re all pretty lucky, though, that other cities in Massachusetts haven’t followed Cambridge’s lead, or else a serial killer might still be on the loose.

This is a multi-billion dollar organization that has historically steered (more or less) clear of politics—at least publicly. Until now.

The Op-Ed

I want to briefly touch on the content of Alan Wirzbicki’s reposted op-ed itself. The rhetorical strategy is the typical cherry-picking. Select a success story—in this case, a murderer being apprehended—and use it to justify the entire system as though it is the only possible thing that could have possibly led to this outcome. It’s a tired and dishonest argument.

left-leaning jurisdictions have turned against Flock cameras lately, concerned that the data they generate could be used by immigration authorities to find immigrants living in the country without authorization.

It’s true that left-leaning jurisdictions have this concern. It’s a concern that is founded in multiple high-profile incidents where Flock transfered information to the federal government without permission and in violation of law. The guardrails failed. Flock failed.

But “the left” is not the only group disturbed by mass surveillance. In other cases, police have used electronic and mass surveillance to target right-wing groups.

These cameras don’t discriminate. They’ll track Antifa. They’ll also track the Proud Boys.

They will track law-abiding citizens on their way to Planned Parenthood or the gun store.

Left, right, we’re all suspects.

The author of the op-ed seems to have a brief moment of clarity when he notes that, despite Flock’s assurances, the guardrails on this technology are fundamentally worthless:

[G]uardrails or no, it’s hard for me to believe that municipalities could actually prevent immigration authorities from accessing their Flock data if the feds really wanted it badly enough.

But then he goes on:

But at least to me, license plate readers are a much less threatening form of government surveillance than, say, facial recognition software and cameras that scan crowds of people.

He fails to connect his own dots. Regardless of what Flock offers as a service today, the capability to record conversations and apply facial recognition across 250,000+ cameras and microphones is there for the taking “if the feds really wanted it badly enough.”

Whether you’re in a “left-leaning” or a “right-leaning” city, once the cameras are up and the data is being harvested, one thing is certain: there’s no take-backsies when the next guy takes office.

• Part I: Flock and Cyble Inc. Weaponize “Cybercrime” Takedowns to Silence Critics (Dec. 16)
• Part II: Flock and Cyble Inc. Continue to File False Notices (Dec. 17)
• Part III: Flock and Cyble Inc. Pile on the Allegations with no Evidence in Sight (Dec. 29)
• Part IV: Flock and Cyble: Aligned Values (Dec. 31)

The tl;dr is that Flock hired^[1] Cyble to file takedown notices. This site’s original host, Cloudflare, put a “phishing” interstitial on the site on December 16. The site moved to Hetzner while the takedown was appealed. Cyble filed a complaint with Hetzner a day later.

Hetzner is still conducting its review (while the site remains online).

Cloudflare’s review is now complete:

Upon further investigation, we have granted your appeal and we can confirm the restricted access to the reported URL was removed on 01/08/2026.

Separately, we had contacted you regarding a potential violation of our Developer Platform Terms of Service, which prohibit “content that discloses sensitive personal information.” This was in response to a report claiming that “the website publicly and deliberately releases extensive sensitive information obtained from Flock.”

Thank you for providing additional information, including a Flock Safety customer communication stating that, “Based on what we have seen, websites like the one circulating online are using agency-released public-records data.”

Based on our review, including the additional information provided, we found insufficient evidence of a violation.

Thank you for your understanding and patience while we worked through this process.

The “Flock Safety customer communication” Cloudflare cites is included below; it was obtained via an Illinois FOIA request by Lucy Parsons Labs and published on Muckrock.

@Flock customer email

Cloudflare got this one right. So did Flock’s own customer communications team, apparently.

Hetzner’s review continues while the site remains online.

To everyone who has continued to demand transparency and accountability while Flock invokes “officer safety” as a silencing mechanism: this is what winning looks like. It’s not a final victory—just one less vector for censorship.

The public records remain public.

We’re just getting started.

First, to temper expectations: an after-the-fact justification is much easier than identifying and validating findings regarding ongoing misconduct. These incidents demonstrate that the tools here could be useful in some way, not that they are fool-proof. Second, to my knowledge, neither Braselton’s Chief nor the Echols County Deputy have been convicted of any crime. So far, wrongdoing has been alleged, not proven.

With that out of the way, let’s examine the stories and the recently-added operator insights pages.

Braselton’s Chief of Police

On Wednesday evening, Braselton Police Chief Michael Steffman announced he was retiring and resigned from the department for personal reasons. He was booked and charged, accused of using police cameras to stalk and harass people.

…

[Flock’s Josh] Thomas says Flock handed over a log that is built into the system that allows them to see how, when and why the tech was used.

As a sidenote: this is an interesting play from Flock—inserting themselves into the narrative rather than relying on the “local oversight” they typically claim is effective.

Opening Braselton’s operator list, it is not immediately evident that the arrested person was Michael Steffman. Another officer’s behavior raises more red flags in the system. You will have to draw your own conclusions based on the information available.

Anyway, Steffman’s Insights Page shows multiple red flags on the first page:

• Days Active: 101
• Total Searches: 2,707
• Unique Plates: 42
• Unique Reasons: 4
• Account Sharing Candidate (Temporal entropy 2.710)^[1]

This already looks like someone looking up the same plates over and over at all hours of the day without providing a valid reason.

But, who knows, maybe Braselton was conducting long-term surveillance for operation “005”^[2] and the Chief personally saw to it that any movement was logged, 24/7.

As a reminder: the “Target” column uses identifiers which represent license plates.

We don’t have to get into the complexity of SAI: looking up the same license plate 411 times should be a red flag.^[3]

Zooming in, we can see that we have records of searches for this plate, by Steffman, spanning October 2024 – August 2025; those dates more likely indicate the end of the records period on haveibeenflocked.com than the end of the searches.

20% of those searches were flagged as made outside of what the system flagged as typical hours for Steffman (12pm – 12am).

Looking at the isolated sessions, Steffman did further lookups in between extended periods of non-use; suggesting he was not on-shift at the time.

What makes this case exceptionally unusual, besides how rare arrests for these cases are, is that Steffman’s employee record, which is also listed on the page, indicates that he spent the last twenty years in Braselton.

In the world of policing, a twenty-year veteran and Chief is usually afforded every benefit of the doubt. Not in this case, in Flock’s home state.

For a department to bypass internal discipline and move straight to handcuffs and a media circus suggests toxic politics, at best. Especially when considering the red flags for other users in the department.

Echols County Deputy

This one is more straightforward. Echols County’s page shows “A. Ant” and “A.” without overlapping time periods, suggesting that some time in June or July, Anna Altobello shortened her name in the system. This appears to be a departmental policy that tracks Flock’s desire to obfuscate.

The Georgia Bureau of Investigation said Anna Altobello, 33, misused Flock Safety accounts belonging to the Echols County Sheriff’s Office to search for tag information on people she knew personally, outside of law enforcement purposes.

The GBI said it happened multiple times and Echols County Sheriff Randy Courson asked the state agency to investigate in December.

Looking at “A.”'s Operator Insights page reveals a similar pattern as Steffman’s:

• Days Active: 91
• Total Searches: 691
• Unique Plates: 36
• Unique Reasons: 3
• Account Sharing Candidate (Temporal entropy: 2.794)

Her favorite reason to use is “Case”.

The Surveillance Target List looks eerily similar too, with the location history for one plate being pulled 205 times over 124 days.

The data on the insights page, even at a glance, is suggestive of improper use.

The Null Hypothesis: A System Feature?

When analyzing this much data, one must consider the Null Hypothesis: that these patterns are not evidence of stalking, but “noise” or software artifacts.

Perhaps “Temporal Entropy” indicates a disorganized shift schedule, or maybe “411 searches of one plate” is how a specific investigative workflow functions.

However, the nature of the data makes that difficult to accept.

Hundreds of searches for vague reasons is by its nature suspicious. While it’s conceivable that a few officers would be tracking someone 24/7 for legitimate investigative purposes, logic dictates that police work in shifts more than the data suggests.

Is 400 searches for a single plate for the reason “sus” hard evidence of anything? No. Should it be investigated? Yes.

Flock’s Fix

In addition to analytical tools and blog posts, this website also exists to give stalking victims a way to discover they’re being targeted: if you enter your license plate on the main page and your ex’s name comes up 411 times for “inv”, odds are you are a victim of criminal stalking.

So what does Flock do in response?

It has removed names and license plates from network audit logs.

By redacting this information, Flock is making it impossible for external auditors, including other police departments and stalking victims, to flag suspicious behavior.

That, the company argues, would jeopardize “officer safety.”

The transition from public oversight to private operation has created a “surveillance black box” where the legal safeguards promised by officials simply fail to materialize.

Denver goes Private

After a series of CORA requests, in which the Denver City Attorney bizarrely claimed not to be the custodian of his own records, Denver Public Safety provided a stack of non-responsive documents, Denver Technical Services claimed not to have a copy, and the Mayor outright ignored the request, the City Auditor’s office finally wrote: “The city and county of Denver does not release contracts that are being negotiated. If the contract does become final, it then can be released.”

The City Attorney’s Office, meanwhile, claimed it is “not the ‘custodian’” of the contract—despite the Denver City Charter requiring that office to prepare and approve all city contracts. The Department of Public Safety provided only the expired agreement, which terminated October 30, 2025, and declined to produce the extension the mayor announced three weeks earlier.

The various creative denials appear to agree on one thing: the contract is not final and effective, despite previous announcements from the mayor’s office heavily implying that it is.

This of course comes after the city subscribed to Flock’s drone service without telling its own surveillance task force.

Although substantial public funds were used to install more than a hundred cameras, Flock still owns them, and now appears to be operating them entirely outside of any active government contract.

This stands in stark contrast to the mayor’s statement, which claimed Flock would be subject to penalties if the company shared data with federal authorities, in violation of Colorado law.

Although there are restrictions on what and how Colorado state and local agencies can share information with the federal government, there appear to be no laws that prohibit Flock, a private corporation, from disseminating that same data. Without a contract, there is nothing to stop the company from selling the data to ICE or other interested third parties.

Denver residents are now in the worst of both positions: taxpayer funds paid for the infrastructure, but no taxpayer-enforceable agreement governs how it operates. The city has outsourced surveillance to a private company and then removed itself from the chain of accountability entirely.

If Flock shares data with federal agencies tomorrow, Denver has no contractual remedy. If the mayor’s promised penalties exist anywhere, they aren’t in a signed document the city is willing to produce.

Boulder Abandons Oversight

Meanwhile in Boulder, in response to a request for a month of network audit logs, BPD puts a couple of interesting statements together:

Given the scope of your request, we cannot, and will not, contact each individual agency listed to inquire as to the status of their investigation as that would cause “unnecessary interference with the regular discharge of the duties of the custodian or their office” (C.R.S. §24-72-304(1)). … We are providing the requested records, but the names of the law enforcement personnel, associated license plate numbers, case numbers, and reasons for the request are redacted as the release of this information would be contrary to public interest.

BPD admits here that it doesn’t know what’s in the search logs and it has no intention of auditing them.

None of this lines up with statements on its public website:

The Boulder Police Department uses Flock solely for legitimate law enforcement purposes, including criminal investigations, finding missing or endangered persons, Amber Alerts, and tracking stolen vehicles. Officers must have a clear justification for any search they run.

BPD does not know if this is how the cameras in Boulder are being used by other departments.

All requests to share access to our data must be approved by a supervisor, logged, and tracked through strict audit trails.

But BPD will never look at these audit trails.

Each user must have a unique login, and there is a complete audit trail of all searches conducted in the system.

Either BPD did not intend this statement to apply to users with access from outside BPD, or it shows why BPD should examine its “complete audit trail.” Account sharing is rampant.

Multiple safeguards protect against misuse: supervisory approval is required for external data sharing and all searches are logged.

This is not much of a safeguard when nobody looks at the logs.

Flock’s focus on legitimate law enforcement purposes, combined with their willingness to implement features like automatic blocking of immigration-related searches and enhanced audit controls, aligns with Boulder’s commitment to responsible policing and community values.

This “blocking” is a keyword-based warning notice that isn’t logged. A user can enter a different reason, or enter no meaningful reason at all, and try again. BPD will never use the “enhanced audit controls” (whatever those may be) to question whether “inv” is an immigration search.

There is no oversight.

Colorado’s Open Records Laws are Broken

As an Iowan, my experience with the Colorado Open Record Act (CORA) is limited. I find Iowa’s open records act frustrating, because it is widely ignored and not enforced by state agencies, but CORA turns out to be fundamentally broken.

In a bizarre twist, whether a public record should be released depends more on who holds the record than on what the record is or contains. In addition to Denver’s outlandish ideas on custodianship, which I doubt would survive a court hearing if challenged, there is a brokenness to CORA in that records held by police are not governed by CORA, but by the Colorado Criminal Justice Records Act (CCJRA).

The CCJRA sets no deadlines and allows a high level of discretion for agencies on whether to release records. As you can tell from Boulder’s response, which took nearly two months, we can’t trust police with that type of discretion.

The Colorado Freedom of Information Council is pushing for changes to the law.

Read Colorado FOIC’s Guide to the Criminal Justice Records Act

If you’re in Colorado, or even if you’re not, please consider making a donation to the Colorado FOIC or supporting their work to get this flawed piece of legislation fixed.

Without transparency, BPD and Flock have to perform their own audits.

They have already said they “cannot and will not.”

The executive summary:

• Flock’s “never been hacked” claim is scoped to exclude hardware, contractors, and access abuse
• Security vulnerabilities reported in February 2025 remain unpatched as of November 2025
• Offshore Upwork contractors review surveillance footage without disclosed vetting
• CJIS-required encryption is absent from Flock devices
• No evidence of a Flock data breach notification to Iowa agencies despite documented vulnerabilities and foreign contractor access.

Flock Security Vulnerabilities: Still Unpatched a Year Later

Flock writes that “the theoretical vulnerabilities described were highly technical and would have required physical access.” It does not write that these “theoretical vulnerabilities” no longer exist.

The issues were reported to Flock in February 2025. In November 2025, they were confirmed to still exist.

Flock writes in the past tense, but gives no indication that use of this tense is warranted.

A typical “trust us, we’re fine” security blog post follows a predictable pattern, to the point where I’m certain there is a CISO-central where you can download form letters:

• We were made aware of a vulnerability on [date].
• We worked with researcher A to develop a fix that we rolled out [shortly after].
• We carefully examined our logs and determined no data was compromised. (Alt: We determined that a limited set of data may have been accessed. Affected customers were notified in a separate email).
• No action is required. (Alt: We recommend that you take X action immediately. We have disabled Y until you do).

Instead, nine months after Jon Gaines “worked with Flock throughout the study” (according to Flock’s blog post), his report states, “the vendor has not confirmed whether any of the reported issues have been remediated or are planned for remediation.”

The only action Flock has taken is to downplay the severity and exaggerate the complexity for the better part of a year.

Flock’s CJIS Compliance Failures

There are several (well… many) issues with Flock’s compliance issues, but the most straightforward one is that the vulnerabilities Flock discusses in this post show that Flock devices are not encrypted.

Encryption is a hard requirement for CJISSECPOL.

Who Can Access Flock Safety License Plate Data?

While its overseas workers may access the data for other reasons, Flock states in its blog post that “Flock employees do not access customer data except in tightly controlled, audited circumstances for support or maintenance.”

Critically, the company does not define what those “tightly controlled, audited circumstances” look like, who validates those controls, or who performs the audits. We can only assume it’s Flock doing all of this in secret.

However, in its contract, Flock defines circumstances other than “support or maintenance” where its employees may access and disseminate information, including when Flock has a “good faith belief” that doing so is necessary for basically any reason.

Flock Offshore Contractors, Background Checks, and Foreign Data Access

We know Flock images and audio are reviewed by foreign Upwork contractors. Flock has not publicly acknowledged or commented on that fact. Flock hid the evidence after Wired and 404Media reached out for comment.

As of January 6, 2026, Flock’s Upwork Enterprise Portal is still online.

After national media reported on these contractors who are reviewing images and audio files, Flock did not respond at all.

It did not put out a statement that its foreign contractors undergo rigorous vetting or that the data collected by 250,000+ devices is not available to foreign actors.

It is also unclear if Flock considers Upwork contractors on the other side of the globe to be operating under “tightly controlled, audited circumstances.”

Flock Data Retention and Deletion Questions

Based on my experience, “what happens after the retention period?” question is an actual “Frequently Asked Question.” To my knowledge, Flock has not answered it beyond “data is automatically deleted” (generally passively voiced).

The process for deletions, and, equally importantly, the process for validating whether deletions are complete and irreversible, remains a mystery to this day.

This is a critical question because the storage solution the company uses, AWS S3, offers versioning and “soft deletes,” a feature where a “deletion marker” is stored alongside the actual file (possibly in low-cost archival storage).

This makes the file appear deleted to everyone, including the software, except S3-administrators for whom restoring the file is a matter of either removing the marker, or copying the file while ignoring the marker.

Of course, this is in addition to the contract granting Flock the “non-exclusive, royalty-free, irrevocable, worldwide license to use the Customer Data,” for which Flock has not even begun answering the question.

Flock Breach Notification: Iowa Case Study

A public records request to the Iowa Department of Public Safety, which is responsible for overseeing CJISSECPOL, indicates that neither Flock, nor any of its Iowa customers, made the mandatory disclosures following the February 2025 vulnerability findings, or the findings that overseas workers have access.

It is likely no different in other jurisdictions.

“Has Flock Been Hacked?” — What They’re Actually Saying

This article was a trip. It comes on the heels of a December 8, 2025 mass email in which Flock’s Head Solutioneer, Chris Colwell, defensively states that Flock has never been hacked and that the information published on “a third-party website [that] began aggregating search information” was instead obtained via public record requests.

Maybe Colwell got the “Has Flock Been Hacked?” question via e-mail. Maybe he didn’t. Either way, it’s oddly defensive posturing for a company whose CEO sends out mass emails saying it “adheres to the highest security standards, including: NDAA, SOC2 (Type II), SOC3, ISO 27001, HECVAT, [and] FERPA.”

Some of those aren’t even security standards, as I discussed in a previous post.

How Flock Defines “Hacked” and “Breach”

Flock’s cloud infrastructure has never been compromised. There has never been an incident in which customer data was accessed or exfiltrated by an attacker. This is not a matter of semantics or technical spin; it reflects Flock’s actual security record since its inception.

Immediately, Flock’s statements are limited to the “cloud platform.” This excludes:

• Hardware vulnerabilities
• Network compromises.
• Data accessed through legitimate but abused access controls
• Third-party integrations or contractors.

Industry standards consider a “breach” or a “compromise” to be any incident where an unauthorized party has access, when data is disclosed without authorization, or when data control is lost. Flock’s definition is limited to “customer data was accessed or exfiltrated.”

This narrow definition of “hacking” excludes:

• Authorized access later deemed improper (rogue employee, abusive search).
• Data shared under coerced or misunderstood “consent.”
• Access by contractors they failed to disclose.
• Exploitation of legitimate credentials.

Flock’s “Customer Data” Definition Excludes Footage

“Customer data” appears to be an attempt at contractual finagling. If you’ve watched Benn Jordan’s video you know that Benn was able to view a live feed of actual cameras being used to support real-life operations.

This is the current definition of “customer data”:

“Customer Data” means the images, audio and/or video segments made available to Customer through the Web Interface in connection with the Flock Services, together with the metadata … For clarity, Customer Data does not include the underlying raw Footage captured by the Flock Hardware

By that definition, unauthorized persons downloading footage is not a “breach” or “access to customer data” because “customer data” does not include footage.

There was still a public Internet livestream of a man being hauled off in an ambulance.

Shortly before Flock aired that livestream, Cedar Rapids indicated to the ACLU of Iowa and University of Iowa researchers that its Flock contract has different language:

“Customer Data” means the data, media, and content provided by Customer through the Services. For the avoidance of doubt, the Customer Data will include the Footage.

Under Flock’s definition, the public exposure of a man being loaded into an ambulance was not a “breach” because raw footage isn’t “customer data.” Under Cedar Rapids’s contract, it was. Flock gets to claim a clean security record by choosing which definition applies after the fact.

Flock further muddies the waters in its blog post when it writes “Every Flock customer, whether a city, county, law enforcement agency, neighborhood, school, or business, retains full ownership and control of the data collected on their behalf.”

These statements can’t all be true at the same time. It doesn’t matter to Flock because Google’s AI won’t pick up on it. Poisoning the SEO-well with corporate disinformation is a business decision.

Flock Data Types: Strategic Obfuscation

Flock does not maintain a centralized database of license plate reader data across customers. We do not sell or monetize vehicle data, and we do not share customer data without the customer’s explicit authorization.

In two sentences, no fewer than three types of data are introduced:

• License plate reader data
• Vehicle data
• Customer data

To know whether the statement could potentially be true requires knowing the definitions of these terms.

“We do not sell or monetize vehicle data” or “Flock does not maintain a centralized database of license plate reader data across customers” certainly do not sound true, but there is undoubtedly a reason why the company chose to distinguish between “license plate reader data,” “vehicle data,” and “customer data” all in one paragraph. And it’s not “for clarity.”

Perhaps the most baffling statement in the whole post is this one:

LPRs do not capture point-in-time images of vehicles on public roadways

I’m sure this too depends on some obscure, unspecified definition of “point-in-time image.” Maybe it means that you can’t tell the Flock system “find me a picture of a car with plate 739APD at 10:45am last Saturday” because you can only tell it “give me a 30-day location history for plate 739APD.”

Who knows. Even ardent Flock-fans can see that this statement is, at best, grossly misleading.

The important thing is that Flock asked itself “Has Flock Been Hacked?” and then proceeded to dodge the question as though it were participating in a Senate confirmation hearing rather than writing corporate fluff on its own blog.

What Flock Safety Should Disclose

First, CJISSECPOL requires compliance documentation to be submitted to the state’s CSA and the FBI. For security vulnerabilities, this includes mitigation plans and/or compensatory controls. This mandatory compliance documentation is public record. Disclose it.

Second, some security vulnerabilities require additional disclosure. The complete lack of encryption, for example, is fundamentally incompatible with CJISSECPOL, which requires using a NIST-validated encryption module. Name the modules.

Prove, or better yet, have an independent third party audit, AWS S3 configurations to confirm that buckets are unversioned, and there are no “soft deletes.”

Release the CVE numbers. Flock claims it “registered relevant vulnerabilities with the National Vulnerability CVE database via MITRE.” If true, those identifiers are public. Name them. If this set is limited to the four issues previously registered, then Flock’s position is that the remaining 50+ findings in Jon Gaines’ report are not “relevant.” This is a concerning attitude when it comes to security.

Disclosing public compliance records and confirming which vulnerabilities have been patched, by tracking them in a public vulnerability database or otherwise, does a lot more than writing an SEO-optimized blog post that relies purely on semantics and technical spin to say nothing of value.

Relying on security through obscurity is its own documented security vulnerability.

Relying on security through denial is even worse.

flocksafety.com homepage touting 5,000+ and "networks searched" showing 6,385

On its website’s main landing page, Flock claims it is “Trusted by 5,000+ law enforcement agencies.” That number roughly lines up with the 5,730 agencies seen in search logs, and the ~6,400 “networks searched” we see in network audit logs.^[1]

Brookfield’s “ICE detainer” search, however, reveals a much bigger number: 25,263.

This search was logged twice, once at 04:10:13, and once at 04:10:31:^[2]

• Name: “REDACTED”
• Organization: “North MO DTF Brookfield MO PD”
• Networks Searched: 25,263
• Devices Searched: “257,806”
• Time Frame: 10/30/2025, 10:06:10 PM UTC to 10/31/2025, 04:06:10 AM UTC
• License Plate: “REDACTED”
• Reason: “ICE detainer”
• Case #: “643”
• Filters: “REDACTED”
• Search Time: 10/31/2025, 04:10:13 AM UTC
• Type: “lookup”
• Text Prompt: None
• Moderation: An issue was identified that caused the system to initiate unprocessed search activity on a larger set of cameras than intended by the user. No footage or data from these devices was accessed or viewed. The underlying bug has been fixed, and additional safeguards have been implemented to prevent recurrence.

The moderation field, which generally contains only the word allow, and is assumed to be the outcome of Flock’s AI moderator checking for problematic searches, appears to contain a manually entered case note instead.^[3]

The critical phrase is: “No footage or data from these devices was accessed or viewed.”

This implies that the 257,806 devices across 25,263 networks weren’t supposed to be searched, but they actually do exist and have search and view capabilities.

This is both interesting and problematic. It is interesting because the size of Flock’s network is the subject of some speculation. We can draw inferences from “total devices/networks searched,” but we don’t know what individual agencies searched, or can access.

There are agencies that contractually have no restrictions on which Flock networks or cameras they access, but these agencies don’t appear to conduct searches of significantly more networks or devices than others. It’s possible that, in those cases, Flock only grants access to a subset of its cameras, despite the terms.

@Johnson County, IA MoU (unrestricted access)

Of course, the company treats audit logs—marketed as building community trust through transparency— in much the same way as the CIA treats its “South America” Rolodex.

Still, knowing the background, we can continue inferring based on these new log entries showing 257,806 devices and 25,263 networks. The (plausible) facts:

1. More than a quarter million Flock “devices” exist on Flock’s network.
2. Because this was a search for a plate, and the note mentions “footage” and “viewing,” all 257,806 “devices” are likely cameras (Falcon, Condor, Wing, etc.).
3. There are fewer than 25,263 agencies in the country;^[4] the ~5,000–6,000 Flock-using agencies is well-supported.
4. Even if the majority of ~6,000 agencies would have multiple networks, it would not come close to the 25,263 number.

The only reasonable conclusion, based on the available information, is that the 25,263 number includes Flock’s retail customers, like Lowe’s, Academy Sports, and FedEx.

But there’s another implication: California, Illinois, and Virginia have enacted laws restricting immigration-related searches of their ALPR data. If Flock’s bug exposed cameras in those states to an “ICE detainer” search—even if, as the company claims, “no footage or data was accessed or viewed”—that’s a potential violation of state law that Flock has disclosed to no one except through a log entry nobody was meant to read.

The fact that these 257,806 devices are collecting over twenty billion plate scans every month is interesting and terrifying in itself, but not a complete shock.

What is more shocking is that once again, Flock’s poor security practices are revealed.

Even assuming the implausible note is true, and these (presumed) retail devices were not searched, the capability is clearly there.

That means Flock’s access control is done through various vendor-managed flags and roles, rather than through secure measures like encryption.

When a retailer or government believes it is sharing “its data” with local police, rather than having Flock register a secure password or encryption key for the local agency, it’s a permission checkbox: “go ahead and disclose it, Flock.”

That is not control, and it’s not security.^[5] It’s trusting a vendor that has shown it can’t be trusted. It leaves the door wide open to unauthorized access, uncontrolled dissemination, and software bugs.

In all likelihood, Flock did not proactively disclose this incident or the details of its investigation and remediation steps.^[6] Instead, it chose to edit the “immutable” logs and updated the “moderation” field. The logs don’t indicate the (supposedly) intended search scope, nor is there any way to verify if any other edits were made.

Flock’s customers—whether private retailers or California cops—simply have no way of knowing if this search touched or disclosed data from “their” networks.

All we have is a statement hidden in a log file that nobody reads, in a field not intended for it, where the company assures us, without providing evidence, that multiple states’ prohibitions on immigration-related searches were not violated through this search.

What’s more, Flock, a single private corporation, now operates a camera for every 1,000 American adults.

The company wants there to be many more, all built on the same fundamentally flawed security framework: “trust Flock.”

This search demonstrates—again—why we can’t allow that.

Note

This article was updated on January 17, 2026 to include the ROCIC/FBI emails in the timeline. See this article for more detail.

Yesterday, I received a Flock customer email blast where the company recommends leaving the nationwide network to evade transparency. It was sent out by Chris Colwell, Flock’s Vice-President of “Solutions Engineering”^[1]. Colwell assures his police customers that “Flock has not been breached or compromised” and that the data published on this site is “agency-released public-records data.”

That’s the version for Flock’s customers.

Behind the scenes, Flock and Cyble—companies birthed from the same Atlanta-area Y Combinator network—are weaponizing opposing claims to silence a critic.

I wasn’t going to spend more time on Flock’s internal contradictions, but the sheer coordination of this effort deserves a spotlight. It’s important that people know the type of company that local elected officials are choosing to do business with, and that police are choosing to trust.

Flock knows they are on thin ice. If they filed meritless abuse notices themselves, they would be wide open to a claim of tortious interference with a contract. A court case would open them up to discovery—an expensive process where Flock’s internal communications would become public.^[2]

So they use fellow Y Combinator company Cyble to do their dirty work. Send notices to take down a critical website. Censorship-laundering. Of course, that can only really work if you keep your plausible deniability plausible.

Flock being Flock … well, let’s go through it.

The Timeline

• December 8: Flock sends out a mass email: “Flock has not been breached or compromised.” and “websites like the one circulating online are using agency-released public-records data.”
• December 8: I receive a “Forgotten email notification” for the Cloudflare account.^[3]
• Before December 10, 2025: Houston HIDTA sends out a “Situational Awareness Bulletin” about haveibeenflocked.com.
• December 10, 2025: ROCIC^[4] forwards the Houston bulletin to its coordinators.
• December 11: The FBI sends out an email to agencies stating “Flock has committed toremoving officer usernames from future audits.”
• December 12: I receive an email: “Cloudflare has received information that the following URL violates Cloudflare’s Developer Platform Terms of Service, which prohibit content that discloses sensitive personal information”
• December 16: Cloudflare slaps a “phishing interstitial” on the site and forwards a report submitted by Thomas Siah, of Cyble:

Logs or other evidence of abuse: The mentioned website is wrongfully using our client’s registered trademark in the fake web page. The use of the Client’s registered trademark descriptively in the reported URL in order to disguise or phish the general public has not been authorized by our client.

• December 19: Siah sends a report to Hetzner claiming: “The website publicly and deliberately releases extensive, sensitive information obtained from Flock” and “Additionally, the website may be used to phish the general public on the name of Flock Safety which is a serious concern to notify you.”^[5]

• December 29: Siah “supplements” the complaint by claiming “the website publicly and deliberately discloses extensive, sensitive information obtained from Flock and its automated license plate reader (ALPR) systems with the apparent intent to undermine law enforcement operations.”

Thomas Siah: The Real Agentic?

Cyble’s core offering and flagship product revolve around autonomous brand repcybersecurity threat enforcement by using agentic AI to send takedown notices.

This works for Cyble, because, in 2022, the company “Enter[ed] into a Threat Intelligence Contributor Partnership with VirusTotal” — meaning Google-owned VirusTotal will consider reports from Cyble’s platform credible.

The fact that no automated notices appear to have been submitted and VirusTotal comes back clean for haveibeenflocked.com means that “Cyble Vision” or “Blaze AI” or whatever other label they slapped on ChatGPT did not flag the website and did not send an automated report.

But Flock didn’t go to the Cyble website and hit “checkout” to be assigned an AI bot and (probably) an agent in Bengaluru being paid starvation-wages.^[6] The person who filed the complaints with Cloudflare and Hetzner, Thomas Siah, was recently promoted(?) from being Cyble’s “Head of Business Development, APAC,” to being its “Vice-President of Partner Success.”

If Cyble’s AI is as “agentic” as their marketing claims, why did a Vice President have to manually file a report? Either the AI knows I’m not a threat, or the AI is a façade for manual censorship.

Whichever of these may be true, Cyble’s Singapore-based VP of Partner Success—and former Head of Business Development for the Asia-Pacific region—Thomas Siah, has no business handling low-level complaints for Flock.

Cyble is not a small company. It has offices and employees on multiple continents, and, according to a quick search, has raised north of $40M in funding. And it’s no secret that “AI” companies often use cheap offshore labor (Flock uses contractors for its AI detection). Cyble, very likely, is not the exception to this faux-rule.

But Siah is not cheap offshore labor. He is a high-level executive with a company that likely carries a nine-figure valuation. It makes no sense for someone at the senior executive level in Singapore to involve himself in managing a complaint against a website with a $10 hosting bill.

Unless that high-level executive coincidentally(?) graduated from the same Business Systems program at Monash University in Melbourne, Australia, as Eric Tan, Flock’s former CIO.^[7]

Or unless the high-level executive works for another Y Combinator-backed company. And that company, despite its main office being in Cupertino and its incorporation in Delaware, has its formal headquarters in Alpharetta, next door to Flock. At an address registered to Cyble’s co-founder and current COO Manish Chachada, who lists 25 years of “Full-time Senior Finance Executive” experience in the Atlanta area on his public LinkedIn page.

It probably also helps for the executive filing the complaint to be in Singapore, outside the reach of American courts.^[8]

Y Combinator, Reddit, and Speaking Out

This network of Y Combinator alumni—the tight-knit network both Flock and Cyble are part of—talks about “aligned values” while it funds the surveillance infrastructure and the machinery to silence its critics.

Flock’s first investors were Y Combinator’s President and CEO Garry Tan, and Reddit co-founder Alexis Ohanian. This led to Flock CEO Garrett Langley interviewing Ohanian for Flock’s blog.^[9]

In the interview, Langley starts a question with “One thing that Y Combinator pushes is the relationship between co-founders.” YC partner Ohanian responds to that sentiment by doubling down: “Where we align is where I really push founders to make sure they are aligned—on their values.”

Flock’s and Cyble’s values are aligned.

Stickied to the top of Alexis Ohanian’s Reddit profile is “An Open Letter to the Reddit Community,” which railed against Donald Trump’s January 2017 executive order directing DHS, the FBI, and intelligence agencies to implement:

a process to evaluate the [visa] applicant’s likelihood of becoming a positively contributing member of society and the applicant’s ability to make contributions to the national interest; and a mechanism to assess whether or not the applicant has the intent to commit criminal or terrorist acts. — EO 13769, “Protecting the Nation From Foreign Terrorist Entry Into the United States”, January 27, 2017

Ohanian strongly—and rightly—condemned the order, calling it “deeply un-American.”

Six months later, either not connecting dots or ignoring them, he first invested in Flock.

"Where we align is where I really push founders to make sure they are aligned—on their values. Specifically, complementary values and how founders work together."
— Alexis Ohanian, Reddit Co-Founder and Flock investor, July 2, 2019

Two years later, he told Garrett Langley “I have a Flock camera outside my home … I had the search on vehicle color and it was able to pull up every white car that had passed by my camera.” Shortly after that interview, his company contributed to another Flock funding round, alongside defense investors Bedrock and Peter Thiel’s Founders Fund.

He then founded Seven Seven Six and invested in Flock again—this time, joined by Andreessen Horowitz.

His 2017 pro-immigrant, anti-authoritarian post is still stickied to his Reddit profile:

Right now, Lady Liberty’s lamp is dimming, which is why it’s more important than ever that we speak out and show up to support all those for whom it shines—past, present, and future. I ask you to do this however you see fit, whether it’s calling your representative (this works, it’s how we defeated SOPA + PIPA), marching in protest, donating to the ACLU, or voting, of course, and not just for Presidential elections. — /u/kn0thing, An Open Letter to the Reddit Community, January 30, 2017

I am an immigrant speaking out against surveillance technology and the company deploying it.

A company that directly implements the 2017 executive order by using “predictive intelligence” to find “suspicious travel patterns” to find if anyone — not just immigrants — “has the intent to commit criminal or terrorist acts.”

A deeply un-American company, whose only “aligned value” is profit.

We donated to the ACLU because we knew they would call this what it is: “authoritarian tracking infrastructure.”

We protested SOPA and PIPA because we knew large corporations send bullshit notices about trademarks and phishing to shut down their critics.

Meanwhile, Flock has been using its investment money to detect human voices, hire sitting mayors, develop person-tracking, and pay Thomas Siah to shut down websites … for officer safety.

Lady Liberty’s lamp isn’t dimming—it’s being used to read your plates.

We are aware that agencies across the country, particularly in states with broad public-records laws, are seeing increased PRA/FOIA activity seeking, among other things, LPR search logs.^[1]

Recently, a third-party website began aggregating search information that appears to have been released through these public-records processes. We recognize that seeing investigative search activity displayed publicly can raise understandable concerns about officer safety, investigative integrity, community perception, and compliance with state law.

@“What you Need to Know About Recent Online Disclosures”, December 8, 2025

Yes, Chris. Those concerns have been the point all along.

He promises new tools for 2026, and continues:

Until these new [redaction] tools are available, we recommend: Reviewing your sharing settings and considering a temporary shift from Nationwide Lookup to Statewide Lookup, if that better aligns with your agency’s legal guidance and operational risk posture.

This recommendation—and this plan to bury the bodies—is an outright admission that the Flock system is so critically flawed, and so widely abused, that it cannot survive public scrutiny.

Of course, activists everywhere commend the recommendation to leave the nationwide network. Flock has spent years claiming this network is essential for public safety. Will we have anarchy in the streets, or will it turn out to have been optional all along?

Anyway. Let’s talk about hiding the evidence.

Officer safety and investigative integrity

First, let’s define what we’re talking about with these terms.

Many states have statutes similar to this one from Texas:

“Criminal history record information” means information about individuals collected by criminal justice agencies consisting of identifiable descriptions and notations of arrests; detentions; the filing of complaints, indictments, or informations and dispositions arising from complaints, indictments, or informations; sentences; correctional status; and release. It includes identification information, such as fingerprint records or photographs

A person commits an offense if the person knowingly or intentionally obtains criminal history record information … uses the information for an unauthorized purpose, or discloses the information to a person who is not entitled to the information.

This would appear to cover most of the information in this search log entry:

The only item that was redacted by Flock and Houston PD was the license plate. This person’s name, date of birth, phone number, and criminal history (“AGG ASSAULT DEADLY WEAPON”) were all entered into an insecure system and then fired off to 3,000+ agencies.^[2]

Not Houston. Houston hides who it shares data with.

In the statute’s terms: the information was knowingly or intentionally disclosed to 3,000+ persons not entitled to the information. Not by the officer entering the information, but by Flock—an unauthorized person that first knowingly or intentionally obtained the information, and then re-disclosed it.

This continues to happen, even after a 157-page multi-jurisdictional report on an active gang-related murder investigation got leaked, and, just yesterday, a LINX report on a fatal hit-and-run surfaced after it was pasted into a case number field.

CHRI, CJI, intelligence data … various terms and statutes apply depending on the exact information, context, and state. But the general pattern holds: statutes criminalize indiscriminately sharing this type of information.

So … might I be so bold as to suggest not indiscriminately sharing such information? Not with Flock, and not with the nationwide network.

I’m not a cop, but I think not criming could also help with the whole “reducing crime” thing.

Just a thought.

Compliance with state law

While I somewhat enjoy the idea that snarky blog posts and reposting audit logs proximately cause police to violate the law, I’m sure that’s not what Chris means.

The only possible “concern” he could be referring to is the concern that this website would be publishing evidence that agencies are not compliant with state law. This is a valid concern. See above.

The solution is the same as before: stop breaking the law.

A pattern emerges.

Community Perception

And finally, the only concern worth taking seriously: “community perception.”

This is valid.

The community will not perceive it as a positive that the system they were promised would be used to find missing children, is actually being used for reasons like “Operation Homeless Intel- Make your own case!”, to perform blatantly unconstitutional searches, or to investigate “gypsy crap”.

The community may also take a dim view of Flock users obtaining a 30-day history of someone’s whereabouts simply because they were “‘suspicious’ per a karen.”

Flock and police promised the community these things would not happen.

They promised “the system requires a detailed search reason” and that these “detailed reasons” would be stored in a “permanent log file.” Police chiefs stood before city councils, assuring them logs would be audited regularly. Many even adopted policies to that effect.

Yet, this website shows nationwide searches for “inv” and “sus” have consistently made it past the scrutiny of every single police chief who promised the community that “we own the data and we have full control over who gets access.”

There have been hundreds, if not thousands, of these promises. ALPR policies that require audits are everywhere. Every day, these policies collectively promise, police officers across the country will audit hundreds of thousands of searches.

Every single “sleepy Virginia town” that commits to reviewing nationwide search logs is committing to reviewing around 150,000 searches every single week. In each of these audits, every single instance of “sus” or “inv” should—ironically—be considered suspicious and be investigated.

Even assuming only a fraction of Flock’s customers commit to audits, on average there should be approximately two million phone calls or emails between police departments demanding answers about “inv” and “sus” every single day.

I have not heard of one.

Hundreds of thousands of entries containing only "inv", "sus", or "test". Or, you can “Make your own case!” in "Operation Homeless Intel".

“Agencies own and control the data” (but “for clarity,” that’s not in the TOS).

And now, the “permanent, immutable audit logs” are on the 2026 roadmap to redact.

Community perception is a valid concern when such a massive breach of trust is put on full display.

Redaction: Why not?

I want to touch on redaction. It’s not complicated. It’s not expensive. This website’s entire redaction library, which is relatively complex because it aims to balance privacy with transparency, comes in at less than 1,000 lines of code. It takes seconds to process millions of records on a small laptop.

It takes even less code to truncate a field so you can’t paste entire reports in there.

For any non-programmers who might be reading this, this is literally, without exaggeration, the single change needed, and the one Flock has failed to implement for years now:

<input type="text" />                  <!-- ❌ active murder investigations are compromised -->
<input type="text" maxlength="420" />  <!-- ✅ professional-grade solution engineering -->

That’s it. maxlength="420".

420 characters is more than enough to accommodate the typical “reason” length of 7 characters. Even if a cop decided to go a little cray-cray and write an actual justification, 400 characters would accommodate it. They can use the remaining 20 for their badge number.

You’re welcome, seven-billion-dollar tech company.

You can pull my address from Flock Nova and mail me a check.

But instead of making this simple change, Flock hangs on to its unrestricted fields. There is not even a “hey maybe don’t enter this,” like there is for searches that might more overtly violate law.

Now, when these problems are finally coming to light, Flock’s solution is to go into the archives and ham-fistedly replace entire categories of data—which its customers need to be able to access to comply with state, local, and federal law (not to mention the ALPR policy promising audits)—in its “immutable” and “permanent” logs and replace them with the word “redacted.”

Right now, this change appears to affect existing records. Altering public records is a criminal act in many, if not most, states. If Flock is actually making the information available to police and police are ticking (or leaving ticked) the “hide information” boxes, they may run afoul of open records laws. Either way, it looks like someone is about to take on some extra liability (hint: Flock added a new paragraph to its ToS on December 19—guess what it’s about?).^[3]

Flock is handing police a shovel to bury the records while quietly changing the contract to say the legal fallout is not on Flock.

The solution Flock is implementing is overly complex and costly. Scroll up. Does that need to be delivered in “Early 2026,” after the lawyers have had time to review and deploy the TOS change, or could it have been implemented before Colwell’s email was even done sending?

Who needs redaction when you have AI?

The reason why Flock will not redact anything is its business model. It is causing the company’s constructs to collapse.

Flock does not, as it likes to pretend, exist only in the abstract. Its cameras aren’t only found along country roads, magically snapping pictures of “only license plates” in its stated effort to eliminate crime.

Flock doesn’t exist to eliminate crime. It exists to make money. It has a fiduciary duty to its shareholders to prioritize profit. To make a profit, it requires unregulated data, free and clear, unencumbered by public records law or restrictions on criminal justice information.

It requires data it can feed into LLMs. Data it can mine. Data it can convert into “actionable insights” and then sell. It doesn’t matter how the data gets there, what the quality of that data is, how secure it is or what it’s being used for.

Amassing vast amounts of data is a substitute for expensive manual training that often requires sending your data abroad. And what better way to gather that data than convincing the government to pay you to pepper public places with cameras and microphones? What better way to be exempt from permits and licensure?

These days, everyone has AI. It’s the data that differentiates. It’s the data Flock has seized for its own use. Colwell knowingly misleads his customers when he says “all Flock data is owned and controlled by the agency that collected it.”

Flock’s customers don’t collect data when they use Falcon/LPR. Flock does. This isn’t pedantry: it’s language in a mass email from a high-level Flock executive about legal compliance.

Flock’s terms of service state, “for clarity”:

Customer Data does not include the underlying raw Footage captured by the Flock Hardware […] “Footage” means still images, video, audio, and other raw data captured by the Flock Hardware or Customer Hardware via the Flock Services.

So instead of addressing any of the actual problems, which would mean collecting less data or deleting some of the data, Flock’s solution is to hide the data from its customers.

The Sunlight Phase

When I launched this project, I included a statement on the front page titled “Should you be publishing this information?” It argued that sunlight is the best disinfectant.

Flock’s recommendation to shut down the nationwide network proves it.

This website aggregates and reformats already-public information. This information represents a fraction of what’s being shared with Flock and its government, commercial, and private partners on a daily basis.

Policies exist to prevent the release of this information—they are not adhered to. Laws and regulations exist to enforce the policies—they go unenforced. Police, Flock, and politicians have been ignoring these problems for years while your private movements continue to be collected, catalogued, sold and traded.

This website exposes the problem because, as the old saying goes, sunlight is the best disinfectant. Law enforcement and legislation are needed to address the cause of the problem, and we highly encourage you to bring this site to the attention of your legislators.

We believe mass surveillance has no place in a free society, and this data should not be collected to begin with. If it is collected, warrants should be used, lookups should be rare, and police and private parties, like Flock and HaveIBeenFlocked.com, should not be permitted to act without functional restraints or oversight.

We have entered the sunlight phase.

In his email, Colwell writes that the new “enhancements” are planned for early 2026. That gives them about 48 hours to find a new way to hide the truth.

We’ll be here. Filing open records requests.

Only a week ago, I wrote a post titled “Flock is altering the deal. Pray it does not alter it further.”

It has altered it further.

Flock already removed useful information from its ironically-named Transparency Portals to deal with what the company termed “the burden of compliance.”

Then, as the new info box added to the haveibeenflocked.com name resolution page has noted since earlier this month:

Our ability to identify officers was clearly effective. In a direct attempt to stop us from providing transparency, Flock and police departments have dropped the unique IDs (UUIDs) in the transparency portals entirely. They now simply replace them with the word “redacted” in the public audit logs, effectively preventing oversight and individual accountability.

Now, Flock has extended that “functionality” to its own customers.

We learned from the company’s new, nonsensical takedown notice that it considers audit logs to “pose an immediate threat to public safety and expose law enforcement officers to danger.”

Apparently, that threat is also posed by Flock’s customers — the police officers themselves.

The vendor — still a privately-owned corporation — has decided it no longer trusts police with information about who has searched “their data.”

“Don’t worry,” Flock tells cops, “it’s for your own good.”

At least, that’s what we hear from an officer responding to an open records request:

Flock Safety updated the system on 12/11/2025 to protect officer safety and active investigations, Network Audit Logs no longer include officer names, license plate, or vehicle fingerprint information. This is a system update from Flock Safety not [Local] Police.^[1] With recent concerns about Flock [Local] Police conducted a review of shared networks and removed all out of state access to our system.

This, of course, comes on the heels of Flock’s announcement that the reason field is now a dropdown, from which you may select one of Flock’s expertly curated pre-approved reasons.

Which followed shortly after the announcement that Flock does not log searches that are flagged as problematic. Select another justification and try again.

If you’re a cop or a city, you no longer get to know who searched the data collected in your town. You don’t even get to know what was being searched for. If the company feels like it, you may get one of a handful of pre-approved reasons.

But only if the anonymous other party feels like making a selection — simply clicking something that will be accepted by the system is also an option … it’s not like anyone is logging your name.

Here are log entries from three different agencies (from before the dropdown was implemented):

Name, Org Name, Total Networks Searched, Total Devices Searched, Time Frame, License Plate, Reason, Case #, Filters, Search Time, Search Type, Text Prompt, Moderation
"REDACTED","Shelby Township MI PD",4341,"4341","03/31/2024, 07:22:46 PM UTC
22:46 PM UTC","REDACTED","COM-13-24","","REDACTED","04/01/2024, 07:22:59 PM UTC","lookup","",""
...
"REDACTED","Houston TX PD",5888,"5888","09/27/2024, 05:00:45 AM UTC
10/04/2024, 05:00:45 AM UTC","REDACTED","INV","","","10/04/2024, 05:00:47 AM UTC","lookup","",""
...
REDACTED,[Federal] US Postal Inspection Service,3241,54164,"11/10/2025, 11:00:24 PM UTC
11/17/2025, 11:00:24 PM UTC",REDACTED,4238996,4238996,REDACTED,"11/17/2025, 10:30:32 PM UTC",lookup,,

Newly missing:

• Name (“Operator name” as it’s referred to on this site)
• License plate^[2]
• Filters

Whether the “Text Prompt” and “Moderation” fields are empty because they’re unredacted, or because they’re simply empty and haven’t been replaced with the word redacted is unclear.

Anyway — it’s almost becoming a predictable pattern, but bear with me once again as I quote Flock’s CEO and then tell you he lied:

Why Auditing is Crucial: To underscore accountability, every single search conducted in the Flock LPR system is saved in an audit report. Every time a search is run on the Flock system, that search and search reason is preserved permanently in the audit trail of every agency whose camera was included in the search. — Garrett Langley, “Setting the Record Straight: Statement on Flock Network Sharing, Use Cases, and Federal Cooperation”, June 2025.

Actually, to change it up a little, let me also cite the section “Flock’s privacy-by-design and accountability” from the company’s November 11, 2025, impossibly boringly-titled blog post, “Automated License Plate Readers and the Fourth Amendment: A Public‑Safety‑by‑Design Perspective from Flock”:

Immutable accountability: Every user action and search reason is recorded in an indefinitely available audit trail.

And, because it’s Christmas, let’s throw in the company’s “Ethical Creed,” which it actually publishes on its webpage:

1. Transparency and accountability build trust between communities, government, and law enforcement – making communities safer and more equitable.
2. Democratic decision making and local autonomy should be encouraged and respected.
3. With the right technical and policy safeguards, public safety technology will not infringe on constitutionally protected rights.

In this case, the “immutable record” that is supposed to “build trust” has been altered (again).

Not through “democratic decision-making” or “local autonomy,” but through a decision to modify the service contracted for—a decision made unilaterally by Flock, without consulting its customers, while they are probably spending time with their families.

Because, apparently, what Flock wants now trumps “safer” and “more equitable” communities, and even if it causes a little light infringement on constitutional rights, if we can drop those annoying safeguards that keep exposing the company’s poor practices, maybe it’s worth it. For Shareholder vaOfficer Safety.

All that is to say: Flock has expunged the “permanent record.”

If Flock was talking about your city council when whoever they pay to write blogposts wrote:

Every search made within the Flock platform is logged and auditable, creating a tamper-proof trail of accountability. Agencies can trace back who accessed what information, when, and why. This audit feature is a critical deterrent against misuse and is often cited in public hearings as a reason for community support. — Flock, “The Power of Connected Intelligence”, September 18, 2025.

Then now is the time to let them know that Flock has committed a material breach of the contract — it reneged on the democratically-approved deal (however tenuous that approval might be sometimes).

Your city council may have even said, “I trust our local police department.”

Flock does not.

The company lied to you about data security, about compliance, about transparency, and even about finding missing children.

They took your city’s data and are now selling it.

Just like they said they wouldn’t.

For your safety.

PS: Flock chose not to redact case numbers (yet). Naturally, even while importing a heavily redacted dataset, the importer called out an instance where someone pasted an entire LINX entry about a fatal hit-and-run into the case number field—officer name, defendant name, date of birth, charges, and all. The haveibeenflocked system truncated and partially redacted the entry for privacy, which is more than Flock managed. This is exactly the kind of reckless incompetence Flock is trying to hide. Unfortunately, they can’t even do that right.

This morning, Cyble sent a follow-up notice to Hetzner, the German cloud provider currently hosting this website. In it, they claim that this “website poses an immediate threat to public safety and exposes law enforcement officers to danger, in clear violation of our client’s users’ rights and its intellectual property rights.”

Cyble does not offer any evidence, nor any details regarding Flock’s apparently exclusive intellectual property right on posing a threat to public safety.

Part 2.5: Oops, I missed a part

(Edit: December 29, 3:45 pm, Cornfield Standard Time): Apparently, I missed an attachment that was sent along with the first statement to Hetzner. In the interest of fair reporting, I decided to edit this post and include it here rather than burying it in an old post. I want to be sure I provide an accurate view of the weight of the evidence presented by Flock, via Cyble:

Don’t attempt to adjust your screen — they did, in fact, send it as a JPEG. The QR code contains the text https://haveibeenflocked.com/.

The screenshot appears to show most of this website’s IP-address in the frontpage input box, with a message saying it’s not a valid license plate.^[1] I have no idea why.

The text in the screenshot is a little hard to read because of the watermarking, but if you zoom in, you’ll see the following notice:

GlobalEyez appears to be a Cologne-based “brand protection” company that charges $20 for the “Screenseal” tool used here.

It’s a tool that certifies the integrity and authenticity of screenshots. You know, to be able to prove in court that images are genuine; a higher standard than Flock applies to its own ALPR images.

It looks like that $20 was simply too much for Cyble ($44.8M raised) or a16z-backed Flock ($655.6M raised) to bear. They pirated software to file a complaint about intellectual property infringement.

Part III: Cyble’s Second Attempt

What follows is Cyble’s full second statement, as well as my response.

Hetzner’s email:

Dear Mr van Pelt,

We have received an abuse report for your IP address 5.78.142.181.

This is the complainant’s answer:

---

We are writing to update you on our complaint regarding this website, which presents a significant security risk to our client and its users. The website poses an immediate threat to public safety and exposes law enforcement officers to danger, in clear violation of our client’s users’ rights and its intellectual property rights.

The website publicly and deliberately discloses extensive, sensitive information obtained from Flock and its automated license plate reader (ALPR) systems with the apparent intent to undermine law enforcement operations. It hosts three searchable databases that expose critical operational intelligence. Such disclosure of sensitive data substantially heightens the risk to officers and the public and necessitates urgent remedial action.

Please be informed that our client is a renowned company in US and directly works with govt agencies.

Attached is the letter from our Client in support of the complaint for your reference.

In view of the above, kindly suspend the services and stop the hosting of the website at the earliest convenience.

---

We will need a reply from you within the next 24 hours.

Response

Dear Hetzner,

The complainant’s latest response significantly shifts his allegations, effectively abandoning the original claims of “phishing” and “trademark infringement.” He has now pivoted to vague, unsubstantiated accusations regarding “public safety” and “intellectual property.”

The complainant refers to a “letter from our Client in support of the complaint for your reference.” This letter was not included in the notice sent to me. I cannot respond to claims I have not seen, and I request that Hetzner forward this document immediately if it is being used to evaluate this complaint.

The complainant mischaracterizes the data on my website. These are not “sensitive information obtained from Flock”; they are public records released by government agencies under state public records laws. These records document the use of surveillance technology by public tax-funded entities. The publication of such records is a protected journalistic activity.

As Mr. Siah points out, his alleged client “directly works with govt agencies.” Had any of these agencies believed they were endangered by my speech, or that I am engaged in any criminal act such as interfering with law enforcement operations, they would surely have knocked on my door.

Instead, Mr. Siah—who is not, to my knowledge, an attorney—asks you to accept an informal complaint on behalf of his employer (Cyble), on behalf of their client (Flock), on behalf of an unnamed agency allegedly “in danger” from information he has not identified, on a website he has not meaningfully described. This is a transparent attempt to use a hosting provider’s phishing complaint process to bypass the legal standards required for a court-ordered takedown—standards Mr. Siah knows he could not possibly meet.

While the complainant also newly mentions “intellectual property rights,” he has failed to identify any specific copyrighted material or patented technology being infringed. Mr. Siah appears simply to be trawling through legal theories and accusations, hoping one will stick—an ironic strategy for a complaint filed under “phishing.”

In summary, this complaint should be dismissed as frivolous. The complainant has failed to identify any violation of Hetzner’s Terms of Service, any applicable law, or any actual abuse. If the complainant or his alleged client, or their alleged government clients, wish to challenge my exercise of free speech or my lawful publication of public records, avenues exist outside Hetzner’s phishing complaint process.

I will update this post when Hetzner responds. In the meantime, the site remains online, the public records remain searchable, and the audit logs continue to tell stories the company would rather you not read—like yesterday’s article on how 3,466 Flock searches failed to find a missing teen, while a woman at a Nebraska truck stop succeeded, or the newly-published logs showing a Texas officer justified a 30-day nationwide location history lookup with the reason “gypsy crap.”

Part III + ½: Support from Flock

It turns out Flock already sent a statement in support of haveibeenflocked.com to its customers.

I forwarded it to Hetzner:

Dear Hetzner,

Please find attached a customer communication from Flock Safety discussing my website—the same website Cyble alleges “discloses extensive, sensitive information obtained from Flock.”

In this email, dated December 8, 2025, Chris Colwell, Flock’s Vice President of Solution Engineering, writes to “provide factual context about what is happening”:

Recently, a third-party website began aggregating search information that appears to have been released through these public-records processes.

And, under “What’s happening”:

Based on what we have seen, websites like the one circulating online are using agency-released public-records data.

The email lists customer “concerns.” Causing “concerns” about government surveillance is a side effect of legitimate, transparent reporting. It is neither “phishing,” nor a violation of Hetzner’s Terms of Service.

Flock’s own communications confirm what I have stated from the outset: my website publishes government records released through public records processes. This is protected journalism, not “phishing.”

Nevertheless, nine days after Flock’s email, Cyble filed a phishing complaint with Hetzner. Instead of presenting any evidence of any violation, Cyble made various unsupported allegations about copyright and trademarks.

Flock knew the nature of my website before it sent Cyble to file the complaint. It was a deliberate fabrication to shut down reporting on the company’s activities.

I ask again that this baseless complaint be dismissed. No evidence of any violation has been presented, and the complainant’s own client has contradicted the allegations in writing.

I also respectfully suggest that Hetzner consider whether Cyble should remain a trusted source for abuse reports, given their demonstrated willingness to misuse this process against legitimate customers.

Finally, in the interest of transparency and potential further actions, I request that Hetzner forward the attachment referenced—but not included—in the previous notification.

Good looking out, Flock.

In the summer of 2024, months before the amber alert, sixteen-year-old Sophia “did not return home one night.” She kept in touch with her parents by phone and told them she was staying with a friend in town. Her parents talked to local police and they decided not to report her as missing, believing her to still be in the area.

In December that same year, police in Arkansas were performing a compliance check on Gary Day— a forty-year-old man who was in the middle of a six year probationary sentence for endangering the welfare of a minor.

Day’s charges stemmed from his four-month-old baby being found with a fractured femur in 2020. In 2023, he was charged with battering his then four-year-old son—those charges had been dropped a few months prior to the December compliance check.

Police discovered Sophia when she attempted to escape out the backdoor. Although a condition of Day’s probation was that he not leave Arkansas, Sophia told police that he had come to get her from Wisconsin five months earlier. She was three months pregnant at the time of that interview.

Day was charged with interference with child custody and contributing to the delinquency of a minor and released on bond, while Sophia was returned to her parents’ custody in Beaver Dam, Wisconsin.

A month later, Sophia’s parents contact Beaver Dam PD—they had caught Sophia messaging with Day online. The parents share the contents of that conversation with police.

“I stayed out past curfew. Probation. And didn’t notice. Im done. Fuck. Fucking ankle monitor is flashing and vibrating”. — Gary Day message to Sophia

Around 10 PM the next day a black Buick registered to Gary Day’s mother is spotted by a Flock camera in southeast Missouri, heading north toward Wisconsin. It has Arkansas plate BBR 20L.

The next morning, February 3 at 5:20 AM, Sophia’s sister spots the same car near their home. At 7:48 AM, their home surveillance system records Day walking near the house. At 8:30 AM, Day’s car is spotted by WI DOT cameras. They capture the black Buick traveling southbound on Highway 151 near Sun Prairie, WI. It has Pennsylvania plate KGW 5186.

At an unspecified time that same day, Sophia’s father sends local police the surveillance footage and reports the pregnant Sophia as missing. She was believed to have gone with Day — possibly to Arkansas.

That evening, at 8:08 PM, an Amber Alert is broadcast. The alert includes information on the Buick, and notes that it is “known to use multiple license plates,” listing Arkansas plate BBR 20L and Pennsylvania plate KGW 5186.

After the alert is issued, numerous agencies inside and outside of Wisconsin, including Milwaukee’s STAC^[1] fusion center and the Missouri highway patrol, begin searches for Day’s Arkansas plate— the first plate listed in the Amber alert, but not the plate he was most recently seen with.

The Pennsylvania plate seen on the Buick as it was leaving Wisconsin does not appear in search logs until the next day around noon—more than 24 hours later—when the Beaver Dam, WI, PD decides to look it up for the first time.

In total, the logs show 3,466 searches for the BBR 20L and KGW 5186 plate between February 3 and March 27. Day and Sophia were found on April 2.

Sophia tells police she and Day had stayed at hotels in various locations. She testifies they abandoned the Buick near a Culver’s in Avondale, Arizona. That particular Culver’s is right between I-10 and a Park & Ride facility. It seems like a plausible location to ditch a car, and explains why a 16-year-old from Wisconsin would recall the name “Avondale.”

Based on Sophia’s accounting of the overnight stays, they would have been in Arizona on or around February 8 or 9.

Milwaukee-based CBS 58 reports, however, that Sarpy County Sheriff Greg London, “learned the two had hitchhiked with a trucker after Day’s car broke down in Idaho.”

The criminal complaint itself is highly detailed. To an extent. Although email addresses and exact times for phone calls and license plate cameras are noted, it is conspicuously vague about how and where the car was recovered.

It provides Sophia’s highly detailed, plausible-sounding statement, following it up with a single, passive sentence, “law enforcement located the vehicle near that area.” There is no mention of who located it, when it was located, or the condition it was located in.

It leaves open the possibility that the vehicle was flagged by the P&R owner, or, if they left it at Culver’s or at one of the hotels, a business owner, shortly after February 8.

The complaint is also silent on whether the license plates were recovered with the vehicle—a strange omission for a prosecutor who is about to argue a flight risk exists based on those same plates.

A similarly vague incident occurs where the complaint includes Sophia’s statement that “they stopped at an unknown Walmart in Missouri where Gary bought food using his EBT card.”

It does not specify which Walmart, or whether the electronic transaction, where a fugitive used a government-issued benefit card, triggered an alert.

The prosecutor uses the same passive voice when she writes, “Gary Day and [Sophia] were located in Sarpy County, Nebraska.”

Omitting that it was a woman at a truck stop who called it in.

After Nebraska police responded, they notified Beaver Dam PD that Sophia had been found on April 2, at 11:40 PM — after WISN 12 ran an item marking Sophia’s 17th birthday.

Below are the searches of the Flock system during the nine-week manhunt.

They don’t tell a story of a system that is effective at locating missing children.

A man transported a child across state lines without her parents’ knowledge and got her pregnant.

While he is on probation.

Then, a few months later, he does the same thing again.

Flock’s system spots him in a state he is not supposed to be in, and before he gets to Wisconsin.

There is no Amber alert yet, so Flock does not detect this.^[2]

At the time Flock spots Day’s car in Missouri, he is either still wearing his ankle monitor, or he removed it.

He gets to Wisconsin, to the home of someone he has a no-contact order for.

No-contact orders aren’t automatically placed in Flock’s system—no alert is sent.

His car is spotted with a different plate mere hours after he is spotted violating both the no-contact order and his probation.

Not by a Flock camera, but by a DOT camera. That plate, however, is not used for lookups until more than a day later.

Police effectively stop searching only days after the alert is broadcast.

When Sophia is ultimately found, it’s not through Flock, or any other form of digital surveillance.^[3]

Day’s ankle monitor being cut off or leaving the state could have triggered a reaction from Arkansas probation or Wisconsin authorities on February 2—before he ever reached Sophia’s home in Beaver Dam.

When that monitor tripped, police could have manually placed a hotlist entry in the system.

The EBT transaction also could have sent police directly to a specific Walmart, where Day and Sophia were standing at the register.

In the nine weeks the Amber Alert was active, billions of license plates—approximately forty billion plates by Flock alone—and financial transactions were entered into police databases, on the promise that they are a “force multiplier” to find missing children like Sophia.

In the end, the only effective force multiplier was a woman at a truck stop in Nebraska who paid attention to the news and the people around her.

Additional Reporting

• https://www.jsonline.com/story/news/2025/02/05/beaver-dam-amber-alert-man-faces-felonies-in-missing-girl-case/78246544007/
• https://www.jsonline.com/story/news/crime/2025/02/07/amber-alert-arkansas-man-connected-to-missing-beaver-dam-wisconsin-teen-convicted-of-harming-child/78326952007/
• https://www.wisn.com/article/beaver-dam-amber-alert-for-16-year-old-girl-extended-to-arkansas/63692596
• https://www.kare11.com/article/news/nation-world/police-continue-amber-alert-search-pregnant-wisconsin-teen/89-1d5266cb-555c-42e4-a587-eb8418c292be
• https://www.youtube.com/watch?v=aOet6Sv9sb0
• https://www.wmtv15news.com/2025/04/03/missing-beaver-dam-teenager-found-safe-after-nearly-two-months/