Q: Is this a surveillance tool?

A: No. Flock DFR only activates in response to specific calls for service — never for general patrol or surveillance. Every flight is logged, audit-traceable, and visible via a public-facing transparency dashboard, ensuring responsible use and public trust. — Flock Drone-as-First-Responder (DFR) FAQ (May 11, 2026)

When Flock was selling the project to police in November 2024, the pitch was the opposite.

@vDrones stationed throughout the city

Drone as a first responder is the concept of drones stationed throughout the city.

The 2024 demo scenario also hasn’t yet adopted Flock’s 2026 “public safety” framing. The hypothetical isn’t a murder or a carjacking, but a blocked driveway:

@vBlocked driveway framing

What we’re able to do is say there’s a blocked driveway call and it’s 10 minutes away from the nearest unit. We can launch a drone, go over there, check to see if the driveway is blocked.

The operator launches the drone, autonomously dispatches it to the call, takes manual control on arrival, and then — by his own admission — gives a “very cavalier example” of the workflow when the driveway is in fact blocked:

@vThe plate-read and distribute beat

Say the driveway is blocked, and we want to be able to hit a license plate. It is incredibly easy to do that with this platform. … We’re 400 feet in the air and 600 feet away from this. And I’ve only used 114X of the 200X of this zoom. … When I want to distribute something, I click P and it’s going to take a picture of that license plate, and then I can again text or email that to anyone I want.

From 400 feet above, in response to a blocked-driveway call, the pilot reads a California license plate from a car at the scene (42A4CC). One keystroke captures the plate as an image. One click sends it by text or email to anyone the operator chooses.

Two scenarios later he demonstrates a separate capability. When a suspect flees a vehicle on foot into a backyard, the drone overhead doesn’t describe the home — it reads the address:

@v8430 East Heathcourt

I don’t have to describe it as a red roof with tile and solar panels and a fence. I can say it’s 8430 East Heathcourt. So that’s the entire DFR workflow.

The entire workflow, per the demo:

1. A low-stakes property nuisance call comes in (blocked driveway).
2. A drone is autonomously dispatched (no officer required).
3. The drone arrives, hovers at 400 ft altitude.
4. A remote operator zooms (114x) on a vehicle at a residential address.
5. The operator reads the plate from 600 ft away.
6. One keystroke (P) captures the plate as an image.
7. With one click, it can be texted or emailed to “anyone I want.”

The workflow that is, according to Flock, not “general patrol” starts with autonomously dispatching a drone to a minor property dispute.

The workflow that is also not, according to Flock, “surveillance” ends with aerial surveillance imagery being transmitted, over an insecure channel, to anyone without constraints.

“No other technology helps law enforcement officers get eyes on the scene faster than a drone.” — Garrett Langley, CEO Flock Safety, Flock Safety acquires Aerodome to expand into drone-based law enforcement solutions, Police1 (October 16, 2024)

Aerodome Acquisition

This demo played out around the time of Flock’s acquisition of Aerodome — at the time, Flock referred to it as a “strategic partnership.” It was a $300M+ acquisition of a 17-month-old startup, founded by former cop Rahul Sidhu. Like Flock, Aerodome was funded by venture-capital firm Andreessen Horowitz (a16z) under its “American Dynamism” program, which promotes the companies it backs as patriotic actors working in the national interest, rather than commercial entities.

Sidhu is positioned in every press release as a cop who built a drone product for cops. He spent 14 years as a part-time first responder, including reserve police service (as a “reserve air-support supervisor”) at Redondo Beach. His actual career — the one that pays the bills — is founding police-tech companies and selling them.

SPIDR Tech (2015) was acquired by Versaterm in 2021. Aerodome (May 2023) was acquired by Flock in October 2024 for over $300 million. In between, in May 2024, Sidhu testified before the U.S. House Homeland Security Committee on drones in emergency response, urging federal accommodation of DFR programs. Five months later, the company was sold. He now leads Flock’s Aviation division, where his current employer has publicly endorsed the DRONE Act of 2025.

Sidhu called the Aerodome acquisition an “American Dynamism speed-run.”

Aerodome to Flock Alpha

The “200X” figure requires a note. The speaker doesn’t say “optical” — he says “this zoom.” But the figure he used is the marketed spec for a substantially similar drone, the Chinese-made DJI Matrice 30T: 16x optical, plus digital interpolation, marketed as a single “200x hybrid zoom” number.

The demo took place before Flock opened its own drone-manufacturing facility in Georgia, and as Chinese-made drones came under increasing federal procurement restrictions in the US.

The plate is readable at 720 ft slant range because the drone has 16x of actual glass and enough sensor to crop the rest. The “200X” framing borrowed the platform’s marketing math and omitted the part where most of that number is software, not optics.

Adding thermal and low-light imaging to existing 200x zoom capabilities and using it to read plates in people’s driveways clearly raises additional privacy concerns. The Supreme Court already agrees:

Where, as here, the Government uses a device that is not in general public use, to explore details of the home that would previously have been unknowable without physical intrusion, the surveillance is a “search” and is presumptively unreasonable without a warrant.

— Kyllo v. United States, 533 U.S. 27 (2001)

Twenty-five years later, Flock markets this device to the government while its FAQ denies its real function.

Full webinar

The original complaint by Thornton For All alleged 19,194 searches, based on information from haveibeenflocked.com. Thornton PD acknowledged the complaint, then set the underlying data aside:

When evaluating this third-party website data, it was clear that the issues articulated in the website’s disclaimer were significant. Instead, our audit focused on internal system records of actual usage by this officer.

haveibeenflocked.com cautions against treating its data as authoritative for several reasons:

1. Information in Flock audit logs is unreliable.
2. When logs are modified — such as through redaction — they may appear as duplicates.
3. When external (network) log information is used, not all searches for an agency may be captured.

These limitations cut in multiple directions. Redaction can multiply searches — the same search by officer “A” in one log and by officer “REDACTED” in another is counted twice. At the same time, Thornton has not published its logs, so the only searches available are those that happen to appear in network logs from other agencies. That’s likely resulting in underreporting.

The discrepancy between 19,194 and 10,318 remains unresolved, and Thornton PD has not published the reconciliation — only asserted that its internal number is the correct one.

The numbers, however, are the smaller question. The substantive issues are what Thornton For All named:

… the department’s letter does not provide an explanation for the irregular search activity that occurred outside of normal working hours. Furthermore, the response does not address the targeted, long-term surveillance of a single license plate that was tracked for up to 145 days

The response also does not appear to address nationwide location history retrievals, often covering multiple months, justified in the logs by entries such as:

“Mexico Plate” · “plate” · “Misuse” · “No record” · “Ebb813b” · “See if stolen” · “n” · “no”

The logs as published cannot support a determination that these were legitimate investigations. Whatever else Thornton PD’s audit reviewed, it was not this record.

That single license plate mentioned, YZ6717D, was tracked over nearly 6 months. Flock’s 30-day retention period is marketed as a meaningful privacy guardrail; 145 days of continuous tracking on one plate moots it entirely.

Conducting long-term warrantless surveillance while representing to the public that retention limits are a real protection is the kind of thing that damages valuable community trust.

And on that issue, the Sentinel quotes Police Chief Baird:

When unverified and inaccurate information circulates, this can negatively shape public perception and damage valuable community trust. I am sharing these findings to provide necessary detail and context, as well as to ensure ongoing public discussion is grounded in fact

We could not agree more. Disclosure of accurate, complete information is essential in building community trust.

“This officer’s dedication to public safety objectives, as well as his tenacity in locating vehicles associated with victimizing members of our Thornton community, is clearly evident,” Baird states.

That’s where we will have to disagree. It is not at all clearly evident from searches justified by “no” or “Mexico plate”.

Of course, if Chief Baird wants to make it clearly evident by publishing complete, unredacted search logs — along with the basis on which “no” or “Mexico Plate” were determined to be proper uses of the system — we would be more than happy to publish that information here.

humans@haveibeenflocked.com

Flock’s sales lead, David Ballard — now a “Solutions Consultant,” according to his LinkedIn page — describes how the system should be used:

@vDomestic Situation clip from Webinar

Let’s say you have a domestic situation with a nurse and her husband has provided some type of threat and they’re separated. And the hospital administrator or the Flock administrator for that area can enter his tag into the Flock Safety LPR system. And it’s called a custom hot list. And what that will do is it will send you a text or an email and let you know, David Ballard just pulled on the area of this hospital. So what we can do then, we can move her to a safe location. We can lock doors. We can get our security team to push that way. We can call the police. So those seconds do matter. And that’s one of the big reasons for that hot list setting.

Ballard then continues to describe why that matters, and names what is fundamentally wrong about the picture he just painted:

You’ve got at-risk visitors, which like we’ve talked about were domestic disputes, at-risk patients. Because at the end of the day, we have to treat everyone. And we work with a lot of people in law enforcement that are in a mental crisis. And so we know that’s just a space we have to operate in, in the health care industry.

Habitual offenders, disgruntled and terminated employees.

Ballard didn’t go off-script by linking “terminated employees” to “habitual offenders.” It was right there on the slide behind him — official Flock marketing material titled “Proactive monitoring with real-time alerts,” which includes two mock push notifications. The first reads: “FLOCK ALERT: Custom Hot List Hit – Terminated Employee. Source: Parking Lot Entry. Camera: Entrance. Network: Hospital.” The second: “Custom Hot List Hit. LP #RUI6676. Terminated employee with active threat.” The slide visually equates “terminated” with “active threat.” There is no other datum on the badge.

The product has a “Hospital” network type, with the alert source pre-populated as “Parking Lot Entry.” This is not a thought experiment. It is what Flock built.

Ballard had discussed the policy with his Flock colleague, Jessica Barzee, the Sr. Demand Generation Manager hosting the call:

And that one, Jessica and I discussed this earlier about the terminated employees. These people have made a huge investment in their life. And if they’re terminated, we’re taking that away. And that’s affecting them for the rest of their life. So that’s very powerful, and people are very passionate about that.

The most common assailants of health care workers are patients…

He mentioned, in passing, “we have to treat everyone.” That includes a “Terminated Employee.” That’s not only a moral obligation, it’s a legal one. EMTALA (42 U.S.C. § 1395dd; 42 C.F.R. § 489.24) sets requirements for every Medicare-participating hospital with an emergency department: they must screen every patient, they must stabilize them, and they must transfer as appropriate.

This level of care is triggered as soon as a patient enters hospital grounds. It’s not conditioned on passing a security interview that potentially delays critical medical screening and care. If a “Terminated Employee” shows up at the “Parking Lot Entry” with chest pain and security blocks them from receiving care, that’s an EMTALA violation carrying severe penalties and liability.

What does that interception actually look like? Ballard walks the audience through the workflow:

@vDisgruntled Patient workflow

So let’s say a disgruntled patient provides a threat. They’re going to commit an act of violence. So we can use the Flock Safety’s patented vehicle fingerprint search and identify the patient’s vehicle, or we can bring police into it, you know, do a report and they look up the tag and provide you with that tag and you can enter it. Then we add the license plate to our hot list.

That’s your custom hot list. You can choose who’s going to get that in your security teams, your administrative facility, because they want to know about it.

Then he names the action:

You receive an alert that the vehicle has entered the hospital campus. So if the vehicle returns, the security staff intercepts the suspect at entry.

The “suspect.”

The “Terminated Employee” at the “Parking Lot Entry” with chest pain or some other healthcare emergency? Someone who, in Ballard’s terms, is “very passionate” about having just lost “a huge investment in their life”?

If we suspect a mental health crisis — which would not be unreasonable under the circumstances — the hospital’s moral and legal duty isn’t for its security team to delay care by “intercept[ing] the suspect at entry.” It’s to provide healthcare. That laid-off employee may have provided that care for years before the budget was diverted to fund surveillance technology and security.

The watchlist isn’t limited to former employees.

He then suggests using Flock’s “non-resident” detection — a feature marketed primarily to its HOA customers — “that’s an evidence that we can use and push to our security team, create those hot lists and say, hey, we were cased by a car that looks suspicious.”

Let’s put it on a hot list for our team.

No reasonable suspicion. No expiration dates. No guidelines. No disclosures. You haven’t been to the hospital before and you look suspicious.

A public hospital, federally required to treat everyone, transformed into a privately curated watchlist enforced at the parking lot entrance. This is what Flock calls “objective evidence.”

Ballard describes the goal plainly: “solve crime, move crime, or prevent crime. I’d rather prevent it and move it than have to solve it.” Predictive policing. By hospital security. The “move it” clause is doing real work — applied to a fired nurse in active cancer treatment, it means she goes to a different cancer center, if one exists in her insurance network. Applied to a fired respiratory therapist in mental-health crisis, it means a longer drive to an inpatient bed in a state where beds are already rationed. The pitch: my customer is safe. The threat is over there now.

This webinar was originally posted in September 2023. It is still on Flock’s website. Its healthcare customers — of which there are many — continue to follow Ballard’s recommendations and are still adding “suspects” to custom hot lists based on vibes, interrupting patient care and exposing the hospital to legal liability.

Any hospital that has followed Flock’s deficient advice should immediately instruct its staff to remove all former employees from any “custom hot list.” Providing adquate, efficient emergency care is not optional.

For every other category — habitual offenders, disgruntled patients, cars that “look suspicious” — the same architectural problem applies. The intercept blocks the screening. EMTALA does not allow that. Hospitals can learn this from compliance training, or they can learn it from federal court.

And that’s assuming the technology works perfectly. This week — three years after the webinar — 9News reports that incorrect Flock alerts are “not a one-off.” Among the affected: “a 76-year-old grandmother… repeatedly pulled over after data errors triggered inaccurate Flock camera alerts.”

In three years, how many patients have received delayed care, or have been “moved”, because of inaccurate alerts?

In Ballard’s words: “At the end of the day, we have to treat everyone.”

Let’s start now, before someone dies in the parking lot.

Full webinar, “Expanding Your Healthcare Security Perimeter Beyond Four Walls”

On May 1, 2026, law firms Emery | Reddy and Milberg filed a class action suit in the Northern District of California against The Home Depot, alleging violations of California’s ALPR privacy act and invasion of privacy. It’s the second class action against Home Depot in two months — Bursor & Fisher beat them to it with McGinity back in March. The two suits divide the timeline: McGinity covers shoppers caught before Home Depot quietly updated its ALPR policy in late December; Schmierer covers everyone since. And it lands the same week three separate Flock suits (Eldridge, Dutcher, and Javorsky) move to consolidate in the same court.

The new lawsuit challenges the common assumption that private corporations can surveil their customers and others without limitation. As it should, because that assumption is plainly incorrect. States can and do regulate the use of video and audio recording devices on private property, and California’s ALPR law doesn’t distinguish between private and public operators.

The other component — invasion of privacy — is an interesting tack. The suit alleges two slightly different violations: a violation of the right to privacy under the California Constitution, and the tort of “intrusion upon seclusion.” The complaint writes:

A reasonable person visiting a hardware store does not expect that their license plate data will be automatically captured, timestamped, stored in a national database, and made accessible to hundreds of law enforcement agencies, including federal immigration enforcement, all while the operator maintains a policy that omits mandatory disclosure elements and provides no meaningful restriction on who can access the data.

It also anticipates the obvious argument from Home Depot / Flock:

The California Supreme Court has recognized that the relevant question in an intrusion claim is not whether any single piece of information was publicly observable, but whether the manner, scope, and aggregation of the intrusion would be offensive to a reasonable person.

The complaint then lays out why a private corporation collecting data at its 233 locations in the state, storing that data with its private vendor, and sharing it in real-time with hundreds of police agencies, without Home Depot telling anyone about it, is offensive to Californians believing they’re just shopping for a new toilet seat.

The complaint has a point, and I’m excited to see where it goes. The statutory violations alone give a sense that Home Depot will end up out of pocket on this one, especially after Bartholomew v. Parking Concepts — the February California Court of Appeal decision that held operating ALPRs without a compliant policy is itself the harm.

Other private companies should take note. Flock can hammer its claims about “no reasonable expectation of privacy” and “30+ courts have consistently affirmed that ALPR devices perform lawful actions” all it wants; courts don’t typically look to marketing materials to find what the law is, and neither should anyone else.

The Flock Suits

Home Depot will be defending itself in the same district where Flock is already in court. And the Flock side is getting interesting. Plaintiffs’ lawyers in three existing California class action suits are getting into a consolidation scrap. The firms handling Eldridge and Dutcher don’t like the Javorsky team’s preservation strategy. The motion to consolidate puts it like this:

[Javorsky’s] difference [in approach] has already resulted in a prolonged disagreement with Flock regarding its retention protocols, which has likely resulted in the loss of hundreds of thousands of data points pertaining to putative class members.

But the more interesting bit is technical:

Flock has represented that capturing the broader set (including the ancillary “Identifier” tags) slows its preservation rate by roughly ten times.

The filing does not specify what these “‘identifier’ tags” are, but dollars to donuts that we’re talking about the searchable vectors that power FreeForm, Flock’s natural-language vehicle and person search tool. I have discussed these before in both the FreeForm context, where searches for “Star of David” were performed, and the ReId context, where persons can be tracked across devices through soft biometric data. The math mostly holds there; simple tags stored with the data would be fairly small, plausibly ~200 bytes, so if a vector is ~2kB, that would be about 10x larger and therefore 10x “slower.”

The part that doesn’t make sense in the filing is the preservation rate. It implies that preservation can’t happen in real-time on the backend. Why not? What prevents Flock from setting up an additional replica node? Does it not routinely keep replica copies of its data? If it doesn’t, how does it guarantee data integrity (and thereby both completeness and accuracy)?

I’ve raised these questions before in the context of changing log files:

A distributed explanation is not any better than deleting and adding records in a centralized database. In fact, it would be a very fundamental, very fatal, flaw for records that are supposed to be immutable \— like audit records \— to have multiple copies in multiple places without a single authoritative copy.

Apparently log entries can go missing without Flock’s system throwing an error. If you can’t be sure that your log is complete, you can’t rely on it to show whatever it is you’re auditing for \— it may have been deleted.

If a similar distributed pattern holds for the “identifiers” or vectors — which Flock’s protestations in this new court filing seem to suggest — it would extend the integrity problem from the audit logs to the ALPR data itself.

The motion takes Flock’s “10x slower” claim at face value and uses it to triage: preserve the narrow set that identifies the class, drop the fight over ancillary fields. As a practical call under time pressure, it makes sense. But Flock’s underlying claim is the part that should not have gone unchallenged.

In particular, it’s worth considering that “ALPR information” under California law means “information or data collected through the use of an ALPR system” — not “license plate characters.” Whatever Flock’s cameras capture and feed into its searchable database is ALPR information, with all the operator duties that attach. Flock stating that the broader field set slows preservation by 10x is, in effect, telling the court those fields exist and are part of what the system collects. They’re covered. The plates are just one column in the table.

The more data collected, the more there is for Bartholomew’s harm analysis to work on, and the more there is for the privacy torts’ offensiveness analysis to grade as offensive. In re Facebook — Edelson’s signature win — established that biometric data has value as data. None of that argues for letting Flock walk away from the broader fields just because its architecture allegedly can’t keep up.

Even a narrow set — license plates and locations, a few bytes — is apparently more than Flock can copy or preserve at scale without slowing things down. It implies the live system runs on single copies without the kind of redundancy that would let it verify its own data — and its distributed database likely uses computers sitting unattended on the side of the road, intermittently accessible through spotty mobile connections, storing unencrypted video and images, for the express purpose of directing traffic stops, conducting searches, and providing evidence.

The disclosure failure has always done double duty for Flock: hide what the system collects, then escape enforcement when nobody asks. Now Flock wants it to do triple duty: wall off the undisclosed fields from the lawsuit, too.

In September 2024, Dunwoody PD Major Patrick Krieg requested access to the private security cameras at a community center on behalf of the department. When the community center pushed back and demanded to know what the access would be used for, Krieg was unambiguous: “This is solely for real-time critical incident response.” The community center agreed to share their cameras, including cameras in gymnastics rooms, pools, and fitness studios, with Dunwoody PD for emergencies.

To the broader public, the City made the same promise in a different form: Flock is a public safety tool that catches criminals and keeps your community safe. It’s only used for law enforcement purposes. When citizens raised concerns, we were given three minutes at a podium, requests for open meetings were ignored, and we were silenced by a unanimous vote.

Both promises had the same problem: while the city was making them, Flock employees were inside Dunwoody’s camera network, including a private community center’s cameras (the ones shared solely for emergencies) to allegedly pitch their product to other law enforcement agencies.

From 2023 through April 2026, Flock employees viewed live and recorded cameras in Dunwoody over 1,000 times. In 2025 alone, they searched Dunwoody citizens’ data over 400 times. No one in Dunwoody consented to this.

When I asked the City of Dunwoody to produce any agreement authorizing this, their answer was simple: “The City of Dunwoody found no records that are responsive to your request.”

There was no authorization or explicit permission. Just a promise to a community center, a promise to the public, and a company that treated both like an open door.

Flock’s Response

Flock’s public statement in response to this information being revealed was unequivocal: “We work with cities and agencies, like Dunwoody, that have given authorized, explicit permission to be testing partners.”

Their CEO told a different story in private. In an email obtained through open records, Garrett Langley wrote to the community center’s CEO that Flock had “explicit permission from Dunwoody” and that employees “occasionally” accessed Dunwoody’s devices for testing and demonstration purposes, but that this was a “poor decision,” and Flock showed “a lack of thoughtfulness.”

Flock CEO’s ‘apology’

Let’s start with “explicit permission.” I filed an open records request asking the City of Dunwoody for any agreement, contract, memorandum of understanding, or authorization, anything at all, governing Flock’s access to Dunwoody’s camera network for testing or demonstration purposes. I made the request as broad as possible because I wanted to know whether the city had decided it was acceptable for my family and me to be watched by Flock sales employees without our knowledge. I think any reasonable person would agree I should at least be able to find out if the city robbed me of consent, and if so, who made that decision.

The city’s answer: “The City of Dunwoody found no records that are responsive to your request.”

Response to my request for a “demo agreement”

There was no explicit permission. There was no agreement. There was nothing.

Now let’s talk about “occasionally.” From 2023 through mid-April 2026, Flock employees viewed live and recorded cameras in Dunwoody 1,063 times. In 2025 alone, they searched Dunwoody citizens’ data 401 times directly through the Dunwoody PD network.

Camera views by Flock employees, mostly sales employees

Maybe Flock and the rest of the world have different definitions of explicit and occasionally. Mr. Langley, if you read this, I personally offer to buy you a dictionary.

Flock’s blog went further, claiming the community center’s “camera was only viewed once during a routine demo.” This implies that only one camera was viewed. This is quite contradictory to public records, which show dozens of cameras in sensitive areas where children play being accessed, including in the private community center.

Either they are intentionally lying by stating only one camera was viewed, or they do not know how to read their own audit logs.

Neither explanation is acceptable.

Flock’s response doesn’t even commit to ending these demos. It makes clear that ordinary people across the country, going about their lives, will continue to serve as unwitting props in Flock sales presentations. Flock’s website still states, “Flock Safety does not access or monitor your footage without explicit request of the customer,” although the audit logs tell a different story.

Flock also said in a statement to 404 Media that “it is unequivocally false to assert that Flock, or the police, or city officials are doing anything other than using technology to stop major crimes in the city.” This is at the same time that their blog admits that they were looking at cameras where Dunwoody citizens and children could be. So which one is it? Are they hoping to redefine the words “anything other than”?

Flock Safety’s entire defense rests on the word “permission.” They used it in their public statement. Their CEO used it in his private email to the community center, and their website uses it.

But when I asked the city to show me that permission — any document, any email, any record of anyone ever saying yes — there was nothing. Not a contract, memo, email — nothing. The cameras were shared with Dunwoody PD for 911 emergencies.

That’s not permission. That’s not “explicit.” That’s a private company deciding that proximity to a law enforcement contract was close enough to consent, and a city that either didn’t know or didn’t care.

Dunwoody PD Response

When the community center’s leadership found out their cameras had been accessed by Flock employees, they did what any reasonable institution would do: investigate and contact the police department that had promised to protect them.

Their understanding of the arrangement was explicit.

In an email exchange obtained through open records, the community center’s leadership wrote: “Our understanding was that DPD’s access to our cameras was limited to active-shooter or similar emergency scenarios: real-time tactical awareness, etc. Since no such event had occurred, we had no reason to believe anyone had actually viewed the feeds.”

That understanding came directly from what the PD told them, but it was wrong.

They were immediately given two very different answers:

Deputy Chief Oliver Fladrich said, “I certainly had my eyebrow going up about Flock checking in your system.”

Major Patrick Krieg: “It is becoming clear that we have an individual or small group that is continuing to produce misinformation to our partners in an effort to disrupt operations.”

Read those two responses again. One senior officer acknowledged that Flock being inside the community center’s cameras was unexpected. The other called it misinformation.

I found this particularly weird since they work in the same department, have seen the same evidence, and Krieg himself was the one who promised the community center in writing less than two years ago that access was “not recording your video, nor will we have any rights or ability to disseminate it otherwise, it is solely for real-time critical incident response.”

Email I obtained through open records requests

At this point I am assuming that the community center agreed on that basis, and they had no reason to believe anything else was possible.

Just like everyone else in Dunwoody, they found out this promise had been broken from a private citizen. Not from the police department that made the promise. Not from the officers overseeing the Real Time Crime Center who should have been the first to notice that Flock employees were inside a network explicitly labeled “Do Not Share.” From me — a dad in Dunwoody who filed open records requests.

But those officers were busy. They were at steak dinners with Flock employees.

Texts obtained through open records from Lt. Fecht’s phone: Chris Anderson, David Thorp, and John Watson (number redacted) are Flock employees

The community center was betrayed by the people tasked to protect them just like the rest of us.

We were all told the same story: that Flock was a law enforcement tool, that our cameras were for emergencies, that the system had safeguards. Someone, either Dunwoody PD or Flock or both, decided that our neighborhoods, our parks, our pools, and our children’s gymnastics rooms were fair game for a private vendor’s access.

Nobody asked us for our consent, and when a private citizen found out and raised the alarm, one of those officers called it misinformation.

That’s not a miscommunication, that’s a choice.

City of Dunwoody Response

At the April 13th City Council meeting, Mayor Lynn Deutsch said she “sought a solution” and that “where we landed is that Flock will no longer use Dunwoody for demonstration projects.” She also said the city was “trying to be transparent.”

So let’s talk about that transparency:

Before this story broke publicly, I had emailed the mayor fourteen times about concerns with Flock. She never responded to one. When I offered to meet with her directly to walk through what I had found — audit logs showing Flock sales employees watching cameras inside a children’s gymnastics room — she ignored me.

Mayor Deutsch and the rest of the council have also refused every request from citizens for an open public meeting on Flock, which makes it particularly remarkable that on the 13th, an hour after ignoring those requests, Councilman Joe Seconder suggested an open meeting about a completely different topic.

The “solution” she announced came less than a week after she met privately with Flock’s CEO at a coffee shop, a meeting she didn’t disclose publicly until I brought it up, arranged through text messages obtained through open records.

Texts from Mayor Lynn Deutsch to Flock CEO Garrett Langley obtained through open records

This is the same CEO who has gone on television and lied about Flock’s relationship with ICE and the federal government, and lied directly to other city council members. I had made Mayor Deutsch aware of both of these facts in February.

I even got the exact email of Garrett Langley lying to a Denver City Council woman from a reporter in Denver and attached it

For her, “we” doesn’t mean the families of Dunwoody. It means her and the CEO of the company under scrutiny, meeting privately, before she championed a legal agreement and contract expansion that required nothing of Flock, held no one accountable, and changed nothing materially about how our data is used.

There was never an explicit authorization allowing any of this to happen. Not for the demos, searches, or for a single Flock employee to open a single camera feed inside a private community center, or at our parks and playgrounds.

Without authorization, public accountability, and the public’s consent, the City of Dunwoody, the Dunwoody PD, and Flock turned our neighborhoods, our parks, our pools, and our children’s gymnastics rooms into a virtual human zoo for a private company’s ‘sales pitch.’

Nobody asked us, or told us, and when we found out, the mayor’s solution was a private coffee meeting with the CEO.

So here is the question nobody in Dunwoody has been willing to answer: who authorized this? Not who enabled it technically. Not who facilitated the integration. Who decided it was acceptable for Flock sales employees to have access to cameras inside a private community center, and our parks and playgrounds? Who decided that was consistent with what Dunwoody PD promised us and the JCC in writing? Who decided that 401 searches of Dunwoody citizens’ data in a single year by Flock employees was within the scope of what this technology was sold to us as?

The mayor met with the CEO, then the council voted unanimously to expand the contract, the officers responsible went to dinner with Flock employees, and the cameras, microphones, and drones are still on.

What’s Next?

That can’t be the end of this story. The residents of Dunwoody deserve a city that works for them: not one that meets privately with the companies it’s supposed to oversee and calls it transparency. Zach Humphries, Sean Collins, and I are launching Dunwoody Forward because we believe this community is capable of something better.

We want to build something that goes beyond Flock: a vision for what Dunwoody looks like when the voices of citizens carry more weight than the interests of corporations. We’re still figuring out what this non-partisan group looks like, and we need your help.

Join our Facebook group and let’s figure this out together :)

Join the Dunwoody Forward Facebook Group →

This piece was originally published on Jason Hunyar’s Substack, and is republished here with permission.

This is a meaningful position from an organization I’ve previously disagreed with on ALPR transparency. The underlying disagreement was never moral — the general public should not have their data collected, catalogued, and published — but practical: the structures EFF and ACLU were endorsing produce, in the real world, the opposite of transparency.

Although both EFF and ACLU have since expressed a need and desire for stronger transparency than their previous words suggested, practical issues remain. In its new post, EFF opposes the worst version of these bills (categorical exemption) while still endorsing a framework that keeps records hidden in practice (case-by-case balancing).

The Problem

Seven states (and counting) introducing hostile legislation is not a coincidence. It’s a direct result of Flock’s lobbyists^[1] responding to public-records work that has produced policy outcomes like contract cancellations, declined renewals, and even criminal charges. EFF correctly identifies the records as “not just informational—they are leverage.”

The Washington example is instructive and worth dwelling on. A state court ruled last year that ALPR data are public records. The legislature responded by exempting them. This is the predictable endpoint of a balancing-test regime: when transparency wins on the merits in a forum that requires reasoned analysis, the response is to move the question to a forum that doesn’t.

Flock’s home state of Georgia goes further. Not content with exempting ALPR data, the state made it a misdemeanor to request or use plate data for non-law-enforcement purposes. That is the trajectory of denial-by-fee taken to its logical conclusion: when charging $5.4M for search logs (Dunwoody’s number) becomes inadequate to deter requesters, criminalization is next.

Case-by-Case Balancing and Deidentification

EFF prescribes an unworkable framework that already exists in many states: a privacy exemption requiring case-by-case balancing of transparency benefits against privacy costs.

The framework is idealistic. It is also the primary mechanism by which logs get withheld. Most states lack specific exemptions for the kind of audit data published on haveibeenflocked.com. Even states with “ALPR data” exceptions have to contend with the fact that search terms entered by a user are not “ALPR data.” Agencies often route around this by treating each search as a separate record, then assessing per-record review fees. Five- and six-figure fee estimates are common. The “balancing” and redaction in practice means an agency charges enough to make the request impossible. No balancing actually occurs.

The practical reality under these frameworks is that if you can collect enough records, you can ensure nobody ever gets to see them. That’s the opposite of the desired outcome.

The per-record framing is also a trap of agencies’ own making. If each search log is a separate record for fee purposes, it is a separate record for every other purpose too. Open records law generally requires a specific lawful basis for withholding each record, communicated to the requester, with each denial independently appealable. An agency that wants to charge per-record review fees on 10,000 “records” in a single Excel spreadsheet should be prepared to issue 10,000 individualized determinations and defend each one. Agencies want the fees, but not the obligations.

EFF’s fourth recommendation — disclosing aggregated or deidentified data while withholding personally identifiable information, and treating that process as redaction rather than record-creation — is closer to a real, and workable, solution.

Aggregation is a dodge. Counts of scans by month, hit ratios in percentages, and total-records-shared figures only tell you that surveillance is happening at scale. We know that already. Whether specific searches are lawful, whether officers are stalking exes, or whether “investigation” is being used as a pretext for anything remains locked away in a filing cabinet in the basement of the police station. Aggregate data can’t surface the Milwaukee Ayala case or the Joplin firing. Pattern-of-misuse questions require record-level data.

Deidentification is the workable part. haveibeenflocked.com already takes this approach to an extent: the site publishes audit logs but maps plates to “identifiers” to obscure their identity. This allows the patterns to remain visible — Officer X searched plate Y 124 times in two months — without exposing what plate Y is. Flock previously did the same thing with usernames in its transparency portals before stripping the IDs entirely. It’s a solution where risks like reidentification must be considered, but that’s not an insurmountable problem.

I’ve written about this approach before; haveibeenflocked.com’s “identifiers” are a partially working example of the disclosure-with-redaction structure EFF is asking legislatures to enact.

Front-loading Beats Balancing

The deeper problem with case-by-case balancing is that it does the work in the wrong place at the wrong time. Each request triggers an individualized analysis by an agency that has no incentive to perform it well, no consequences for performing it badly, and a claimed financial mechanism (per-record review or redaction fees) for converting the analysis itself into a denial.

There is a logical alternative: front-load the determination through rulemaking. My state, Iowa, has the structure largely on the books in its Fair Information Practices Act, even if implementation and enforcement are absent in practice.

Under FIPA, state agencies must promulgate rules describing what personally identifiable information they collect, why they collect it, the legal basis for collection, and which of their records are public, confidential, or mixed. The determination is made before any request arrives. The burden sits with the agency, ahead of time, rather than being shifted to the requester at the moment of request.^[2]

Front-loading also forces honest accounting. We do this elsewhere as a matter of course. If a record could contain confidential information, we treat it as if it does. Your doctor can’t store lab results in the same folder where she receives the office Christmas party invites. Yet agencies constantly argue, through public records responses, that they commingle confidential and non-confidential records and store them with third parties — Flock, email providers — that are not bound to keep those records confidential and that, in Flock’s case, will actively disseminate them to paying customers.

Strict reading of public records law makes that assumption-based structure hard. Open records statutes generally, and correctly, turn on what a record does contain, not what it could. Front-loaded rulemaking forces agencies to make the determination at the outset — at minimum, by instructing employees not to enter PII into Flock; at maximum, with a manual confidentiality justification stored with each entry.

Agencies will argue this is too burdensome; cops can’t be trusted to make these legal determinations. They will be right. The burden is the point. If an agency doesn’t know whether a search reason contains confidential information, it doesn’t know whether the search was lawful. Privacy, confidentiality, and oversight are all the same problem.

Watchlists as a Solution

Front-loading exposes one residual problem: are license plates themselves confidential PII? A categorical answer is available through watchlists.

Properly constructed, watchlist inclusion should require an active police investigation; current practice does not, which is itself part of the problem. Assuming the rule is in place, plates on a watchlist can be exempted from disclosure as part of an investigation. Plates not on a watchlist were captured and stored without an existing investigative basis. This is the “just in case” form of mass surveillance creating the biggest privacy problems.

Those historic location profiles should not be stored at all or, if they are not sensitive enough to prevent their storage, they should be subject to disclosure. The question of whether the public should see information collected without an investigatory nexus collapses into the question of whether they should be collected at all.

The watchlist approach also makes aggregation meaningful. The unit shifts from “plates scanned” — which only confirms surveillance is happening at scale — to “watchlist entries vs. open investigations,” which tells you more about how the system is being used. An agency with thousands of watchlist entries and a few dozen open investigations is using the watchlist for something other than active investigations. An agency whose watchlist entries persist for years is operating differently than one whose entries turn over in days. Either pattern is more useful for oversight than a count of plates scanned or a number of “hits.”

The contradiction is unavoidable. Either license plates are not PII and carry no privacy interest on public roads — Flock’s position when defending the cameras — or they are sensitive PII exempt from disclosure — Flock’s position when defending the audit logs from disclosure.

That contradiction is theirs, not EFF’s, and not the law’s. EFF takes the coherent position that plate data should generally be withheld from third parties, while audit logs and aggregate scan data should be public.

Flock aggressively funds the narrative that total exemption is the only solution. It would probably be right, if it didn’t assign itself the exclusive right to collect, receive, and store the very data it argues is too sensitive for the public. “The public” includes Flock.

Flock is also right that current open records laws are flawed, but the solution isn’t to hollow them out. EFF’s proposed solution is an opaque balancing test with unpredictable outcomes. My proposal is to add the requirement that governments be transparent and consistent.

Both proposals are much better than Flock’s. Neither would be required if current laws on confidentiality and open records were enforced.

Council member Brad Spanbauer had asked, on the record:

“Just to be clear, does the system create a heat map of a vehicle’s movement using the multiple aggregated images for a specific searched vehicle?”

Flock’s representative answered: “No, that is not available.”

It is available. It has a name. Flock calls it pattern of life.

What Pattern of Life is

Pattern of life is the Flock feature that turns a string of camera reads into a behavioral profile. You pick a plate. Flock plots every camera that captured it — across a jurisdiction, across a region, across the nationwide network — onto a map, with a heat map overlay that brightens where the vehicle spends its time. You toggle the window: 14 days, 30 days, longer. What comes back is the shape of a driver’s week: home, work, church, doctor, lover, gun range, union hall, rally — each node glowing in proportion to how much of a life is lived there.

It is not a theoretical capability. It is not a roadmap item. It is a marketed, shipped, demonstrated feature of FlockOS, and Flock’s own staff describe it in their own training materials.

“We do not and cannot track vehicles”

The Oshkosh denial was not one rep having a bad night. It is the company’s house talking point, repeated in its corporate marketing, its blog posts, its press statements, and the materials it feeds to elected officials considering contracts.

On a February 26, 2026 blog post titled Is Flock Mass Surveillance? Here’s What 30 Courts Decided, Flock states, in its own voice:

“Flock ALPRs do not and cannot track vehicles, much less individual people. ALPRs take a point-in-time image of the rear of vehicles on public roadways. They are incapable of tracking the whole of anyone’s movements…”

Not “do not, absent a warrant.” Not “do so only in narrow investigative contexts.” Cannot.

Now set that next to a Flock product staffer walking a customer audience through the search interface: “you can change and see 14 days of pattern of life or 30 days of pattern of life … the heat map that you know and love.”

The marketing department is contradicting the product department. A system that “cannot track vehicles” does not ship with a 30-day pattern-of-life toggle and a heat map its users already know and love. One of those sentences is the product. The other is the pitch.

Flock Webinars Confirm the Feature

From a Flock product demo of the search interface. A Flock staffer walks through the suspect drawer in the UI:

“you can change and see 14 days of pattern of life or 30 days of pattern of life. So you can, once you’ve zoomed in on your suspect, you can start to see what have they been doing? Where have they been going? And you have the heat map that you know and love, which you can toggle on and off.”

@vSearch interface with pattern of life

In another webinar, Flock explains why a user would extend a hot list’s retention window:

“you might wanna know long-term where that car has been in a week … you kind of wanna figure out what its pattern of life is.”

@vPattern of Life via Hotlist

Finally, in a Q&A on FlockOS, Flock is asked whether the system can generate “a map-based report reflecting all of the hits for a specific vehicle … a pattern of life scenario,” a Flock trainer defers to another team member, then reads the answer:

“FlockOS allows you to see the historical locations of a specific vehicle, including a map-based view and heat map as part of license plate search.”

@vFlockOS Pattern of Life

Each Flock employee in these three webinars references “the heat map that you know and love” — the same feature Flock told Oshkosh’s council didn’t exist.

Beyond Oshkosh

Oshkosh is the first council we know of to catch Flock in a lie on the record and actually act on it by reversing a vote because of it. It wasn’t the first council to be told a lie, nor will it be the last. It was the first to so publicly call a spade a spade — a move that makes me feel some Midwestern pride. Three things follow for everyone else.

First, every jurisdiction that approved a Flock contract based on sales representations should re-interrogate those representations. The problem isn’t confined to one rep in one Wisconsin council chamber. Flock’s corporate marketing tells the public the system “cannot” track vehicles. Its trainers tell paying customers how to track vehicles for thirty days at a time. If a council relied on the former to approve a contract, it bought the latter. Pull the minutes. Pull the recordings. Ask the chief what he was shown in the back office that was not shown at the dais.

Second, Flock’s public response — that its statements were “misinterpreted and weaponized by activists” — is not a denial. It’s a complaint that someone noticed. The chief did not misinterpret anything. He said he “visually confirmed” the heat maps the next morning. It’s Flock’s canned repsonse to claims it doesn’t like but can’t refute: “these are just false”.

Finally, “pattern of life” is what makes Flock Flock. A single camera that reads a plate and checks it against a list of stolen vehicles is a tool — a narrow one, with narrow uses. A network of hundreds of thousands of cameras aggregating every read on every plate into a queryable history of where a driver has been, brightened into a heat map, is something categorically different.

The cameras are the sensor — Flock owns these, and its customers don’t care. The pattern-of-life database is the product actually sold to police departments. It’s why the cameras exist, and why the feature is built, taught, and demoed.

An “ALPR camera lease” may be the easier sell for its reps, but it’s not a product Flock offers.

The Language

Flock did not invent the phrase “pattern of life.” It is a counterterrorism and military-intelligence term of art for building a behavioral template of a target by tracking their movements over time. Flock markets counterinsurgency tooling to local police departments because it sells.

When that product is pointed at every driver on an American road — and the company’s sales staff then tells elected officials it does no such thing — “misinterpreted” is not the word for what happened in Oshkosh.

False Claims and Fundamental Changes

The claim that Flock enabled backdoor access to customer data and other claims that have been in the media \— these are just false. All of the sharing that happens in the Flock system happens through permissions in the system controlled by you and your admins. It’s your data. Contractually, you control it. Flock does not own it, does not share it, does not sell your data.

@vAmy Palumbo on media claims and FOIA in February webinar

The facts Palumbo called false are well-documented on this site, as well as on Flock’s blog.

A CBP pilot ran May 9 through August 24, 2025, during the same summer in which Flock CEO Garrett Langley published a blog post titled Setting the Record Straight, where he denied federal cooperation — “not my decision, and not Flock’s decision,” he wrote — while that pilot was live.

A January 2026 Flock blog post repeated that “ICE does not have direct access to Flock cameras, systems, or data” while, in the same post, listing the CBP pilot as an arrangement that “effectively enabl[ed prospective customers] to test the product before committing.”

Throughout all of this, audit logs continued to show searches by federal agencies, while agencies like Mountain View, CA, said federal sharing was enabled without their consent.

The only time Flock accesses customer data, Palumbo went on, is to respond to “legal process” — a subpoena, a search warrant, a court order — and the customer is notified when that happens.

She made that statement around the same time Flock employees were, according to Flock, using a gymnastics room, a pool, and a daycare in Dunwoody for a sales demo. A practice Flock says it intends to continue, but “in more public locations.”

Such contradictions are routine at this point. Less than ninety seconds may be a record. Right after the “just false” line:

So where is the misinformation in the media coming from about backdoor access? It’s a misunderstanding about some of our previous pilot programs and sharing within the system. So over the summer, as these issues came to light about access from federal partners who were pilot customers, we made a lot of changes to the system in response to some of that feedback.

From “no backdoor” to a “misunderstanding” about “previous pilot programs.” A pilot program that gave access to federal agencies. Without other agencies knowing about it. If there is a falsehood anywhere, Palumbo does not mention any details.

Palumbo may dislike “backdoor” as a label, but she can’t deny the architecture it describes. Federal agencies, including immigration agencies, hooked into Flock’s sharing apparatus running searches against cameras across the country, including in states like California which restrict such use of surveillance networks.

Either way, you do not appoint a chief legal officer, expand your policy team, stand up new trust and safety programs, and create a dedicated compliance product-manager role to fix a media narrative that is false. You respond to reporters asking for comment and attach a receipt or two.

No FOIA, No Problem

Palumbo goes on a bit to encourage the, presumably, Wisconsin-based audience to apply “a balancing test” when “facing public records requests.” The information agencies are allowing Flock to collect can lead to stalking and could be misused — according to Palumbo. The dangers of releasing this information — to the public; not to Flock, its contractors, its customers, or its pilot programs, of course — can’t be overstated (when it comes to public records requests).

@vAshley Haber on product changes

The next speaker was Ashley Haber. She delivered the list of “changes to the system in response” to the supposedly false information.

Last summer, we made a change so that federal organizations at Flock are handled a bit differently than a typical state or local law enforcement agency. They are properly called out throughout the system with a label that says federal organization. They also are not included in statewide or national lookup…

Which is to say: before the summer of 2025, federal organizations were indistinguishable from local police departments in Flock’s search and sharing interface. A query run from a federal account reached every shared camera within the network’s scope, state by state, without the querying agency being explicitly flagged as federal in the audit. There was no statewide-lookup exclusion. There was no opt-out, beyond the “all or nothing” of the state- or nationwide network.

There is more.

We did a lot of work last year on cleaning up network and org audits to both be more useful for you all and also protect you all as these PRAs and FOIAs were becoming more popular and they were risking officer safety and active case investigations falling apart.

We cleaned up what we call system-generated searches so that there was not an excessive amount of records here. If someone opened a drawer, zoomed in on the map, technically on our back end it may have created another search record but it really wasn’t a user generated action… we also added the functionality starting August 8th of last year… you’re able to see if your cameras produced any results from lookup searches… the last piece is we masked certain sensitive data in response to what happened close to end of last year to protect interagency sharing.

“What happened close to end of last year” may refer to the December emails from the FBI and Flock in response to logs appearing on haveibeenflocked.com.

“Mask certain sensitive data” is the network-audit redaction feature that strips officer names, agency identifiers, plates, filters, and case numbers from the logs agencies are supposed to review for improper access.

The non-hit-search filter, added in August, lets an agency exclude queries that did not produce a plate match — and, by extension, lets them view which queries did produce a match.

So far, no agency has included this information on whether there was a hit in a network audit log. That information is not categorically exempt from open records laws, and requesters generally ask for complete logs, not ones with partial information.

“System-generated searches,” per Haber, are now filtered from the audit “to avoid confusion and too much noise,” directly contradicting Flock’s public narrative of “every search is logged.” Flock decides what is logged and what is “noise” or “confusing,” based on undisclosed and likely fluid criteria.

And finally, she discusses the “filter” that handles immigration and reproductive health searches in states that prohibit such searches.

The last bullet point on her slide informs the audience that details will remain a secret, “in order to protect the effectiveness of this feature.” Maybe Flock thinks a user of the system couldn’t figure out, without a Flock-published list, that writing ‘suspicious vehicle’ in the reason field defeats the filter.

Or maybe publishing the list would remove their ability to lie about how long they’ve been filtering any particular term. One of those explanations seems much more likely than the other.

Flock’s Solutions

Addressing false claims is easy: you correct them. Flock holds all the information and all the evidence; it has a PR team and a blog. It knows when filters went into effect and how many searches are being filtered. It’s not that hard to rebut false claims and build trust through transparency.

But if the claims happen to be true, you may have to roll out several audit-obstruction features, a bevy of new filters, and restructure your entire compliance organization.

Flock’s response is telling.

Almost two months ago, I titled a section “Flock Promises More Violations.” It has now made good on that promise. Back then, I wrote:

the gradual narrowing is interesting to watch. In a span of weeks, Flock’s messaging shifted from “Flock does not sell data,” to “Flock does not sell data to the federal government” to “Flock does not sell data to DHS agencies.”

Federal agencies have been appearing more in audit logs, tagged with [Federal]. Flock has added a toggle to its product to grant/deny federal access to data.^[1] These have largely been federal prisons, and parks like the Presidio of San Francisco.

Now, the FBI has direct access.^[2]

Flock will keep insisting that licensing data isn’t selling data. The distinction matters to surveilled citizens about as much as Netflix’s licensing model matters to a movie studio — and the studio, at least, sets the terms.

Contractually, Flock is not prohibited from granting the feds access. For that matter, it’s not prohibited from granting anyone access. Numerous private corporations and universities have access to what Flock markets as a “law enforcement only” network, and entire police departments are regularly granted access without a contract.^[3]

But communities that were sold the system by Flock and their local PD on the promise that the feds did not have access to the data now have a system deployed that does grant direct, federated access to the FBI and other federal agencies.

It’s what those cities signed up for. Flock manages access to the network. Not the city. Not the PD.

If you want to know if your city grants access to the FBI, you will have to file an open records request. It is unclear at this time whether the “federal access” configuration switch is separate from the “shared networks” file — the configuration that governs which outside agencies can query a department’s cameras (reach out if you know).

Police departments generally don’t inform elected officials or the public when they enable a software toggle—even when it comes with constitutional and liability implications. They certainly don’t seek the public’s approval before subjecting it to federal mass surveillance.

“Every city has a right”

America is built on principles of freedom, and every city has a right to make that choice. When a community pulls back on public safety they achieve less surveillance, but the people who are made to suffer aren’t the affluent ones, it’s the people who live in neighborhoods where they can’t afford safety…

“[E]very city has a right to make that choice” is Langley flat-out catering to his customer base. The U.S. Constitution — specifically the Fourth Amendment — as well as many state constitutions are intended to constrain government. Local governments don’t have unlimited power.

The other issue here is that “the people who live in neighborhoods” are left out of the conversation and the decision to deploy surveillance entirely. They suddenly discover “LPR” cameras pointed at their basketball court because Flock’s own sales pitch — second image below — says these deployments are a way for departments to get video surveillance without having to go through a public hearing.

“Flock LPR” cameras are named to trick people into believing they’re license plate readers. Instead, they capture video and data to be fed into a sprawling national system centered on Flock’s “Nova” intelligence product.

In Langley’s world, the cops get to choose. The people aren’t even told.

Safety-as-a-Service (for a Recurring Fee)

South Africa has over 600,000 private security guards. More than its police and military combined. The wealthy live behind nine-foot walls and electric fences. Safety exists, if you can afford it. If you can’t, crime is simply the cost of being alive.

The true hypocrisy, however, is not the price tag for “All of Us”, but the invocation of South Africa’s “pay to stay safe” system. Langley cites it as an example of inequality; at the same time, Flock partners with the South African company Vumacam to profit off the creation of a new era of “digital apartheid” in South Africa.

Via Ricky Croock's LinkedIn (spelled as "Ricky Crook" here).

Vumacam places Flock cameras in affluent suburbs and sells that data to private security contractors. Those corporations, which are even less accountable than the government, in turn sell their services to South Africa’s upper-class.

Langley stands on-stage in feigned indignation, as his $8.4 billion company collects on “the cost of being alive.”

The Digital Standing Army

Langley lauds police forces in other countries and considers the U.S. system of local police to be a “unique problem we have created for ourselves”. He is wrong. It’s not a problem, but a solution.

The founding generation was deeply divided on standing armies. At the time, the local militia kept the peace — professional police didn’t arrive in the U.S. until 1838. A common wisdom was that the more local the militia, the less likely it would be to turn on the people.

What the founders feared from a standing army has arrived in a different form: increasingly militarized and high-tech police. Langley describes his vision as one where any police officer anywhere in the country can “share” and “cooperate” across borders and jurisdictions.

What that means in practice is that any police department in the nation has the capability to dispatch one of Langley’s drones based on reports from his national “Nova” system, fed by hundreds of thousands of his cameras.

Even Hamilton, a proponent of standing armies, warned that nations attached to liberty will, in time, give up freedom for safety — a dynamic that scales down to any institution sold as protection.

Police now believe they depend on Flock. That means its CEO can not only afford safety — he can demand it from the standing army he helped create.

What to do about it

The camera on your corner was approved by someone. Find out who, and when they’re up for election.

• Check whether your city uses Flock.
• Request public records for contracts, data-sharing and demo agreements, and log files.

Public hearings and records requests are the only reason any of this is visible at all. Keep showing up.

Three days after the deal closed, Flock, apparently alive to the optics of its employees viewing a community center pool through police cameras, released a blog post titled “Understanding Flock’s Testing and Development Program.” Personally, I would not have chosen to link “employees viewing a gymnastics room” to “testing and development.” But this is Flock.

The issue Flock’s blog post addresses was raised by Dunwoody resident Jason Hunyar and amplified by YouTuber Benn Jordan: Dunwoody PD’s event logs (similar to, but not the same as, the “ALPR audit logs” this site publishes) showed Flock executives had opened camera streams inside the JCC on numerous occasions, for durations the logs don’t record. For the details, see Jason’s write-up and the posts about the April 13 Dunwoody meeting and its outcome.

The post was published under Josh Thomas’ name—the company’s Chief Communications Officer who has been speaking for Flock for the past eight years. It’s not a slapdash production by an engineering manager. His headline reads:

This article explains how Flock tests its technology in real-world environments, strengthens search safeguards, and addresses recent privacy questions about its development practices.

Let’s discuss these topics. And the buried lede.

The Lede Thomas Buried

Tucked into the middle of the post, presented as evidence of a safeguard working, is this:

In Dunwoody, a Flock employee performed a demo of this content moderation policy by searching for both “Star of David”, which our search moderation tool blocked, and “Cowboy hat,” which the search moderation tool allowed.

Flock describes the underlying feature, FreeForm, as a search tool that allows officers to query cameras for descriptive phrases like “man wearing a cowboy hat.” Read that together with the Dunwoody example: a Flock sales employee ran an identifying search against live Dunwoody camera data. The cowboy hat search, per Flock’s own description, returned results—real people, in Dunwoody, identified by what they were wearing, surfaced to a salesperson running a demo. The Star of David search was also made.

The only thing that stopped it from returning a list of Jewish residents of Dunwoody was a content filter Flock built, maintains, and can modify at any time without telling anyone.

Flock presents this as reassuring. It is the opposite.

The architecture underneath the filter is the actual story. Flock’s patent, US 11,416,545, titled “System and method for object based query of video content captured by a dynamic surveillance network,” describes parsing video “for content” and storing it “in a database in connection with data that identifies the content (object class, aspects of the object, confidence scores, time and location data, etc.).”

The patent family extends to neural networks trained to identify clothing, estimate height and weight, and classify other physical characteristics of individuals—stored, by design, in searchable databases. That is an index. It is being built continuously, by design, and is queryable by any user Flock decides gets a search box.

The filters, which are themselves AI-based pattern matching rather than deterministic blocks, block certain query strings against that index. They do not prevent the indexing. The filter can be modified or turned off. If it even works at all.

Flock is asking for credit because its AI blocks certain searches. The thing worth noticing is what those searches are being run against, and who is running them.

Recent Privacy Questions About Development Practices

Now the post’s stated topic. In his post, Jason makes a number of factual allegations, all sourced directly from Flock event logs, before concluding:

On September 30th, 2025 - Bob [Carter, VP Business Development, Flock Safety] looked at just one camera. This camera is in the gymnastics room of the JCC. I personally am curious about why a sales employee from Flock would be viewing the gymnastics room. I think this also deserves an explanation.

…

The public deserves to know why Flock employees are using Dunwoody’s Flock system to look at live videos of people and children in the pool, gymnastic facilities, and fitness studios.

Note what Jason actually asks for: an explanation. Not a prosecution, not a verdict, not a character judgment. An explanation of why sales employees at a surveillance vendor are logged into a police department’s system looking at cameras inside a community center. That question has been outstanding since January, when Jason first brought it to the city council.

In its March meeting, long after Jason first contacted the city, Dunwoody IT presented the results of their security audit. Dunwoody looked at the same logs and found no issues.^[1] They didn’t answer Jason’s question. A month later, the mayor didn’t mention that city staff had already gone over these logs. She didn’t answer Jason’s question.

Now, three months after the question was asked, the answer is delivered via blog post: the employees named online are well-intentioned people who accessed a camera network with the city’s explicit permission, as part of their job, and are now being called predators for it.

Josh Thomas asks us to accept that it is part of his company’s sales executives’ jobs to give sales demos when kids are piled into the pool on a Wednesday afternoon, or when the gymnastics room is in active use on a Tuesday at lunch.

Here is the core of what is verifiable: a Flock executive, who does not work for the police, logged into a police account and opened a camera stream inside the gymnastics room at a community center.

The event logs published by Jason—which Flock does not dispute—show multiple accesses by at least two Flock employees, Bob Carter and Randy Gluck, to cameras inside the JCC across multiple dates in 2025, including cameras pointed at the gymnastics room, pools, and children’s facilities.

But the event logs show when a user starts viewing a stream. They don’t show when a user stops, or any detail to provide critical context. Maybe Flock’s employees now better understand how inadequate logging can facilitate abuse.

We can’t tell if looking up a license plate over and over in the middle of the night with only the stated reason of “investigation” is stalking. We also can’t tell if the “pool” camera was viewed for 30 seconds from a terminal inside a police station, or if it was left running for hours or days on a bedroom TV in another state.

Flock’s employees are seeing the end-result of multiple layers of failed policy, inadequate transparency, insufficient auditing, and no accountability. Employees at a private company should not have unescorted access to police surveillance data. If they had not had access, we would not be having this conversation. It’s that simple.

The principle of least privilege is not optional; it’s AC-6 under CJIS Security Policy v6.0; access should be limited to what’s “necessary to accomplish assigned organizational tasks.”^[2] Vendor and contractor access falls under PS-7 (External Personnel Security). Account management is AC-2. And the audit controls that would normally catch any of this are in AU-2 and AU-3, and AU-9. Nearly-identical controls exist under SOC 2 and ISO 27001. Both certifications Flock touts.

Months after the issue was first raised, Flock now claims the activity was approved under “the city’s demo partner agreement.” Flock did not provide its terms. Dunwoody never produced it in response to Jason’s open records requests. Flock employees at the March and April meetings didn’t mention it. The police chief and IT director stayed silent on it during the audit presentation at the March meeting. The mayor didn’t mention it when she addressed the issue at the April council meeting.

Dunwoody has now signed the deal. The incentive to stay on-message is gone, and Flock has moved directly to publicly accusing its “partner” of hiding an agreement as a post-hoc justification of its violation of public trust.

On Being Accused of Accusing People

Flock’s post includes this line, which is the most carefully lawyered sentence in it:

Accusing someone of spying on children is not a policy disagreement; it is a life-altering allegation.

Correct. Fortunately, no one in this story has made that accusation. Jason asked for an explanation—in writing, to the Dunwoody city council, on January 12, and every month since. What Flock has now done, three months later, is respond to an accusation Jason did not make.

Flock employees had the technical capability to watch children at a community center and accessed cameras pointed at those children. Whether any individual Flock employee used that capability maliciously is unknown and largely beside the point. The capability is the problem. The access is the problem. The absence of any meaningful oversight is the problem.

Josh Thomas would like the story to be about what is in a sales executive’s heart, because that is a story he can win. The story he can’t win is the one about Flock’s architecture.

What the Logs Actually Show

Flock’s post frames the Dunwoody events as a single routine demo at an unusually sensitive location. The event logs Jason obtained by open records request show 185 JCC-camera accesses by Flock VP Bob Carter alone since January 2025.

The network sharing is even worse. The JCC’s private camera network, labeled in Flock’s system “Dunwoody GA PD - Atlanta JCC Avigilon (Do Not Share),” was at one point actively shared by Dunwoody PD with three outside agencies, including Lawrenceville GA PD, which received permissions to view, record, and download live video streams.

That sharing was removed only after Jason disclosed it to Dunwoody’s chief, and the removal was performed by a user (“John Watson”) not in the user export—which should include historical users. A ghost administrator corrected a misconfiguration that was not supposed to exist in the first place.

At the March council meeting, Dunwoody’s own lieutenant told the public that only two neighboring agencies view live streams and that liveview access is “strictly reviewed and on a case by case basis.” The logs show 1,271 agencies with access. The logs show no access by any agency, including the two confirmed active users.

This is the environment in which Flock employees, in Josh Thomas’s description, are “well-intentioned” and “accessed a camera network with the city’s explicit permission.”

They may be. There is no way to know.

Strengthened Search Safeguards

This takes up the most space in Flock’s post; we can keep it short here. Flock describes its existing broken AI-based “FreeForm” moderation system, which did exactly nothing to prevent anything that happened here.

Testing Technology in Real World Environments

Mentioned in the same breath as “development practices.” Flock does not distinguish between “development,” “testing,” and “production”—in its post or in practice. It’s not an uncommon problem for venture-backed software companies, but it’s not a small one for Flock. I have written about this many times before, and Flock continues to signal it will do nothing to address it.

Flock’s approach is to let its developers and sales execs loose on a real police department’s account, connected to real cameras, pointed at real people—and, yes, real children.

The Cybertruck example Flock offers is this:

Here’s a concrete example: when the Tesla Cybertruck came out, we had to build a whole new ML algorithm to identify it. Nothing had been seen like that before. This requires testing and training the models in real-world conditions.

“A whole new ML algorithm” is an overstatement. Flock was failing to detect the Cybertruck as a car (or truck, or whatever it is). That’s a training task, not a new algorithm, and an entire industry exists to support exactly that kind of image-recognition training.

Even if Flock does all its ML work in-house, whether overseas or not, and uses only data collected under its government contracts, all it requires is an image and someone to answer: “Cybertruck or not Cybertruck?”

Nobody at Flock needs access to a police account. Not for software development. Not for sales demos.

The Remediation

Flock describes its fix this way:

Although the camera was only viewed once during a routine demo, we understand that this is a sensitive location for many. We have therefore determined that employees will be trained to only conduct demos in more public locations, like retail parking lots.

So the reform is: Flock sales employees will continue to log into police surveillance systems, run demos against live resident data, and view live camera feeds. They will just point the cameras at people and children in more public places.

There is no commitment to stop using production police accounts for sales demos. No commitment to separate development, test, and production environments. No commitment to publish the demo partner agreements. No commitment to audit, retroactively, every access a Flock employee has made to Dunwoody’s cameras. No changes to the logs themselves. Nothing structural.

Jason’s records work also documented Flock employees using Dunwoody’s system to create API connections to third parties with whom Dunwoody has no contract; data funneled through those integrations falls outside any contractual framework. This will not be addressed.

Flock’s repetition that “local agencies—not Flock—control who can access their data” falls especially flat when it’s delivered in the same post where Flock argues that it needs access to that data because it “must be tested and demoed, both to ensure we get everything right on the technical side and so other agencies and businesses understand how the sharing works.”

If Dunwoody PD authorized Flock to share these video streams with “other agencies and businesses” then that is perhaps even more problematic than broken vendor policies and architectures. It’s a police agency acting entirely outside of the scope of its lawful duties to the detriment of the local community.

If true—if the Dunwoody chief of police allowed video from within the community center to be shared with “other agencies and businesses” without being authorized to do so by the council—he deserves to be held accountable.

The signature on the demo agreement will tell.

Addendum to My Previous Post

In my previous post I wrote:

The city’s new MSA does not prohibit Flock from accessing Dunwoody’s account, and continues to grant Flock a royalty-free license to “support and improve Flock’s products and services,” which arguably describes what happened here. The license has no specified term and cannot be revoked.

That remains true, but it understated Flock’s asserted basis for access. I had assumed Flock would rely on its license for business purposes. Instead, per the blog post:

Similarly, one of the benefits communities most value about Flock technology is the ability for law enforcement to directly access privately owned cameras, if and only if the organization allows them to, for crime-solving and security purposes. This is also a feature that must be tested and demoed, both to ensure we get everything right on the technical side and so other agencies and businesses understand how the sharing works.

In a deeply Nixonian “when I do it it’s not illegal” move, Flock treats “demos” for “other agencies and businesses” as part of the government agency’s “crime-solving and security purposes.”

That’s Flock’s real-world interpretation of “the customer owns 100% of the data” and “Flock does not access the data.”

What You Can Do

Flock has now publicly asserted that side agreements authorizing vendor access to police surveillance systems are standard practice. If that is true, such agreements may exist in your city.

They are almost certainly not posted on any public agenda. They were not, in Dunwoody, produced in response to ordinary records requests until Flock itself acknowledged them.

Consider filing a public-records request with your city or police department for any agreement or other record showing whether your agency has entered into a demo or testing arrangement with Flock.

If you obtain any such agreements, or if your agency confirms none exist, I’d love it if you let me know.

Parents across the country have a right to know whether Flock employees are watching cameras in their local daycares, community centers, and schools—whether the reason is software development, testing, sales demos, or something else.

The city also entered into a contract for FlockOS 911 that will see call data transferred to Invictus, under an order form that incorporates Flock’s standard website terms and a separate set of Prepared911 terms rather than the MSA the city just negotiated. The city’s existing Flock-provided contract with ForceMetrics for sensitive, federally-regulated criminal justice information and health data did not get a mention at all in either the meeting or the new MSA.

The most controversial aspect of the relationship, that Flock employees on Dunwoody’s account had been caught watching the pool and gymnastics room at the community center, was vaguely explained and addressed only through platitudes before being hand-waved away.

If your city has Flock cameras, the contract almost certainly contains the same structural problems described below. Flock’s standard terms give it effective ownership of your data, cap its liability at near-zero, and leave critical regulatory obligations undefined. Dunwoody tried to negotiate and still ended up here.

Sales Demos and Empty Promises

The explanation was that Flock had been using the cameras in the gymnastics center for its sales demos. It wasn’t a case of Flock executives watching children, the mayor assured the crowd. It was Flock executives showing children to some unnamed third party to sell its product. This, in the council’s view, made the situation better somehow.

The city’s new MSA does not prohibit Flock from accessing Dunwoody’s account, and continues to grant Flock a royalty-free license to “support and improve Flock’s products and services,” which arguably describes what happened here. The license has no specified term and cannot be revoked.

The city will also continue to pay^[1] to send video surveillance footage from inside the privately-owned and -operated rec center and daycare to Flock.

But, rather than write safeguards into the agreement up for a vote, residents were told Flock had promised not to do it again. In the future, Flock promises, it will not expose images of Dunwoody children practicing gymnastics or going for a swim as marketing materials for its sales prospects.

The council accepted the explanation and the promise at face-value and without further inquiry.

What Dunwoody Didn’t Win

A day before the meeting, councilmember Joe Seconder had told Jason Hunyar, the soon-to-be Dunwoody Dad who discovered Flock’s viewing of the rec center, that the MSA would be raised “as a discussion item, not a vote.” This would be so “there will be additional time to provide feedback on the MSA … and what kind of revisions we can have set forth before a vote is held by council.”

Councilmember Seconder voted to adopt the MSA at that same meeting.

@Master Service Agreement

It prohibits Flock from using Customer Data “to train, fine-tune, or improve any machine learning, artificial intelligence, or algorithmic models” without written authorization from the City Manager. An email suffices.

It contractually mandates existing Flock features for data governance: a Federal Sharing Toggle that lets the city disable all data sharing with federal agencies (as defined by Flock), and a toggle to require case numbers and search justification for every query. Neither feature has to be enabled, but both must exist.

It contractually includes Flock’s “audit log masking”, where Flock no longer exposes the complete audit trail to its customers, framing it as a measure “to protect active investigations, law-enforcement operations, and sensitive data.”

It also requires a post-login CJIS acknowledgment requirement. Never mind that the aforementioned audit logs are a required component of CJIS compliance.

It freezes Flock’s incorporated Online Terms as of the Effective Date and bars unilateral changes without a written amendment signed by the Mayor or City Manager — but stops short at requiring council approval to modify the agreement approved by council.

These are concessions that sound good but collapse under even minimal scrutiny. They do not address the structural problems that make the rest of the contract a liability.

What Dunwoody Lost

The standard terms that place effective data ownership with Flock are left unmodified:

Flock retains the exclusive right to determine and control the method, timing, format, and medium of access or delivery of Customer Data … and is not obligated to provide Customer Data in any alternative form, format or transmission method outside of the Web Interface.

It’s not your data if you can’t access it and Flock doesn’t have to hand it over. It’s also not definitionally your data:

For clarity, Flock Property also includes any derivative works, intermediate or final outputs, analyses, reports, models, or other results generated by or through the Flock Services. Except for the limited ability to access and download Customer Data within the applicable Retention Period, no rights are granted to download, extract, export, or otherwise create or retain copies of such derivative works, outputs, or other elements of Flock Property.

A license plate number, a vehicle description, and arguably the raw image that Dunwoody won’t be able to access are a “derivative work,” “output,” or “result” “generated by or through the Flock Services.” “No rights are granted” to Dunwoody to any of this data.

Until the city manager sends an email, the AI/ML restriction limits what Flock can do with Customer Data for model training. It does nothing about data Flock classifies as Flock Property.

The Battle of the Order Forms

The city’s outside counsel assured the city council that the MSA with Flock would govern the city’s agreement with Invictus. She did not explain how the MSA, between Flock and Dunwoody, applies to an agreement with a separate company. She addressed the incorporation of Flock’s online terms by conclusorily asserting that the MSA would control; a possibility, not a given.

The FlockOS 911 order form does not incorporate the MSA. It incorporates the terms and conditions on Flock’s website and the Prepared911 Terms and Conditions at a separate URL. The council’s motion conditioned approval on execution of the MSA, but a condition precedent to signing is not the same as incorporating the MSA’s terms into the document being signed. The order form still says what it says. The council unanimously voted to sign the form that incorporates those terms rather than cross out the references and explicitly incorporate the MSA.

If Flock were to make the argument that the MSA does not govern the FlockOS 911 contract, it would have a strong position; the council agreed to the terms after adopting the MSA, and the MSA’s governance does not definitively follow from its structure:

The MSA defines “Agreement” to be the MSA plus any Order Forms. Its conflict-resolution clause handles conflicts between the “Agreement” (which includes the Order Form) and (1) any statement of work or purchase order, (2) special terms listed on an order form, (3) incorporated online terms. Conflicts between the “Agreement” and any “Order Form” (which is a part of the “Agreement”) are left unaddressed, because they are definitionally the same document.

$0 Liability

It’s a circular structure that’s especially damaging in the case of the Drone-as-First-Responder (DFR) contract:

1. Dunwoody signed a DFR agreement at some unspecified earlier date.^[2]
2. The MSA is executed. It “supersedes all prior agreements, understandings, and representations relating to the Flock Services.” The original DFR agreement is now dead.
3. The new DFR Order Form, approved during the April meeting, is executed “on the date hereof or following the Effective Date,” so it’s automatically part of the “Agreement.”

But the new Order Form incorporates “the previously executed agreement,” the document the MSA just killed in Step 2. It’s trying to resurrect terms that the Entire Agreement clause superseded. The conflict clause can’t resolve this. Not because it wasn’t designed for necromancy but because the new Order Form can’t conflict with the Agreement because it is the Agreement. There’s no hierarchy for resolving an internal contradiction within the Agreement itself.

The city is prepaying $200,000 for “Flock Hardware” it does not own and cannot maintain, per the MSA,^[3] but that’s not even the worst part: the MSA caps Flock’s aggregate liability at the total amount paid in the twelve months before a claim arises. Because the entire $200,000 is due at signing, in year two the amount paid in the preceding twelve months will be $0. Flock will carry no financial liability at all for operating an aircraft under contract with Dunwoody.

Drones, like any aircraft, are heavily regulated by the FAA. Those regulations are complex and violations can lead to severe penalties. Unsafe drone operations endanger other aircraft and persons on the ground. It wouldn’t be the first time a police drone collided with another aircraft.^[4]

Pricing

The pricing on the drone contracts is opaque. The first DFR Order Form lists a $300,000 contract total: $100,000 due in July 2025 and $200,000 recurring in January 2026, with a $160,699.50 discount on “Flock Safety Drone Hardware and Services”:

The second shows $200,000 due at signing with no discounts at all:

The first order is for “Flock Safety DFR 2.0 - 400ft”. The second for “Flock DFR - M4TD + Dock 3 (2 System Set)” and “Flock911 for Aerodome”. All items are priced as “included” under a platform fee that conceals the cost of each component.

Chief Carlson’s memo describes the second agreement as “the installation of additional DFR (Drone as First Responder) coverage,” which, I’m told, means Flock will add an additional drone.

Agreements All the Way Down

The original DFR agreement, the “previously executed agreement” on the order form, is an 11-page contract with a Product Addendum for “Unmanned Air Support as a Service,” two schedules covering training and specifications, and terms that place virtually all operational liability on the city.

@The original Dunwoody-Flock Drone Agreement

That agreement itself incorporates another “previously executed agreement” on its order form. That appears to be a “Government Customer Service Agreement” from 2021, which is specific to ALPR.

The original drone agreement makes Dunwoody responsible for ensuring that all crew, including pilots, visual observers, and sensor operators, hold the qualifications and certificates required by applicable FAA regulations. It also assigns the city “the entire risk of loss, damage to, theft or destruction of, all Flock Hardware” and states, in all capitals, that loss or damage “SHALL NOT RELIEVE CUSTOMER OF ANY OBLIGATION UNDER THE AGREEMENT.”

The agreement carves all drone data, including flight logs, telemetry, radar, and fleet information, out of Customer Data entirely. It classifies it as “Flock Drone IP” owned exclusively by Flock. The city cannot share any of it with third parties without Flock’s written consent. That restriction says “any third party” without an exception for regulatory authorities, covering the patently absurd situation where the city’s pilots can’t disclose flight logs or telemetry to the FAA or even ATC.

None of this is in the MSA that council reviewed and approved. The MSA has no terms concerning the drone program. If counsel is right that the MSA controls, the original drone terms are dead and there is nothing governing drone operations, FAA certification, pilot responsibilities, or risk of loss.

If the original terms survive through the Order Form’s incorporation clause, Dunwoody is responsible for everything: the pilots, the certifications, the waivers, the airworthiness, and the losses, while Flock owns the data the drones generate. Because it’s an order form, the MSA’s conflicts clause is inapplicable.

Either way, council and residents were told they had a negotiated deal: they don’t.

The State of Madlibs

Then there are the ForceMetrics terms signed by the city. Those were stapled to a Flock order form in February 2025. ForceMetrics is a data aggregation and analytics platform that pulls together internal databases like CAD (dispatch), RMS (records management), and JMS (jail management).

@ForceMetrics Terms and Conditions

The “Informed Responder” product Dunwoody uses “surfac[es] real-time Safety Signals in search results,” to give “first responders quick, actionable insights into critical risks—such as mental health issues, dementia, drug use and domestic violence.”

The ForceMetrics agreement assigns itself a forever-license and ownership of all “Derived Data”, and claims to be the “final, complete and exclusive agreement between the Parties relating to the subject matter hereof”.

ForceMetrics receives federally-regulated criminal history record information and criminal justice information, like names, addresses, and domestic violence histories. It also gets information about mental health and substance history, categories that may be federally protected health information.

To add to this mess, the ForceMetrics terms set a different liability cap (“[t]o the extent authorized by the constitution and the laws of the State of ____,” nobody filled in the blank) and say any conflicts will be handled according to Colorado, not Georgia, law.

Flock Understands and Acknowledges

At the meeting, the most bizarre clause in the agreement was not questioned by council:

Flock understands and acknowledges that prior to Customer contracting for or using any new Flock Services that it does not use as of the Effective Date, Customer must obtain approval from the City Manager of Customer

Why Flock’s understanding matters is anyone’s guess. It could be a way to nullify any effect of the clause because it doesn’t place an affirmative duty on anyone, it merely says Flock understands something. At least someone does.

Looking past that, “any new Flock Services” presumably come with additional legal terms. Those terms, as we’ve seen here, tend to have significant effects on liability and obligations. For example, when the Flock Services send 911 caller data to parties like Invictus, or when the Flock Services come with a requirement to maintain FAA-certification.

In any organization with even slight governance in place, entering into those types of agreements is not something a staff member should be able to do, with or without city manager approval. The city attorney and city council should have a say.

Not here. Dunwoody PD will keep signing agreements without legal review or council approval. Flock will continue to operate its Dunwoody Lab as it has for years.

The MSA requires some software toggles without requiring a setting. The AI-training prohibition can, and likely will, be easily voided via an email from the city manager. Every single structural problem is left untouched: the data ownership, the liability cap that zeroes out on a prepaid contract, the order form chain that either governs nothing or governs too much, the ForceMetrics terms governed by a different state’s law with an unfilled blank in the indemnity clause, and the 911 contract that exists entirely outside of the scope of the MSA.

If there is ever a contractual violation severe enough not to be hand-waved away, one the PD and council find more concerning than using children in the pool for sales demos, Dunwoody will now have to spend a small fortune on litigating the mess it has allowed Flock to create.

Of course, when such contractual violations can be waved away with a vague assurance that it won’t happen again, Dunwoody is unlikely to stand up to Flock and to assert its contractual rights.

A public commenter characterized the relationship as abusive. That’s exactly what it looks like.

The Search IDs

Around the time Flock made heavy-handed edits to existing government records, it added, or started to expose, an “id” field along with search results. From the outset, haveibeenflocked.com has ignored that field because Flock can’t be trusted to keep anything stable. As we’ll see here.

I don’t use Flock’s IDs and instead rely on other methods to handle duplicate entries, so I mostly ignore them. Then I received an email from someone who paid more attention. He had been manually downloading audit logs from transparency portals and comparing the files, noticing that entries change more than they should.

To be honest, I didn’t really believe him at first. It sounded implausible even for Flock to do something so technically terrible. Egg on my face.

Transparency portal search logs now typically look something like this:

e71b39a6-3cc8-4161-b4ec-e62c6e1cd135,***,2026-03-04T20:37:04.924Z,6050,invest

Because cops can’t be trusted with cop data, Flock’s network logs look about the same. In addition to the ID, they have a name of an agency. The idea is that an auditing PD will pick up the phone, relay the ID in their network log to the named agency, and verify that “invest” was a legitimate search.

With about 6,000 agencies doing 10,000+ searches per day, that’s a lot of phone calls.

This idea is obviously completely divorced from reality to begin with, but it’s being used — to great effect — to convince uncritical elected officials of the existence of accountability.

Now, I’m not sure what cops are supposed to do.

The Time and ID Changes

The transparency portal logs are produced on a 30 day rolling basis. So, if you downloaded the same log a day apart, you’d expect to see 29 days worth of identical records with one day trimmed and one day added. However …

On March 23, 2026, West Des Moines’ log showed these two searches:

e71b39a6-3cc8-4161-b4ec-e62c6e1cd135,***,2026-03-04T20:37:04.924Z,6050,invest
bc377b4b-2261-4fe1-a96c-ebb59217c061,***,2026-03-04T21:00:31.190Z,6051,invest

Two searches on March 4, both labeled “invest,” one at 8:37pm (UTC), and one at 9pm (UTC).

On March 24, 2026, they are both gone. In their place are two new searches:

9c685baa-cf80-478c-acf1-2df174a1d686,***,2026-03-04T20:26:48.972Z,6050,invest
ec162dff-51b1-4de6-be2d-16a2b2cd8411,***,2026-03-04T21:39:47.263Z,6051,invest

The also both happened on March 4, and are both labeled “invest,” but now one happened at 8:26pm (UTC) and the other at 9:39pm (UTC). That’s a significant difference.

If the same change happened in network logs, and if anyone had made that phone call about search ID e71b39a6-3cc8-4161-b4ec-e62c6e1cd135, they would have to make another phone call about the search that replaced it: 9c685baa-cf80-478c-acf1-2df174a1d686.

The problem appears broad. In the March 23 – 24 comparison alone (about 200 lines total) there were multiple changes:

-b76afd28-1246-4b3d-91d7-5f14642dd191,***,2026-02-25T20:56:59.751Z,2,Windsor Heights Fresh Stolen
+72db34f8-dd39-4d5d-814c-c968cb5e58b2,***,2026-02-25T20:52:17.101Z,2,Windsor Heights Fresh Stolen

-e71b39a6-3cc8-4161-b4ec-e62c6e1cd135,***,2026-03-04T20:37:04.924Z,6050,invest
-bc377b4b-2261-4fe1-a96c-ebb59217c061,***,2026-03-04T21:00:31.190Z,6051,invest
+9c685baa-cf80-478c-acf1-2df174a1d686,***,2026-03-04T20:26:48.972Z,6050,invest
+ec162dff-51b1-4de6-be2d-16a2b2cd8411,***,2026-03-04T21:39:47.263Z,6051,invest

-b8afc2dc-434c-41e3-8614-92134e713de8,***,2026-03-05T07:58:19.466Z,1169,
+3c652fad-db99-472f-bf7a-16430beb949d,***,2026-03-05T07:01:14.526Z,1169,

+8e10d1fb-2b66-4a0a-b4a8-2ef4b4f33899,***,2026-03-15T05:12:16.454Z,1,invest
-95134732-9341-420e-b830-901856bd4a75,***,2026-03-15T05:39:30.257Z,1167,invest

-e6941d9c-fbf2-4cbb-a54b-7c5d1fd391cb,***,2026-03-19T18:49:41.776Z,1166,
-d277a79e-0a14-4ccd-a561-8df2cfb7ca10,***,2026-03-19T19:00:37.487Z,1166,
+6f9738b1-1fbf-498a-b026-c8eda3d3aece,***,2026-03-19T18:22:11.557Z,2,
+18bf73c6-e37c-4246-ab1c-f98aae2849a6,***,2026-03-19T19:14:27.501Z,1166,

In this one file, about 7% of records changed within 24 hours.

Clanker Analysis

Asking the clanker to analyze the changes over multiple files it wrote a little Python script and produced:

WDM (8 snapshots, Mar 16 - Apr 4)

Non-rolling change rate per snapshot pair: 2.6% - 7.1% (avg ~5%)

Key patterns:

• Removals always equal additions — records are being swapped, not just deleted or added. This is highly suspicious and suggests some kind of rotation/replacement mechanism.
• No field modifications — records are never edited in place; they vanish and a different record with the same date appears.
• 17 “flickering” records that disappear and reappear across snapshots. Example: 95134732... (date 03-15) appears in only the 03-23 and 03-25 snapshots out of 8 — pattern ..Y.Y...

Johnston (3 snapshots)

Similar pattern: 3.9% - 8.2% non-rolling change rate, removals always equal additions, 2 flickering records.

The Takeaway (AI)

When it was done running its script, it gave its unsolicited, but almost accurate “key takeaway”:

The audit logs are not immutable. Every day, ~3-7% of records within the overlapping date window are swapped out (equal number removed and added, zero modifications). Some records flicker in and out across multiple snapshots, meaning the same record can be removed, reappear, and be removed again. This is consistent with records being retroactively added/removed from the audit log on an ongoing basis.

The Actual Takeaway

This is the straightforward explanation, but it’s not necessarily what’s happening. What could be happening is that Flock, like Axon, is distributing its database in an effort to sidestep accountability and ownership by conflating data control and data ownership.

I’ve called this nonsense out before as Flock saying the kitchen is not a central repository for pots and pans, because it has multiple cupboards.

But it may be what we’re seeing here. The log could be pulling in different entries from different “cupboards”, and not all “cupboards” may be available each time the log runs.

A distributed explanation is not any better than deleting and adding records in a centralized database. In fact, it would be a very fundamental, very fatal, flaw for records that are supposed to be immutable — like audit records — to have multiple copies in multiple places without a single authoritative copy.

Apparently log entries can go missing without Flock’s system throwing an error. If you can’t be sure that your log is complete, you can’t rely on it to show whatever it is you’re auditing for — it may have been deleted.

If you’re getting new results every day, your previous audits are automatically invalid and unreliable. A search that occurred at 9pm may look valid, but if a police officer goes off shift at 9:30pm and the next day the log shows the search happened at 9:45pm, that’s potentially unflagged off-duty use of a police system.

It could also cut the other way: the officer’s shift might not start until 9:30pm, and the logs will show improper use the first time around, but not the second (if anyone looks).

Network Logs

These observations are from transparency portal logs, which are largely performative to begin with. Whether the same holds in a network audit remains to be confirmed.

Examining older network logs, which did not have the IDs, entries can be seen disappearing between runs. Because I do not have enough overlapping data to fully confirm, I can only say that it seems very likely that the observed ID changes in West Des Moines and Johnston show a structural problem that has existed for a while now.

This finding alone should be cause to invalidate all prior audits, as well as all future audits until Flock addresses the problem.

States with mandatory audits, like Minnesota, and police departments with audit requirements, will have to redo their audits after it’s fixed. That’s a lot of phone calls.

That is, if they want to make good on their promises of accountability and oversight.

I won’t be waiting by the phone.

Via IPVM and KSHB

The company got caught sending data to Upwork contractors and Denmark. The CEO declares Flock is under attack. The CISO denies high-profile, very real security issues. The permit manager installs cameras without adequate permits in California, Iowa, and other states. The VP of Solution Engineering redacts information from log files. The Chief Legal Officer appears on niche livestreams. And marketing, seemingly sponsored by the City of Dunwoody, pumps out questionable videos.^[1]

You’d think Flock has enough to worry about at home. Now it’s going international.

We already know what Flock’s jurisdictional sprawl looks like domestically. The Virgin Islands Police Department — a Caribbean territory under an active DOJ consent decree for unconstitutional policing — was caught querying Flock cameras in Rogers, Arkansas for stolen vehicles and traffic violations. No one in Flock’s 5,000+-agency network — including Flock and the state agencies responsible for criminal justice information — has flagged that absurdity.

Now take that indifference and remove the American legal framework entirely.

Flock’s first(?) international reseller is Vumacam. A Johannesburg-based company that has been accused of building a digital apartheid, charged by regulators for operating without a license, and caught making false claims under oath about data protection compliance.

Sounds about right.

The Partner: Ricky Croock

Flock’s partner page lists Vumacam as a “channel provider”:

Vumacam is Flock Safety’s reseller partner in South Africa. The partnership extends Flock’s technology internationally, fostering safer communities abroad.

Via Ricky Croock's LinkedIn (spelled as "Ricky Crook" here).

Vumacam operates a network of over 7,000 cameras across South Africa’s Gauteng province — the majority concentrated in Johannesburg. The company was founded by Ricky Croock, a former private security operator who previously ran CSS Tactical, a company providing armed response, guarding, and CCTV services.

If you thought the Flock model couldn’t get worse: Croock found a way. Vumacam builds and maintains the camera infrastructure — poles, cameras, connectivity — and then sells access to private security companies, who pay a monthly fee for video feeds in their patrol areas.

The network includes over 2,000 automatic license plate recognition cameras that, as of 2021, scanned an estimated 9.68 million vehicle registrations per day. That figure has likely grown substantially alongside the network’s expansion to 7,000 cameras.

If this sounds like Flock, that’s because it is.

Croock and Vumacam’s History

The critical reporting on Vumacam is extensive, spanning investigations by MIT Technology Review, Daily Maverick, VICE, and the Pulitzer Center.

Operating Without Registration

South Africa’s Private Security Industry Regulatory Authority (PSIRA) charged both Vumacam and Croock personally with a code of conduct violation for operating a security business while unregistered with the authority.^[2] Police opened a parallel criminal investigation. Vumacam subsequently registered, but PSIRA confirmed both the criminal case and the code of conduct probe remained active.

For a company building a city-wide surveillance network, the sequence is notable: deploy first, register later. Flock has its own version of this approach where hundreds of cameras were installed on public roads without permits across Florida, Illinois, South Carolina, Texas, and North Carolina, with an Illinois DOT official receiving a thinly veiled threat that Flock would send “about 30 different police chiefs” to the office if permits weren’t fast-tracked. And that’s just the states that have taken some form of action.

Lying Under Oath

In a sworn affidavit to the Gauteng High Court, Croock stated that Milestone VMS — the video management software Vumacam uses — was “certified GDPR-compliant under the General Data Protection Regulation applicable under European Union law.” Daily Maverick’s investigation found this was not true. EuroPriSe, the certification body, had not officially accredited Milestone; the application was still pending.

Croock also told the court that Milestone “ensures responsible use of data by end users.” Milestone’s documentation says the opposite: users, not the software, bear responsibility for compliance.

We’ve heard these types of assertions before. Flock’s CEO Garrett Langley told the public that Flock had no federal contracts. That was also not true. Flock was running a pilot program giving Customs and Border Protection and ICE direct access to data from its cameras. After information about the program became public, Flock stated it shut it down, but quietly continued to run it.

And, of course, Flock has also claimed all sorts of compliance, including compliance with HECVAT, which is a vendor evaluation form, and CJIS ACE — a commercial certificate, every bit as valid as the official Certified Privacy Advocate Certificate from haveibeenflocked.com.

“We don’t track people or cars”

Exactly like Flock claims in the US, Vumacam has publicly claimed its system “does not track people or cars.” The company’s marketing materials also echo Flock’s — which makes sense, given it is a reseller — and show that the system can retrospectively map a vehicle’s complete movements over 30 days. Precisely the definition of tracking.

Private security companies can add registration numbers to watchlists without court orders. Police can request location data through private security databases without subpoenas or warrants.

That’s true in America and South Africa.

Digital Apartheid

The “digital apartheid” criticism is the most damning line of criticism against Vumacam, and it’s also the most structurally relevant to understanding what Flock’s technology does, both domestically and abroad.

A SafeCity pole in Sandton, in northern Johannesburg.

Vumacam deployed its cameras almost exclusively in affluent, predominantly white suburbs of Johannesburg because that’s where paying customers were. Poor Black townships were left uncovered, not out of principle, but because there was no revenue model — nobody hires ADT or other security companies there. The result is a surveillance geography that maps onto apartheid-era spatial divisions with uncomfortable precision.

Flock declines to release its camera locations and many cities have refused to release Deployment Plans and other documentation. Efforts like Deflock are underway and are beginning to draw Flock devices on the same maps as America’s apartheid-era redlined districts.

A leaked shift report from Fibrehoods, a Vumacam partner, documented 14 incidents flagging 28 people as “suspicious.” — a term that’s commonly found in Flock logs as a “justification” for retrieving 30-day location histories. All 28 “suspicious” persons in the shift report were Black. The suburbs in question were majority-white.

Michael Kwet, a visiting fellow at Yale Law School who studies the South African surveillance industry, drew a direct line to the apartheid-era dompas — the internal passport system that restricted Black people’s movement in white enclaves. Vumacam (x Flock)'s AI-powered camera network recreates this digitally: Black residents in historically white suburbs are surveilled, flagged, and tracked.

Police in the US say they need Flock to stop them from pulling Black people out of cars at gunpoint. South Africa shows what actually happens when surveillance infrastructure is deployed by private companies in a society with deep racial stratification.

Intent is irrelevant. The business model is what matters.

Why This Partnership Matters

Flock’s domestic troubles are well-documented on this site and elsewhere. Secret data sharing, secret employee access to camera networks, cameras installed without permits, a CEO who goes ballistic rather than address concerns, and these types of hits keep on coming while the company only offers empty promises through increasingly snazzy marketing videos.

The Vumacam partnership introduces something new. The Virgin Islands querying Arkansas cameras was a preview — absurd, unmonitored, jurisdictionally incoherent, but still technically domestic. It’s the diet version of what’s happening in South Africa.

In the United States, Flock’s surveillance network technically operates within — however loosely and poorly enforced — a framework of Fourth Amendment protections, state privacy laws, US DoJ policies, FOIA requests, city council votes, and the kind of public pressure that gets contracts canceled.

In South Africa, Vumacam successfully sued the Johannesburg Roads Agency when the agency tried to suspend its camera permits, and the court ruled that the JRA’s job was to protect road infrastructure, not human rights. No civil society organization has brought a subsequent case. The Information Regulator’s investigation into POPIA compliance appears to have produced no public enforcement action.

Flock gets to sell its technology into this environment through a reseller. It is insulated from direct accountability while Vumacam gets access to the surveillance platform of a $7.5 billion company backed by Andreessen Horowitz and Founders Fund.

Vumacam wants to be Flock as much as Flock wants to be Vumacam.

The Response

SafeCity — featured in the backdrop for the event photo where Flock, Matrix, and Vumacam promote the partnership — is Vumacam’s premium product tier. It is the pitch to government. In February 2024, Vumacam announced a partnership with the Gauteng provincial government giving officials access to a network of over 6,000 cameras and “advanced crime-fighting technologies.”

Response times dropped, the company says, from 18–30 minutes to 5–10 minutes.

Last month, in March 2026, apartheid police commander Eugene de Kock, nicknamed “Prime Evil” testified in court about the atrocities he committed in the name of public safety.

Now, South Africa evaluates a high-tech mass surveillance network that replicates apartheid-era movement controls and lack of oversight that let Prime Evil act with impunity when his security forces abducted, tortured and killed activists.

When Flock’s critics — “activists” mounting a “coordinated attack” according to its CEO — warn about what happens when surveillance infrastructure scales without democratic oversight, they don’t speak in hypotheticals.

Johannesburg proves the outcome: Apartheid 2.0, powered by Flock.

In 2021, the Riverside County Transportation Department issued the first of three encroachment permits to the Riverside County Sheriff’s Department for the installation of Flock Safety cameras on county roads. By October 2023, the Board of Supervisors had unanimously approved a $6.9 million contract to expand the program to 538 cameras.

Four and a half years later, the Riverside County Sheriff’s Department’s Flock Transparency Portal shows the sheriff uses 1,718 “LPR and other cameras.”

A CPRA request to the Transportation Department produced three permits, a handful of emails, and a sworn declaration that may be more interesting than the permits themselves.

The Permits

Riverside County Ordinance 499 governs encroachments within county highway right-of-way. Any structure placed in the road right-of-way — including 13-foot surveillance poles with cameras and solar panels — requires a written permit from the Director of Transportation.

@Riverside County Ordinance 499 (as amended through 499.16)

Three such permits were issued:

ENC21120546 (December 10, 2021 – September 1, 2023)

Originally authorized two cameras. Expanded through riders to cover 33 named locations and a blanket permission to add more via individual location notifications (RD Form 136).

@ENC21120546 — Original Permit

@ENC21120546 — Rider 1

@ENC21120546 — Rider 2

ENC23110539 (November 14, 2023 – November 14, 2024)

An annual blanket permit covering “various county road rights of way.” This permit was explicitly styled as an extension of the first.

@ENC23110539 — Second Blanket Permit

ENC25061408 (December 5, 2025 – December 5, 2026)

Another annual blanket permit, the current one. It was issued with a single RD Form 136 notification on file — one camera, in Anza — and four total documents in the folder.

@ENC25061408 — Current Blanket Permit

No Permit, No Problem

The second permit expired on November 14, 2024. The third was not issued until December 5, 2025.^[1]

During those 13 months, the cameras did not come down. The $6.9 million contract continued and Flock’s operations apparently continued without interruption under Riverside County Sheriff and Republican gubernatorial candidate Chad Bianco’s watch.

Ordinance 499 Section 6 prohibits anyone from “constructing, installing, operating, or maintaining” any structure in the county right-of-way without a permit. That’s not limited to construction — it covers the cameras just sitting there running.

The permits themselves reinforce this. The authorized work is not just installation — each permit grants permission to “install, operate and maintain” the cameras. Each is “to be strictly construed and no work other than that specifically mentioned above authorized hereby.”

When the permit expires, so does the authorization to operate and maintain. The first permit’s void date was extended twice via riders — acts that only make sense if the date is an operative constraint. And in December 2025, the county issued a replacement permit with identical scope and authorization language. If the prior permit was still valid, the replacement was redundant.

The second permit’s own conditions made the obligation explicit. Condition M12 on ENC23110539 states: “Upon expiration of this permit, the permittee shall remove the temporary poles and cable.”^[2] The current permit repeats this language and adds: “It is the Permittees responsibility to maintain a valid permit.” The permittee did neither.

Nothing was removed. No extension was obtained. No replacement was issued for thirteen months.

The CPRA request covered all encroachment permits issued between January 2020 and March 2026. The county produced exactly three. The county certified under oath that no other encroachment permit, extension, or authorization exists.

No Application, No Problem

The county requires each permit application to be “in the name of the person, agency, entity, or authorized agent owning the encroachment and controlling the construction of the work.” It adds that the county “would require documentation of the Utility Owner’s authorization of a third party seeking a Permit on behalf of the Utility Owner.”

The applications list “Flock Safety” as applicant and owner — correctly, since Flock owns and installs the cameras. Three different Flock employees signed applications over the life of the program: Danny Campos, Will Warren, and Derek Porcella.

But the permits were not issued to Flock. They were issued to “Riverside County Sheriff Department C/O FLOCK SAFETY.” The Sheriff’s Department is the permittee on all three permits — holding the obligations, the liability, the strict construction clause — despite never having applied for them. There is no application from the Sheriff’s Department on file. No one at the Sheriff’s Department signed anything.

Flock applied. The Sheriff’s Department got the permits. And no authorization exists connecting the two. The county certified under oath that there are no letters of agency, powers of attorney, or similar documents from Flock authorizing the Sheriff’s Department — or anyone — to hold encroachment permits on Flock’s behalf. Nor are there any documents from the Sheriff’s Department authorizing Flock to apply on its behalf.

The county seemingly decided on its own that a permit applied for by “Applicant/Owner: Flock Safety” should be issued to the Sheriff’s Department. And Flock apparently decided that it could treat that permit as its own and forge ahead with installation.

And this didn’t happen once. The third permit application was byte-for-byte identical to the second one. The exact same PDF was filed under both permit numbers. Same date (November 7, 2023), same agent (Derek Porcella), same Flock Safety mailing address in Atlanta, same description of work, same signature.

And the same outcome: the new permit was also issued to the Sheriff’s Department, not the applicant.

@Permit Application — ENC23110539 / ENC25061408 (dated 11/7/2023)

No Authority, No Problem

This is the part that likely matters most, legally.

Riverside County Ordinance 499 Section 6 states that permits “will be issued for only Utility purposes” on county highways. The ordinance defines “Utility” as water, sewer, irrigation, gas, petroleum, cable TV, electric, and communications facilities. Surveillance cameras are none of these.

For non-utility encroachments, the Director of Transportation may issue a permit if satisfied of three things: (1) the use is in the public interest, (2) there will be no substantial injury to the county highway or impairment of its use, and (3) the use is reasonably necessary for the functions of the applicant.

Flock’s cameras are commercial surveillance products owned and operated by a private company. The Sheriff’s Department has a software service contract to access Flock’s data — both inside and outside Riverside County.

The Director’s finding that these cameras satisfy the three-prong test in Section 6 would be the legal prerequisite for every permit in the chain. Without it, the Director had no authority to issue any of them.

No such finding accompanied any permit application.

Whether such a finding could survive scrutiny is a separate question. Is a private company’s occupation of public right-of-way to operate a for-profit surveillance network “in the public interest”? Is it “reasonably necessary” for Flock’s functions that its cameras sit on county roads rather than, say, private property with the owner’s consent?

No Locations, No Problem

Riverside County has contracted for over 500 Flock cameras. Not all of those are on county roads. Some are on city streets, some on Caltrans state highway right-of-way, some on private property. The permit documents include handwritten annotations identifying specific cameras as “NON COUNTY/city,” “CALTRANS,” and “City St/Grand Terrace.”

Someone at the Transportation Department reviewed the camera deployment list, saw cameras on roads the county doesn’t control, and marked them accordingly. But no formal record of that analysis was ever created.

I asked for any records reflecting which of the 500+ cameras are within county highway right-of-way, or any determination that specific cameras did not require a permit. Again, the county certifies that no such records exist.

When the county’s records custodian was asked about the gap between 500+ contracted cameras and the roughly 80 installations documented in the permits, the only response was informal and vague: “some locations may not have been permitted as they could be private or non county maintained roads.”

That’s it. No spreadsheet, no memo, no analysis. The county issued blanket permits for “various county roads” — possibly subject to the typical Flock “deployment plan” — but never really determined which roads it was talking about.

No Traffic Plans, No Problem

Every encroachment permit in the production requires a traffic control plan under Condition C05 — a safety document showing how workers and traffic will be protected when someone is installing equipment in a roadway. The current permit, ENC25061408, goes further and requires the TCP to be signed by a Professional Engineer.

The county produced one set of traffic control plans: for the Spencer’s Crossing project, eight cameras, prepared in February 2023 under the first permit.

No other traffic control plans exist.

That’s a 98% noncompliance rate.

No Fees, No Problem

Section 15 of the ordinance requires that permit fees be paid “at or after the time application is filed, but in any event before the Permit is issued.” The fee fields on every application in the entire production — all three permits, every application, every rider — are blank.

Section 16 exempts public agencies from permit processing fees if they have “lawful authority” to use the right-of-way for the permitted purpose.

Flock applied in its own name. But the permits were issued to the Sheriff’s Department — a public agency — triggering the fee exemption. A private surveillance company applied, a public agency was listed as permittee, no fees were charged, and no one documented why.

No Records, No Problem

None of the above rests on inference or supposition. Each point traces back to a single document: a Declaration of Custodian of Records executed March 23, 2026, signed under penalty of perjury by the county’s records custodian.

The Declaration addresses each follow-up item individually and certifies that the county has no responsive records. This is not a case where documents might exist but were missed. This is the county’s official position, under oath, that these records do not exist.

This is not some isolated paperwork hiccup in Riverside County from a well-meaning county official unable to find records that really exist. Across the country, Flock cameras go up on public roads under permits that no one reviews, with safety standards no one enforces, issued to applicants that no one verifies. Flock routinely operates cameras with expired permits or without an active contract. Riverside County is one of many.

@Declaration of Custodian of Records — March 23, 2026

The Law in “Law & Order”

Riverside County’s surveillance camera program operated for over four years under three encroachment permits issued to an agency that never applied for them, based on applications from a company that never received them, without the legally required public interest determination, without traffic control plans for the vast majority of installations, without fees, and — for 13 months — without a permit at all.

Each of these permits was issued to the Riverside County Sheriff’s Department. Flock — the owner/operator listed on the permit applications — never received a permit but still installed and continues to operate hundreds of surveillance cameras without a valid permit.

The $6.9 million contract belongs to Sheriff Chad Bianco’s office. The entire Flock deployment — from the first two cameras in 2021 to the 1,718 “LPRs and other cameras” now in Flock’s system under the sheriff’s name — occurred during his tenure.

Ordinance 499 Section 18 provides that any person who operates without a required permit, or who violates permit conditions in a way that jeopardizes person or property, is guilty of a misdemeanor punishable by fine, imprisonment, or both.

The wrong permittee is not a technicality. A 13-month gap is not a technicality. Not paying the fees is not a technicality. These are all separate material flaws resulting in unpermitted occupation of public right-of-way by a corporation, based on a permit issued to a sheriff tasked with enforcing the county ordinance that makes it a crime.

The Order in “Law & Order”

The county does not know, from its own records, which cameras needed permits. It has no mechanism to determine which cameras are on county roads, which are on state highways, and which are on someone else’s property.

The Director of Transportation issued permits to the Sheriff, who had never applied for any, without the required public interest finding, and without traffic control plans for all but one installation. When the second permit expired, no one acted. When a replacement was finally applied for thirteen months later it was with the same application — literally the same file — Flock had used for the prior permit. The new permit was also issued to the Sheriff.

That permit process was handled by a Permitting Manager at Flock with over a decade of experience in right-of-way permitting. None of these issues were discovered when processing the permits or through any audit or investigation in three years. Neither Flock’s permit expert, the Sheriff’s Department, nor the Transportation Department raised a flag.

That process — namedrop Chad Bianco, skip the fees, ignore the regulations — is the law and order he now offers California.

The Timeline, According to Flock

The timeline begins with an “External Claim” in March 2025, where “an individual contacted Flock with security findings after acquiring a device through illegal, unauthorized means.” Presumably, this refers to Jon Gaines’ research. A year later, Flock has not fixed those issues.

What it has done is reflected in the rest of the timeline: it “disclosed and addressed low-severity vulnerabilities,” it “responded to” the research, and it “published a response debunking false claims that the company had been hacked.”^[2] None of that fixes the issues that were disclosed to Flock in March.

The first of those actions, disclosure, happened in November, after Gaines published his report. Before November, Flock had not disclosed the issue. Not even to its customers. This is despite the requirements of the CJIS security policy, which require vendors to notify the government agency and the FBI.

The Iowa Department of Public Safety (a Flock customer and CSA for Iowa) confirmed it had received no notification from Flock. Other CSAs — the Florida Department of Law Enforcement and the Illinois State Police — did not respond to a Sunshine Act request, or asserted that vulnerability notifications are “ALPR data.”

Despite a contractual and legal obligation to provide this notification to its customers, Flock did not do so for eight months, and then only after its customers found out.

The timeline does not discuss a YouTube video before pivoting to a “second” one with “misleading claims about Flock PTZ cameras.” Flock’s timeline says it “addressed” those claims.

“Misleading Claims,” According to Flock

The “Readdressing Misleading Claims About Cybersecurity at Flock” is a lie. Not because its content is false — although it’s not exactly true — but because it doesn’t even do anything resembling addressing claims, like the section heading promises.

Can’t even trust a heading. Anyway …

I want to be crystal clear: vulnerabilities are a part of the development process of hardware and software. No company on the planet is infallible, nor is any company unhackable. It is an expected and normal process for vulnerabilities to be discovered and remediated at each stage of software development. From the point of a developer writing code all the way to that finished product running in production.

We engineer bridges and buildings so that they don’t collapse. We do all sorts of math and engineering and further science so this doesn’t happen. But occasionally, and unfortunately, they do collapse. When they collapse, we don’t shrug our shoulders and say “it’s part of the process.” We investigate the cause and address it. We make meaningful, articulable improvements to our engineering processes and standards.

We now have those collapses and their fixes codified in laws and regulations and we explain them in engineering textbooks and use them as examples on powerpoints at industry conferences and seminars. That is why we now have buildings and bridges that are more earthquake resistant than 100 years ago.

We don’t hide the problem. We don’t say it’s “an expected and normal process” for a bridge to collapse.

It’s an exceptional situation for a bridge to collapse, just as it’s an exceptional situation for a software vulnerability to be discovered in production. And just as people have died from buildings crumbling in earthquakes, people have died from insecure surveillance networks.

You don’t hide engineering issues — civil or software. You make them public, you address them, and you learn from them.

But, despite claiming that discovering these issues in production is “expected and normal,” Flock’s bulleted list of what to expect from a vendor does not include it.

The list does not mention notification or remediation for production issues. No timelines, no categories, no mentions of public vulnerability trackers, no issue categories, or anything else. Not even a “We will notify our customers and provide a remediation plan within 48 hours” or anything similar.

Flock’s Cybersecurity Team

Flock continues to invest in our team and has 10 new headcount positions slated for hiring this year, adding to our existing team of 20+ engineers. Cybersecurity is nothing without people.

This is the exact opposite of what Flock should be doing. Instead of hiring more engineers to develop more buggy AI-powered features and release more half-finished websites, Flock should be investing in hiring policy and security experts.

The post then lays out some team names without defining their headcounts, budgets, or positions in the organization hierarchy. In some companies, a 50-person “DevSecOps” team is focused on security and can shut down production when needed; in others, it’s literally one guy in Mexico City writing scripts so developers can automatically release code without review.

Castaldo does not even hint at where Flock might fall on that spectrum, and that’s cause for concern.

The “First” video

Although Castaldo omits the November video — which was Benn Jordan working with Jon Gaines — from the timeline, he devotes a section of the post to it.

In November 2025, a YouTuber released a YouTube video with two other individuals claiming to have “hacked 80,000 Flock cameras”. That statement tells you all you need to know about the credibility of the individuals and the video itself.

The video is titled “We Hacked Flock Safety Cameras in under 30 Seconds.” The closest thing to Castaldo’s quote is: “Upon further investigation, it turns out that there are over 80,000 of them. And um we got some and we hacked them.” Which is 100% true.

Blatantly misquoting an opponent’s statement before attacking it tells you all you need to know about the credibility of that individual.

Castaldo uses some choice words like “illicitly,” and “illegally” to characterize the acquisition of the Flock hardware. There is nothing “illegal” about buying hardware, and absolutely nothing suggests that Gaines (or whoever bought the hardware) did so illegally. Falsely accusing someone of criminal conduct is defamation per se in most jurisdictions.

Flock did not disclose these issues to customers. Flock did not notify customers in accordance with industry best practices and according to CJIS standards. Flock did not close out any CVEs, nor did it open any new ones. Flock did not tell Jon Gaines “we are aware of this and we will fix it.” And at no time in 2025 (or at all, for that matter) did Flock communicate a fix.

While the findings were legitimate, they were all of low severity. Meaning the risk to customers or customer data was near zero.

Of the findings in the report, many are high severity when going by the framework laid out by the U.S. Department of Justice, which governs much of the data. Castaldo does not specify what framework he uses for his “low severity” classification or his “near zero” risk assessment.

Dunwoody gave us vibes-based auditing and compliance, Castaldo adds another layer: vibe-based cybersecurity.

Had this individual not prevented [the camera] from connecting to our cloud, most of their findings would have been moot.

This is a fair enough statement in isolation, but does not address the two key problems.

First, there is no evidence that Flock discovered and fixed these issues, and rolled out an update. No required customer notifications, no proactive security disclosures, nothing. Complete silence.

If these issues were indeed fixed, and were not the result of plain negligence, nothing is lost by publishing these issues. Most software vendors do exactly that to build trust. Microsoft, for example, has a page called “Vulnerabilities and Exploits” on its main website, and it includes a list of fixes with each update, including any security fixes.

If Flock had published anything or notified anyone, cross-referencing those notifications against Jon Gaines’ report would make for an easy exercise in ticking off fixed issues and seeing what — if anything — remains.

Flock could easily restore trust and show that it is on top of its security by publishing a few emails that it already sent to its customers when it first discovered these issues — as it is required to do — or when it fixed the issues — as is standard practice.

Second, there have been no patches for this particular operating system since 2021. While security issues could have been deployed for Flock’s custom software, no vendor OS fixes were released.

Connecting it to the network would not have caused non-existent patches to be applied.

The “Second” video

This individual did not ethically submit any information to Flock prior to the release of their video

If I’m recalling the video correctly, it is true Jordan did not submit information to Flock prior to the release of the video. The last time issues were disclosed to Flock — in March, according to the timeline — they were not fixed or disclosed even months later (or, to this day, as far as I’m aware). Disclosure to a vendor is often the right choice, but there are no bright lines in ethics.

In this case, anyone whose ethics dictate minimization of harm would have done exactly what Jordan did. He denied Flock a second opportunity to jeopardize people’s safety by trying to bury an issue, as they did when issues were disclosed to them in March.

Just Keep Digging

Flock worked with our carrier partner to quickly resolve the network configuration issue. … Flock has also modified the diagnostic interface to require our technicians to log in with a username and password. Again, this interface is intended to be usable when a technician is physically present.

First, let’s address that the software had to be “modified” to require a username and password.

According to Castaldo’s post, Flock did all of these things:

• “Threat modeling during the design phase of a product”
• “Scanning and fixing code as the developer is writing it”
• “Scanning and fixing finished code when a developer submits it to the code repository”
• “Scanning and fixing applications running in production”
• “Continuously scanning and monitoring the infrastructure the application is running in”
• “Conducting penetration tests against all of the above.”

To top it off, he writes immediately below that list: “There is a cliche about cybersecurity being an onion with many layers, and that remains accurate today.”

Yet, in that whole development process, nobody at Flock, at any time, said: “hey, maybe we should require a username and password.” Even hardcoding “DonkeyKeepOut!” as a password would have prevented Jordan from gaining access.

The second issue is that no matter what layers Flock might have in its development process, there was only one in its security: Verizon’s configuration. In this, Flock’s security model is more like banana: a single layer that can easily be peeled away by anyone who wants access.

Flock gave Verizon the unchecked, unreviewed, unsupervised, ability to create and manage the security configuration for an interface that was not secured with a password.

Even without a “misconfiguration,” Verizon employees would have had access. A company with roughly as many employees as Burbank, CA has residents (plus who knows how many contractors) having unfettered access to live videos of kids playing in parks is Castaldo’s baseline definition of secure.

On Android

The software on Flock’s cameras hasn’t received vendor security updates since 2021. That is the central fact of this section of Castaldo’s post, and the one he does not address. Instead, he offers several paragraphs of technically misleading context about chip architectures — context that, on examination, actually makes his position worse.

Flock hardware runs on a heavily modified version of the Android operating system maintained by Google. This is an open-source operating system, meaning anyone in the world can look at the code and use it.

Flock has “heavily modified” Android, but never published those modifications. Yet we should feel assured — presumably based on vibes — that its “heavy modifications” are not material enough to affect security.

This is very different from the CPU in a computer running Windows or MacOS. Qualcomm’s chipsets are purpose-built and support specific operating system versions.

This is somewhat backwards, because hardware vendors don’t tend to build chips to accommodate operating systems, but it’s accurate enough in the way it matters: there is a fixed relationship between the hardware and the OS.

Flock Falcons reportedly use Qualcomm Snapdragon 625 chips, which are early 64-bit ARM chips (like the M1/M2 chips in current Macs). These were supported by Android until version 8.0 or 8.1, support for which ended in 2021. This is the same as support for older Intel-based Macbooks, which is also ending. There is nothing particularly unique or different about Qualcomm chips in that regard.

It’s theoretically possible that for the past five years, Flock has been paying engineers to backport security fixes to this unsupported version of Android. There are projects like LineageOS that do exactly this to support aging phones in primarily low-income countries.

It’s also theoretically possible that Flock designed the Falcon around 2017 around the then-popular Snapdragon 625, and that it did not replace all of its devices in 2021 when supported ended, but instead designed an entirely new line of devices (which it called “Flock LPR”), with the goal of replacing the Snapdragon 625-based Falcons as they age out of service.

Qualcomm produces a custom, heavily modified version of Google Android that is designed to run on their chipsets.

Qualcomm does produce a modified Android that is optimized for its hardware, this much is true. The problem is that Qualcomm takes an official Google Android version and modifies it for its hardware.

Qualcomm released its last full BSP for the Snapdragon 625 in 2019, and its last security update in Q4 of 2020.

Android Things

Gaines’ security report finds a problem in “Android Things 8.1” being EOL. Android Things was a popular OS for the Snapdragon 625. In the blog post, Castaldo emphatically bolds that “Flock has never used Android Things, in any product.”

Never mind that it contradicts the earlier “all of the findings were previously discovered by Flock’s cybersecurity team,” or that this is the first time Flock has raised the point, the distinction between “Android Things 8.1” or “Android 8.1” is irrelevant.

Because “Qualcomm’s chipsets are purpose-built and support specific operating system versions,”^[3] none of those “specific operating system versions” have been supported since 2021. Not Android 8.1, not Qualcomm’s BSPs, not Android Things 8.1.

Even if the statement were true — which I doubt, because I trust Gaines and Jordan to be able to identify an OS — it would be a nice “gotcha” on an entirely meaningless fact.

At the end of the day, the software hasn’t received security updates since 2021. That’s the point that matters, and the one Castaldo does not address.

Backporting

We will continue to backport any necessary security patches, as required under our agreements with all customers.

If Flock is indeed backporting security patches to Android (Things) 8.0 or 8.1, or whatever the case may be, then security itself may not be the issue. However, “as required under our agreements with all customers” includes the requirement to notify customers when they do discover security vulnerabilities.

Each time Flock backports a fix, its contracts — at least those with CJIS security addenda, which should be all government contracts — require notifications to be sent to contracting agencies (and the FBI). No notifications have ever been sent out.

The other problem is that Qualcomm’s proprietary modifications to Android, which Flock just explained are tied to the hardware, are not open source at all. There is no backporting fixes to those parts of the OS.

Third party attestation

Yes, Flock has qualified third-party attestations of its cybersecurity. What you should also expect from your vendors is continuous audits by qualified, third-party firms. Flock takes this seriously and goes far beyond surface-level audits.

The post rattles off a list of security standards or frameworks, this time omitting HECVAT and FERPA, and points to its “trust center” where, “[o]nce you gain authorization for access, you may review” the relevant documents.

But you don’t need access to see that the list of actual certifications — SOC2 Type II, ISO 27001, ISO 27017, etc. — are about organizational and procedural controls, not software vulnerabilities.

Flock “maintains standards” of “CJIS Insights”, “CJIS ACE”, “FedRAMP 20x,” and “NDAA”. “CJIS Insight” (singular — Flock can’t even get the product name right) is a compliance-tracking software dashboard sold by Diverse Computing, a company in Tallahassee, Florida. “CJIS ACE” is a commercial compliance assessment also sold by Diverse Computing. Neither is a government certification, and neither is affiliated with the DOJ or the FBI.

This is where it gets really interesting and where we have to break out our diamond pickaxes.

Castaldo spent most of this post assuring us that their use of an outdated operating system is fine because they backport software. Now he invokes CJIS and NDAA.

CJIS requires the use of FIPS-140 validated encryption modules. FedRAMP — which Flock also claims and which was codified into law by the NDAA — independently requires FIPS-140 validation as well. To the extent Flock has FIPS-140-2 validation, it has never produced documentation to my knowledge. Soon — in September 2026 — FIPS 140-2 will be no more. Flock will need to move to FIPS-140-3.

FIPS-140-3 places stricter standards on the “Operational Environment,” which includes the operating system: Flock will have to validate the combination of obsolete hardware (Snapdragon 625) and custom operating system as a single “hybrid module.” So far, such a hybrid module does not show up in NIST’s database.

As previously reported, Castaldo’s co-founder at “Security Tinkerers,” Will Lin, sits on the board of Bishop Fox — the firm Flock hired for its security audit. Castaldo mentions Bishop Fox only once in passing in this post, and does not mention this relationship at all in the section about third-party verification.

The Proof

I have called for this before, and I will call for it again: Flock should publish its actual NIST validation certificates, and its security disclosures to its customers.

Castaldo’s 2,000-word defense does not contain a single customer notification, a single CVE, or a single NIST certificate number. It relies on strawmen arguments, mischaracterizations of hardware lifecycles, and a little light defamation.

Stop digging and start fixing.

Note

Correction (April 21, 2026): The Tampa section of this article previously attributed reporting by The Tampa Monitor (Michael Bishop) to Creative Loafing Tampa, which had syndicated the content under a Creative Commons license.

The section also conflated council member quotes from an earlier vote to approve a direct Flock Safety contract with the subsequent RedSpeed speed camera piggyback vote.

Additionally, the section now includes Tampa Police Chief Bercaw’s memo stating that the RedSpeed cameras will not incorporate Flock ALPR integration. These errors have been corrected.

In Florida, every time a parent drops off a child at a Hillsborough County school zone, RedSpeed cameras capture continuous HD video of their vehicle. The footage is fed, via RTSP stream, directly into Flock Safety’s national surveillance network where it is processed by Flock’s AI, stored on Flock’s terms, and made searchable by thousands of agencies nationwide.

The contract governing this arrangement contains no data retention policy for the surveillance layer, no restrictions on who can access it, no privacy provisions for the people being filmed, and not even a reference to Flock’s terms of service. The word “privacy” does not appear — except once, regarding credit card processing when subjects pay for the privilege of their surveillance.

The pricing page of RedSpeed’s winning proposal says it plainly: “Flock Wing License(s) Included.”

What Hillsborough County Bought

In 2024, the Hillsborough County Sheriff’s Office solicited proposals for automated speed enforcement in school zones (RFP 2024-003). RedSpeed Florida won the contract. Its 80-page proposal made the Flock integration central to its pitch.

On page 5, a letter on Flock Safety letterhead, signed by Todd Troutman, Senior Accounts, confirms the partnership:

Flock Safety and Redspeed have partnered together to support many different agencies. Flock Safety is able to provide an additional layer of software to the Redspeed cameras (speed and red light). This allows the Redspeed cameras to be turned into ALPRs that push images into Flock Safety’s cloud and allow agencies with access to those cameras to search for vehicles.

…

In order for the two systems to work together, Redspeed will provide Flock with RTSP streams for the given cameras. From there, Flock Safety will integrate the camera stream into the Flock system thus allowing the software to be on the camera, turning it into an ALPR. The camera is then plotted on the Flock Safety map in the application to appropriately locate where the cameras are.

…

As of March 2024, Redspeed is the only company with whom Flock has partnered with to offer Wing LPR integration on school zone enforcement and/or red light cameras.

@Flock Safety Letter to RedSpeed (from HCSO RFP 2024-003)

RedSpeed’s transmittal letter was even more direct:

ONLY RedSpeed can offer integration with Flock. We have enclosed a letter from Flock confirming this fact. We have collaborated closely with Flock to optimize interoperability… We have successfully integrated over 100 Flock systems in current installations; our competitors have integrated zero Flock systems. Only RedSpeed offers this direct integration, and Flock is included in the RedSpeed price. Integrated Flock means RedSpeed’s cameras are feeding the Wing System for enforcement synergy. It also means fewer poles and solar panels.

Enforcement. Synergy.

RedSpeed’s proposal includes a competitive comparison table highlighting “True integration with Rekor/Flock/Vigilant” as a checkmark for RedSpeed and a red “denied” for “All Competitors.”

The proposal emphasizes that RedSpeed cameras deliver “lane-specific, high resolution (3000x5000 pixels, 30 frames per second), video cameras” — and that RedSpeed “provides the ability to live stream video from all cameras (no still cameras).” It also states that RedSpeed “provides at least 45 days of storage” and “Flock ALPR at all locations, included in the RedSpeed Price.”

RedSpeed’s stake in all this is straightforward. It offers a “turnkey” service — everything from taking a picture to swiping a credit card — for “35% of the Governing Body’s Statutory share of collected revenue.” In Hillsborough County alone, more than 105,000 violations have been issued since fall 2024, generating over $6 million in paid fines; a local magistrate called it a rip-off.

@RedSpeed Full Proposal — HCSO RFP 2024-003 (80 pages)

In Alpharetta, GA, it was structured a little different: the county had to pay 2% extra to give the data to Flock. Maybe that’s Georgia-based Flock’s home field advantage at play.

The Silent Contract

What matters most about the Hillsborough procurement is what the contract doesn’t say.

The HCSO-RedSpeed contract consists of three incorporated documents:

1. The RFP solicitation (HCSO RFP 2024-003, 39 pages)
2. The draft contract template (11 pages)
3. RedSpeed’s proposal (80 pages, including the Flock letter)

@HCSO RFP 2024-003 — Final Solicitation

@HCSO RFP 2024-003 — Draft Contract

The Request for Proposals

The RFP explicitly required ALPR capability (Part D, Section 3):

Qualified, proposing firms must demonstrate competence and experience with Automated Speed Enforcement Systems and Automated License Plate Reader systems

It required video, not stills (Part C, Section 3.A):

Video Technology is required. Still shots are not acceptable. Respondent proposer must utilize radar and/or laser automated speed detection systems.

And it required subcontractor disclosure (Part B, Section 5):

If a Proposer intends to use subcontractors, the Proposer must identify in the Proposal the names of the subcontractors and the portions of the work the subcontractors will perform.

What was not in the RFP were any specifications for how ALPR data should be governed, stored, retained, shared, or deleted.

What the draft contract covers

The draft contract is an 11-page template with fill-in-the-blank fields. It covers: term (3 years + three 1-year extensions), insurance requirements, E-Verify compliance, subcontracting (generic), public records obligations (per Florida § 119.0701), indemnification, and confidentiality — but only of “Sheriff Operations” (Section 23).

What the draft contract does NOT cover

• Data retention for ALPR/LPR captures
• Data sharing restrictions (who can access Flock’s system)
• Privacy policy for citizens whose vehicles are scanned
• Flock Safety’s terms of service or Master Service Agreement
• Any reference to Flock’s default data practices (30-day rolling delete, Section 4.3 perpetual anonymized data license, Section 5.3 law enforcement disclosure rights)
• Ownership of ALPR data (distinct from violation/citation data)
• Audit rights over the ALPR system
• Restrictions on out-of-state or federal agency access
• Any framework governing the surveillance layer at all

@Flock Default MSA — Oakland CA, Sept 2025

Nothing in the contract says HCSO gets any rights to the video or the ALPR data. If HCSO wants to access that, they presumably have to do what anyone else can do: pay Flock and ask nicely.

@SFist — SFPD Flock Data Accessed 1.6M Times by Federal Agencies

@ACLU — Flock Can Share Data Even When PDs Opt Out

The sheriff’s RFP was specific enough to guarantee the desired outcome. The final tabulation sheet published by HCSO shows RedSpeed with the highest evaluation score of 95.95, ahead of Blue Line Solutions (91.75) and Conduent (77.6).

@HCSO RFP 2024-003 — Tabulation Sheet

@The Tampa Monitor — Flock Integrated Speed Cameras in School Zones

Wing: The Platform That Turns Any Camera Into a Flock Camera

RedSpeed’s pitch works because of Wing: Flock’s product line for converting third-party cameras into Flock surveillance nodes. The branding is a somewhat confusing patchwork of overlapping names, and Flock has removed several of its Wing-related pages from its website, but the product is still sold and deployed.

The Pitch

In October 2020, Flock Safety announced Wing with a press release headline that said, plainly:

FLOCK SAFETY ANNOUNCES THE WING INTEGRATION TO DISTILL 1000s OF HOURS OF IP CAMERA FOOTAGE INTO SEARCHABLE IMAGES THAT SOLVE CRIME

The subhead: “Software transforms existing IP cameras into cameras that can see like a detective”

Wing takes video from existing cameras — IP cameras, security cameras, traffic cameras — and runs Flock’s AI on it, letting users search for white sedans, unicycles, or people wearing jeans.

Cameras connect via standard RTSP (Realtime Streaming Protocol), a camera standard that’s supported by many commercial surveillance cameras as well as consumer products like doorbells and $35 surveillance cameras.

The Wing Ecosystem

In an August 2025 OMNIA Partners cooperative purchasing pricelist, Wing LPR is listed as: Flock Safety Wing™ LPR (wing_integration, $3,000/yr per camera): “Video software integration transforms traditional IP cameras into Flock Safety enabled LPR cameras. Includes Vehicle Fingerprint™ computer vision and Advanced Search Package (Convoy Analysis, Multi Geo Search, Visual Search)”

@OMNIA Partners — Flock Pricing, Aug 2026

The same catalog lists the Wing product family: Wing Livestream ($500/yr), Wing Replay ($1,000/yr with 7-day footage retention), Wing Gateway 2.0 (8–32 stream hardware at $3,650–$8,250 + subscription), Wing Cloud Live Only ($90/yr), and an Inbound Vehicle Images API ($1,500–$2,500/yr) for ingesting pre-processed plate reads from third-party LPR systems.

The “Wing Livestream” product price matches the $500 feature that turns Flock’s LPR into live video surveillance — that’s “something you can take advantage of without going to council,” according to Flock Safety’s Kevin Cutler.

Flock misleadingly tells the public it sells “LPR” cameras — a product name, not a description — while it consolidates its network into a single searchable database.

The network from that Superbowl Ring commercial, promising to find your dog is already deployed nationwide on speed cameras, parking enforcement cameras, and “CCTV” sytems on your basketball and pickleball courts.

Wing in Practice

On June 27, 2025, Flock published a blog post titled “Video Without Limitations: Flock Safety’s Newest Solutions for Law Enforcement” showcasing Wing Gateway 2.0 and Wing Gateway Outdoor.

@vFlock Safety — Video Without Limitations Webinar (Wing segment, 13:36–end)

@Flock Blog — Video Without Limitations

In the October 2024 webinar (full video), Trevor Pennypacker, Sr. Product Manager at Flock, is excited to tell Flock’s customers that you can connect “parking lots, restaurants, traffic cameras, really anything.”

The City of Bloomington, IL executed an agreement that explicitly includes Wing LPR in its order form:

• “Flock Safety Wing™ LPR — Included — 10 Included”
• “Flock Safety Wing™ VMS — Included — 100 Included”
• “Professional Services — Wing Implementation Fee — $500.00”

@Bloomington IL — Wing LPR Relevant Pages (9 pages)

The branding, boundaries, and availability of Wing products is all somewhat shifting and murky — from Wing Gateway 2.0 to Wing Cloud to Wing LPR — but the core functionality is what matters: third-party cameras are being turned into Flock nodes, and Flock actively markets and sells that functionality.

The Scan-Everything Architecture

RedSpeed’s cameras are always on during enforcement hours. They capture continuous HD video of every vehicle passing through the field of view — in a school zone, recording parents, teachers, students, buses, and anyone else on the road. “Video Technology is required. Still shots are not acceptable.”

The RTSP stream — all of it, not just violators — is fed to Flock. The Flock letter confirms this is by design: the cameras are “turned into ALPRs that push images into Flock Safety’s cloud and allow agencies with access to those cameras to search for vehicles.” Since then, Flock rolled out FreeForm, its AI-powered search capability that can find people by physical description: “man in blue shirt and cowboy hat,” “dressed in all black clothing and black face mask,” or — as one Dunwoody PD officer tried — “GRINCH.”

Vehicle Fingerprint

The Vehicle Fingerprint technology alone extracts far more than license plates: plate number and state registration, vehicle make, model, color, and body type, missing or covered plates, bumper stickers and decals, roof racks, bike racks, trailer hitches, and aftermarket wheels.

@Flock Blog — Vehicle Fingerprint: When Plate Data Fails

But that’s only part of the picture. Flock CEO Garrett Langley has previously stated that the system indexes everything, filtering only problematic searches — or attempting to filter them, anyway.

Where that data goes

No matter how you feel about red-light or speed cameras as a policy matter, it is hard to justify turning a safety measure for school zones into a surveillance dragnet whose recordings are fed to a private corporation with no contractual restrictions on use. In San Francisco, SFPD’s Flock cameras were searched 1.6 million times by out-of-state and federal agencies — in apparent violation of California law. EFF’s analysis of 12 million Flock searches nationwide found hundreds related to protest activity, immigration enforcement, and discriminatory targeting. A Norfolk, Virginia resident sued after learning Flock cameras had logged his location 526 times in four months.

@SFist — SFPD Flock Data Accessed 1.6M Times by Federal Agencies

@ACLU — Flock Can Share Data Even When PDs Opt Out

The Legal Tension

Florida’s prohibition on “remote surveillance”

Florida law explicitly prohibits using school zone speed cameras for “remote surveillance” and restricts the permitted uses of recorded footage:

(15)(a) A speed detection system in a school zone may not be used for remote surveillance. The collection of evidence by a speed detection system to enforce violations of ss. 316.1895 and 316.183, or user-controlled pan or tilt adjustments of speed detection system components, do not constitute remote surveillance. Recorded video or photographs collected as part of a speed detection system in a school zone may only be used to document violations of ss. 316.1895 and 316.183 and for purposes of determining criminal or civil liability for incidents captured by the speed detection system incidental to the permissible use of the speed detection system.

(15)(b) Any recorded video or photograph obtained through the use of a speed detection system must be destroyed within 90 days after the final disposition of the recorded event.

— Fla. Stat. § 316.1896(15)

Two questions that nobody appears to have asked, let alone answered:

First, does feeding the full RTSP stream to Flock — where it is processed by AI, matched against vehicle databases, and made searchable by thousands of agencies for purposes wholly unrelated to speed enforcement — constitute “remote surveillance” under the statute? The statute defines what is not remote surveillance (evidence collection for speed violations, PTZ adjustments), but the legislative history does not address third-party AI processing of the video feed.

Second, the statute requires destruction of recorded video within 90 days of final disposition, and vendors must certify destruction annually. But once the RTSP stream enters Flock’s system, it is processed into Vehicle Fingerprint data, plate reads, and searchable metadata governed by Flock’s own retention policies — not the county’s.

Altumint, a competing speed camera vendor in Florida, hinted at a loophole when it drew a distinction explicitly. Its chief revenue officer told the Independent Florida Alligator in March 2026 that Altumint’s cameras “only capture a license plate if the vehicle is speeding more than 10 miles over the speed limit,” whereas RedSpeed’s Flock ALPR cameras “can document every license plate that passes by.” He added: “Even in a school zone, you could be going 25 in a 15 … but I can’t capture that plate. ALPR can capture that plate.”

Whether derivative data (plate reads, AI-extracted vehicle descriptions) qualifies as “recorded video or photograph” under the statute is untested. The statute’s drafters were contemplating a camera vendor that stores and deletes footage. They were not contemplating a speed camera sending data to a second vendor that ingests the same stream in real time and converts it into a permanent surveillance record.

No Florida court has addressed either question. No Attorney General opinion appears to exist. The statute was enacted in 2023 (HB 657). Florida is one of RedSpeed’s biggest markets.

What Flock Tells Everyone Else

Across dozens of municipal FAQ pages and Transparency Portals, Flock provides standardized language:

Flock Safety cameras are not used to enforce traffic violations such as speeding, running red lights, or other moving violations. The cameras do not capture vehicle speed and are solely used for investigative purposes related to public safety.

@Leander TX — Flock FAQ

@Columbia MO — Flock FAQ

@Everett WA — Flock FAQ

Technically, that appears to be true. “Flock Safety cameras” are not used for traffic enforcement — RedSpeed’s cameras are. But they operate on Flock technology, within the Flock network.

Flock’s Transparency Portals go further. The Thomasville, GA PD portal explicitly lists “speed detection” as a prohibited use of Flock technology, and confirms that the system is used “for law enforcement purposes only.”

Meanwhile, RedSpeed’s speed detection cameras are feeding RTSP streams directly into this same network via Wing LPR. Data from a speed detection system enters a platform that lists speed detection as a prohibited use.

It’s not our cameras

The Flock letter on page 5 of the HCSO proposal says Flock provides “an additional layer of software to the Redspeed cameras (speed and red light).” The transmittal says “Integrated Flock means RedSpeed’s cameras are feeding the Wing System for enforcement synergy.” The pricing says “Flock Wing License(s)” are included in a speed enforcement contract.

Flock’s defense rests on a technicality: its cameras don’t capture speed; its technology is merely consuming the video feed from someone else’s speed cameras and processing it for entirely different purposes. Whether that distinction will satisfy a legislature, or the parents whose children are being filmed remains to be seen.

The Partner Page

RedSpeed claimed to be the only Flock-integrated vendor for school zone enforcement as of March 2024. As of March 2026, Flock’s partner program page lists several other automated traffic enforcement companies as “Channel Providers.”

Maybe Flock gave them different territories, outside school zones.

@Flock Partner Program — ATE Channel Providers

The Broader Pattern

The GSP Ticket

On December 26, 2025, Georgia State Patrol ticketed a motorcyclist for holding a cell phone while riding. The citation read: “CAPTURED ON FLOCK CAMERA 31 MM 1 HOLDING PHONE IN LEFT HAND.”

GSP called it a “unique circumstance.” The ticket was dropped in court. EFF described the incident as an example of the mission creep it has “long warned about” with surveillance infrastructure.

It is the kind of one-off incident Flock can dismiss. Its long-standing RedSpeed partnership is not.

Brookhaven, GA

In Brookhaven, GA’s words, RedSpeed cameras feed “real-time alerts” into “Brookhaven’s existing License Plate Reader (LPR) platform to identify sex-offenders, protective orders, and wanted persons for increased safety in school zones.”

Even if you are a concerned parent thinking sounds like a good idea, the practical value of such a system is questionable at best. Police are not going to act on these “real-time alerts” each time anyone under a protective order — many of which are not the result of any criminal activity, let alone any criminal activity involving children — drives through a school zone.

The system’s real-time capabilities, like watchlists and speeding tickets, are secondary. The real value is in gathering massive amounts of videos and photos of everyone entering a school zone — parents, teachers, students.

RedSpeed’s strong marketing emphasis on video quality (15 Megapixels, 30 frames per second), raises questions as well. If a regular Flock LPR, which RedSpeed says is of “lower quality,” is accurate enough to perform ALPR and create evidence, how is a camera where you can count the pimples on your middle schooler’s nose an advantage?

The point isn’t better traffic enforcement: it’s high-definition video surveillance.

@Brookhaven GA — RedSpeed Flock Integration (Wayback Machine, Oct 2020)

Tampa’s Piggyback

In Hillsborough County’s seat, Tampa, RedSpeed scored third on an RFP but the council approved the contract anyway. As originally reported by Michael Bishop at The Tampa Monitor, there was “no indication in the backup materials why the third place proposal was chosen.”

After that reporting, Tampa Police Chief Bercaw sent a memo to council calling the Flock language in RedSpeed’s proposal “unfortunate” and claiming it was “designed for Georgia law and not Florida.”

The memo states the cameras will not incorporate ALPR and that Tampa PD will not use RedSpeed cameras turned into ALPRs that push images to Flock. RedSpeed, the memo adds, will not give Flock access to cameras or provide them with any information.

As The Tampa Monitor noted, RedSpeed’s claim of “unmatched Florida expertise” — including work with the state legislature and DOT on permitting — sits uncomfortably next to the chief’s assertion that the proposal’s Flock integration language was merely “designed for Georgia law.” A company with unmatched Florida expertise submitted a Florida proposal it later said doesn’t apply in Florida.

Whether the memo holds is another question. When council voted to approve a separate, earlier contract directly with Flock Safety, council members said they had spoken with the Chief and been assured the data wouldn’t be inappropriately shared. Council member Lynn Hurtak said “the only time they are allowed to use this technology is to share it with other agencies when they have an open case.”

Memos and assurances are not contracts.

Making the Quiet Part Loud

Flock quietly sells Wing integration in the background while partners like RedSpeed bundle it for easy consumption by sheriffs and police chiefs. Contracts are kept minimal — no data governance, no privacy language, no mention of the surveillance layer. The RFP asks for ALPR. The proposal delivers Flock. The contract says nothing about what Flock does with the data. Nobody on city council asks, because the pitch is about school safety and the cameras are “violator-funded.”

Across the country, communities have begun pushing back against Flock’s surveillance network. Austin, Cambridge, Eugene, Evanston, and dozens of other jurisdictions have canceled, paused, or refused to renew Flock contracts after audits revealed immigration enforcement access, discriminatory searches, and data sharing that violated state law.

Those fights were about Flock cameras communities knew they were buying. The unified Wing network is different: residents are now told they’re getting school zone speed cameras, but the video is being routed into a national surveillance network with no contractual guardrails; or they’re being told they’re getting license plate readers only to find them watching them shoot hoops.

Flock, RedSpeed, the Sheriff, and elected officials are tired of the push-back. They’re actively restructuring to keep the public under surveillance and in the dark. We can’t let them.

Audit logs and user exports from a mid-sized Georgia suburb, a Loom training video recorded on a live account in Washington state, and a federal criminal complaint filed in the Southern District of Texas all tell a different story than the one Flock tells on the campaign trail.

The Stump Speech

Flock’s Privacy & Ethics page states that “only your agency decides who to share data with, not Flock.” Their FAQ goes further: “Nobody from Flock Safety is accessing or monitoring your footage.”

@Flock Safety — Privacy & Ethics

A January 2026 blog post insists that “ICE does not have direct access to Flock cameras, systems, or data.” It lists a number of “pilot projects,” including a “CBP Pilot: May 9, 2025 to August 24, 2025.” These pilot projects “effectively enabl[ed prospective customers] to test the product before committing to it.” In other words, they got access.

Flock CEO Garrett Langley posted “Setting the Record Straight: Statement on Flock Network Sharing, Use Cases, and Federal Cooperation” on June 19, 2025; smack-dab in the middle of CBP’s pilot program. Regardless, he assured his readers on the topic of federal access: “it is a local decision. Not my decision, and not Flock’s decision.”

Every city council gets the same pitch. Every council delivers it to constituents. The assurance that access is controlled, limited, and local is what gets the contracts signed. Three specific planks in the platform:

1. Only your agency controls your data.
2. Federal agencies do not have direct access.
3. Nobody from Flock is accessing your footage.

None survive the paperwork.

The Campaign Trail

On February 26, 2025, at 10:47 PM Eastern, a Flock employee ran a search on Dunwoody, Georgia’s live surveillance network. The query was “chicken truck.” Then “cattle truck” — four more times. Then “lawnmower.”

The employee was Bob Carter, VP of Strategic Relations and Business Development at Flock Safety. He is not a police officer. He is a sales executive with a fully enabled search account on Dunwoody’s production network, with access to every camera in the Dunwoody sharing pool and far beyond.

Carter’s complete 2025 search record, read chronologically, is its own argument.

February 26, approaching midnight Eastern: “chicken truck,” then “cattle truck” four consecutive times, then “lawnmower.” Thirteen networks each. No case number.

By June 23: “white racecar with black stripes,” “potatoe chip van” (his spelling, verbatim), “ice cream truck,” “unicycle,” “rocket car.” The misspelling is Carter’s own — Dan Quayle’s ghost, haunting a live surveillance system. A rocket car does not exist in civilian traffic.

Carter kept returning to the unicycle through July and into the fall, workshopping the same searches like a candidate who can’t land a stump speech. By August he’d escalated to 892-network lookups — taking a locally-spotted vehicle and running it against the entire Flock network. In September, a blue Honda sedan toggled four times between a 13-network search and an 892-network sweep. By October, he’d moved from vehicles to people: “person on skateboard,” “person wearing orange vest and construction hat,” and the same yellow racecar searched three times in under an hour.

By December 9: “flatbed truck with lawn equipment,” “usps truck,” “ups truck,” “fedex truck.”

While Carter was busy maybe tracking his package, his colleague, Flock SVP Chris Colwell, sent out an email blast to Flock customers announcing that officer names, license plates searched, and open-text search reasons were henceforth removed from audit logs.

No longer would we be able to see Flock employees tracking their Amazon packages.

Carter’s March 4 session set his personal record: two consecutive lookups sweeping 6,350 camera networks simultaneously. While we will never know what fever dream of unicycles and race cars is on a loop in Carter’s mind, Flock will no longer let agencies across the country — from Virginia to Washington — know that a Flock VP searched “their” data for “SIZ3850” — which, according to lookupaplate.com, isn’t even a unicycle or a Honda.

There will no longer be reasons, names, or case numbers to keep an eye on Flock executives running midnight nationwide searches for rocket cars and unicycles on a national surveillance network.

This is what “Nobody from Flock Safety is accessing or monitoring your footage” looks like in practice.

The Rest of the Ticket

Because no good trip is taken solo, Carter was not running alone. Several Flock employees were created on Dunwoody’s account and given access as if they were Dunwoody police officers and command staff. In other departments’ logs, their searches appear as Dunwoody PD’s.

A February 2026 user export shows six Flock employees holding Owner-level access, equivalent to a department administrator. This grants them full control over search, cameras, users, and hotlists.

Dunwoody roster

Across 2025, Flock’s accounts generated hundreds of searches of Dunwoody’s network. Another Flock entity — Lucidus Tech API — is a programmatic API account tied to a Flock acquisition; Flock’s computer ran an additional 132 searches between January and March. Another API User (Forcemetrics) performed a single search in September 2025. Dunwoody at times appears more like Flock’s personal software lab than a functional police department.

The supporting cast is worth a glance. Amanda Bruner (Nova Onboarding Specialist): 5 searches of the same Georgia license plate over ten weeks, each sweeping between 887 and 891 agencies. No case number. An onboarding employee tracking a specific vehicle for two and a half months. Kathleen Graham (Nova Specialist): 11 searches of the same plate over three days, each across 888 networks. One at 11:40 PM. Randy Gluck (Manager, BD — 911/Emergency): 1 blank search — no query term, sweeping 898 networks. Peter Barty (Staff Engineer, ML): 27 searches, including one for a “Black Mercedes GL450 4MATIC” across 45 networks.

Whether this is stalking or development work is irrelevant to the overall point: these are Flock employees — and in some cases, likely not even that because Flock had not finished its acquisition of Lucidus in January — accessing a live ostensibly “law enforcement only” network handling federally-protected data from databases like NCIC.

And then there is Flock Intelligence. This is an unidentified operator that made 606 searches of Dunwoody’s network over five months, with identity, search filters, and case numbers fully redacted in the audit log. It appears alongside several other explicitly Flock-internal organizations in network logs (e.g., “Flock Safety - Admins,” “Flock Safety - Engineering”).

Most Flock Intelligence queries used the AI-powered freeform search. Some show patterns consistent with ongoing vehicle tracking; others searched for political expression — vehicles with Trump bumper stickers, “don’t tread on me” flags. Peter Barty’s Mercedes also appears as a Flock Intelligence query, suggesting “Flock Intelligence” may be a test account the Nova team uses to search live data.

Flock Intelligence is a separate entity not found in Dunwoody PD’s internal department logs: it shows up only in network-level audits, meaning that since the December changes, neither Dunwoody nor anyone else has any visibility into these searches as they are happening. The named employees in Dunwoody’s account entered through Dunwoody’s front door. Flock Intelligence came in through the side.

Flock’s FAQ is unequivocal: “Nobody from Flock Safety is accessing or monitoring your footage.” The audit log shows this to be false hundreds of times and on multiple levels.

The searches were audited — which is how we know about the unicycles and the race cars — but the claim was not that access is audited. The claim was that it does not happen.

The Backroom

The audit logs document the front door and the side door. A Loom training video documents the back door.

The video, titled Managing Data Sharing and User Access in Your Account, was recorded by Gaby Mahoney, Regional Customer Success Manager at Flock Safety. It was made as a customer tutorial. Rather than use a demo environment, she recorded it using the live national network that’s tracking all of us.

@vManaging Data Sharing and User Access in Your Account — Gaby Mahoney, Flock Safety CSM

Mahoney’s second sentence, verbatim:

So when I log into your account and go under the sharing tab, we can see that you still have one-on-one sharing with some agencies.

When I log into your account. Not “when you log in.” She logs in. Her credentials. Someone else’s account.

The address she visits is sharing.flocksafety.com/networkSharing — a live production URL, not a demo environment — and the selected organization is Olympia WA PD.

At the one-minute mark, she moves to users.flocksafety.com/organizations. This endpoint (“organizations” — plural) most likely does not exist for Flock customers. Assuming Flock follows even remotely typical SaaS patterns — which, to be fair, may be a bold and overly-optimistic assumption — agencies would use a singular “organization” endpoint where they can see their own admin panel and nothing else.

The video confirms the endpoint’s “staff-only” status by appearing to enumerate every customer in Flock’s system. Police agencies, HOAs, businesses, and residential users in multiple states all appear on Gaby’s screen as she types “Olympia” into the single searchable list.

She navigates directly into Olympia WA PD’s admin panel where her account surfaces the full administrative interface: Profile. Organizations List. Organization. Devices. Roles. Users. Zones. Authorized Access List. Transparency Portal. Integrations. Alerts & FlockOS. Billing. Contact Directory.

The Users tab shows Olympia WA PD’s sworn personnel — names, roles, last login dates, permission flags. Two entries carry “Flock” (rather than “External”) as the identity provider. These would not be subject to Olympia’s centrally-managed controls (like multi-factor authentication or automatic account deactivation at the end of employment).

The network sharing panel shows Olympia WA PD’s “Shared with me” list: every Washington state agency sharing into Olympia’s network. Full permission sets for each. At the top of the screen is a red “Revoke Out-of-State Sharing” button next to the page selector, showing 107 rows in the “Shared Networks” table. Next to Aberdeen WA PD, a red button is shown:

Mahoney’s account does not merely view Olympia’s configuration. The interface presents a live control to terminate the data-sharing relationship between agencies — unilaterally, without the knowledge or consent of the agencies.

It’s not only Flock’s CEO who can establish pilot programs while denying they exist, or Flock’s VP that can search for rocket cars. Even its customer service reps have administrator access.

“Only your agency decides who to share data with, not Flock.”

Redaction Day

The Mahoney video is the Rosetta Stone for what happened next. It shows that Flock staff — even its service reps and its sales execs — have high-level access to a live, national surveillance network. They can view, edit, or delete configurations. The CSM who can click Stop Accessing on any agency’s sharing relationship is the same person who walks agencies through narrowing their own exposure. That access is the precondition for everything that followed.

It’s worth noting what the video is actually for: Mahoney is guiding Olympia — a Washington state agency — through the process of restricting its sharing. Revoking out-of-state access, checking who can search its cameras, deactivating users. Near the end she says, “I also notice that you’re not enabled for the statewide or national lookup so that will be good in terms of auditing purposes.”

Limited access makes auditing easier. She knows what the inverse implies.

Five days after she posted the video, on December 9, while Carter was looking for his leaf blower, Flock SVP Chris Colwell sent an email to customer agencies titled “What you Need to Know About Recent Online Disclosures.”

That email announced that audit logs would be stripped of officer names, license plates searched, vehicle fingerprints, and open-text search reasons — framed as protecting active investigations and officer safety. Flock did not merely stop recording these fields going forward — it also retroactively replaced unique officer identifiers in its public Transparency Portals with the word “REDACTED.” The prospective removal ensures new searches go unattributed; the retroactive scrubbing rewrites the record of searches already conducted.

In the same email, Colwell recommended that agencies do exactly what Mahoney showed Olympia would “be good in terms of auditing purposes:” restrict sharing.

Reviewing your sharing settings and considering a temporary shift from Nationwide Lookup to Statewide Lookup.

He linked to an instructional video on how to do it.

Two days later, an FBI Supervisory Special Agent in Atlanta’s C9 Gang division forwarded the Houston HIDTA Officer Safety Bulletin to the broader intelligence community.

The bulletin described this site by name and recommended that agencies “ensure that their agency Flock settings have limited searches to sharing within state only or exclude the states/agencies that release their audit logs.” It further recommended that officers “ensure that the reason for the query be as vague as permissible (e.g., ‘Investigation’).”

Washington was named as one of the states from which FOIA-obtained audit logs had originated. The FBI was distributing instructions to help agencies evade the public records process — and one of its own field divisions was simultaneously using Flock data to prosecute federal cases.

It was a busy period. Houston HIDTA authored the bulletin, ROCIC — one of the RISS centers documented elsewhere on this site as carrying direct Flock database access — distributed it to law enforcement coordinators on December 10, and the FBI’s Atlanta office forwarded it on December 11. At approximately the same time, Flock implemented a blanket VPN block for all public transparency portals — which it holds out to be public accountability tools. A week later, Cyble, a Flock-affiliated firm, filed false abuse reports with Cloudflare in an attempt to take this site offline.

That is the service Flock was providing in December 2025: helping agencies make their surveillance data harder to audit while simultaneously stripping the audit logs of meaningful content, blocking anonymous access to public records, and attempting to silence the publication that had prompted the transparency requests in the first place.

And Carter stopped looking for unicycles and racecars.

The Candidate

On December 18, 2025, an affidavit in support of a criminal complaint was filed in the Southern District of Texas, Case No. 4:25-mj-770.

@Criminal Complaint — Case 4:25-mj-770

The affiant, Ryan Hilz, states under oath that he personally searched the Flock system. In ¶5: “Affiant also searched the Hyundai’s license plate through the FLOCK Safety System, from approximately November 15, 2025 12:00am through 9:00am.” He names a specific camera — “DB15 – Collingsworth (WB) from Broyles” — and narrows it to a two-minute window, 6:33am to 6:35am. In ¶6: “Affiant searched the Cadillac’s license plate through the FLOCK Safety System.” In ¶12, he reviewed Flock images from November 8 showing both vehicles parked side by side. He is not describing results handed to him by a colleague. He is describing searches he ran, cameras he queried by name, and images he personally reviewed.

The audit logs don’t show these searches. Between November 1 and December 1, 2025, the Hyundai plate (WFV2638) was searched 81 times in the Flock system — by Houston PD officers, Harris County Constable deputies, and two Harris County Sheriff’s Office users (V. Pag and m. bar). The Cadillac plate (WSF6471) was searched 86 times, again by Houston PD and Constable personnel, plus a handful of HCSO entries logged only as “C.” — a single initial with no last name. Harris County Sheriff’s Office does have a user account matching Hilz: “R. Hil.” That account’s last recorded search was May 16, 2025 — six months before the robbery. It does not appear in either plate’s November search history.

Hilz swears he searched — literally, swears, on penalty of perjury. The cameras he names are in the Houston network where 167 other searches by other officers are logged. There is an “R. Hil” with the Harris County TX Sheriff’s Office, but that account went dormant months earlier. Either he searched under someone else’s credentials — which means the audit trail attributes his work to a different officer, defeating the purpose of individual accounts and probably violating several federal regulations — or he accessed Flock through a pathway that doesn’t generate the same audit record, which means there are doors into the system that the logs don’t cover.

That gap matters because of who Hilz is. A federal Task Force Officer (TFO) is a state or local employee — a sheriff’s deputy, a city cop — assigned to work under a federal agency, usually through a formal agreement like the FBI’s Violent Crime Task Forces or ICE’s 287(g) program. The TFO keeps their local paycheck and local credentials, possibly including any Flock accounts tied to their home agency. But TFOs report to a federal supervisor, work out of a federal field office, investigate federal crimes, and file in federal court. The local credentials are what make TFOs valuable to the feds — they bring access that the federal agency could not get on its own. This is what Flock means when it says the feds don’t have “direct” access.

The first paragraph of Hilz’s affidavit:

I am a Task Force Officer with the Federal Bureau of Investigation (hereafter “FBI”) and an Investigator with the Harris County Sheriff’s Office (hereafter “HCSO”) and have been employed by HCSO since November 2012. During my employment with HCSO and the FBI, I have been trained in investigations relating to violations of the United States Federal Criminal Code […] I am currently assigned to the Houston Division of the FBI, Violent Crime Task Force (hereafter “VCTF”), and have been since June 2020. My primary investigative responsibilities include crimes occurring within the Southern District of Texas.

Read that introduction the way you’d read a candidate’s bio on a campaign flyer. His actual employer is HCSO — “employed by HCSO since November 2012,” buried mid-paragraph. But that is not the lead. His opening words: “a Task Force Officer with the Federal Bureau of Investigation.” FBI first. HCSO second. The phrase “during my employment with HCSO and the FBI” frames both agencies as concurrent employers — not a county deputy on loan, but a man who works for the FBI and also, incidentally, receives a paycheck from Harris County.

But maybe Hilz took a creative writing class and “Affiant searched” is not to be interpreted literally; his may be a sworn statement that sacrifices accuracy for brevity, the testimonial equivalent of “close enough for government work.”

But whether Hilz is committing some light perjury, whether Flock is misleading its customers about its relationship with the feds, or whether “no direct access” in a system riddled with Flock employee and TFO backdoors is the very best Flock can do: Langley unequivocally broke his campaign promise that it would be a local decision.

After “Hilz’s” Flock searches, the three suspects were transported to the FBI Houston Field Office for interviews (¶26). Inside that field office, one of them was shown a Flock image of the Hyundai and a Flock image of the Cadillac CTS (¶29).

An officer introducing himself as “a Task Force Officer with the [FBI]” showed Flock surveillance images to a suspect in a federal criminal case, while he was being held by federal agents in an FBI interrogation room in a federal building.

To dispel any remaining ambiguity about whether this was local, look to the signature block:

Ryan Hilz
Task Force Officer
Federal Bureau of Investigations
  

He signed as FBI — not HCSO. The only thing that supports that he might not actually be a fed is that he misspelled the name of the agency he spent 16 pages claiming to work for. There is only one “Investigation” in the Federal Bureau of Investigation.

The federal government’s sworn affiant lifts the veil on Flock’s empty promises: the federal government has access, no matter how you spell it.

Flock’s own timeline confirms the infrastructure that made this possible. Its blog states that the federal “pilot” program with the FBI concluded in 2023, and that “[i]n August of 2025, Flock publicly announced it would no longer conduct pilot projects with federal agencies.” The “try” part was cancelled; the “buy” part was not. The FBI does not respond to FOIA requests about Flock. Langley’s “Setting the Record Straight” post, published June 2025, assured readers that federal access was “a local decision” — while the CBP pilot he disclosed in January 2026 was actively running.

The Fine Print

The federal-access issue draws the most attention at council meetings, but the “sworn law enforcement only” claim — which directly supports Flock’s assurance that “Nobody from Flock Safety is accessing or monitoring your footage” — fails even within the agencies that own the accounts.

The pattern extends beyond individual agencies. The Regional Information Sharing Systems (RISS) — funded by DOJ, operated by regional centers incorporated as private nonprofits — is the task force model applied to data: federal money, non-government hands, Flock access.

Five of its six centers carry direct Flock database access through RISSIntel, a federated search tool that lets RISS analysts query Flock’s data without maintaining individual Flock accounts. ROCIC, the RISS center that distributed the Houston HIDTA bulletin instructing agencies to evade public records requests, is one of them. The National Center for Missing and Exploited Children (NCMEC) is named in Flock’s own LPR policy definition as a hotlist data source. NCMEC is a private organization. It populates the alerts that fire on your plate.

The ACLU/UIowa ALPR report documented the same pattern across Iowa: civilian analysts, support personnel, and non-law-enforcement government staff with active Flock accounts across dozens of agencies.

The CJIS Security Policy is explicit about what this requires. Section 5.12.1.2 mandates that all personnel with access to Criminal Justice Information — including private contractor employees — undergo fingerprint-based state and national background checks before access is granted. Section 5.1.1.5 requires that vendors sign the CJIS Security Addendum, which extends the full weight of CJIS security requirements to their staff. Sections AU-9 and AU-11, aligned with NIST 800-53, require that audit logs be protected from unauthorized modification and retained for at least one year. Flock’s December audit-log stripping, its employee access without documented screening, and its unilateral modification of log fields all appear to run afoul of these provisions.

When Story County, Iowa requested Flock’s CJIS certification list, Flock produced 28 names — all with first names starting A through C, several illegible — and no one else. No installers, no subcontractors, no overseas workers, and none of the employees running Flock’s own sales and training accounts on production data. The list is the compliance equivalent of Carter’s searches: performance art.

The contracts themselves offer no backstop. Flock has moved its terms of service to a web URL it controls unilaterally and can change without customer notice. It requested that archive.org’s Wayback Machine exclude its website, preventing any historical record of the terms as they existed when a city signed them. The new terms strip data ownership from agencies and supersede all prior agreements upon any subsequent order — even a camera repair.

No policy implements the “sworn only” promise, no mechanism exists to enforce it, and the contracts are written to ensure that no one can prove what they originally said. “Access is limited to sworn law enforcement” is, at best, wishful thinking.

The Town Hall

When Dunwoody’s Flock contract came up for approval, the council heard the stump speech: access controlled, limited, and local. Only your officers. Only for investigations. Only under oversight. The Dunwoody City Council held its regular meeting on March 23, 2026. As part of its discussion of the Dunwoody Flock contract, an “audit” — if we use the term loosely — would be delivered.

@Dunwoody Flock Audit (Council Meeting Presentation) — March 23, 2026

The audit included a FAQ slide with question 3: “Who can access the data, and how do you prevent misuse?” The city’s answer: “Access is limited to authorized, trained personnel who need it to perform official duties.” The people who wrote that sentence had the audit log that showed a Flock employee was using Dunwoody’s account to look for unicycles and race cars.

Flock Safety even sent its chief legal officer, Dan Haley, to address concerns from the public. A resident had already recited the numbers before Haley took the floor: 401 searches by Flock employees, Owner-level access, live drone footage and hotlist control. Haley addressed none of it.

Haley spoke about machine learning training data — de-identified images, less than 1%, used to improve plate-read accuracy. The city’s own attorney called the data-use provision a loophole and said it could be closed in the new contract being negotiated. Haley corrected her on-mic: “It’s not a loophole, it’s for system quality and improvement.” It wasn’t a question anyone had asked — not even the FAQ.

The council member who asked “It seems like Flock staff has access to our footage. Is that true?” got an answer about plate-design recognition models, but the real question, why a VP of Business Development was searching for “potatoe chip van” on a live police network, went unasked by the council or the city staff who “audited” Flock. Haley certainly did not volunteer an answer.

The Dunwoody police chief did confirm that Flock engineers had been inside the system “under agreement” for integration and testing. There were no immediate objections from the dais to a commercial company using city residents as surveilled guinea pigs — nor, for that matter, to its marketing team using Dunwoody PD to shoot commercials.

The Endorsement

Dunwoody’s Technology Director’s written assessment — submitted to council alongside the FAQ — concluded that the risks of continued Flock use are “acceptable,” in part because “the users accessing the data are law enforcement meeting CJIS standards.”

The same assessment scored “Non-PD direct logins” as a Yellow risk — a documented, acknowledged problem that undercuts the memo’s overall conclusion, which rests on the premise that only law enforcement has access.

The full security assessment matrix tells an even worse story.

@Dunwoody Flock Security Assessment Matrix

All six vendor remote access control items — “Vendor remote access controls,” “MFA enforcement,” “PAM (JIT, vaulting, break-glass, recording),” “Provisioning/deprovisioning,” “Credential storage/password policy,” and “No backdoor accounts” — were rated Green.

That would be good, except the supporting evidence column for every one of them: no evidence. For “No backdoor accounts,” the assessor specifically requested a written attestation from Flock’s security leadership. It was “not specifically provided as requested.” Green anyway; we have apparently entered a new era of vibe-based auditing and compliance.

Item Q4.6 asked whether Flock had made audit log field reductions since October 1, 2025. The answer: none. The rating: Green. The assessment was prepared for the March 23, 2026 council meeting — more than three months after Flock’s December 9, 2025, mass email blast to its customers announcing that officer names, license plates searched, vehicle fingerprints, and open-text search reasons were being removed.

The only item on the matrix rated Red was Q8.1: breach/security incident history. Flock told the assessor it had no breaches in the past three years. The assessor noted that “camera breaches have been highly publicized and should have been mentioned at a minimum (December 2025).” Even the assessor could see that one. It probably would have been hard to deny when Benn Jordan, the security researcher who made the video that exposed the problem, spoke at the start of the meeting.

The Mahoney video shows what no-evidence Green looks like from the inside.

After more than an hour of public comment and questioning, the council voted unanimously to defer the Flock 911 contract to the April 13th meeting, pending completion of a new master service agreement. The motion was made by Stacey Harris, seconded by Rob Price. No one voted against deferral. No one voted to cancel.

The Moment

The reality is that non-sworn city staff have access. As do Flock employees. As does the FBI.

Flock’s standard response to this kind of reality check is to observe that employee access is technically logged, that TFO searches are formally local-agency queries, and that civilian staff access is controlled by the agency rather than Flock. Even if that were all true, it’s a description, not a solution.

Via Unraveled Press.

The people doing the account sharing don’t even know who does what searches; they consider getting caught “undue attention” rather than a violation of federal security regulations and professional standards. A November 2025 letter from Senator Wyden of Oregon says his staffers were able to find Flock accounts for sale.

As a custodian of billions of data points on hundreds of millions of people, Flock should be trying to prevent these problems, but instead it actively engineers them. Its public position is that of the passive service provider in an imaginary world where local governments are in the driver’s seat.

In private, Flock employees are placed on police department rosters, so that a VP’s search for rocket cars is attributed to the department, not Flock. Then it strips the audit fields that would let officials detect the difference.

This analysis looked at a single, relatively small police department. There are tens of thousands of users with law enforcement level access across 6,000+ departments, and hundreds, possibly thousands, of those users were never vetted by anyone. Dunwoody deferred the vote. Other cities will face the same choice. All that elected officials have to do is read the paperwork.

We don’t need to let Flock define “this challenging political moment.” We can vote them out.

Flock Intelligence does not appear in any audit log before August 2025, and it is absent from the org audit entirely. It only shows up in the network audit, meaning it searches Dunwoody’s cameras from outside the department.

The searches

Over 80% of Flock Intelligence’s queries are FreeForm searches — the AI-powered text prompt feature analyzed in detail here. That earlier analysis showed that Flock’s moderation system warns about political searches but does not block them. Flock Intelligence’s searches confirm that pattern.

Political expression

Among the 170 unique text prompts, a cluster targets vehicles by political expression:

• “a truck with a trump flag on it” — warn
• “red honda accord with a trump bumper sticker” — warn
• “green car with trump bumper sticker” — warn
• “vehicle with trump bumper sticker” — warn
• “a SUV with a yellow don’t tread on me flag” — warn
• “a red nissan rogue with a don’t tread on me flag” — warn
• “don’t tread on me flag” — warn
• “american flag” — warn
• “a car with a british flag” — warn
• “dallas cowboy flag”
• “vehicle with a Dallas Cowboys star sticker”
• “vehicle with a Falcons logo”

Every political expression search was warned — and every one went through. The sports team searches passed without even a warning, which tells you where the moderation system draws its lines and how firmly it enforces them.

What got blocked

The moderation system blocked searches describing occupants:

• “car with two occupants” — block
• “car with 2 occupants” — block
• “4 door truck with 4 individuals” — block
• “four people inside car” — block
• “green vehicle with a roof rack 4 individuals inside” — block

And a handful of subjective descriptors:

• “green car with trashy stickers on it” — block
• “orange car with person and red shift” — block
• “crazy looking car” — block

Other warned searches include “pink breast cancer awareness plate,” “pink ribbon sticker on plate,” and “german shepard in back of pickup truck.”

So: searching for a specific political candidate’s bumper sticker gets a warning and goes through. Searching for “crazy looking car” gets blocked. That is the moderation hierarchy Flock built.

Recurring patterns

Some searches recur across months in ways that suggest either ongoing tracking:

“Black Mercedes GL450 4MATIC” appears in October, November, and December. In December it evolves into “black Mercedes-Benz GLB 250 SUV” and several variations — the same vehicle tracked across a quarter, description refined over time.

“Armored truck OR Brinks truck” (and variations) appears every month from August through December. This is the most consistent search pattern in the dataset.

“White Dodge Charger with black roof and black stripe” recurs October through December with slight wording changes.

Again, this is not a police agency. It is a private party performing long-term surveillance on locations of Mercedes and cash-in-transit vehicles.

Possible reasons range from harmless testing queries (over multiple months — so that seems unlikely), to employees selling intelligence to criminal actors, to some sort of commercial service.

Person searches

Three prompts target people rather than vehicles:

• “white t-shirt” (objectClass:person)
• “person on scooter” / “person with scooter” (objectClass:person)
• “yellow backpack” (objectClass:person)

All were allowed by moderation.

Other Flock organizations in Dunwoody’s logs

Flock Intelligence is not the only Flock-affiliated entity searching Dunwoody’s cameras. Four others that we’ve seen previously appear here as well:

“Flock City PD - Law Enforcement Demo” searches Dunwoody’s network every month of the year. That is a demo environment running against a live police department’s surveillance data — not a sandbox.

“Flock RTCC” — Real-Time Crime Center — searched Dunwoody’s network in January and March.

“Flock Safety - Admins” and “Flock Safety - Engineering” are self-explanatory: Flock employees with direct access to customer camera networks.

In total, Flock-affiliated entities account for over 1,000 searches of a single police department’s camera network in 2025.

What is Flock Intelligence?

It is not listed as a law enforcement agency. It does not appear on Flock’s public-facing product pages.

Its operator identities, search filters, and case numbers are all redacted in the logs Flock provides to its own customers. Dunwoody PD cannot audit who at Flock Intelligence searched their network, what they were looking for, or why.

As I publish this, at 6:10pm (CDT) on March 23, 2026, Dunwoody PD and Dan Haley — Flock’s chief legal officer — are telling the City Council that access is only granted to police agencies, and only for criminal investigative purposes.

Again, police and Flock say one thing, the logs say another.

Someone, somewhere — who is not police — is tracking live data about these vehicles.

March 24, 2026 update: Removed claims about Flock Nova pending further verification.

Even if the original footage is available to Flock, you may get an edited or altered version (e.g. cropped or with watermarks overlaid), or a reduced-resolution version. You may also get it late, or never, and the conditions for access are at Flock’s discretion.

Although Flock revised its terms again soon after, restoring on-paper “ownership” to the customer but giving itself broader license to do what it wants with copies, the prediction held. An open records response from Missouri shows the result of Flock’s policy of “ownership.”

The Original Footage

The request was made by Deflock Joplin, the group responsible for the January 2026 headline “Joplin officer no longer employed after alleged misuse of license plate tracking system.” The records request is straightforward:

Recordings from the Flock LPR camera located at 4th and Maiden Ln from 2/16/2026 starting at 5:00 PM lasting until 6:00 PM. This camera is on the south west corner of the intersection facing a southern direction. The records requested should include stills, video, and all other records generated by the camera. I request the data from Flock OS and the camera’s internal storage.

The City of Joplin charged $23.57 for the request and fulfilled it a couple of weeks after receiving payment with a file “Flock_Safety_Search_Image_Results_3-9-2026_1-22-54PM.” The city did not include 40 minutes of footage/images, stating “we are currently experiencing a technical issue affecting this functionality.”

While technical issues that prevent a city from accessing “its” data would be a cause for concern, rumor has it that the “technical issues” in question occurred somewhere between the keyboard and the chair, and the city did not understand how to save images. The city did supply the missing 40 minutes once the discrepancy was pointed out.

World’s Fastest Truck

As far as we know, Flock cameras take a series of images and/or a short video clip when they detect motion. Flock and police often emphasize that it’s “only the license plate” or “just the back of the vehicle.” Of course, the laws of physics dictate that you can’t know what’s in a picture before you take it. This truck is a demonstration:

These two images were taken in rapid succession. It’s hard to even tell the vehicles are in a different location, but you can see the “Flock Safety” watermark is positioned differently.^[1]

These images are clearly of the front of the vehicle. But that’s not the interesting part.

Metadata and Time Confusion

Some of these images have been used as evidence at criminal trials, many in the “over 30 cases” that Flock likes to falsely cite as upholding the constitutionality of its cameras. The timestamps on the Joplin images should give anyone relying on that evidence pause.

The filename for both images contains “2026-02-16T23-39-42.219+00-00”, suggesting the images were taken less than 0.0005 seconds apart. That is neither possible, nor true, based on what’s in the images: we can see the car moving maybe 10 feet. Tacomas don’t typically travel at hypersonic speeds exceeding Mach 17.

The timestamp in the picture is “2/16/2026 17:39:42 CDT.” This is an odd mix. The date is unmistakably American (mm/dd/yyyy), but the time is 24 hours rather than am/pm. On February 16, that’s not confusing. Four days earlier, it might have been.

But even more confusing is that the timezone is labeled as CDT, or Central Daylight Savings Time (UTC-5). Daylight savings is not in effect in the middle of February in Missouri, when CST (UTC-6) is in effect. The image is ambiguous as to whether it shows an image taken at 5:39pm or 4:39pm.

The timestamp in the filename (23:39:42.219 UTC) suggests the labeling (“CDT”) is off, but we’ve already established that it is not possible for the timestamp to be accurate for both images until we have hypersonic Tacomas.

The (EXIF) metadata has been scrubbed, so there is no third hint.

That leaves these images without a reliable timestamp. These aren’t abstract concerns — they cast doubt not only on the accuracy of these files, but on the accuracy of every other image produced by the same system.^[2]

The only way we can determine the time with any certainty is by looking at the position of the sun and the 5:59pm sunset noted in the almanac for Joplin, MO, on February 16.

AI-based surveillance so high-tech you need a sundial to make sense of it.

License Plate Detection

The other piece of metadata in the image, below the timestamp, is a license plate: 0FH D30. According to lookupaplate.com, the plate corresponds to a 2014 Toyota Tacoma with an extended cab.^[3] The plate is also formatted per Missouri’s light truck standards, with a renewal date in April (F) and a last sale date likely in 2023 or 2024 (H).

The quality of these images is extremely low (second image), to the point where they no longer contain the license plate information.

Everyone who has ever used a computer knows that the “zoom and enhance” from movies and TV shows isn’t really a thing. Sure, you can backhack and extrapolate some data, but here too the laws of physics get in the way.

Access to the Image

If we assume Flock abides by the laws of physics — if no others — then the only sensible conclusion is that the license plate encoded in the bottom-right of the frame was not derived from these images at all, but from some other image that the City of Joplin theoretically owns, but can’t access.

This also independently follows from the fact that the images have watermarks and metadata overlays, assuming those are not created by the hardware itself.^[4]

The requester was precise and asked for “the data from Flock OS and the camera’s internal storage” to ensure he got the actual image, and not only a presentation version.

A high-resolution version must exist somewhere. Flock generally suggests that the city owns the original image and that it will be retained until the end of the retention period. That is to say, Flock should not be deleting its customers’ data without authorization.

Joplin provided the images shown and states that “[t]he Sunshine Law does not require the Department to obtain duplicate copies of the same data directly from the vendor or from the camera’s internal storage in addition to what we can access via our portal.”

In other words, there are no originals, but even if there were, the city can’t access them.

Not even Joplin, the ostensible owner of the images, is allowed to look at them.

Below is an AI-enhanced image, where Google’s “Nano Banana” (a generative AI upscaling model) has filled in the blanks by making up what could have been in the picture.

This image does not show the actual content of the original, but it shows a level of clarity and detail that is much closer to the original image captured than the blurry version that Joplin can access and provided in response to the request.

The Tacoma is not an outlier; there are cars (picture 1, picture 2), SUVs, and — just to cover “we don’t photograph people” — a motorcyclist. None of these plates are legible.

The Original Logs

The ownership problem extends beyond images. Logs suffer the same fate. I’ve written at length about Flock unilaterally removing log data, and how that cuts against both the supposed immutability of the logs, as well as customer ownership.

I’ve alluded to how, in some states, it may fall under statutes prohibiting the alteration or destruction of public records, and written about how Flock inserts itself in open records requests even when law prohibits doing so. I won’t rehash all of that here.

Instead, I give you the Flock “Customer Guidance for Preserving and Requesting Flock Data for Public Records Requests”:

@Customer Guidance for Preserving and Requesting Flock Data for Public Records Requests

It’s a guide on how to submit requests for data via Kodex, which, according to Flock, “is a secure digital platform for managing, processing, and responding to data and legal requests.”

Flock uses the system for “Legal requests,” which apparently includes open records requests, “Preservation requests,”^[5] and “Quick questions.”

Once the ostensible owner of the records requests “their” records from Flock, “Flock’s Evidence Division and Engineering Team will review your request, pull available data, and transmit the completed data package through Kodex.”

Flock does note that “our Evidence Policy asks for 14 calendar days to fulfill requests. If data is needed sooner, we are motivated to help customers to meet any FOIA/PRA deadlines they are facing.”

Government agencies are responsible for their own deadlines. In states with statutory deadlines, and even those without, the requirement is not “respond within 10 days, or later is fine too if your vendor is not feeling it.”

In fact, a 14 calendar day limit exceeds the statutory deadline in several states, and entering into a contract that formally requires non-compliance with law is a legally dubious proposition.

Ownership in Name Only

Officials tell the public that Flock’s cameras “take a picture of the back of the vehicle” and “only capture license plates.” They assure us the image does not include the vehicle’s occupants.

Cities like Joplin genuinely can’t access all of “their” information. They uncritically accept blurry images with derived license plates, and if they want the originals, they must ask the vendor nicely and wait at least 14 days — or less, if the Spirit so happens to move Flock.

The ownership is a fiction. The customer has never possessed the original image or the original log. If it can even obtain it at all, it can’t do so independently; it can only submit a formal request to Flock — which will respond on its own timeline, in whatever format it chooses.

That’s not ownership. That’s a favor.

And this is the evidence that’s putting people in prison.

Deflock Joplin published its own analysis of the images, where they raise some excellent points.

Note: The images in this article are post-processed for web delivery. They may be of slightly lower quality than the originals. The originals are available via MuckRock.

• Traffic Infraction
• City Planning/Traffic Analysis - test
• Welfare Check
• Larceny/Theft Offenses - Unauthorized use of a vehicle

VIPD appeared in recently imported log files. It’s not uncommon for new agencies to show up, but this may be the first instance of an agency outside the continental US we’ve seen. It raises some interesting questions. First and foremost: why?

It’s always been highly questionable for an agency in, say, Washington to claim that it has any legitimate purpose for querying data from Florida. The Virgin Islands being, well, islands, takes it from “questionable” to “downright ridiculous.”

At least someone in Washington could steal a car or run a red light and flee to Florida. In fact, I’d put money on at least a handful of people having done that or something similar. Is it likely? No. Is it possible? Sure, I guess.

But the argument here would be that someone stole a car in the Virgin Islands, left the plates on, shipped it to the mainland via commercial freight — which presumably checks VINs — and then drove it around Rogers, Arkansas. You couldn’t get that fiction published in a creative writing course.

It’s another instance of Disproportionate by Default.

This is also a department operating under an active Department of Justice consent decree for unconstitutional policing practices.^[1] The combination — a department with documented civil rights problems, plugged into a nationwide surveillance network, running searches with no apparent investigative nexus — is exactly the scenario that audit requirements are supposed to catch.

Flock’s contractual standard limits use to “legitimate public safety and/or business purpose[s]” — a bar so low it’s practically subterranean. And VIPD still managed to limbo under it.

VIPD’s searches were visible to Flock and every network they queried. Each of those 5,000+ receiving agencies claims to audit its incoming queries. Every one of them should have flagged a Caribbean police department searching for traffic infractions on the mainland. None did.

The Iowa Legislature created IPIB in 2012 to give Iowans “an efficient, informal, and cost-effective process for resolving disputes” about open records and open meetings laws — without resorting to litigation. Nine governor-appointed members were meant to mediate and, where necessary, adjudicate complaints about governments withholding public records or holding secret meetings. For this purpose, the board was authorized to act as a prosecutor on the public’s behalf.

That is not what the board does, or what it has ever done. IPIB keeps complaints away from courts — not to adjudicate them, but as a black hole that attracts complaints and prevents them ever escaping to meaningful review. The board should be dismantled and Chapter 23 repealed.

The Legislature’s Double-Tap

It is immediately evident from the chart above^[1] that since 2018 the number of cases IPIB has received has remained more or less stable, but if you have attended any of the board’s meetings, you probably heard complaints about increasing workloads.

The workload statement is true to an extent, but the increased workload does not stem from complaints. In part, it stems from a law enacted in July, 2025 (HF 706), which “created a requirement that all newly elected and appointed officials of a government body attend training on Iowa’s Sunshine laws”.

Iowa has 99 counties and close to 1,000 incorporated cities, in addition to myriad state and other agencies. That’s a lot of “elected and appointed officials” who will require training.

IPIB is not required to actually deliver the trainings to officials, but it is required to ensure that one approved course is available at no cost. Unfortunately for everyone involved, IPIB pays its staff attorneys in Des Moines the same rate Iowa DOT pays its Highway Technicians (a position that requires a GED and a CDL permit rather than a JD) in rural Washington County.

When any third party would need to charge more, IPIB staff providing the trainings is the only fiscally responsible choice.

IPIB’s (hourly) Administrative Assistant 2 retired in 2024, taking home $68,494.34 that year.

In a February 2025 budget presentation, then-director Eckley listed “Turnover” as a “challenge,” noting that “Only 1 out of 3 staff has tenure over 1 year.”

That presentation was published in between the board getting sued for violating open meetings law when Eckley gave herself a 6% raise, and before Eckley resigned and the board offered her replacement, Charlotte Miller, the pre-raise salary.

In this context, it would be hard to fault IPIB’s attorney for considering “Lunch and Learn” sessions as more of a networking opportunity than a job responsibility.

By passing HF 706 the legislature ensured IPIB remains ineffective, even if it ever decided to change course. It redirected citizen complaint resolution time to government official training. The board teaches a law it has no time to enforce.

IPIB’s budget has not meaningfully changed between 2018 and 2025, but for FY2026 it estimates a sudden $91,259 (24%) increase, with most of that increase allocated “for hiring of contractor to implement mandatory training per approp language and/or to help with backlog”, confirming that training and complaint-handling time are competing for the same funds.

According to the figures presented at the February board meeting, that backlog is growing fast: between November 2025 and January 2026, 95 cases were opened while only 55 cases were closed. The figures only reflect those two states: “opened” and “closed.” The director omitting case disposition in the presentation to the board suggests her focus is purely quantitative, not qualitative.

At that same meeting, staff said, “we’re no longer drowning as much … we’re treading water” and suggested potential efficiency improvements by pointing out “we’re doing all our own copy editing.” Institutional pressure to reduce backlogs may explain why quality of the work-product isn’t a priority, but professional responsibility still attaches to the individual licensed attorneys drafting deficient orders.

With IPIB’s entire budget swallowed by its personnel costs only to leave them treading water, there is neither time nor money for IPIB to actually do its job of prosecuting violations.

If the board gives its staff nothing to do but take the government on Lunch & Learn dates, can we really expect fair outcomes? The answer is in the chart above: the number of complaints that are actually investigated and handled is low. Very low.

Complaints and Procedural Smokescreens

The process IPIB must follow is outlined in Iowa Code Chapter 23. It is relatively straightforward and probably what you would expect from a process like this.

The screening stage is intended to act as a filter for obviously deficient complaints. IPIB’s inbox may be filled with complaints from people caring loudly about issues well outside its purview. Initial screening is a necessary escape-hatch to allow staff to recommend directly discarding such complaints.

After that initial review, “informal assistance” should be IPIB’s bread and butter. The board’s raison d’être is to be an informal alternative to slow, costly litigation. Informal resolution is step one after the initial review.^[2]

After informal assistance, if the complaint is not resolved, staff investigate the complaint to determine if there is probable cause to believe a violation has occurred. During this process, IPIB can issue and enforce subpoenas to obtain necessary evidence; it can also hear witnesses.

This isn’t a full investigation, but an investigation of probable cause. If a complainant says a document was not produced, this would be the step in the process where IPIB might obtain a copy of an email from the city showing that the record was produced.

Finally, if probable cause is found, the case proceeds to a contested case, and IPIB is to engage in fact-finding and analysis of law. A contested case requires gathering evidence, hearing witnesses, and analyzing legal frameworks.

All of that is what the law requires. The diagram below illustrates what actually happens.

IPIB changed its primary process in November 2024. The new process is described in its 2024 annual report as a “new process [that] better aligns with the requirements outlined in Iowa Code chapter 23.” In other words, the process it used before was “less aligned”, or, in regular English: non-compliant.

That non-compliance was the basis for two separate district courts reversing IPIB complaints a day apart — November 29, 2024, was a remand in van Pelt v. IPIB, and Swarm v. IPIB remanded on November 30, 2024. In both cases, the district court agreed the dismissal was improper, reversed IPIB’s dismissal, and remanded the complaint to IPIB for processing.

In Swarm, IPIB accepted the complaint and almost immediately dismissed it again — this time, “as an exercise of administrative discretion.” Swarm petitioned for review of the new dismissal order and the case is currently pending in Henry County. For van Pelt, IPIB appealed and lost at the Iowa Court of Appeals. It has not yet accepted the complaint.

In 2023, before IPIB’s “more aligned” process, it dismissed 69% of complaints at initial screening. In 2025, after the “alignment,” that number became 47%, but 42% were dismissed for lack of probable cause immediately after screening, but still before investigation, and 2% were dismissed for administrative discretion.

Even without additional context the numbers would be a red flag—the board is telling the public that 90% of their complaints are unfounded or not even worth looking at.

Reviewing a small sampling of “insufficient” complaints confirms that they were not being reviewed for sufficiency at all.

Take, for example, 23FC:0026. Here, the complainant “alleged that she requested a copy of a 911 call concerning the report of a deceased body. She alleged that the CCSO denied the request.” This alone already constitutes a valid complaint: a record was requested, it was withheld. Was it lawfully withheld? Maybe, maybe not. That requires an investigation.

However, rather than investigate, IPIB immediately dismisses the complaint for lack of sufficiency because “it is difficult to see a public interest that is met by releasing the 911 phone call under what would be a traumatic situation for all individuals involved.”

Following its determination of trauma, IPIB then decides that the “value of confidentiality” is greater than the public interest. IPIB does not specify what that value is, or what public interests it outweighs. It applied a balancing test to a factual record consisting of a single sentence about the incident: “the 911 call involves an incident in which the caller found a dead body”.^[3]

IPIB never looked at whether the complaint was legally sufficient on its face. It instead applied the Iowa Supreme Court’s Hawk Eye balancing test,^[4] which weighs confidentiality interests against public interest in disclosure. Like most balancing tests, it can only be applied when a developed factual record is available. IPIB applied it at screening, to a single, unverified sentence.

In late 2024 and throughout 2025, after the introduction of the “more aligned” process, these types of dismissals are partly supplanted by “dismissed, no probable cause.” This sounds like an improvement, but on closer inspection it becomes clear that it is a procedural smokescreen and a mislabeling of what actually occurs.

Take, for example, complaint 25FC:0046. This complaint survived initial screening and was accepted by the board. The next step is informal assistance, but no informal assistance was given, and no informal resolution was ever proposed or rejected.

IPIB proceeded anyway. Rather than examine “books, papers, records, electronic records and other real evidence”, or talk to any witnesses, IPIB simply summarized the original complaint and the school district’s response and slapped an “investigative report” label on it. It closed its eyes and saw no probable cause.

The new “more aligned” process fails to see that the most significant alignment issue was never procedural labeling, but a complete lack of informal assistance — the reason for IPIB’s existence. Neither the old “dismiss for insufficiency” process, nor the new “dismiss for lack of probable cause” process includes that critical step.

Finally, 25FC:0042 illustrates what happens when a board takes discretion beyond what the law provides. It is a clearcut case where a college (ICCC) admits that “its Board agendas were posted online without a physical posting”. That violates Iowa’s open meetings law. However, because “ICCC has unilaterally taken measures to ensure all future agendas are physically posted”, IPIB still dismissed the complaint “as an exercise in administrative discretion”.^[5]

Iowa Code Chapter 23 does not provide for administrative discretion. It authorizes IPIB to dismiss a complaint for lack of jurisdiction, find no probable cause after investigation, or proceed to a contested case upon finding probable cause. Dismissing an already-admitted violation appears nowhere in the statute. IPIB relies on its Rule 497-2.2(4)©, which it was never authorized to write.^[6]

What Chapter 23 does provide for is informal assistance, which would have consisted of IPIB discussing the proposed—and already implemented—resolution with the complainant. It might have tried to convince the complainant that there wasn’t much more that could be gained from the complaint. Instead, IPIB decided it was done and dismissed the case.

Rather than provide informal assistance, which is the reason the board exists, an increasing majority of IPIB’s decisions fall within those three categories of dismissal.

IPIB at the Court of Appeals

In its appellate brief in van Pelt v. IPIB, the board rejected its job out loud:

Van Pelt wistfully opines that IPIB’s failure to conduct a formal investigation of his complaint rendered unavailable discovery methods that would have otherwise been accessible to him had he directly filed an enforcement petition in the district court against WDM under Iowa Code section 22.10. Yet, “Iowa Code section 23.5 offers a choice to persons seeking to enforce the open records law.”Van Pelt voluntarily chose to file a complaint with IPIB against WDM in lieu of directly pursuing judicial enforcement of his records request in the district court.By electing this particular remedy, van Pelt subjected himself and his complaint to the framework IPIB implemented through its administrative rules to review and adjudicate public records complaints.

IPIB shamelessly used the word “wistfully” to describe a valid legal argument about its flawed case-handling resulting in a loss of statutory rights. That word choice tells you everything about how the board views the people it was created to serve: not as parties with enforceable rights, but as nuisances who should have known better.

That same contempt surfaced when IPIB asked the District Court to stay its order:

. . . any perceived delay in processing van Pelt’s complaint would not constitute a violation of any applicable statutory or administrative requirement as neither Iowa Code chapter 23 nor IPIB’s administrative rules place any deadlines upon the Board’s complaint intake and investigative functions.

In so many words: “even if you make us look at the complaint, we’ll take as long as we want, and there’s nothing you can do about it.” Never mind that IPIB’s own rules require it to “promptly work with the parties” toward an “expeditious resolution.” Following the rules it wrote does not appear to be IPIB’s strong point.

The van Pelt v. IPIB case began life as IPIB complaint 23FC:0104. The short version^[7] is that the complainant — me — had requested a “deployment plan” for a company’s surveillance cameras from the City of West Des Moines. That plan was incorporated by reference into its contract with its vendor. West Des Moines responded “we didn’t download it from the vendor website” and IPIB dismissed the complaint without further investigation.

I filed a case for judicial review, originally as a direct challenge to IPIB’s procedural misstep. The trial attorney chose to go in a different, needlessly complex direction.^[8] Nevertheless, the District Court found that IPIB had not done its job and sent the complaint back to IPIB for processing.

IPIB chose to appeal and lost on the grounds that the complaint was legally sufficient. But even with an appellate opinion on the books, the board refuses to entertain even the possibility that its process or its interpretation of law may be flawed.

The Iowa Court of Appeals opinion explained that when a government body’s contract expressly incorporates a document, that document “belongs to” the government body under Iowa Code § 22.1(3)(a) — even if the body never retained a physical copy.

The Court also held that the City, as a party to the contract “always has a right to” the entire contract — including what is incorporated into that contract — and that under binding precedent,^[9] the City had a duty to produce it from readily available sources.

The opinion then closed two common defenses: first, a claim that a vendor “owns” the document.^[10] This defense fails where the government body has contractual approval rights and ongoing obligations. Second, the claim of “I don’t have it.”^[11] This defense does not work when an ongoing contractual relationship gives the body ready access.

But perhaps most significantly for future IPIB complaints: the court defined the review standard for IPIB’s initial screening. It describes it as equivalent to a motion-to-dismiss standard where all facts are taken as true and the only question is whether the complaint is legally plausible on its face — meaning “does this complaint allege anything that could be a violation?”

As long as the complaint alleges that a government body withheld a record or did not provide notice for a meeting, the answer is almost always “yes.” IPIB cannot resolve legal or factual disputes at the threshold stage and must investigate complaints that clear that bar.

At least that’s what the court says.

Business as Usual

In a meeting on March 12, 2026,^[12] deciding on whether to seek further review by the Iowa Supreme Court, IPIB’s AG-supplied attorney and its board members brushed the decision off as though it contained nothing of substance, commenting “this is not like we’re going to set precedent — it’s [not] going to change the way we do business.”

To find out what “the way we do business” is, you only have to look at the February 2026 meeting agenda. Nine cases were dismissed via the consent agenda. Some appear appropriate, like dismissals for abandonment or lack of jurisdiction, but others, like 25FC:0184, make determinations of fact and law at initial review (“Because there are no records responsive to the complainant’s request, the Department did not violate Chapter 22 when it closed the request.”)

Most insidiously, one complaint was dismissed via the consent agenda through an order drafted by executive director Miller because “complainant does not argue” a specific enough violation of Chapter 22. The complaint itself wasn’t deficient, but the complainant didn’t do IPIB’s job making its legal argument for it.^[13]

At that same February meeting, board member Luke Martz commented to a complainant:

you’re not the first person who’s come to this board frustrated with what we expect our public officials to keep as records that they don’t… you’re not alone.

He then voted to dismiss the complaint for lack of probable cause. IPIB had not held an evidentiary hearing, or engaged in any real fact-finding. It did not subpoena the records to definitively answer whether they exist. The lack of probable cause was wholly based on a passively-voiced “[no] evidence was presented to IPIB that indicated the county was not honest about the existence of the records.”

The remanded van Pelt complaint may be on the agenda for the board’s March 19 meeting; as of March 17, IPIB has not yet confirmed the meeting date or posted the agenda on its website.

The Board’s Legacy

Of all the complaints IPIB has received since its founding in 2012, it lists only four as contested cases on its website. One resulted in a $1,000 fine, one was settled, one was dismissed, and one was appealed all the way to the Iowa Supreme Court. None of them resulted from complaints dated 2018 or later.

The contested case that reached the Iowa Supreme Court ultimately returned to IPIB’s complaint sink, never to be seen again. In Ripperger v. IPIB,^[14] the board found that the Polk County Assessor violated chapter 22. The Supreme Court reversed in part and remanded for IPIB to resolve whether the property owners who requested removal qualified as “persons outside of government” — a factual question the board was specifically instructed to answer. No published order on remand appears to exist. The case entered IPIB’s complaint process and, like the rest, simply stopped.

In addition to handling complaints, IPIB is also authorized to issue “declaratory orders with the force of law determining the applicability of chapter 21 or 22 to specified fact situations”. This allows IPIB to, for example, declare that posting a meeting notice only on a city’s TikTok-account is not sufficient notice, even if nobody has complained about that yet.

IPIB has issued a declaratory order only once, back in 2013. It has, however, produced a number of informal advisory opinions, which are similar to declaratory orders in many ways, but are non-binding informal advice.

In thirteen years, IPIB’s entire record is a single $1,000 fine and one formal opinion. Even worse, IPIB completely neglects the most powerful tool the legislature gave it: the subpoena.^[15]

That’s not a result of underfunding, staff training, or resource limitations. That’s an institution that isn’t even trying. Even when IPIB itself determines there is probable cause that a violation occurred, it does not act. Even when a court tells it to handle a complaint, it would rather appeal and spend years in litigation than do its job.

IPIB in its entirety is perfunctory. Its board members and staff would rather “align” procedures in ways that present the appearance of efficiency rather than address the substance of its work—or the lack thereof.

The agency serves only one purpose, and it’s for the state, not the people: to serve as a complaint-sink for Iowans who believe that access to government is a right, not a privilege to be granted at the government’s discretion.

Connecticut Makes it Work

Connecticut — which has 3.7M residents compared to Iowa’s 3.2M — has had a very similar board since 1975: the Freedom of Information Commission (FOIC). The FOIC has been able to use the same tools IPIB has to mediate two-thirds of its complaints, hold evidentiary hearings, and produce numerous declaratory orders and contested cases each year.

In 2024, the FOIC handled 855 complaints, compared to IPIB’s 134.^[16] Those numbers predate IPIB’s 2025 training mandate. That’s important, because Connecticut abolished county governments and currently has only 169 municipal governments — a fraction of Iowa’s.

With similar populations, you might expect more complaints in Iowa. More government bodies could violate the law, and smaller cities and counties might not have dedicated legal staff, or even full-time staff. The exact opposite is true.

Either Connecticut’s agencies are a lot worse at open records compliance than Iowa’s, Iowans have less interest in local government, or — most likely — Nutmeggers have more faith in FOIC than Iowans have in IPIB. For good reason.

FOIC has eight staff attorneys versus IPIB’s two. Each FOIC attorney handled 107 cases, compared to IPIB’s 67, assuming IPIB’s director does not handle complaints. (45 if she does). FOIC’s 2024 orders aren’t a list of procedural and discretionary dismissals either; in fact, contested case hearings are so common in Connecticut that they’re published via weekly agendas. Iowa has not seen one since 2017.

Colleen Murphy joined FOIC in 1990. She became its executive director in 2005. She retired in February of 2026. Connecticut retains staff and builds deep institutional knowledge while IPIB greases the gears of its revolving door.

IPIB’s Future

IPIB could have been Connecticut. The concept was sound. The incentive structure that has been in place for years has undone the concept and replaced it with an executive bureaucracy wholly divorced from the institution’s original purpose.

For years, IPIB’s budget was flat. The recent bump was accompanied by more work. Its staff turns over faster than it can develop institutional knowledge. Its board members are appointees with no particular accountability to the public it supposedly serves. And the legislature, which created IPIB as a cheap alternative to litigation, has just handed it a training mandate to fully crowd out the complaint work it already wasn’t doing.

IPIB can’t stop and think about what it’s doing while it’s treading water. The legislature has shown the opposite of an appetite for reform. The solution is to dismantle the board entirely and repeal chapter 23.

We could replace it with a new agency, but there is no reason to think it would fare any better. The statute gave IPIB everything it needed. IPIB chose not to use it.

Instead, training functions can be assigned to the Attorney General’s office, where they belong. The AG knows — or should know — open records law well enough to be able to either put together a curriculum, or to approve one to be delivered by a vendor or one of Iowa’s 15 community colleges (at least seven of which have existing legal programs).

Advisory Opinions should not be handled by the AG because of its conflict of interest when defending state agencies. If they are needed, the Office of Ombudsman, which reports to the legislature, could take up the task as it did before IPIB. Alternatively, advisory opinions could be assigned from a lawyer pool, similar to criminal defense appointments.

Adjudication can still happen through the courts. For Iowa Open Records Act (chapter 22) cases, discovery is often unnecessary due to the reversed burden of proof. The Iowa Supreme Court has rule-making authority to create an expedited procedural track for Chapter 21/22 enforcement without new legislation. The small claims process shows that courts have ample leeway in setting expectations for plaintiffs.

IPIB’s declaratory orders — of which only one exists — are covered under the courts’ general declaratory powers.

An informal complaints process is mostly unnecessary. Informal resolution is baked into the general concept of settlement negotiations when a case is reviewed by a court. Governments only settle when it hurts less than the alternative. Taxpayer-funded attorney fees keep that threshold high regardless of forum. Fee-shifting and court-enforced fines for individuals — recently raised to $12,500 for open meetings violations^[17] — can provide pressure where IPIB won’t.

But resources spent on mediation would likely be better redirected to free or low-cost legal aid for citizens, and potentially, if it can be kept sufficiently conflict-free, a general “open government helpline” at the Attorney General’s office for both citizens and governments.

Dismantling the board would remove citizens’ temptation to fall into the § 23.5 false election-of-remedies trap. Complainants already need to go to court to get IPIB to investigate. Staying there is the more efficient option.

Swarm v. IPIB illustrates the trap: Swarm’s case stems from an open meetings violation he alleges happened in January 2022. After IPIB dismissed his complaint, Swarm sued the city for the violation, but amended to put IPIB’s name on the suit. When he did, the city joined IPIB. Sixteen months after Swarm filed the case, the district court heard it. It then sat on it for another ten to decide what to do.

It took a full twenty-six months and going toe-to-toe with both the city and IPIB — who filed a combined five attacks on the case before even filing an answer^[18] — as a self-represented litigant, but Swarm ultimately prevailed.^[19] The complaint was then sent back to IPIB’s “efficient, informal, and cost-effective process for resolving disputes” to finally be looked at. IPIB instead made a near-immediate determination: “probable cause exists to believe a violation has occurred, but, as an exercise of administrative discretion, [we] dismiss the matter.”

Today, more than four years since the alleged violation happened, Swarm is back in court fighting IPIB.^[20] He has made no progress whatsoever on the original complaint — Mount Pleasant and IPIB have been spending scarce judicial resources and taxpayer money for years so that one can avoid slapping the other’s wrist.

In January of 2026, Eulando Hayes also filed a lawsuit against IPIB, seemingly because of further improper “probable cause” dismissals in 25FC:0141^[21] and 25FC:0142.^[22]

When the board is dismantled, Chapter 23 should be repealed in its entirety and any pending complaints should be dismissed without prejudice or triggering the election-of-remedies statute, to be refiled in court.

It’s been more than thirteen years. The board has issued only non-binding advisory opinions, one fine, and one declaratory order. At least two separate litigants have spent years in court in their efforts to get IPIB to look at their complaints — so far unsuccessfully. A third just started.

Even if IPIB survives, the “election of remedies” in § 23.5 must go. Iowans should be able to trust a government agency to do what it says on the tin. But when that fails — when appointees decide doing their job is discretionary — citizens should not be left wistful, longing for a state that believes in the laws it creates.

Whether that is already done or will be done soon is unclear, but it answers another recent question: “what happened to the ‘devices searched’ column?” A few weeks ago^[1] that column disappeared. We know Flock likes to alter contractual terms and unilaterally remove audit capabilities. We also know that its “Devices searched” field disappeared for a while between November 2024 and February 2025.^[2] It has been unclear if this latest removal was on purpose, and, if so, what that purpose might have been.

A quasi-enlightening email exchange^[3] begins in August 2025, when a police officer asks Flock about “vehicle reads from the Condor cameras.” (Quick reminder: Condor is Flock’s PTZ “AI-powered video” camera that automatically zooms in on your phone). This was confusing to the officer because Condor cameras are not ALPR devices. He, like many elected officials and police officers, likely did not understand that Flock’s LPRs aren’t either.

There is no meaningful difference between an “LPR” (which, by the way, is Flock’s product name, not its category) and a “Condor.” They record things, they are analyzed via machine learning or AI, or Upwork contracts, and they are searchable by anyone Flock chooses to give access. Both the “LPR” (formerly “Falcon” and “Sparrow”) and the “Condor” are AI-powered surveillance cameras.

The officer’s inquiry came about 4 months before YouTuber Benn Jordan disclosed a separate security failure on the same Condor line: debug interfaces on what Flock characterizes as “a very small number” of units had been left Internet-accessible without password protection. Flock said it was a limited, isolated configuration issue and blamed it on Verizon. It was, however, another symptom of having no organizational controls in place. Both incidents involve Condor cameras doing things they weren’t supposed to do, and Flock did not proactively notify its customers about either.

A little over a month after the officer’s email, a search revealed >257,000 cameras. The log entry was accompanied by a note:

An issue was identified that caused the system to initiate unprocessed search activity on a larger set of cameras than intended by the user. No footage or data from these devices was accessed or viewed. The underlying bug has been fixed, and additional safeguards have been implemented to prevent recurrence.

At the time, I noted that the note does not deny that the cameras were real. I concluded that the “number includes Flock’s retail customers, like Lowe’s, Academy Sports, and FedEx.” My conclusion was based on an assumption that Flock would not merge what it holds out to be its “LPR” network and its general-purpose “AI-powered surveillance” network. I now believe that assumption was wrong.

Flock checked with engineering and responded to the officer’s email. The response was that Condors should not be showing in the “vehicle reads,” but that the engineering team was working on some new features for 2026. It was “refining” some of the data. That, according to Flock, is what caused the issue. The answer was not any more specific.

What “refining data” means is anyone’s guess, but what we do know is that Flock was rolling out FreeForm around that time. FreeForm went into “Early Access” in March of 2025. “Early Access” is a term you’d expect to find on Steam, not in your mass surveillance contract. On Steam, the term is widely understood to mean “buggy and not suitable for any serious use” — a warning that your save may be deleted or your PC might crash. Flock slaps the label on a technology that can search for people, where it’s constrained only by a broken AI moderator.

I’ve often mentioned the other oddities in August 2025; possibly first in an analysis of logs from Santa Cruz, where 90% of logs disappeared overnight. That data also showed a massive change in “search” vs. “lookup” usage, a pattern that would become visible across organizations. For example, Houston, TX, did 492,000 searches in May but “only” 183,000 in August (still roughly 6,000 searches per day).

Maybe by August our civil rights were ready for beta.

These anomalies have never been mentioned in an audit report that I’m aware of, and Flock has not addressed them other than maybe through this statement about data refinement.

After the email exchange, and reviewing data from the FreeForm report, I now think it’s likely that the 250,000 number reflects Flock’s broader network — with or without retail customers — including Condor and potentially other AI-powered surveillance cameras. The email doesn’t say that. But Flock was actively “refining data” across camera types at the same time FreeForm soft-launched, and the 250,000-camera anomaly appeared one month later. That’s circumstantial. It’s also the most coherent explanation available until Flock, or any of its customers, offer a better one.

After unification, maybe Flock will (or does) offer a search interface that attempts to maintain illusory ALPR status, or maybe it will (or does) have a single interface for searching over a quarter of a million cameras that automatically follow you around and zoom in on your phone. Its AI moderator could continue to approve terms like “jeans” and “tweaker on a bike”, or it could not.

Maybe Flock will bring back the “Device count” column some day, maybe not.

We still don’t know what they’re refining or why they’re refining it, but whatever it is, they’re doing it in secret. The column is gone, the data changed overnight, and not a single audit report has addressed it.

Its newly-launched Trust Center answers such hard-hitting questions as “Is this mass surveillance?” with:

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat.

Though, to be fair, that answer is better than the complete fabrication elsewhere on its page that says “Flock does not operate a centralized or open surveillance database. Each customer environment is independent.”

The meaning of “centralized database” is clearish — Flock likely tries to distinguish it from a decentralized database. In this case, that claim is similar to claiming your kitchen is not a centralized place for your pots and pans because you have multiple cupboards.

“Global database” is equally almost-apparent. What the new term “open database” (it also appears on another page) is supposed to mean is murky. Maybe it will clarify later, or maybe the murkiness is the point.

In any case, it will be interesting to see what elements survive contact with the legal team. One page makes claims about academic research partnerships and third-party audits — neither appears to exist in any meaningful way:

Another page claims that the GDPR is “The world’s strictest standard for data privacy.” Which is not only incorrect, but shows a complete lack of understanding of what GDPR actually is and how it works (it is a regulation that sets a floor, not a ceiling — member states can and do impose stricter requirements).

Anyway …

The fact that a half-finished set of pages found their way to production is embarrassing but not, in itself, a major issue. I can’t judge that too harshly because I pretty much develop in production all the time.

Where it becomes an issue is when you’re looking at organization-wide controls and data governance, as in SOC2 or ISO27k1, which Flock cites in support of its being deserving of trust.

These are essentially wireframed pages. Who deployed them to production? The answer to that question is almost certainly some web developer or marketing associate working on the page layout and design.

Did Legal or Compliance approve statements like “Lorem ipsum” for public consumption? My magic 8-ball says “absolutely not.” Did the product team review the system description for accuracy? “Try again.”

The release of these pages is a symptom of Flock’s broader problem: it fails to implement meaningful controls on access while claiming it has them in its marketing materials. This page is one example.

Another is this screenshot from a video showing a Flock customer service representative with full access to the admin interface for what appears to be every single Flock customer:

According to Flock’s lorem-ipsum-heavy Trust Center, we are looking at independent customer environments with proper access controls, and definitely not a centralized or open surveillance database where a low-level Flock employee can click a button to obtain access.

The secondary problem in that screenshot (there are more in the complete video, but more on that later) is that Flock apparently classified the Olympia Fields IL Park District as “Law Enforcement.”

Presumably that means that it has access to the database that stores information from Flock’s national network of 250,000+ cameras (more on that later too).

This is a problem because the Park District does not appear to be a law enforcement agency at all — it manages playgrounds, picnic shelters, and a disc golf course.^[1]

But once again, nobody appears to have caught the error, despite all the safeguards, constraints, audits, and controls that Flock touts in its trust centers, old and new.

An agency has access to data it’s not supposed to have, which shows up in a video recorded by someone who can access data they’re not supposed to have access to. The Trust Center, which was also published by someone who should not have published it to an environment they should not have access to, says everything is fine.

Flock can’t be trusted. No amount of lorem ipsuming will change that.

• Data Privacy
• Facts vs Myths
• Civil rights
• Law enforcement

Where Hotlists Come From

First, the official watchlist: this comes from the FBI’s National Crime Information Center (NCIC), which is “a computerized index of missing persons and criminal information and is designed for the rapid exchange of information between criminal justice agencies”.^[1] The FBI’s database was created in 1967, and has since grown tremendously in scope.

NCIC stores information about property (vehicles, firearms, etc.) as well as people (e.g., warrants, gangs, terrorism, anyone of interest to the secret service). This information can then be queried by state and local agencies, in accordance with the FBI’s terms, which are laid out in federal regulations and the CJIS Security Policy.

The information from NCIC — which is often inaccurate — is uploaded by states, after which the federal government and its state partners make it accessible to federal and local agencies via portals like Palantir’s ICM and Falcon, and, to the point of this article, Flock’s FlockOS and its “hotlists.”

Until recently,^[2] Flock had a blog post on its website called “What Happens When a Wanted Car Passes a Flock Safety Camera?” That post appears to have been deleted in a hurry. It is still linked to from Flock’s other blog articles, including one that describes the “Hot List feature.”

Because Flock has requested that sites like archive.org’s Wayback Machine not archive the content on its site, an archived copy is unavailable, but here is a paragraph from a referencing post:

Flock Safety’s Hot List feature allows businesses to receive alerts on stolen vehicles, known wanted criminals and more, as long as the private business chooses to share their LPR cameras with law enforcement. Law enforcement will then be automatically notified if a vehicle associated with the NCIC enters your property, allowing them to take action. It works via an integration into the Federal Bureau of Investigation’s National Crime Information Center (NCIC), which is updated daily.

Customers can also place at-risk vehicles or license plates on custom Hot Lists to alert law enforcement or on-site security instantly if/when they enter their property. — “Vehicle and Catalytic Converter Theft: Flock Safety’s Solutions for Businesses,” Flock Blog, May 14, 2025

The “Customers” referred to are Flock’s commercial customers.

The Unregulated Layer

This is the second category of watchlist: managed by local police agencies, HOAs, neighborhood associations, and businesses, and shareable without constraints — but somehow still exempt from public records law, according to police agencies.

NCIC entries, which have specific retention policies and restrictions on sharing, are often copied to custom log entries in the Flock system.

Other entries, like the one shown on the “SUS Vehicles” hotlist, can be for vague reasons like “Poss vin swap, stop and verify” — suggesting the vehicle has been placed on the list to be stopped without probable cause, or, at best, for pretextual reasons.

These stops are then combined with departmental policies to keep their use secret, like those seen in Wapello County, Iowa:

DO NOT MENTION ALPR USAGE TO THE OCCUPANTS OF THE VEHICLE. Simply reference that you ran the plate and observed an NCIC hit … DO NOT MENTION ALPR USAGE IN YOUR REPORT OR COMPLAINT UNLESS ABSOLUTELY NECESSARY. … If it is necessary to explain in a report, it is advised to use language such as “Using County resources, I discovered the suspect vehicle was bearing Iowa plate…” — Wapello County Sheriff’s Office SOP III-20, November 7, 2025.

Whether a stop was conducted based on a watchlist hit can only be established if a defense attorney asks the question and the police answer it. That may not happen until the victim of an unlawful stop has spent days, weeks, or even months in jail.

What Counts as a “Reason”

I examined 800 “Custom Hotlist” entries entered by Harris County Constable Precinct 5^[3], which covers over 300 square miles of western Houston suburbs — an area with 1.3 million residents, policed by roughly 450 sworn deputies. 101 of those deputies — nearly one in four — appear as users in the hotlist logs. 51% of entries had no listed case number and 73% were set to never expire. The criteria used varied from outstanding warrants (copied over from NCIC), vague suspicion that a VIN may be altered, or no reason at all.

An investigator at the Precinct 5 constable’s office used Flock to locate and seize a vehicle for an alleged theft that another county refused to investigate, that was never entered into any criminal database, and whose statute of limitations expired seven years earlier. The hotlist entry reads:

Vehicle is not listed as stolen in NCIC/TCIC. Registered owner claims vehicle was stolen out of Colorado County in 2012. Colorado County refused to enter vehicle as stolen. Find PC and stop/identify all occupants… Vehicle will be seized for a Civil Seizure hearing. Do not release vehicle

Investigator James Dancer created this entry on July 3, 2024, for a Texas plate ending in –981^[4], case number 2407-00085, with a one-month expiry of August 2, 2024.

The vehicle was allegedly stolen twelve years ago, according to a claim by the registered owner. Another agency — Colorado County — had already declined to enter it as stolen; possibly because the statute of limitations expired seven years earlier, in 2017.^[5]

Colorado County already decided there was no criminal case here. Dancer’s entry instructs his peers to manufacture a justification for a stop (“Find PC”) and seize the vehicle anyway. That outcome (“Do not release vehicle”) is predetermined in the hotlist entry. Once the vehicle is seized, civil forfeiture requires only a “preponderance of the evidence” that the vehicle is connected to criminal activity.

The vehicle, which is at least twelve years old, won’t be returned to the registered owner. Instead, it will be sold at auction and the proceeds will go to Dancer’s department and the Harris County district attorney. The Institute for Justice has previously filed a class-action suit for exactly this type of abuse of the civil asset forfeiture process in Houston.

Dancer’s entry also contains an instruction that appears 47 times across the 800 entries: “Find PC and stop/identify all occupants.” In 31 of those, the instruction was created by Kayla Cohan (formerly Fesperman) using a near-identical template: “BMV Susp Vehicle- BLK FORD BRONCO-Develop PC, Stop and ID Occupants.” Burglary of a Motor Vehicle (BMV) is typically a misdemeanor. These entries instruct officers to first locate a vehicle through Flock’s automated surveillance, then find or develop a legal pretext for the stop afterward — inverting the Fourth Amendment’s requirement that probable cause precede the seizure.

There is no reason to believe that the “occupants” of these vehicles, who are entirely unknown at the time the entry is created, are involved in the crime the driver is suspected of committing. That crime is equally unknown until someone “finds PC.”

Similarly, another one of Dancer’s entries for a vehicle that could be related to shoplifting at Bath and Body Works contains a slightly more detailed instruction:

Bath and Body Works Shoplifting Suspect Vehicle/ Find PC, Stop and Identify all Occupants. if any arrests are made, contact Investigator James Dancer (5I10), will most likely make scene. Contact Pct. 5 Dispatch (281) 463-6666. Send all questions/ information to James.Dancer@cn5.hctx.net

The investigator email addresses and direct phone numbers embedded in these reason fields serve a secondary purpose: when hotlists are shared between agencies, the receiving agency also receives internal contact information for the creating agency’s investigators — an informal contact-sharing network piggybacking on the surveillance system.

Another vehicle is put under indefinite surveillance by Andrea Trevino. No case number given: “SURVEILLANCE ONLY//DO NOT MAKE CONTACT.”

Jose Ramos added 6 vehicles for “Tolls” — five with no case numbers, one with case number “N/A”, all set to never expire.

Mental health crises can land you on the watchlist: “SUICIDAL GUY” (one month), “WARRANT AND SUICIDAL GUY” (no expiration), “SUICIDAL ARMED” (one month), “Welfare Check” (one month). None had case numbers.

You can also earn a permanent watchlist spot for how your car sounds: “Engine does not sound stock;” or for cryptic reasons like “300 has a badge”, “Memorial Mall”, or simply because the sergeant said so (“Sgt request”, case number: “theft warrant”).

Other entries include “SUS”, “sus veh”, “susp”, and “fug”.

A dashboard from an Iowa agency shows that even where reasons are entered, they indicate problems; there is a hotlist for “Sex Offender” — a conviction is not justification for indefinite surveillance — as well as a hotlist for “Protection Order.”

That latter category’s existence is surprising, given that Arkansas and Wisconsin police failed to act when a person with an ankle-monitor passed at least one Flock camera, as he went to the home of a 16-year-old who had a protective order in place. The pair then disappeared for two months, until someone spotted them at a truck stop in Nebraska.

Sharing Without Scrutiny

When hotlists are shared, the receiving agency receives an automated email from Flock. That email considers the data sharing to be “Great News!” and provides instructions on how to start using the shared hotlist.

What it does not provide is information about what is on the list — including whether the hotlist contains any information sourced from NCIC, which would be restricted by law. It also does not provide information about the policies in place for maintaining and populating the list.

Flock sent the email above to a Minnesota agency. The email does not mention that Minnesota law^[6] says ALPR data “may only be matched with data in the Minnesota license plate data file” or when related to an active criminal investigation. Instead, Flock cheerfully directs its agency customer to accept the mystery hotlist from Florida — in a way that more likely than not violates Minnesota law — and thanks them “for being part of the Flock.”

Although Transparency Portals include a “Hotlists Alerted On” column, Transparency Portals don’t appear to show custom hotlists.^[7] Flock’s transparency portal configuration tool, however, shows that “This value will be automatically generated according to your Flock settings.”

Flock Won’t Say How Often It’s Wrong

A common concern surrounding the use of automated enforcement is accuracy — we know that misreads happen, but we don’t know how often. And Flock won’t say.

Flock monitors and collects misread rates; it declined to provide Business Insider with specifics about the data. When customers flag misreads, that data is pulled into the company’s training set to improve its model, and the company works with local law enforcement to understand the cause of the incident, a spokesperson said. — ‘Flock Flocked up’, Business Insider, March 9, 2026.

What Flock has said, in its undated^[8] blog post “Assessing the Accuracy of Computer Vision Methods for Traffic Data Collection,” is that “Flock Safety cameras correctly identified 92.3% of vehicles by classifying them across six vehicle categories via computer vision, in accordance with the FHWA’s 13-bin classification system.”

The FHWA 13-bin system uses broad categories like “Motorcycle” or “Five-axle single-trailer trucks.” It has several categories for tractor-trailer combinations with differing numbers of axles. Flock doesn’t specify, but most likely reduced the number of bins to six by collapsing several vehicle classes into a single “truck” classification.

That 92.3% figure measures vehicle type classification — whether the system can tell a motorcycle from a tractor-trailer — not plate-reading accuracy. If Flock’s cameras fail to correctly classify vehicle type in nearly 8% of cases using these broad categories, their accuracy at reading individual plate characters or matching the more granular attributes in its FreeForm search — clothing, dents, and other vehicle and person characteristics — is anyone’s guess. Flock’s refusal to disclose plate-read accuracy or submit to independent auditing leaves that question unanswered.

Even NCIC Gets It Wrong 77% of the Time

But even when accuracy is discounted, an overview of Axon data from the Story County, Iowa sheriff’s office^[9], shows that matches are often a bust. In Story County’s “Erroneous hotlist hits” report, which covers approximately a month, hits were only sourced from NCIC.

In that month, the sheriff’s office reported 214 incorrect hits. 165 (77%) were flagged “Wrong state,” 10 were “correct” but “No action taken,” “No Associated Party in Vehicle” or “Parked - Unoccupied,” 7 were “Dismissed,” and 3 were “incorrect.” The report does not include information about the total number of scans, or the number of accurate hits.

77% of vehicles from NCIC being matched to vehicles from the wrong state is an issue. The issue is further compounded by NCIC not distinguishing between characters like “O” and “0” or “I” and “1”. And that’s NCIC, which has policies on accuracy and review of information.^[10] For Flock’s “Custom Hot Lists,” all it takes for someone in Minnesota to get pulled over is for Brittany Smith from Florida to enter an incorrect digit.

Even if the technology were 100% accurate, which it isn’t, it is still subject to the principle of “Garbage in, garbage out.”

Who Else Gets the Data

After an entry is created or copied into a custom hotlist, users can opt to receive notifications through Flock’s mobile app. If the entry is criminal justice information (CJI) copied from NCIC, it may only be accessed through a secure workstation.

Instead, Flock encourages use of its mobile app, which offers simple on/off toggles for receiving alerts. It also offers notifications based on a user’s location, suggesting Flock mobile app users’ locations are being recorded and tracked.

The risks of inaccurate or poorly-maintained hotlists to the public are well-documented. In Sherwood, Arkansas, a Flock ALPR misread a plate obscured by a loose plate holder. Police ordered a couple out of their car at gunpoint and handcuffed the woman in front of her children. In Morristown, Tennessee, a Flock camera misread an “O” as a “0,” and the Herron family — with their 3-year-old granddaughter in the car — was pulled over at gunpoint. In Toledo, Ohio, a misread “7” became a “2,” and Brandon Upchurch was mauled by a police dog and jailed. And in Aurora Colorado, an unidentified system flagged an SUV as a stolen motorcycle from another state — the plate number was the same, but it was the wrong state, like in 77% of Story County, Iowa’s erroneous hits.

But members of the general public are not the only ones at risk — police officers are too.

The hotlist data itself is federally regulated under the CJIS Security Policy:

[W]hether it’s bring your own device (BYOD) or a agency-issued phone, [law enforcement] must follow the protocols set out by the FBI’s Criminal Justice Information Services (CJIS) compliance for mobile device security and adhere to the CJIS MFA requirements that go into effect October 1, 2024 — Essential guide to agency-issued phones and BYOD policies, Verizon Business, September 13, 2024.

But those rules don’t extend to the data Flock collects through the app — like location data. It can collect or resell that data, or use it in its other products. There is no requirement for Flock to safeguard that data, or to screen the people — employees and contractors — with access to that data.

How much of the data Flock transmits is unclear, but the mobile app has a direct integration with FullStory^[11], a “Behavioral Data & Digital Analytics Platform.” It is equally unclear where the data goes from there.

We have already seen the predictable outcome when Flock failed to secure an API key and leaked live location data, including this exact “Officer mobile app location data (phone, smartwatch).”

With no functional safeguards in place, a history of leaks, and no consequences imposed by the Department of Justice or state agencies, it is left for individual officers to decide if they want Flock to enter their realtime locations — potentially both on-duty and off-duty — into its database, and whether all of Flock’s employees, contractors, and partners should have access to that data.

No Recourse, No Oversight, No End Date

There is no mechanism to discover which agencies are using what custom hotlists, or for a person to discover whether they are on a custom hotlist, to challenge their inclusion, or to request removal. There is no judicial review, no expiration requirement, and no independent audit.

The entries examined here — 73% set to never expire, half with no case number, many with reasons no more specific than “SUS” — are not aberrations in an otherwise functional system. They are the system functioning as designed.

Flock’s marketing promises transparency and accountability. Its logs consistently tell a different story: indefinite surveillance authorized by a single officer’s keystroke, shared across jurisdictions without review, immune from public records requests, and enforced through pretextual stops that its own users are instructed to manufacture.

The question is not whether the technology works. The question is whether anyone is watching the people who use it.

The answer, to date, is “No.”

After writing yesterday’s feature announcement about the new cost estimate feature, as an afterthought I did a quick query to see how many agencies used “FreeForm” and how often it’s used. The result: 6,736 “FreeForm” searches in 2025 across 121 agencies. At a $50,000 annual subscription MSRP, that works out to roughly $900 per search.

Naturally, I wanted to know what, if anything, makes these searches so valuable.

Flock’s FreeForm

Flock writes that “Flock’s ALPR system cannot be used to search for human characteristics, like race or gender” on its ethics page. In another recent blog post, recently discussed here, Flock takes it a step further:

Flock products do not identify race. They do not target neighborhoods based on demographics. They do not rely on subjective descriptions. They do not expand broad discretionary stops.

Instead, they narrow law enforcement action to vehicles that have been objectively linked to reported crimes.

The FreeForm product page even promises that “[m]oderation tools help prevent biased or inappropriate searches and support responsible, community-trusted policing.”

That narrative is echoed throughout Flock’s website, and aggressively carried out by its 200 sales staff.

In Q2 of 2025, Flock launched a new feature that “is all about one thing: speed. Speed to leads.”

In a move that will transform the largest network of LPR cameras in the nation, Flock announced that every existing Flock LPR camera can soon become video-enabled at no cost to the customer.

FreeForm, Flock’s AI-powered search tool, now works not only on owned LPR cameras but also on shared ones. It also supports video searches—meaning you can now search for characteristics on people* (e.g., “man in blue hoodie with backpack”) just like you would search for vehicles. You can even set alerts on these searches: think “green ATV on a trailer” or “person in orange vest,” so you’re notified in real time when there’s a match.

Plus, FreeForm is now compatible with third-party video feeds (e.g., Genetec, Milestone), so agencies can leverage its power without needing to switch platforms.

It notes that “people characteristics cannot be searched on LPR feeds, only video feeds”.

The FreeForm report (was “Moderation Report”) has been online for a while, but with few search entries and no documentation I never paid much attention it.

Now, almost a year after Flock’s Q2 2025 product announcement, we have a collection of searches from network logs provided by Flock LPR-system users — searches that show lookups for “objectClass:person” and “objectClass:people.”

The Constitution

The 2020 memo to Congress “Racial Profiling: Constitutional and Statutory Considerations for Congress,” written after the death of George Floyd, gives an overview of the boundaries of permissible searches.

The Equal Protection Clause “bars most law-enforcement decisions based on race,” and this prohibition holds “even if members of a given race are responsible for more crimes in a particular neighborhood.”

Courts have also held that “an officer cannot meet the Fourth Amendment standard by relying on a person’s racial appearance, alone, as grounds for reasonable suspicion.” But an officer may include race when “searching for a person matching a suspect’s description and part of that description is the suspect’s race.”

The Searches: Dragnets and Military Personnel

After analyzing 3,217 searches from 124 agencies — 3,184 of which Flock’s moderation allowed, 19 it blocked, and 14 it warned about — it’s clear that the “FreeForm” system that’s implemented is not the one that Flock describes, or the one the Constitution requires. Instead, it is a digital free-for-all where cops go on fishing expeditions based on protected characteristics. Flock even blocks the most obviously constitutional searches.

Houston PD searched 53,017 devices across 3,734 networks for “white car with black front bumper” (reason: murder investigation). That is a description so generic and a dragnet so wide that it would match tens of thousands of vehicles nationally.

Houston PD also searched that same 53,000-device scope for “Marine Corps” and “volkswagen jetta U.S. marine corps” — the first of which is a bare military affiliation search with no vehicle descriptor at all.

“Marine Corps” as a standalone search term, run across the entire Flock network, is functionally a request to identify every vehicle in America displaying USMC insignia — which would include many active service members and their families.

Since December 2025, Flock redacts its network logs before providing them to its customers whose data is being searched. Those customers can’t see who ran the search. Flock, and many of its customers on the nationwide network, maintain no policies requiring background checks or prohibiting account sharing. That’s a “local decision,” says Flock.

We can’t say, or even begin to speculate, who searched the country for “Marine Corps” and for what purpose. All we know is that someone did, and that Flock’s AI-moderator approved it.

Louisville Metro PD regularly searched 39,000–42,000 devices across 2,600–2,800 networks. One search: “overloaded waste hauler” — a code enforcement query — hit 39,751 devices across 2,672 networks. Louisville is using Flock’s AI-powered search to run municipal waste-hauling compliance checks through a nationwide surveillance apparatus.

O’Fallon, Missouri PD — a city of about 90,000 people — searched 41,054 devices across 2,707 networks for the person descriptor “jeans.” No case number. Reason: “inv.” That search hit cameras in thousands of jurisdictions across the country, looking for Americans in blue jeans.

Corona, California PD consistently searched 11,400+ devices across 370+ networks for person searches including “a person,” “police badge,” and “fire” — the first of which is literally searching for the existence of a human being.

All of these are overbroad fishing expeditions using a mass surveillance system. There is no valid investigative purpose in looking up “a person” or “jeans.” Retrieving the location history of every US Marine in the nation does not prevent crime, it hurts national security.

The Moderation System: No on “white male” — Yes on “tweaker”

The most constitutionally defensible person search in the entire dataset was the California Highway Patrol’s prompt:

Looking for a white male about 6ft 1in tall, longer brown hair almost to his shoulders, slender build, will have been wearing blue jeans, boots with white paint stains on the toes and possibly carrying a black helmet

This was a search across only 91 devices and 3 networks. It is a textbook individualized suspect description: race as one of many physical identifiers, exactly as Fourth Amendment jurisprudence permits. It was run in a narrow area where this suspect was likely to be found.

Flock rejected the search. The most probable explanation, based on other searches, is that it saw “white male.”

Meanwhile, Florence, South Carolina PD searched for “all” (objectClass:people, reason: Robbery) — a search that matches literally every person on camera. Also allowed from Florence: “people,” “hoodie,” “jacket,” “jeans,” “Red.” These were searched across only 1 device and 1 network, suggesting Florence was early in deployment or testing, but the moderation system approved them regardless.

O’Fallon MO PD’s “jeans” search hit 41,054 devices. If Florence’s identical search was allowed on 1 device, there’s no scale-based restriction either.

Hemet, California PD searched for “tweaker on bike” across 1,581 devices and 30 networks. No reason given. No case number. “Tweaker” is a slang pejorative for methamphetamine users. This is the definition of a “subjective and invasive search” — targeting people by perceived social status and assumed drug use.

Unlike the search for a highly specific white male, the moderation system allowed this search for any tweaker.

The First Amendment

An objection that’s often raised is Flock’s (admitted) ability to search for bumper stickers and other characteristics. Flock regularly claims that it is only the existence of a bumper sticker that can be queried, not its content. That is not what the logs indicate.

Spokane County WA SO searched for “american flag,” “coexist sticker,” and “trump flag” on vehicles. All three triggered a warn status. The reason fields — “freeform suspicious search test” — indicate Spokane was deliberately testing the moderation boundaries.

What happens when Flock’s AI-moderator issues a warning is not entirely clear. From earlier analysis of frontend code, it is a dialog that can be clicked through. It’s possible that someone gets a notification or an email. We don’t know.

Flock’s system knew these searches were problematic, and it flagged them, but it did not block them, as its product pages promised.

Corona CA PD searched for “american flag” on people and got blocked. The same agency searched for “american flag” on vehicles and got warned.

O’Fallon MO PD searched for “vehicle with flag” across 40,235 devices and 2,642 networks. Allowed. No warning. The generic “flag” search is arguably broader and more concerning than the specific “american flag” or “trump flag” searches that triggered warnings.

CHP searched for “Hells Angels” as a vehicle descriptor nine times (8 allowed, 1 warned from San Jose PD). The allowed searches used reasons like “Investigative Follow-up” and “Traffic Collision.” Searching for vehicles displaying Hells Angels insignia — rather than a specific vehicle involved in a specific incident — targets organizational membership.

If CHP wanted a specific motorcycle involved in a traffic collision, the search would describe the motorcycle, not the association. Seven of the nine Hells Angels searches hit only 190 devices and 1 network, suggesting a narrow local scope — but the moderation principle is the same regardless of scale.

Audit Logs and Objectivity

Of course, the majority of these searches do not have case numbers. We know by now that the claim that “every search made within the Flock platform is logged and auditable, creating a tamper-proof trail of accountability” is completely false. The sensitivity of the data being searched here — like “Marine Corps” — highlights how important it is to be able to audit a search’s full context.

Only 85 of 3,217 searches — 2.6% — had a plate field that could have contained a value. None of the problematic searches discussed above were among them.

The “objective criteria” Flock allows include a descriptor like “tweaker” but not a detailed description of a white male. It allows searching for every white car, or every military member in the nation, and only lightly wags its finger at you when searching for protected political speech.

Flock’s AI-based moderation appears inconsistent and insufficient. It certainly won’t lead to “responsible, community-trusted policing.”

This is an insecure, unaccountable, and unrestricted dragnet that can be — and is — used to mass surveill Americans based on their political, professional, and religious affiliations, their protected personal characteristics, and their expression of speech. It is exactly what the Constitution prohibits.

For each of those searches, lawful or not, Flock collects $900.

Don’t confuse it with the other proposed ALPR bill, House File 2161, a bill that was amended to give the insurance industry access to surveillance data.

H.F. 2701 doesn’t do that. At least not out loud. Its central accomplishment is eliminating oversight.

Virginia, but less transparent

H.F. 2701 closely tracks Virginia’s HB2724 law, which came into effect in July, 2025. Much of the language in Iowa’s bill was lifted verbatim from Virginia’s.

The Richmond Times Dispatch published an article today, titled to tell Iowans in no uncertain turns what the proposed bill really holds: “State won’t say which law enforcement agencies are breaking surveillance camera laws.”

Under the new laws, agencies can’t share their databases with other states or federal agencies. But at least nine self-reported that they were still allowing federal agencies continuous access to their databases, and another 20 were still allowing out-of-state agencies that same access, the crime commission said in it’s*[sic]* January report.

The commission won’t, however, identify which agencies are violating state law – and it is not required to release records to the public due to a longstanding exemption from public records law.

Iowa’s proposed bill does not restrict sharing with out of state agencies, but Virginia’s outcome for finding violations is better than the one Iowa can expect; the Iowa bill is significantly worse for transparency.

Like Virginia, it would remove ALPR system audit trails, which provide information on what the system is being used for, from oversight. Virginia requires that agencies record data about when the system is being used for stops, and demographic data on who is being stopped. Iowa does not. Iowa requires annual reporting too, but only of self-reported aggregates nobody can verify.

Where some might find it shocking that Virginia’s commission won’t answer the question “who abused the system?”, Iowa took that same bill and surgically removed any possibility of that question being asked.

The only report goes to the Department of Public Safety. This is problematic, given DPS’ history of inaction on surveillance, and its readily-apparent conflict of interest when it comes to oversight of local police.

Any reports would contain aggregates of data that isn’t required to be collected according to any standard, or at all — like the number of stops. But even if the numbers were there, nobody could verify them: the underlying log files are completely inaccessible to anyone except the agency reporting, including DPS.

Make no mistake: Iowa police don’t want you to know about ALPRs. The ACLU of Iowa/University of Iowa’s report showed widespread violations of existing open records law;^[1] the Iowa Public Information Board unlawfully refused to look into non-disclosure of ALPR contracts; and the Wapello County Sheriff and Altoona Police Department adopted policies on concealing ALPR use.

This bill allows them to hide everything. And they will.

The Warrant Red Herring

The Iowa bill also does away with Virginia’s “reasonable suspicion” standard, in favor of a warrant requirement. That warrant requirement, however, is a red herring for two main reasons.

First, it only applies to data older than 24 hours. The first 24 hours are a free-for-all, requiring only self-certification (in a secret log) of a vague approved purpose. During this period, data can be accessed and copied without a warrant. If the data is copied to a location outside the ALPR system, the bill’s protections evaporate. Agencies across the country already use this mechanism to bypass existing retention requirements.

Second, the bill sets no bounds on who can issue a warrant. Any magistrate can. The magistrate does not have to be in the same county, nor does he need to have jurisdiction over the alleged offense. Magistrates appointed before 2009 are not even required to be lawyers—there’s no incentive to push back on a warrant 200 miles away when you’ve been doing the same part time job for 17+ years. The setup enables the worst kinds of forum shopping.

The electronic warrants system compounds the problem—it creates a system where search warrants are, or at least can be, handled similarly to your Amazon Shopping customer service complaints.

The judiciary’s oversight of magistrates is voluntary. That means that unless the chief judge in the county where the warrant was granted — which can differ from the county where it was requested — is actively monitoring the search warrants granted in the county there is no oversight.

Who can complain when the use of ALPR remains hidden? Who can even find warrants when it takes visiting all 99 county courthouses?^[2] And, critically, who could ever find out if the system was queried without a warrant?

Police don’t Police Police

As the outcome in more-transparent Virginia shows, these aren’t hypothetical concerns. We can’t trust police to “do the right thing” when it comes to oversight.

This bill does not aim to solve any problems, it aims to hide them. Virtually all abuses of ALPR systems that have been uncovered have been found by journalists and members of the public; immigration searches in Illinois uncovered by a community group, stalking in Joplin, MO, discovered by DeFlock Joplin, a Kansas police chief was only found to be stalking after admitting it, KCUR in Lenexa found police investigating a column author, and just two weeks ago in Milwaukee, a stalking victim found out by looking up their plate on haveibeenflocked.com.

Because nobody actively monitors how these systems are being used, these abuses are not discovered in real-time. It takes drawn-out open records processes, complex analyses, and lengthy investigations. The bill requires logs to be destroyed within two years — or sooner, at the agency’s discretion.

Of course, whether the existence of evidence in a locked filing cabinet in the basement of the police station actually matters is another question.

Iowa’s bill would sweep this type of evidence of abuse under the rug. It undermines Iowa’s public records law and tacitly blesses the current complete non-enforcement of Iowa’s existing laws on surveillance.

The ACLU/UI report revealed that over a third of Iowa agencies grant access to non-sworn support staff, like administrative staff and clerks. The bill doesn’t address this, nor does it set minimum security standards in statute — it delegates them to the same agency policies nobody audits.

The bill is silent on how Iowa enforces its restrictions on out-of-state agencies that access the data — or on what happens when out-of-state agencies don’t comply with, for example, the requirement to send annual audit reports to DPS.

If this bill passes, some will claim it as a victory. Neither the ACLU, nor the legislature, nor DPS will have any way to verify if it was.

The ACLU of Iowa, Institute for Justice, and Americans for Prosperity should withdraw their support for H.F. 2701. Virginia has proven that it places incident screens where guardrails are needed. Let’s learn from their mistake.

I recently received a copy of Flock’s response to a CDPA request. The response was predictable: obfuscate, misdirect, and deny.

In this article, we’ll pick Flock’s response apart, because the Attorney General hasn’t. Yet.

CDPA 101: It’s GDPR Lite

The CDPAs adopted by the various states broadly follow a pattern inspired by Europe’s General Data Protection Regulation (GDPR). What they protect varies a little from state to state, but the general idea is “information that is linked, or linkable, to persons.”

In equally broad terms, whenever a “person” (government, business, natural person, etc.) collects or maintains protected data, they are a “controller” and someone merely handling the data is a “processor.”

In states with a CDPA, you typically can do things like request your data from the controller, opt out of certain data collection, find out how it’s being shared, and correct incorrect information.

Corporations in general, but mass surveillance corporations in particular, enjoy existing in liminal spaces. Even though various state laws require the separation to be clearly defined in contracts, the terms are often purposely left out, or, if included, left ambiguous.

That problem is compounded for government-funded corporate surveillance because the surveillance devices (cameras, microphones, what have you) and software are often said to be private, while the funding and operational infrastructure (permits, land use, and so on) is provided by the government.

A fun fact — and we’ll get to why it’s “fun” in a minute — is that the government itself is exempt from the CDPA.

A Response, Annotated

With respect to any systems over which Flock is a controller, we did not locate any data in such systems that matched the information provided in your request

It is unclear what systems Flock refers to, but clearly it admits it is a controller of some systems.

But let’s gloss over that really, really quickly.

With respect to any data which may temporarily be stored on Flock Safety devices, such data is consistently written over on a rolling basis due to limited memory space on the devices and is not stored or maintained on such devices in a manner that allows Flock Safety to directly identify, link, or associate the data with an identifiable person. This can only be done via the Flock Safety software systems, where, as described further below, all data is owned and managed by Flock Safety’s customers.

This sounds sort of meaningful, but isn’t. At least not in the way Flock would like you to believe. Ownership and management are not factors, nor is whether Flock “identifies, links, or associates” the data with an identifiable person. Whether the data is stored “temporarily” or whether it’s overwritten on a rolling basis are all technical implementation detail that neither the CDPA, nor the requester cares about.

What they do care about is the admission in the middle of the technobabble: Flock stores or maintains “such data.”

With respect to any systems where Flock Safety processes data on behalf of our customers, please note that Flock Safety’s customers are owners and controllers of the data Flock Safety processes on their behalf. Flock Safety is a service provider and processor for our customers and as a result, we are unable to directly fulfill your request. We recommend contacting the organization that engaged Flock Safety’s services to submit your request, as they are responsible for assessing and responding to it.

This paragraph is Flock’s key assertion. It is boilerplate crafted to dismiss requests under many states’ CDPAs, which share the “processor” language. But it’s lazy boilerplate, because it also uses “service provider” from California’s CCPA/CPRA.

If it’s too much work to craft a form letter specific to California — the most populous state in the nation — it’s probably a safe assumption that it’s too much work to actually look for the data requested.

Here are a few additional points about Flock Safety’s data collection and privacy practices:

Okay, let’s hear 'em.

Customer Contracts: Flock Safety’s processing activity as a service provider and processor is governed by the contract we have with our customers, which captures their instructions and the limitations on how Flock Safety may process their data. Flock Safety’s customers own the data and make all decisions around how such data is used and shared.

The same boilerplate “California-plus” language: “service provider and processor.”

The paragraph itself — its activity is governed by the contract it has with its customers — is meaningful. Hang on to that tidbit, we’ll come back to it.

No Sale of Data: Because Flock Safety’s customers own the data, Flock Safety may only process the data in accordance with our customer’s instructions, as outlined in our contracts with customers. Flock Safety is not permitted to sell, publish, or exchange such data for our own commercial purposes.

Again, the causal link Flock suggests here does not exist. The CDPA places restrictions on the sale of data, but it does not consider “ownership.” That’s deliberate, because it’s not how data sales work in practice: people rarely sell data, they license it.

And while “for our own commercial purposes” is technically correct, it is misleading. As a processor, Flock would not be permitted to “sell, publish, or exchange such data” for any reason. It can follow the express instructions of the controller. That’s it.

Instead, its business model requires it to schlep around buckets full of data between customers, and between its own systems to offer a Surveillance-as-a-Service product.

Information Collected: Where Flock Safety’s customers leverage License Plate Reader (LPR) technology, the LPRs do not process sensitive information like names or addresses. Instead, LPRs only capture images taken in the public view of publicly available and visible vehicle characteristics

Flock’s response focuses on “LPR” cameras. Which is the most well-known of its products, but still only a subset. Its other products, like Condor PTZ cameras, Raven microphones, and even Nova (which “combin[es] CAD, RMS, video footage, LPR data, and even open-source intelligence [which includes things like consumer credit reports, and, according to independent security research, SSNs and other dark web data] in one unified experience”) go unmentioned.

That its roadside cameras don’t process “sensitive information” is false. That term is defined by the CDPA; in Delaware, it includes “precise geolocation data”, in Minnesota it includes “specific geolocation data.” Both are statutorily defined terms describing a type of data captured by Flock’s roadside cameras.

To make the claim true, Flock attempts to substitute its own definition of “sensitive data” for the one provided by the statute.

But what matters more for the response is not whether a specific Flock product handles a specific type of information, but whether Flock, as a company, has protected data.

The answer to that is “yes.”

Purpose: Flock Safety customers use data for security purposes, including managing public safety or responding to safety concerns and reports. Additionally, such data may be used to help solve crimes and provide objective evidence.

Close, but not quite. Flock’s standard contract says: “‘Permitted Purpose’ means a legitimate public safety and/or business purpose, including the awareness, prevention, and prosecution of crime; investigations; and prevention of commercial harm, to the extent permitted by law.”

The purpose itself is mostly irrelevant. The point is that the “Permitted purpose” is defined by Flock, in its standard terms and conditions, which it can unilaterally modify. Determining the purpose makes Flock the controller.

Retention: By default, Flock Safety’s systems only retain data for 30 days, which means that any data collected on behalf of customers is permanently hard deleted on a rolling 30-day basis. Flock Safety customers may shorten or lengthen this retention period based on their local laws or policies.

This is an equally relevant admission: Flock sets the default retention period, and it determines that it “permanently hard deletes” the data. Its customers can influence those terms later, but it is, again, Flock making controller decisions.

Processors vs. Controllers

From Flock’s lazy boilerplate, it’s already sufficiently clear that the company (a) has the data requested, and (b) is the controller of that data. Its response does not survive. But let’s double-tap.

All the States, None of the Work

The response above was from Minnesota, but we’ll use the CDPA from Flock’s state of incorporation — the Delaware’s Personal Data Privacy Act (DPDPA) — to walk through it. DPDPA is not only the most fun to say, it is also functionally identical to Minnesota’s MCDPA in every way that matters here.

If Flock gets to write a California-plus denial, I get to write a Minnesota-plus indictment of it.

Flock’s California-plus language is telling in its laziness. If Flock were a processor, it would have an obligation, under the MCDPA or DPDPA, or some other CDPA, to assist the controller with the request. If it were a service provider, it would have that same obligation, but to the business.

What Flock does instead is punt, without even identifying who it claims the controller is or are — presumably all of its Minnesota clients.

Minnesota gives consumers the right to a list of every third party who received their data. Flock’s response does not even mention it. As a processor, Flock has the duty to assist the controller to locate the list and provide it as a response.

That Flock’s response is lazy is unsurprising when the contact information listed on its CDPA form is “Generitech Privacy 123 Main Street Capital City, ST, USA 10001 +1-800-000-0000 emailprivacy@generitech.com”

The laziness shows that it does not even attempt the bare minimum to fulfill the role it claims for itself. The only thing it does is send out form letters as generic as 123 Main Street.

The Missing Contract

Remember the relevant contract claim. Flock claims there is one, which is good. But the DPDPA and MCDPA (and others) not only require that there be a contract between a controller and a processor, they require it to have specific content.

Flock’s contracts, as we have reviewed them, do not contemplate this. Here is an example of such a missing requirement — you can look for it in the terms Flock publishes on its website:

A contract between a controller and a processor must govern the processor’s data processing procedures with respect to processing performed on behalf of the controller. . . . The contract must also require that the processor to do all of the following: . . . Allow, and cooperate with, reasonable assessments by the controller or the controller’s designated assessor, or the processor may arrange for a qualified and independent assessor to conduct an assessment

Flock’s contracts do not contemplate this at all. Not even close.

The DPDPA requires that the division of labor between a controller and processor is laid out in the contract to avoid exactly the type of shell game Flock attempts to play.

That requirement is not without teeth — the law spells out the consequence of omission:

Determining whether a person is acting as a controller or processor with respect to a specific processing of data is a fact-based determination that depends upon the context in which personal data is to be processed. A person who is not limited in such person’s processing of personal data pursuant to a controller’s instructions, or who fails to adhere to such instructions, is a controller and not a processor with respect to a specific processing of data.

Flock’s prize for failing to have an adequate contract in place is that it becomes the controller.

The Government as Controller

Even if Flock’s contracts were perfect, its position would still fail. As stated earlier, the CDPA does not apply to the government. That doesn’t mean that it is optional for the government, it means that the statute, as a whole, does not apply to the government.

This chapter does not apply to any of the following entities: Any regulatory, administrative, advisory, executive, appointive, legislative, or judicial body of the State or a political subdivision of the State, including any board, bureau, commission, agency of the State or a political subdivision of the State, but excluding any institution of higher education.

Even if a police department were to want to assume the role of the controller, which it doesn’t, it could not. That’s why the language is not in the contract.

“A person who is not limited in such person’s processing of personal data pursuant to a controller’s instructions . . . is a controller and not a processor”.

Someone who is not the controller can’t provide “a controller’s instructions.” Without those instructions, Flock is not “limited” by them.

And because Flock is not limited, it is the controller, as a matter of fact as well as law.

Minnesota’s cure period expired January 31, 2026.

File your requests. Collect your California-plus denial. Encourage your AG to act.

Cross-posted from Footnote 4A, where I cover Flock, privacy, and public-private surveillance infrastructure more broadly. Flock-specific posts live on haveibeenflocked.com.

The events in the video take place at Flock’s offices in an anonymous industrial building at 1310 Seaboard Industrial Blvd NW, Atlanta, GA — Google Maps confirms the building is surrounded by Flock equipment and is identified as a drone launch site.

Now, the film.

Flock’s story starts when a hoodie-clad man rolls up to the crime scene in his brand-new Mazda.

He gets out and approaches the building’s front door, tactical Halligan bar in hand.

Unfortunately for the would-be ne’er-do-well, a blue light comes on.

On the screen it says “From detection to decision.”

The camera pans from the blue light to a Flock Falcon license plate reader, which definitely only captures license plates and not people.

It’s a little unclear if the “detection” is the blue light, and the “decision” is the license plate reader, or if there’s something else going on.

Never mind. A Realtime Crime Center!

The interface shows 3 license plates with real Phoenix, AZ, locations. They are flagged as “Expired Driver’s License”, “Suspended”, and “Invalid License” — exactly the category of high-level crime that Flock believes warrants placing a nation under surveillance.^[1]

A man with a moustache clicks “Dispatch drone.”

This time, the ALPR list shows license plates annotated “Invalid License”, “Sex Offender”, “Expired Tag”, and “Expired Driver’s License.” Those CJI tidbits slide off the screen and cut to a drone being released from a box.

If it was your license plate broadcast alongside “Sex offender”: congratulations, you get to talk to a lawyer.

“Drone as Automated Security deployed”, the on-screen letters inform us.

The drone takes off and spots the Mazda parked under a streetlamp about twenty feet away.

Technologia.

The Mazda appears to be parked more than 12 inches from the curb.

Dramatic music intensifies.

“Thermal night vision capabilities.”

The Mazda is still parked under the streetlamp.

Now we see a digitally altered black-and-white image. Thermal vision, presumably — though it reads as a color-filter pass on regular footage.

Halligan-bar-man is doing something with the door. The drone switches back to normal vision, because the other vision was garbage.

Our hero, the drone, sneaks up on Halligan-man as the letters assure us of “Presence that de-escalates.”

Halligan-bar-man flips out.

He runs away, toward his Mazda.

Someone somewhere gets a phone notification: “Global Logistics has invited you to spectate a flight on Flock DFR.”

Grab the popcorn, we’re spectating.

The drone watches our man peel off past several Flock ALPRs and PTZs.

Now we’re back at dispatch in Phoenix, walkie-talkie’ing Dunwoody PD, which recently paused its Flock contract “over data use concerns.”

Officer Dunwoody manages his drone from the car laptop en route to the crime scene. Operating aircraft you can’t see while you’re driving a vehicle is safe, right? Must be — the FAA allows it.

Meanwhile, for reasons only known to hoodie-man, he has circled back and parked at Flock Central — 1310 Seaboard Industrial Blvd NW — the drone’s home base. He is ready to surrender his life of crime and be arrested for the one offense he committed: parking too far from the curb.

Music crescendos.

He gets out of his new Mazda, wireless CarPlay still connected, hands to the sky.

Handcuffs.

We got him, boys.

“Flock Drone as Automated Security”

“One click automated operation”

Dead stick logo.

First, a new report: California Out-of-State Queries.

A note on what’s here and what isn’t: some older California-specific reports were removed after suspected changes on Flock’s end began producing incorrect results. This report replaces them with a narrower, more defensible dataset.

This report contains all external searches seen by California agencies for which we have log files (which isn’t many, but if you have some, or you want to go file some requests, send them to humans@haveibeenflocked.com!).

The ~14.5M out of state searches currently documented in the report come from the four agencies listed above. Other agencies which contributed data that showed no out of state searches were the California Highway Patrol (for the period 2024-11-25 — 2025-12-01) and Buena Park, CA PD (for the period 2026-01-19 — 2026-02-23).

The point of the report is that it shows searches of cameras placed in California, that have collected data about Californians; it will tell you if a query from a non-California agency “hit” a California agency.

The report’s “source agency” column will tell you which agency reported the search. And, yes, every single one of these 14.5M+ searches may violate California’s prohibition on sharing ALPR information with agencies outside the state (SB34).^[2]

February 11, 2025, is the date was reported to have disabled all out-of-state access for non-California agencies. For Santa Cruz and Capitola, the only non-California agency appearing in the logs after that data is Blue Lake Rancheria Tribal PD. El Cajon is being sued by the AG.

Seaside strangely reported only a handful of searches. On inspection:

We have very limited logs for Seaside (approx. 2025-01-20 — 2025-02-17), so it’s possible that far more searches of Seaside by non-California agencies have occurred outside that limited visible window.

Nothing confirms “Deactivated Users” is not a California agency, but OCDETF (Organized Crime Drug Enforcement Task Forces) was an independent federal agency under the US Department of Justice, recently dissolved and rehomed under the Department of Homeland Security.

Whatever federal access OCDETF had to California ALPR data through Flock now presumably belongs to DHS. Whether “Deactivated Users” represents side-door access that Flock obscured by omitting the agency name, or straightforward federal access, the result is the same: Californians’ data ended up with the federal government through Seaside PD and Flock.

And, of course, New Mexico is definitely not in California — there’s a whole Arizona in between.

Another thing that stands out about these searches is that they both covered about 300 networks (316 for the NM search, 335–336 for the OCDETF ones), suggesting 1:1 sharing agreements.

That certainly seems like a possibility, because according to its transparency portal, Seaside CA PD currently grants access to the following non-California agencies:

• Goshen Village NY PD
• Blue Lake Rancheria Tribal PD
• CA Iipay Nation of Santa Ysabel
• Decommissioned Org / Demo

The only 7 documented searches from Goshen, NY (pop. 5,777) happened between 11/12/2022 and 4/1/2023.

The likeliest explanation: Seaside granted access to what it believed to be Orange County, California, but ended up sharing California data with Orange County New York’s county seat: Goshen.

In case you’re curious, these are the states that most searched California records:

State and local governments aggressively resist open records requests related to Flock. They will apply any exemption, no matter how non-sensical. Part of that is simply the government’s mindset— the less accountability to the public the better. Part of that is Flock.

The Guide

Flock issues informal guidance to its customers on how to handle open records requests. A document, “Guide to Flock Safety Data for Open Records Law” (last updated September 2025) opens by telling the reader that they do not have to create records.

@Guide to Flock Safety Data for Open Records Laws

The guide offers wildly incorrect legal advice.

Generally limited disclosure [for ALPR data] across most states. Some states exempt all data captured by or derived from any automatic license plate reader system from disclosure either by express statute or per case law

Rather than there being “generally limited disclosure”, few states have express protections for ALPR data. This is self-evident from Flock’s wholly unregulated status as a provider of “photos taken on public roadways where there is no expectation of privacy.” Those same photos are not “generally” exempt from open records requests.

Agencies should consider whether to redact license plates, search reasons, and case numbers from these logs, as well as other potential fields that may be deemed sensitive

Similarly, the open records laws that I am aware of do not permit redaction of “fields that may be deemed sensitive.” Rather than relying on a clerk or a cop to subjectively deem something to meet an unspecified standard of sensitivity, open records law tends to only permit redaction of items that meet specific objective criteria defined by statute.

Flock’s document goes through every category of public record related to its system to identify possible exemptions, suggesting ones for police investigations, security exceptions, and privacy reasons. Throw exemptions at the requester and see what sticks.

When all else fails, Flock suggests in its suppression manual dressed up as customer support, its government customers should not disclose the record, like the law requires, but “consider negotiating a narrowed timeframe” and charging fees.

We’ve since seen other guidance, where customers are instructed to keep searches “as vague as permissible” come from FBI agents in Flock’s hometown of Atlanta.

In recent months, there has been a marked uptick in audit logs submitted to haveibeenflocked.com in garbled PDFs—including from states that require public records to be produced in their original electronic format.

One agency in Arizona did the FOIA-thing and printed out the CSVs to scan them right back in. Another delivered them to the requester on paper. Perhaps Flock updated its guidance.

Contractual Obstruction

Flock does not restrict itself to advising customers on their open records process, it inserts itself. Some, but not all, contracts create a duty for customers to notify Flock and delay open records responses.

If a request is made pursuant to the Iowa Open Records Act, Iowa Code chapter 22, to examine Confidential Information identified herein, the Customer will notify Flock. Flock will be given not less than ten (10) calendar days within which to file an action in the Iowa District Court… seeking the entry of a declaratory order or injunction to protect and keep confidential the information identified as confidential herein. — Johnston, IA Service Agreement

This is clearly problematic from a transparency perspective, and, raises serious legal questions in Iowa. The Iowa Open Records Act does not set fixed timelines for responses—it requires governments to respond "promptly."A mandatory minimum ten-day response delay is not “promptly.”

In Grafton, WI the language is a bit softer; there, Flock requires “reasonable prior notice.”

That’s not the only problem with this clause though. It is the vendor assuming a decision-making role in the non-delegable public records process. While a government may delegate some of its functions to third parties, the duty to respond to open records requests “promptly” lies exclusively with the custodian, and delegating such decision-making authority to a private party is likely unconstitutional.^[1]

It’s the same reason we can’t hire mercenaries to police our cities—government employees must be accountable to the people. At least on paper.

Nothing the Public Can Gain

Then there are the “transparency” portals. Flock has stripped functionality to hide essential information, but cities often still refer people who request access to log files to the portals. In public, Flock sells it as a transparency tool “to promote trust, accountability, and citizen privacy in policing.” In private, Flock tells its customers the truth: it’s useless transparency theater.

Take a look at this sample Transparency Portal and let me know if you’d like anything changed. All fields can be edited, deleted or added to. Any of the fields in grey indicate information that will be pulled directly from your Flock account. The only other thing worth noting is the Search Audit…I have attached an example. There is nothing the public can gain from this report, as it only provides the search date, camera and search reason. — Email from Libby Landers, Flock, Senior Customer Success Manager, to Ridgecrest, CA Police Chief Ysit (June 25, 2024)

@“Nothing the public can gain” - Ridgecrest, CA (2024)

If you are inclined toward charitable interpretation, you could see this as an unfortunately-worded email hastily typed by a customer service rep with an inflationary “Senior” title. Fair.

Except the same email Libby Landers sent to a California police department in 2024 shows up nine months later, word for word, in Prosser, WA, with someone else’s signature (Danica Pierce, Flock’s Local Customer Success Manager I).

@“Nothing the public can gain” - Prosser, WA (2025)

Someone at Flock approved the message for use as a form email.

The next sentence in the form email is also worth highlighting:

However, if you find your department’s users are not consistently searching off of incident/case numbers, that may be a reason to hide the Search Audit. It is entirely up to you but just like to point this out.

It relates to another email, where Flock cites the CJIS Security Policy:

Per legal: A case number and/or call for service number listed for the search reason is a Flock Requirement + Best Practice and required under Criminal Information Services (CJIS) Security Policy as promulgated by the FBI.

4.2.5.1 Justification In addition to the use of purpose codes and togging information, all users shall provide a reason for all all inquiries whenever requested by NCIC System Managers, CAs, local agency administrators, or their representative

— Email from Kyle Turner, Senior Customer Success Manager, Flock to Ridgecrest, CA Police Chief Groves (Feb 2025) (emphasis in original)

@Email Flock to Ridgecrest, CA Police Chief Groves (Feb 2025)

In a form email, Flock tells its customers to hide the evidence if its customers plan to violate their contracts with the US Department of Justice and federal rules and regulations (and, in many cases, parallel state law).

Ridgecrest, CA PD has disabled case numbers in the Transparency Portal.

The Lawyers Know

The government, or, at least, its lawyers, know that their legal justifications for denying requests are thin. In an email exchange between Prosser, WA, city officials and (presumably) their attorney, sparked by a records request from MuckRock user Rose Terse, the attorney expresses some frustration with Flock’s relationship to public records.

Emily Guildner of Thompson, Guildner & Associates, writes to her partner, Nikki Thompson:

i think it is a better argument that its not a record yet but i really just want all of our clients to stop using flock cameras.

She attempts to come up with a justification but comes up short:

I guess the question is whether it is “a writing” already out there but in an illegible format or not. Cities do have to pull data from a data base if requested, I just don’t know what form this is in, or if its in no form until there is an inquiry run?

She settles on the poorly-fleshed out theory regardless:

well our position on these is that they are a little different in that the pictures etc are records that are out there, the audit logs are not a record yet. so its not about access its about the fact that we would have to create a record to respond to the records request. but i think we’re on thin ice…

Thompson finally sends a proposed response to city staff, denying the request for it being “creating a record” and asking staff:

Thoughts? Are you sure you don’t want to turn [the Flock cameras] off? Remember that attorney fees are mandatory, if a City loses in public records litigation.

Two months later, in January 2026, Prosser turned them off.

@Prosser, WA attorney email chain

Flock industrialized existing government hostility to public records with guides, form emails, contract clauses, and a “transparency portal” engineered to disclose nothing of value.

Prosser’s attorney asked the right question. More cities should answer.

Cross-posted from Footnote 4A, where I cover Flock, privacy, and public-private surveillance infrastructure more broadly. Flock-specific posts live on haveibeenflocked.com.

Civil rights organizations appear not to have caught on. At the time of writing, they are still voicing support for a bill that threatens to severely undermine the privacy rights of everyone in the country.

A Private Network on Public Infrastructure

The legal theory under which camera-operators and police operate is that they are photographing vehicles on public roadways, and that the images therefore don’t implicate privacy interests.

Flock’s cameras sit on public utility poles, installed under public permits, paid for under public contracts — infrastructure a purely private company could never obtain on its own. The data flows into a corporate-owned database that participating agencies can query nationwide. Flock is not a government agency; it’s a vendor that has successfully made itself look like public infrastructure.

The data is public enough to collect from every street corner without a warrant; when requested under open records laws, those same images and records tend to magically transform into sensitive intelligence not fit for public consumption.^[2] When a Washington state court found that version of Schrödinger’s photographs — public enough to gather on every corner, too sensitive to disclose to the public whose streets paid for them — to be legally incoherent, police across the state cancelled their ALPR contracts, ostensibly to protect Washingtonian privacy.

Vendors and police have so far resisted both horns of this dilemma. There is no warrant requirement for collection, no meaningful FOIA access, and agencies can look up anyone’s long-term, nationwide location history without judicial oversight. The data is pooled nationally. A camera in Des Moines contributes plate reads to the same database as a camera in Houston.

This is not an Iowa database. It is a national one.

How Iowa Becomes a National Gateway

Readers outside the Hawkeye State may not be aware that Des Moines is a — perhaps the — major insurance hub in the United States, home to Principal Life, Transamerica, Wellmark, EMC, United Fire, and dozens of others. Iowa-domiciled insurers account for roughly 2–4% of total US premiums, heavily concentrated in life, annuity, and commercial lines.

The amendment doesn’t restrict ALPR data access to Iowa insurers, Iowa plates, or Iowa accidents. It opens the tap to any “insurance carrier, or an insurance support organization” — nationally, without geographic limitation.

Flock and similar vendors maintain a pooled database of plate reads contributed by agencies across the country. An Iowa city enters into an agreement with Flock. Under the amended bill, that city may now lawfully share the data — location history, timestamps, images — with insurers for “adjudicating insurance claims,” even if the data was originally collected nowhere near Iowa. Iowa’s authorization is the fig leaf that legitimizes access to a database populated by agencies in California, Texas, and New York.

That’s data laundering: a permissive jurisdiction provides the legal cover that turns a publicly-subsidized national surveillance network into a commercial data product. Iowa’s overrepresentation in the insurance industry means the companies most likely to exploit this are disproportionately headquartered in the same state that just handed them the keys.

The phrase “insurance support organization” makes this worse. In insurance law, that covers data aggregators, claims analytics firms, and infrastructure providers like Verisk/ISO — entities whose business is pooling and reselling data across the industry. Data that enters that pipeline does not stay in the lane it entered through.

The amendment doesn’t just give insurers access to ALPR data; it gives the entire insurance data ecosystem access to ALPR data.

Next time you’re involved in a car accident, the insurer may pour through your location history to find reasons not to pay. Stopped at a bar the night before, even for a diet soda? That may become an argument. If your employer’s insurer is watching while you recover from an injury, think twice before leaving the house to pick up your prescription.

What the Amendment Actually Removed

The original bill named a legal threshold: no one could access ALPR data more than 24 hours after capture without a magistrate-issued search warrant or a county attorney’s subpoena for a specific plate. In practice, the subpoena option gutted the warrant requirement before the ink dried — a county attorney can issue one without judicial oversight, meaning the same prosecutorial office that wants the data could authorize its own access. But even that weak threshold is gone.

In its place: a requirement to log a “call for service number or case number” before searching. That’s an administrative record-keeping requirement, not a legal threshold. No independent review, no probable cause, no judicial oversight.

The original bill also flatly prohibited sharing data with any nongovernmental third party. The amendment replaced that prohibition with an explicit whitelist that includes insurers, or anyone who promises to use the data “for the sole purpose of protecting public safety, conducting criminal investigations, or ensuring compliance with federal, state, or local law.” What was a ban became an authorization.

The penalty regime was similarly softened. Violations now require proof of “willful and intentional” conduct, and the aggravated misdemeanor threshold requires the violation also be committed “for personal gain or while violating any other provision of law.” Routine unauthorized sharing — the kind driven by bureaucratic carelessness or vendor pressure — is unlikely to be prosecuted at all.

The Lobbying Picture

The lobbying declarations for this bill tell a more complicated story than the civil liberties coalition supporting it would suggest.

The Iowa Association for Justice, Institute for Justice, the American Civil Liberties Union of Iowa (ACLU-IA), and Americans For Prosperity are all registered For the bill. AFP’s registration predates the amendment by two weeks; ACLU-IA’s and IJ’s were filed the same day the amendment dropped in committee. Whether their support reflects the amended text or the original is a question worth asking them directly.

Flock itself is registered as Undecided. So is RELX Inc. — the parent company of LexisNexis Risk Solutions, one of the largest data brokers in the country. LexisNexis Risk Solutions sells comprehensive consumer risk profiles to insurers, compiled from court records, motor vehicle databases, property records, and commercial data sources. It has no reason to be watching this legislation unless the amendment’s “insurance support organization” carve-out is relevant to its business — which it plainly is. That it hasn’t registered in support suggests either that the bill doesn’t go far enough, or that it’s waiting to see which way it moves. The National Insurance Crime Bureau — explicitly named in the amendment’s carve-out — is also Undecided.

The Iowa State Sheriffs’ & Deputies’ Association, the Iowa State Police Association, and the Iowa Peace Officers Association are all registered Against. So are Axon Enterprise and the Security Industry Association — Flock’s commercial competitors, whose objections are about market share, not civil liberties.

No group is opposing the bill on civil liberties grounds.

What This Bill Actually Does

It authorizes local Iowa governments to deploy a privately-operated surveillance network on public infrastructure — then share the resulting data with the commercial insurance industry, nationally, with no warrant requirement, no meaningful penalty for abuse, and no restriction on which insurers, in which states, beyond the three enumerated purposes.

Iowa is not regulating mass surveillance. Iowa is commercializing it.

Cross-posted from Footnote 4A, where I cover Flock, privacy, and public-private surveillance infrastructure more broadly. Flock-specific posts live on haveibeenflocked.com.

Several California agencies have reported discovering that data was shared in violation of SB 34—although I have not yet been able to verify the exact number, I’ve heard as many as 63 California agencies have been confirmed affected. This certainly seems plausible with separate reports coming out of Mountain View, Santa Cruz, Santa Clara County, and Ventura County.

In earlier reporting by Los Gatan, Santa Cruz said that Flock had notified them of an issue. In response to a CPRA request, Santa Cruz denies the existence of that email.^[1] However, Santa Cruz Chief of Police Bernie Escalante did deliver the following statement at a November 18, 2025, Santa Cruz city council meeting:

We were recently made aware that Flock Safety identified violations of SB 34 and SB 54 within their system architecture that inadvertently affected agencies across California, including the City of Santa Cruz.

The issue arose when a national search tool within the Flock Safety system was activated which inadvertently permitted law enforcement agencies outside the state of California to search all agencies across the country including agencies within the state of California.

These violations were not known to Santa Cruz Police Department and were not the result of any deliberate attempt by city staff to circumvent the California law.^[2] We have been notified by Flock that these violations ceased on February 11, 2025.

Additionally, since this date, Flock has added multiple layers and filters of security to ensure this does not occur again in the future. Since February 11, 2025, Flock has made several changes to their system to ensure this does not occur again and to ensure that the Santa Cruz police department is not in violation of state law—both SB 34 and SB 54.

So far, Flock has deactivated the national search tool for agencies within the state of California, revoked all permissions for any California agency to create a 1:1 relationship with any agency outside the State of California and added filter protections against any searches that include anything related to ICE, broder patrol, immigration, or any other word or phrase like this type of search.

Flock continues to look for additional ways to improve or modify their system to ensure the security of their data is within the laws of the state of California.

— SCPD Statement, Santa Cruz City Council Meeting, November 18, 2025

A lot of this statement is demonstrably false.

As we know, 1:1 sharing is alive and well in California.

Yet this is the statement SCPD made in November last year, about an action Flock had taken some time before February 2025—a little over a year before today’s blog post, where it announces, for the most part, the same problem and the same changes.

Either Flock kept all of this under wraps for over a year,^[3] or it happened again, because Flock is once again engaging damage control mode on its blog, announcing many of the same “new” features the SCPD announced were introduced in February 2025.

Of course, it’s Flock, so “damage control” means “hand me a shovel so I can keep digging.”

Flock Knows, You Don’t.

some CA law enforcement agencies, including Ventura County, in 2025 had their camera networks inadvertently accessible^[4] to out-of-state law enforcement agencies for a period of time.

Flock immediately downplays and obfuscates what happened. Agencies “had their cameras accessible.” That doesn’t mean anything. “For a period of time.” Equally meaningless. How much data was shared in violation of state law? For how long?

Flock knows what happened, and, according to SCPD, even notified agencies back in 2025, but it has decided you don’t get to know.

[Flock] made every effort possible to determine the cause of each reported instance of inadvertent sharing. Unfortunately, due to earlier limitations in technical logging, in some cases it is impossible to determine a specific cause.

Let’s assume for a second that this is true. Let’s say Flock is careless and does not log who makes changes to a critical toggle.

If a cause can’t be determined, it can only mean one thing: there are multiple options.

It means Flock customers are not the only ones in control. It means that the pitch that “you own 100% of your data, and you are in control”, as well as “it’s a local decision” is completely, utterly, false. There is no other explanation.

Flock, in this same blog post, nonetheless continues to assert that “cities and counties retain 100% control over their LPR data and determine who it is shared with.”

Clearly not.

The Logging Requirement

Flock not having logging would in itself be yet another admission that it does not follow the CJIS security policy, like it implies when it flaunts its “CJIS ACE Certificate” from its commercial partner in Florida.

The CJIS Security Policy v6.0 has several relevant requirements:

• AU-2 (Event Logging) and CM-3 (Configuration Management) require exactly the type of logging Flock claims not to have.
• 4.2.5.1 (Justification) and AU-3 (Content of Audit Records) require the purpose of a query. Flock’s NIBRS-based justification requirement is not an enhancement — it is the minimum that should have been in place from the outset.
• CA-3(d) (Secondary Dissemination) — secondary dissemination must be logged; those logs must include the requester’s authorization.

In Flock’s half-baked defense, it does fall on the agencies to verify that Flock abides by the terms of the contract it signed, and to make sure their vendor isn’t simply having its rank-and-file employees sign a form that exposes them, not the company to liability when violations inevitably happen.

Flock Promises More Violations

For those who have been following along for a while, the gradual narrowing is interesting to watch. In a span of weeks, Flock’s messaging shifted from “Flock does not sell data,” to “Flock does not sell data to the federal government” to “Flock does not sell data to DHS agencies.”

When even the postal service does civil immigration enforcement it becomes hard to track.

“Flock has always provided agencies with tools to comply with state law and relied on each agency and its legal counsel to determine how those tools should be configured,” said Dan Haley, Chief Legal Officer at Flock Safety.

Dan clearly did not read the 345 words in the blog post preceding that statement, announcing that Flock, in fact, did not always provide those tools but is now adding them.

Flock Safety and California law enforcement agencies remain committed to ensuring that investigative technologies are used responsibly, lawfully, and with appropriate oversight. The system in place today includes standardized compliance protections designed to prevent unauthorized federal access through lookup networks and to provide clear audit trails for every search conducted.

This statement deserves highlighting. Flock once again promises to prevent only unauthorized federal access, and only if that unauthorized access happens through lookup networks.

This is a highly relevant distinction; at the time of writing, even a cursory inspection of Transparency Portals shows Flock still permits sharing data with non-California agencies. And, no, I’m not talking about El Cajon’s open defiance of the AG, I’m talking about Lake County, Piedmont, San Francisco, and so on.

California Attorney General Bonta clarified in his October 2023 bulletin that SB34 prohibits sharing with any entity that is not a public agency. He included the definition:

“Public agency” is defined as “the state, any city, county, or city and county, or any agency or political subdivision of the state or a city, county, or city and county, including, but not limited to, a law enforcement agency.”

Because this definition excludes non-California agencies, it forms the basis for SB 34 being understood to prohibit sharing outside of California.

What this definition also does not include are tribal nations and private university police — neither are subdivisions of the State of California. Yet both appear on Flock’s California agency lists: Blue Lake Rancheria Tribal PD, the Iipay Nation of Santa Ysabel, Stanford University PD, and the University of the Pacific. All are permitted to access California ALPR data under Flock’s “guardrails.”

These agencies also fit neatly into Flock’s promise, because arguably, although they have access to the lookup network, they could be said not to be “federal agencies.” Of course, they also aren’t “public agencies,” and all of this still violates the law.

Flock’s guardrails are carefully designed — not to prevent unlawful sharing, but to redefine what counts as sharing. Each iteration narrows the promise while leaving the violation intact: not “we don’t share data,” but “we don’t share data with DHS agencies through lookup networks in ways we can’t characterize as something else.”

The question for California agencies isn’t whether Flock “remains committed” to lawful use. It’s how many times they’re willing to take that commitment at face value before they check the audit logs — assuming, of course, that Flock has started writing them.

(Perhaps this is why Flock is now facing a class action in California.)

For decades, policing often relied heavily on eyewitness descriptions.

An officer might hear:

“We’re looking for a white Ford.”

“The suspect was driving a blue Jeep.”

What happened next?

Officers would stop every vehicle matching that general description in the area. That meant multiple drivers, often entirely innocent, were pulled over and had unwelcome interactions with law enforcement simply because their car looked similar. Those stops could lead to frustration, fear, and unnecessary escalation. And historically, those broad stop practices have disproportionately affected communities of color.

This is exactly the kind of dynamic that creates distrust.

Flock changes that.

Instead of stopping every white Ford or blue Jeep in a radius, officers receive alerts only when a specific license plate associated with a reported crime is detected. Not every vehicle of a certain color. Not every driver in a neighborhood. Just the one vehicle that matches the reported plate. That’s precision policing. It reduces unnecessary stops. It reduces guesswork. It reduces broad, discretionary sweeps. And that reduction in discretion helps reduce bias.

The passage directly echoes a comment made last week by Skylor Hearn on a privacy-focused livestream hosted by VPN company vp.net. Hearn appeared alongside Dan Haley, Flock’s Chief Legal Officer. Hearn told the audience:

In the old days… it was the citizen, one of you, reporting what you saw in a flash, in a horrific moment in your life, and you described generally a light-colored car. And so we’re stopping every light-colored car that’s going down the road in that area. And 99% of those people in those cars had nothing to do with that crime, but we’re pulling you over sometimes at gunpoint, taking you out… The technology gives us the ability to be more select and discretionary in those same kind of encounters. So we’re not indiscriminately just stopping everyone that resembled the citizen’s call. This gives us another tool to help us be more sniper than shotgun.

Same argument, same structure, same anecdote. Cops used to pull over every white car at gunpoint; now Flock saves them from themselves.

Hearn was introduced on the stream as “Chief Deputy, Chambers County Sheriff’s Office.” That’s true — he holds that title.

What the hosts neglected to mention is that Hearn is also the Executive Director of the Sheriffs’ Association of Texas, a registered lobbyist for Clearview AI in 2020–2021, and a former government affairs adviser at K&L Gates, where Clearview AI was his client.

He joined Clearview in-house in 2022 as its Director of Government Affairs, spending his time testifying in state legislatures against banning or restricting police use of facial recognition technology.

When a viewer asked Hearn directly about his Clearview AI and K&L Gates history, he disclosed it — framing it all as “public policy work” and talking about “misconceptions about technology.” He did not use the word “lobbyist.”

So a man who is simultaneously a Flock subscriber and the Sheriffs’ Association’s legislative director sat down with Flock’s Chief Legal Officer on a livestream, and a week later their shared talking point appeared on Flock’s corporate blog.

The best argument this team could muster asks us to accept the premise they’re selling: that police officers are simply incapable of conducting constitutional traffic stops without an AI to chaperone them.

Their proposed solution to police violating one group’s rights? Let Flock violate everyone’s.

The Fourth Amendment does not have a carve-out for good intentions, and mass surveillance is not a civil rights program.

Questions I could not answer in detail, but that are important and deserve answers.

I’ve written about fusion centers before, in the post about the federal Regional Information Sharing Systems® (RISS) program—which are federally-funded, quasi-privately-operated “fusion centers before it was cool”. That post was mainly in the abstract. Let’s examine what’s happening at NCRIC.

Fusion centers and data sharing

NCRIC is a practical example of what can go wrong when we take promises about data retention and security at face value, and what happens when we write poorly drafted bills—like HF 2161 chugging along here in Iowa, with the ACLU of Iowa’s support.^[2]

Data dissemination centers like RISS “permit federated searching across many systems without requiring the RISSNET user to have a separate user account for each partner system.” But that website copy is about as far as we get—while federally funded,^[3] these centers are operated as private corporations and are therefore not subject to the Freedom of Information Act.^[4][5]

But we don’t have to speculate for too long. The state of Colorado lays it all out cleanly for its Auto Theft Intelligence Coordination Center (ATICC):

The goal of this project is to share license plate recognition data among all contributing agencies that have established this Memorandum of Understanding with the Colorado ELSAG EOC, managed by the Colorado State Patrol (CSP) ATICC.

Participating agencies will share license plate reader (LPR) information for replication to the data warehouse or as part of a central querying system hosted by the Colorado ELSAG EOC and will have the capability to query all LPR based information from around the State of Colorado which is stored within the warehouse

Simple as that. Drop everything in CSP’s bucket, and take what you need. Cop-communism.

In case you’re wondering, ELSAG cameras are a Leonardo product.^[6] They offer stationary surveillance cameras (with cool-sounding names like “The Street Sentry™” and “The Fixed Plate Hunter™”), as well as mobile cameras disguised as roof-mounted skiboxes or construction barrels.

In the MoU, the “Denver Police Department agrees to share ALPR data with other law enforcement agencies utilizing the Colorado ELSAG EOC”, where it can be stored for up to three years.^[7]

Although Colorado State Patrol was short-sighted enough to name its own entity after a vendor product,^[8] ATICC explicitly commits to “obtaining the cooperation of any third-party contractor or vendor” that provides license plate reader systems in Colorado. Presumably this includes Flock.

@Colorado ELSAG EOC MoU

The “data warehouse” used by CSP, while only one component of a fusion center, is a much more descriptive term for what’s really happening at the backdoor of these systems.

The Northern California Regional Intelligence Center (NCRIC)

Colorado is not just similar to NCRIC—it’s the template for what NCRIC is almost certainly doing but refusing to document. NCRIC gives itself permission to store ALPR data for up to 12 months, and broadly disseminate it.

The [ALPR] information is also retained for a fixed retention period, though it is only reaccessible by law enforcement given a legitimate law enforcement purpose.

The FAQ specifies that only users with a need-to-know have access, but, from context, it’s clear that NCRIC’s version of “need-to-know” is clearly not particularized and apparently extends to all ALPR data, forever.

Although the previous version of NCRIC’s FAQ was more explicit that “most ALPR data will be stored for 12 months,” the current FAQ is silent on retention. The FAQ drones on for a bit, carefully evading its own questions, but at the end of it all, the agency essentially gives itself carte blanche to do what Colorado spelled out more clearly.

@NCRIC ALPR FAQ

The policy reveals more. Especially in light of SB 34.

In October 2023, the California Office of the Attorney General issued bulletins gently reminding police laws exist, and that they are not supposed to be sending ALPR data from California to out of state agencies.^[9] Exactly six months later NCRIC disappears from non-California log files.

NCRIC updated its ALPR policy accordingly, but in a way that created performative compliance and resulted in less oversight.

• It removed the specific security requirements for data storage—SECRET-level clearances, 24/7 security personnel, multiple secured doors—replacing them with a passing reference to “secure systems.”
• It removed the requirements for multi-factor authentication and encryption.
• It removed the requirement for audit logs to contain a “justification for access.”
• It weakened retention limits from a hard cap (“shall not be retained longer than 12 months” with explicit purge requirements) to an aspirational ceiling (“supports a maximum retention period of 365 days”), and outsourced the actual operative limit to whichever vendor NCRIC happens to be using.
• It authorized sourcing ALPR information from private sources, including “parking, tolling, private security, or other sources”—where the 2021 policy explicitly prohibited sharing data with commercial entities.
• It introduced contradictory language on visual confirmation of plate reads: one section retains the 2021 standard (“to the fullest extent possible”), while another weakens it to “should visually confirm.”
• It dropped the annual training recertification requirement entirely.

The FAQ changed in parallel. The 2015 FAQ described a multi-factor authentication process requiring a randomly generated PIN sent to a government email account. The current FAQ reduces this to “a unique username and login.” That downgrade is worth keeping in mind when we get to the part about user “a.”

@NCRIC ALPR Policy 2021 @NCRIC ALPR Policy 2024

Where the policy did not change much was its audit requirements. Those are still essentially non-existent, requiring only a report based on a “sampling” (it does not say the sampling must be random) be sent to the NCRIC director.

The Logs: Counting Searches

To get the cleanest possible data, these charts are based on only two sets of log files: Louisville, KY from March 2022 through April 29, 2024, and Capitola, CA from that date onward.

The charts show a highly suspicious trend. Here it is, close up, based on only Capitola data:

Between January 1, 2024 and May 1, 2024, the enforcement date, the number of searches NCRIC does is low, peaking at around 170. Activity stays around that level until the beginning of June, when both the number of users, but especially the number of searches see explosive growth.

NCRIC more than doubles the number of active users, going from having 5–20 weekly active users to a consistent ~40. What’s more, individual users go from doing ~5 searches/week to ~60 searches/week.

NCRIC’s insights page immediately reveals why: NCRIC’s users are nearly all identified with single, lowercase letters like “a.” or “c.”. These users show remarkably consistent around-the-clock activity.

NCRIC’s users are either bots, or shared accounts.

The Plausible Backdoor: Who is “a.”?

Of course, NCRIC’s deliberate avoidance of oversight and accountability is not direct evidence that it is sharing data in violation of California law—cops will be cops. But its behavior and context do lead directly to that question.

It’s possible that NCRIC was suddenly motivated to start doing some police work, and that it has absolutely terrible internal security practices. Maybe it logs in a terminal “a” and when the next person reports for their shift, they don’t log in with their own credentials and simply continue working.

It would violate every basic tenet of information security, not to mention, most likely, several federal and state laws, but it’s a possibility.

The other, in my opinion more plausible, explanation is that NCRIC shares its user accounts with external, out-of-state agencies—just like Loveland, CO was caught doing last year.

Another possible explanation is that these accounts are automated and serve to fill NCRIC’s data warehouse. Of course, that leads to a follow-up question: who can access the warehouse?

The Missing RISS

It is also worth noting that the other relevant fusion center, the Western States Information Network® (RISS), is conspicuously the only RISS absent from Flock’s audit logs. The other five are accounted for.

Unlike the FBI, which simply stopped showing up in log files after July 2023,^[10] WSIN does not show up in our data at all. This is the same center that covers Washington: the state most covered by the logs we have. Either WSIN is the only RISS without Flock access, or it is not being logged as “WSIN” or some other cognizable variant.

What the Logs Can’t Show

The logs can tell us that NCRIC stripped its own security and audit requirements immediately after California started enforcing its privacy laws. They can tell us that anonymous, bot-like accounts began running searches around the clock within weeks. They can tell us that the one RISS center covering the most-logged state in our dataset is conspicuously absent from every log file we have.

What the logs can’t tell us is why — and that’s exactly the point. NCRIC designed its policies to ensure that no one, including its own director, has the information needed to answer that question.

The “sampling”-based audits don’t require randomness. The access logs don’t require justification. The retention policy doesn’t require limits.

This is not a gap in oversight. It is the deliberate architecture of unaccountability. When a fusion center rewrites its policies to remove the very mechanisms that would detect abuse, the question is no longer whether the data is being shared in violation of California law.

The question is whether anyone with authority to act will bother to find out.

The students from Sequoia Union asked the right questions. The fact that a group of high schoolers can identify the problems that California’s oversight apparatus declines to investigate is not a compliment to the students — though they’ve earned one.

It’s an indictment of everyone else.

Note

May 1, 2026, update: In a follow-up conversation, the ACLU expresses an overall desire for transparency and oversight. Its current position may therefore not be fully encapsulated by this post.

I believe the critique in this post remains valid in its appropriate context, but it should not be blindly assumed to apply to ACLU’s current ongoing efforts. Be critical of both the ACLU and this post before deciding your own position.

See also this follow-up post.

In January, after a Joplin police officer was fired for stalking via Flock’s license plate reader system, I wrote about why I publish unredacted audit logs. The argument was simple: as long as Flock can collect this information without restriction, the public must be able to see how it’s used.

Today, the ACLU has joined EFF in calling for laws that would make that oversight illegal. It did so on the same day that criminal charges were filed against a Milwaukee police officer for misuse of the system — as a direct result of the very thing the ACLU is trying to ban.

The ACLU’s Position

ACLU and EFF’s assertion that records documenting police activity should be kept behind lock and key in a police station is, frankly, preposterous. The suggestion has no business coming from organizations that purport to fight for civil rights and police accountability.

In making its recommendation, ACLU misrepresents the actions of police and the contents of the logs:

The release of this kind of data is a significant privacy problem. To be clear, web sites have every right to publish data that has been released by government agencies or that they have otherwise legitimately obtained; the fault here is the police departments that collected this data on innocent drivers not suspected of any wrongdoing and then released it unredacted. But this kind of data could be used by all manner of parties to find out things about the lives of those they’re interested in \— everyone from abusive romantic partners and stalkers, to political or business rivals, to everyday busy-bodies and who-knows-who-else.

Characterizing audit logs as data the police collects on innocent drivers is flat out wrong. Yes, police do collect data on innocent drivers. But that is not the data that’s in the audit logs.

What’s in the audit logs is what a Flock user—possibly, but not necessarily, a police officer—entered into the “search” box. For example, there is a result for the plate “-.” Probably not a valid plate anywhere. I’ve also had to block a few novelty plates, like HOONIGAN, from reports because cops keep looking it up.

What is in the logs is search terms being entered into a privately owned and operated, and largely unregulated, database. Even if you were to make sharing those logs illegal, it does not solve the issue—the information, by the very nature of the system, is in the hands of a private third party.

The ACLU then tries to compare records of government officials’ search queries to bodycam footage of private citizens. Video footage of people interacting with police and evidence that someone typed the word “investigation” into a search box are not the same thing.

Following those dubious claims, the author walks the statement back by saying that “any logs by officers of the purposes of their searches (which would be subject to existing open-records exemptions for active investigations) should be considered public records.”

This is exactly how we end up with audit logs like the ones currently served up by Flock’s ironically-named transparency portals:

Flock summarizes it correctly in its form email: “There is nothing the public can gain from this report.” (“However, if you find your department’s users are not consistently searching off of incident/case numbers, that may be a reason to hide the Search Audit.”)

The Contradiction

The whole system hinges on not containing sensitive information. According to Flock and police, there are no privacy concerns when you take millions of photos of license plates on public roads. It’s why a private company can collect the information under color of law and process it without having probable cause or oversight, and it’s why police can search that same data without warrants.

That framework simply can’t co-exist with the idea that that same information is somehow too sensitive for public consumption. To claim otherwise is, at best, mistaken.

As it says in this site’s FAQ: I am willing to accept the premise that all of this audit data is too sensitive to publish, but, if accepting that premise, then the actual photos must be too sensitive as well. Ban neither or both, but don’t mistake a defense of public oversight for a defense of this website’s right to exist.

The Alternatives Don’t Work

Hiding audit logs for vague privacy concerns is a lazy approach. This website does not display license plate numbers anywhere. Instead, it provides “identifier” numbers that correspond to license plates. It’s not a complete solution, but it’s one that’s adequate for identifying patterns of misuse and abuse.

Flock knows this. It previously took a similar approach to usernames in its transparency portal logs: instead of identifying a user by name, it identified users with a string of numbers and letters. While you may not see that Officer Jones did something suspicious, if Officer AF983-90D43 did, that’s still something that can be investigated.

Flock removed those IDs from the logs.

The ACLU’s recommendation that “people should be able to request their own data” is equally shortsighted. The data is, at least on paper, owned by 6,000 different agencies. Should we all be doing monthly open records requests to those agencies? Without an up-to-date customer list, how would we even know where to file the requests? How do we prove to Flock that it’s “our” data? Do we send Flock, a private mass surveillance company, a photo copy of our ID and car registration?

Meanwhile, police departments across the country write policies saying they will manually audit hundreds of thousands of searches by downloading a CSV, going through it line-by-line, and making tens of thousands of phone calls to other departments to ask whether the “investigation” at 4:37pm last Wednesday was a legitimate search. Closing the chief’s office door won’t get him to suddenly make the calls.

The real problem isn’t that there is an attempt at public oversight — it’s that every other oversight mechanism is failing. State and local governments, police agencies, Flock, the FBI, the EFF, and the ACLU could all actually be working on this problem.

This website shows that national searches are impossible to keep up with due to sheer volume. The underlying cause is a system that is disproportionate by default—one that encourages getting nationwide 30-day location histories for the slightest of reasons, or no reason at all.

It also shows that some form of oversight may be possible, if we want it to be possible. But we need to ditch Flock and solve the actual problems.

ACLU & EFF’s changing position

In 2014, ACLU SoCal and EFF sued the Los Angeles Police Department and Los Angeles Sheriff’s Department for ALPR records.

The organizations sought actual ALPR data rather than audit logs, and, after their request for the data was denied under California’s Public Records Act, they wrote (emphasis mine):

[T]he intrusive nature of ALPRs and their potential for abuse creates a strong public interest in disclosure of data that would help shed light on how police are actually using the technology.

…

The data will reveal whether police seem to be targeting political demonstrations to help identify protestors, or other locations such as mosques, doctors’ offices or gay bars that might yield highly personal information.

Californians can only properly weigh in on whether police should be using ALPRs and what policies might be necessary if they understand how police actually use the technology.

It has been twelve years — we still don’t have that necessary transparency.

ACLU and EFF reversing their position is inexplicable.

@ACLU SoCal & EFF v. LAPD & LASD

179 Searches, Zero Oversight

On the same day the ACLU published its recommendation, a criminal complaint was filed in Milwaukee against MPD police officer Josue Ayala. An excerpt:

Through the website www.haveibeenflocked.com, VICTIM ONE became aware that City of Milwaukee Police Officer Josue Ayala used the Flock system, a license plate recognition platform, to run the license plate on VICTIM ONE’S personal vehicle to obtain location information for VICTIM ONE on numerous occasions. VICTIM ONE believed that Officer Ayala ran VICTIM ONE’S license plate over 100 times.

City of Milwaukee Police Detective Tehrangi Chapman conducted follow up investigation by having an audit trail run in the FLOCK system for the time frame of March 26, 2025, through May 26, 2025. During that time frame City of Milwaukee Police Officer Josue Ayala ran the license plate of VICTIM ONE a total of 55 times. The audit trail revealed that Officer Josue Ayala also conducted a search of a second license plate number belonging to VICTIM TWO a total of 124 times during the same time frame. During the time frames that Officer Ayala conducted the searches of each license plate, Officer Ayala was on duty working for the City of Milwaukee Police Department.

The Flock system requires the user to enter a reason for the license plate search. On each occasion that Officer Ayala used the Flock system to search for license plate of VICTIM ONE or VICTIM TWO, Officer Ayala listed the reason for conducting the search as “investigation”

I’ll spare the technical details here, but the discrepancy between the victim’s reported number (over 100) and the audit’s number (55) is explained by redactions; the inaccuracy is a direct consequence of deliberate obfuscation.

The policy violation should have been caught by Milwaukee PD during its regular audits.^[1]

If the CJIS framework applies, which Flock often implies, this should have been caught by the Wisconsin Department of Justice, which oversees Milwaukee PD. If the DOJ had missed it, the FBI’s CJIS division should have caught it.

If these were state or nationwide searches, as most searches are, this should also, independently, have been caught by all the other involved departments.

No independent auditors exist, nor does Flock audit anything.

In fact, the FBI and Flock’s recent changes were explicitly designed to make it more difficult to catch exactly this type of violation.

Nobody in an ostensibly multi-layered system of oversight caught the problem; once again it was a private citizen—the victim in this case—who had to do the job public officials promised they’d do. And again, the problem came to light as a result of complete, unredacted audit log information—including license plate numbers.

In January, public audit logs got an officer fired. Today, they got one criminally charged. The ACLU wants to make sure there isn’t a third time.

Now that Flock has deleted the information that made both cases possible, any future similar incidents will almost certainly go unnoticed. As long as there are no alternatives for effective oversight, and as long as there is unregulated privatized surveillance, public audits are the best we can hope to do.

I will continue advocating for exactly that.

2/28/2025: Updated with ACLU/EFF lawsuit information.

You can request the full, current list from any agency using Flock—federal policy requires them to have it available; the company’s concern about speculative “officer safety” scenarios apparently does not extend to its own employees, whose names and signatures are being filed into public records as a matter of course — hopefully with their knowledge and consent.

To be clear, the “illegible” signatures are completely illegible—but apparently still sufficient for Flock, Story County, Iowa, the Iowa Department of Public Safety, and the FBI.

These 28 Flock employees signed the following statement:

I hereby certify that I am familiar with the contents of (1) the Security Addendum, including its legal authority and purpose; (2) the NCIC Operating Manual; (3) the CJIS Security Policy; and (4) Title 28, Code of Federal Regulations, Part 20, and agree to be bound by their provisions.

I recognize that criminal history record information and related data, by its very nature, is sensitive and has potential for great harm if misused.

I acknowledge that access to criminal history record information and related data is therefore limited to the purpose(s) for which a government agency has entered into the contract incorporating this Security Addendum.

I understand that misuse of the system by, among other things: accessing it without authorization; accessing it by exceeding authorization; accessing it for an improper purpose; using, disseminating or re-disseminating information received as a result of this contract for a purpose other than that envisioned by the contract, may subject me to administrative and criminal penalties.

I understand that accessing the system for an appropriate purpose and then using, disseminating or re-disseminating the information received for another purpose other than execution of the contract also constitutes misuse.

I further understand that the occurrence of misuse does not depend upon whether or not I receive additional compensation for such authorized activity. Such exposure for misuse includes, but is not limited to, suspension or loss of employment and prosecution for state and federal crimes.

This certification, along with a fingerprint-based background check, is a requirement under the CJIS Security Policy:

This section’s security terms and requirements apply to all personnel who have unescorted access to unencrypted CJI. Regardless of the implementation model – physical data center, virtual cloud solution, or a hybrid model – unescorted access to unencrypted CJI must be determined by the agency taking into consideration if those individuals have unescorted logical or physical access to any information system resulting in the ability, right, or privilege to view, modify, or make use of unencrypted CJI. — CJIS Security Policy, v5.9.5, § 5.12, p. 212.

Note that the policy is explicit about “logical or physical access.”

Iowa DPS puts it in even clearer terms in a guidance document:

All private contractors who perform criminal justice functions shall acknowledge, via signing of the Security Addendum Certification page, and abide by all aspects of the CJIS Security Addendum — Iowa DPS, Requirements Document FBI CJIS Security Policy Version 5.3",^[1] p. 9

There only being 28 employees who would need to certify is … at best, implausible.

Yet, after months of back and forth between Story County and the Iowa Department of Public Safety, this is the list Flock and the county attorney produced.

Who is Missing

Any Flock employees with access and a first name that starts with D–Z. Unless there aren’t any, but that seems improbable.

We know that Flock “LPR” cameras contain unencrypted photos and videos. The CJIS Security Policy is clear that anyone with physical access to CJI should be on the list; that would include all (subcontractor) installers. The alternative, that the footage stored on the devices is not CJI, renders it non-confidential and, in most states, a public record.

For the reported issue where Flock cameras were publicly exposed on the Internet, Flock’s Chief Legal Officer Dan Haley has downplayed the severity of the “not a hack” by claiming it was a “configuration error” perpetrated by Verizon.

If Verizon’s employees can configure the system to expose the information, they have access sufficient to trigger the certification requirement. Flock does not consider this to be a security incident, implying Verizon personnel have authorized access, yet they do not appear to be on the list.

The list should also include of all Flock’s Upwork contractors, whoever has access to its Danish screen-recorder, and, assuming these are Flock’s own accounts, anyone using Flock City PD - Law Enforcement Sales, Flock City PD - Law Enforcement Sales Demo, Flock RTCC, Flock Safety Admins, Flock Safety Customer, Flock Safety Engineering, Flock Safety Sales, Flock Safety Campus Security Training, Flock Safety LE Training, Flock Safety Sales, and Florida LE Flock Training, which all run on production data (i.e. real people’s movements are regularly being searched for Flock’s sales and training purposes).

Notably, Robert Otten, Flock’s “Head of Security, Risk and Compliance” (or similar titles), attested to each of the 28 signatures but did not certify his own adherence to the CJIS Security Policy. A suspicious absence, if the list were complete.

What is Missing

Around 6,000 contracts, based on Flock’s reported number of government customers. These certifications are tied to specific CJIS addenda, which are tied to specific contracts, via “the contract incorporating this Security Addendum.” Each person on the list needs to read each of Flock’s contracts and sign the certification that says they understand the “purpose” valid for each individual contract.

This is clearly unworkable; it is a recognized, and “solved” problem. Some states centralize their processing for these certifications. In those states, vendor employees can certify with the state CSA (typically state police or department of public safety), who retains their background check and information on file to share with other agencies using the same vendor.

In those states, vendor employees file a single certification with the CSA, and simply claim that they will not use it for a purpose not allowed by any of its employer’s contracts, past, present, or future, without ever seeing the contract. It’s questionable, but the FBI does not appear to have a problem with it so far.

But not all states have such a system in place. For those states, each employee needs to sign this piece of paper for each contract.

The issue is further complicated by Flock’s position that its contractual terms, which it recently altered, are negotiable and each customer can have a bespoke contract. If employees need to adhere to the terms of the contract they must, necessarily, read those contracts.

Of course, if Flock were to take the other position — that its terms are not negotiable — its contracts may qualify as contracts of adhesion, which raises its own set of problems.

Who is Not Missing

Some easy to find job titles for the folks on the list:

• UI/UX Designer & Brand Visionary
• User Experience and Service Designer
• Policy Manager (former federal prosecutor, hired from the U.S. Attorney’s Office)
• Principal Product Manager
• Manager, Solutions Engineering

There is no reason a UI/UX designer and/or brand visionary should have access to production data. This is not only a common-sense security practice, but a requirement for both SOC.2 and ISO27001 certification—both of which Flock claims to possess.

And that’s for ordinary production data; those rules apply to companies that sell caps for your ballpoint pen or that do made-to-measure T-shirts for your dog. Here, we’re talking about federally protected criminal justice information.

In any case, apparently it’s more important for a brand visionary to have access to CJI than for the Head of Security, Risk, and Compliance.^[2]

What it Means

There are only two explanations for what this list represents:

1. Flock has narrowed CJI access to 28 people — in which case several of those people have no business being on the list, Otten’s absence is inexplicable, and the company’s field technicians, Upwork contractors, and demo account users are all operating in violation of federal law; or—
2. Flock certifies everyone and handed over only a subset to make the records request go away.

Both explanations end in the same place.

Every day, Flock cameras record the movements of millions of people who never consented to surveillance and have no way to verify how their data is handled, needing to rely on Flock’s vague assurances that it is “CJIS certified.”

The CJIS Security Policy exists because criminal justice information and criminal history record information is dangerous when mismanaged. Flock’s own paperwork — the paperwork they produced to prove compliance — is the evidence that they aren’t complying.

And the certification itself? It’s a document that exposes individual signers to federal criminal prosecution for misuse of CJI.

When Flock runs sales demos on production data — real people, real movements, real criminal justice information — it’s not Flock’s name on the line. It’s the employee’s. The company that built the system, sold the system, and decided to use live data for training walks away clean. The designer who was told to sign something during onboarding risks federal charges.

Twenty-eight names. Some illegible, one conspicuously absent, and no reason to believe the list is even remotely complete. But every one of them signed on the dotted line — and not one of them is Flock.

I am not an attorney. This analysis reflects my interpretation of CJISSECPOL, contract language, and law, and is subject to change. Contracting agencies should consult qualified attorneys regarding their specific agreements.

The Policy

Coralville’s ALPR policy,^[1] is a typical Lexipol-generated exercise in legal copy-pastery, virtually identical to neighboring North Liberty’s policy,^[2] but with the following, largely inoffensive, section:

That section was copy-pasted from Cedar Rapids’ policy, but it adds the non-sensical “protected characteristic” of infringing on the First Amendment, and a prohibition on use “[s]olely for immigration purposes”.

That “immigration purposes” clause was added in response to pressure from the public against the backdrop of increasingly aggressive ICE raids in Operation Midway Blitz in Chicago.

Coralville’s policy was always performative. Its prohibitions were unenforceable, and various aspects made no sense or made specific reference to the laws they facially clashed with. The Chief’s proposed policy only provided for secret oversight done exclusively within the police department with no mandatory reporting or penalties for violations—a fact specifically called out at the council meeting where the policy was adopted.

To dispel any notion that this was bad policy made in good faith: once the policy was adopted, the city almost immediately violated its own directive not to automatically share data with agencies outside Johnson County.

Residents noticed on the Coralville Flock transparency portal that Coralville PD had given Cedar Rapids (in neighboring Linn County) access. When asked about this by the public and the media—who all interpreted 427.7 as a ban on granting this type of unfettered, indefinite automated access to agencies outside Johnson County—the PD justified its actions by stating that Flock’s automatic sharing was fine because the request for automatic sharing had been made manually.^[3]

The Coralville Police Chief clearly has no qualms about sharing data. The Chief had already signed a two-year deal for mass surveillance after only talking to the City Administrator and without involving the city council, the city attorney, or finance; if he had been approached by state or federal agencies for access to Flock, there is no doubt in my mind that he would have granted it.

More so if the AG would follow the state playbook of mildly threatening sanctions, up to withholding all of a city’s state funding, for violating Iowa Code Chapter § 27A.4(1):

A local entity shall not adopt or enforce a policy or take any other action under which the local entity prohibits or discourages the enforcement of immigration laws.

Granting access for immigration purposes would be the path of least resistance for Coralville PD and its city administrator: the policy prevents oversight, and as long as the feds have access they won’t complain.

AG Bird has so far declined to enforce Iowa’s laws prohibiting surveillance data, or its laws on data security, consumer protection, or privacy, but she has threatened to use Chapter 27A to revoke funding for an entire county because its Sheriff dared distinguish between administrative and judicial warrants on Facebook.

The Gambit

For us folks who like their privacy, the gambit was clear then: file a complaint with the Iowa Attorney General about Coralville’s unlawful policy on the theory that if the AG acted, Coralville would have a choice:

1. Amend the policy. They’d need another public meeting, where the City Council, its Chief of Police, and its City Administrator, would have to face an increasingly disgruntled public’s "I told you so"s. They would have to tell the public they would be stripping the core protection they had emphatically promised only a few months earlier, after ICE had ratcheted up Operation Metro Surge in Minneapolis.
2. Defy the Attorney General and risk being in an indefensible position in a legal battle that would put state funding on the line for a city of 22,000 that’s already $340M in debt, due to questionable financial decisions involving funding a private hotel and a video game arena.
3. Cancel the contract.

The violation in Coralville was much more direct than the Facebook post in rural Winneshiek County.

The Republican-led Capitol also has a long history of conflict with dark-blue Johnson County and its cities—including Coralville.

@October 2, 2025, AG Complaint Re: Coralville

I submitted the complaint by email as a PDF attachment. When I followed up a month later, I received a response:

Thank you for contacting the Iowa Attorney General’s Office. We have reviewed your concerns. The attachments referenced were not included with your email. Please forward those to our office so we can have them reviewed.

How the AG managed to review the complaint without receiving the attachments remains a mystery.

By January, after repeated attempts to deliver the complaint,^[4] I was ready to chalk it up to more inaction rather than lack of transparency, when I unexpectedly got word Coralville had been in contact with the Attorney General.

The AG had directed Coralville to “remov[e] Section 427.4.1(d) from Policy 427 [to] resolve the pending complaint in full.”^[5]

@December 16, 2025 letter from Attorney General to Coralville

Coralville city staff immediately acted to make changes to the city’s website and recommended that the offending language be removed from the PD’s policy. The AG considered this an acceptable solution.

@January 20, 2026 letter from Attorney General to Coralville

The Fallout: A Cancelled Contract and Transparency

Amending city policy requires council action. The Coralville City Council scheduled a work session following its next regular council meeting to discuss the AG’s letter. The Coralville community once again showed up and spoke out. It was effective: the council placed “Cancel the contract” on the agenda for its next meeting.

The $36,000 surveillance system that Chief Nicholson smuggled past his own city council, that the council spent months defending with contradictory and increasingly desperate arguments, that Flock’s own representative admitted was ungovernable by local policy — will be coming down.

But AG Bird did something else deserving mention: she placed my name in the opening sentence of the letter to Coralville. It is a choice to so readily disclose the identity of a complainant against a police department on a topic as politically charged as immigration enforcement.

It’s an especially unexpected level of transparency for an AG currently appealing a district court’s order that the Iowa Public Information Board (IPIB) must do its job and handle (not validate, handle) an open records complaint concerning Flock camera locations.^[6]

The Court of Appeals has been weighing that case since early last summer, which could mean the AG is not going to get a one-page order with an easy procedural win against a pro se appellee. That would be embarrassing (Update 2/25: Not 12 hours after posting this, the Court of Appeals affirmed the trial court decision—i.e., I prevailed).

The kicker is that, in the Coralville case, the original complaint is almost certainly a confidential public record under Iowa Code § 22.7(18). This is the “whistleblower protection” clause cities have used to hide community camera registries they have integrated with Axon’s Fusus (a “fusion center” software product similar to Flock’s “FlockOS”).

Communications not required by law … to the extent that the government body … could reasonably believe that those persons would be discouraged from making them to that government body if they were available for general public examination.

But, as I’ve noted while arguing with various state and local officials: the Iowa Open Records Act does not require agencies to withhold confidential public records, it merely permits it. The complaint was likely protected; the AG chose to disclose it anyway—while simultaneously litigating to prevent disclosure of public records in the IPIB case.

She exercises discretionary transparency when it serves her, rather than the public. She fights it when the roles are reversed.

The Cancellation

The gambit worked: on February 24, Coralville voted to end its contract with Flock. Within a span of weeks, both Iowa City and Coralville have instructed Flock to remove its AI surveillance cameras from public roadways. Although Iowa City is its own island within the state, this is a major victory in a state whose legislature is staunchly uncritical of police.

AG Bird got the outcome she wanted: the immigration clause is gone. But the community got the outcome it wanted: the cameras are coming down.

The AG’s selective transparency—naming a complainant against a police department while fighting to keep surveillance records secret—tells you everything you need to know about which side of the one-way mirror she prefers to stand on.

In response to an open records request, the DOT initially said it didn’t know how many of these investigations led to convictions — or even to license denials. It could confirm only that between January 2022 and November 2025, there were 192 such cases.

The DOT promised to compile outcome data by early January and delivered—albeit a bit late. The spreadsheet tells a remarkable story: of the 192 investigations, 28 led to no action of any kind, and only 14 resulted in criminal charges. The spreadsheet does not record whether any of those charges led to convictions.^[1]

This has been happening since at least 2008. And, of course, the FBI has been tapping into Iowa’s database since at least 2014.

Iowa is not unique, but its story illustrates, in granular detail, how the federal government and state DMVs have quietly built one of the largest surveillance infrastructures in American history — and how the agencies operating it have no idea whether it works.

How It Started

In 2005, Congress passed the REAL ID Act. A year later, the Iowa DOT awarded a $1.4 million contract to Digimarc for facial recognition technology. The system was sold to the public as a fraud-prevention tool, but the contract embedded capabilities well beyond that purpose:

Iowa DOT will implement both “one-to-one” and “one-to-many” facial recognition as part of its driver license enrollment process.

“One-to-one” matching — comparing a renewal photo to the applicant’s prior photo — is the anti-fraud use case the DOT advertised. “One-to-many” matching is something else entirely: it scans each new portrait against the full database of driver’s license images. As the press release noted:

Each night, the Biometric Identification system checks each newly captured portrait against the full database of driver license images as another means to catch attempts by a single individual to get a driver license under multiple names.

The DOT pitched this to the public as a civil anti-fraud measure. But it also built out infrastructure with latent capabilities for criminal investigation— and, as it turns out, civil immigration enforcement—capabilities it would formalize with law enforcement partners in the years to come.

By 2007, the nightly scans were operational. Digimarc, the original vendor, was subsequently acquired through a chain of corporate mergers: first by Safran’s Morpho division (later MorphoTrust USA), then by IDEMIA, which continues to partner with the Iowa DOT as of 2024.

The algorithm has changed hands repeatedly, but neither the DOT nor any external body has ever tested its accuracy for the purpose Iowa uses it — flagging potential fraud from a pool of millions.

The FBI Moves In

In 2014, the Iowa Department of Public Safety signed an agreement with the DOT to pay for an upgrade to its facial recognition system in exchange for access to it.

According to Georgetown Law’s The Perpetual Lineup, this gave DPS authorized personnel the ability to run face recognition searches against Iowa’s driver’s license photos.^[2]

That same year, the DOT signed its first Memorandum of Understanding with the FBI, granting the Bureau access to those same photos through its Facial Analysis, Comparison, and Evaluation (FACE) Services unit. A 2016 GAO report confirmed that the FBI could request searches of Iowa’s driver’s license database.

The Iowa MoU was updated in 2018, superseding the original agreement. Under its terms, the FBI submits a probe photo to the DOT, the DOT searches its facial recognition database, and returns a set of candidate photos and identities. The DOT agreed to process up to 15 photo requests per day, but the number it actually processes is not known.

Iowa is hardly alone. In response to a FOIA request about Iowa’s program, the FBI provided a stack of MoUs from other states instead of the Iowa-specific records that would have been responsive.^[3] Those documents show that at least fifteen states have signed similar agreements with the FBI.

By May 2019, 21 states had partnered with FBI FACE Services, giving the Bureau access to over 641 million photos across all searchable repositories.

@MoUs provided by the FBI

The Nightly Dragnet, to Start With

The nightly scan is called the Automated Biometric Identification System (ABIS). It has been running every night for eighteen years, telling the DOT’s Bureau of Investigation & Identity Protection (BIIP) who to investigate next — not because there is any indication of fraud, but purely on the output of a commercial facial recognition algorithm.

These investigations are warrantless and deeply invasive. DOT procedure specifies:

When a driver’s license case is first assigned for investigation, the Investigator shall gather all pertinent documents and information related to the investigation.

This includes the complete driving and vehicle ARTS records, specific driving violation records, Accurint check from DPS, or a CLEAR report from a Bureau investigator and criminal history to start with.

— Iowa DOT, Procedures Related to Driver License Investigations, p. 176

@Procedures Related to Driver License Investigations, p. 176

A commercial algorithm — for which we have no data regarding accuracy or bias — says your photo looks like one of millions of others. On that basis alone, a DOT investigator pulls your credit history, utility bills, social media posts, criminal history, and every other detail they can find about you into a file. “To start with.”

Although we still don’t have no data on the DOT’s system’s accuracy, we at least have part of the story now: DOT records show that of 192 investigations opened between January 2022 and November 2025 (excluding 19 still-open cases and one duplicate):^[4]

• 28 investigations (16%) resulted in no action whatsoever. No administrative sanction, no criminal referral. The algorithm flagged these people, an investigator pulled their credit histories and criminal records, and then closed the file. Whether the subjects were ever told they’d been investigated is unknown.

• 130 investigations (76%) resulted in administrative action only — mostly license cancellations, but also 20 cases where the sole action was “Merge Records,” which appears to be database housekeeping.

• 14 investigations (8%) resulted in criminal charges. That is 3.5 per year. The charges are overwhelmingly misdemeanors: “Fraudulent Application for DL/ID,” “False Application for DL/ID,” perjury. A handful involved more serious offenses — identity theft, forgery, fraudulent practice. One case resulted in no Iowa charges at all; the subject was extradited to Nebraska on an existing warrant.

• Zero convictions are recorded. The DOT’s spreadsheet tracks charges filed, not final outcomes. After eighteen years and 192 documented investigations, the agency still cannot say whether a single criminal referral from its facial recognition program has ever resulted in a conviction.

One additional detail stands out: in April 2025, an administrative action reads “Notified Homeland Security and IA DOR.”

The nightly scan, sold to the public as a fraud-prevention tool, appears to have been used for federal immigration enforcement, as those agencies continue to push facial recognition mobile app on local police.

Blind Faith in a Blind System

Facial recognition algorithms are notoriously biased, performing worse on people with brown or black skin than on those with white skin. This is a technical reality, not an advocacy position.

In 2016, the Government Accountability Office examined the FBI’s facial recognition program and made six recommendations. The GAO found that the FBI had tested its system’s detection rate only for candidate lists of 50, and had no data on accuracy for smaller list sizes that users regularly requested. The GAO also recommended the FBI determine whether the external state systems it relies on — systems like Iowa’s — were sufficiently accurate.

The FBI disagreed. It told the GAO that its testing satisfied requirements for providing investigative leads and that the Bureau lacked authority to set accuracy requirements for external systems.

Three of the six GAO recommendations dealt with accuracy—a massive red flag for a system that flags and investigates people based on algorithmic photo matches selected from millions of candidates.

Two more dealt with transparency: the FBI had failed to publish required Privacy Impact Assessments^[5] and a System of Records Notice^[6] — legally mandated disclosures for a program handling tens of millions of Americans’ photos. DOJ eventually published the missing documents, though years late.

By 2019, only one of the six recommendations had been fully implemented. The FBI had begun conducting user audits but still had not tested accuracy for smaller candidate lists, had not assessed external partner systems, and had not conducted the recommended annual operational reviews. The GAO maintained all five remaining recommendations were valid.

Iowa, for its part, did no better. In response to public records requests:

• The Iowa DOT and DPS each confirmed that the FBI never shared results of any accuracy tests.
• The Iowa DOT, despite having a “facial recognition analyst” on staff, never performed its own accuracy testing.
• Neither the DOT nor DPS ever solicited or received reports about the system’s accuracy from the vendor. Their only information comes from general materials provided, or published online, by the vendor.
• DPS “[had] not yet adopted a final policy” governing its use of facial recognition, on the grounds that it was waiting to determine “what uses may be accurate or inaccurate, reliable or unreliable, appropriate or inappropriate.”^[7] That was in 2016. A decade later, it still hasn’t looked at system accuracy—knowledge it claims is a prerequisite to regulation.

The FBI did not respond to a FOIA request (other than with the stack of MoUs from other states that were not part of the request).

As the ACLU of Minnesota summarizes: “Facial recognition automates discrimination.” The agencies either believe their algorithm is infallible, or they don’t care whether it’s accurate as long as it gets them an occasional result. Substantial academic and technical literature on algorithmic bias goes ignored, as does the federal government’s own accountability office.

The Bigger Picture: National Mass Surveillance

Iowa’s nightly scan is one node in a much larger system — one that has been expanding steadily and is now accelerating.

The infrastructure began with REAL ID and the MoUs that gave the FBI access to state driver’s license databases. In December 2025, Iowa was one of four states that agreed to help the Trump administration gain access to state driver’s license data through NLETS.^[8]

The deal was part of a settlement that allowed Iowa to upload its voter rolls to the federal government for citizenship verification through SAVE,^[9] after the Secretary of State had flagged over two thousand potential non-citizen voters by cross-referencing voter rolls with DOT records — driver’s license application data that was, in many cases, years out of date.

Subsequent federal verification through SAVE confirmed only 277, roughly 12% of those flagged based on the DOT’s REAL ID records.

Meanwhile, DHS has also declared that REAL ID—the system it spent twenty years building these invasive, networked fraud-prevention and citizenship-verification systems for—is not fit for purpose.

In a December 2025 court filing, a DHS official stated that “REAL ID can be unreliable to confirm U.S. citizenship” in response to a lawsuit by an American citizen who was detained twice during immigration raids despite presenting his valid REAL ID.

What immigration enforcement now demands is being filled by facial recognition. ICE agents carry Mobile Fortify, a smartphone app that reportedly scans faces against over 200 million images across DHS, FBI, and State Department databases.

DHS does not let subjects decline to be scanned, and photos — including those of U.S. citizens — are stored for fifteen years. CBP has gone further, releasing Mobile Identify, a separate facial recognition app available to state and local police agencies deputized for immigration enforcement through 287(g) agreements.

The federal government and state DMVs spent twenty years laying the groundwork for all of this while Presidents, Governors, and members of Congress rotated in and out of service. The MoUs. The nightly scans. The databases quietly compiled from photos taken to get permission to drive — or, for non-operator ID holders, simply to prove who they are.

Iowa’s program is not an outlier. It is the foundation. It is twenty years of federally funded research, data collection, and algorithmic lineups that, by the government’s own accounting, is unreliable and serves no significant public purpose.

Iowa’s DOT does not limit itself to approving questionable permits for police surveillance cameras and waiving roadside safety standards to accommodate them. Through its Motor Vehicle Division, it also operates one of the most invasive automated surveillance programs in the state.

For 3.5 criminal charges per year — overwhelmingly misdemeanors, with no recorded convictions — and 28 investigations that led nowhere at all, every new driver’s license photo in Iowa enters the nightly automated lineup, and, along with it, the database that federal, state, and local police across the country can access on demand.

Whether you’re an immigrant or have never left Ottumwa, if IDEMIA’s computer says you’re a suspect, the government will find out everything there is to know about you—to start with.

On February 16, 2026, Flock updated those terms again. The new version cleans up the structural contradictions in the December terms and locks in a set of provisions that are, in nearly every respect, worse for customers. It includes mandatory arbitration, moves disputes into the state of Georgia, and strips language that could hinder data sales.

The comparison report shows 147 changes across 96 replacements, 21 insertions, and 30 deletions. The document grew from 12 to 15 pages.

@Flock December 2025 Terms @Flock February 2026 Terms @Comparison report

Data Ownership: The Elegant Swindle

The December terms pulled an awkward trick. They defined “Footage” separately,^[1] excluded it from “Customer Data,” and then told customers they owned “Customer Data” — just not the actual images, video, and audio “their” cameras captured. It was clumsy, and it was obvious.

The February terms fix the clumsiness, but leave the harm.

“Footage” is no longer a defined term. It’s gone. “Customer Data” is redefined to include:

all (a) data and information captured by Flock Hardware on behalf of Customer through the Flock Services (e.g., images, audio, and/or video) and the metadata associated therewith^[2]

On paper, this looks like a win — footage is back inside Customer Data! Customers own their data again!

Not quite. Two things happened simultaneously.

First, the December commitment that “Flock does not own and shall not sell Customer Data” was deleted. That sentence no longer appears anywhere in the contract.

Second, the data license was expanded. December granted Flock:

a limited, non-exclusive, royalty-free, irrevocable, worldwide license to use the Customer Data and perform all acts as may be necessary for Flock to provide the Flock Services to Customer^[3]

February grants Flock:

a limited, non-exclusive, royalty-free, irrevocable, perpetual, worldwide license to (a) use and disclose Customer Data to provide the Flock Services; and (b) use Customer Data to support and improve Flock’s products and services^[4]

That’s two critical additions. The license is now perpetual — it doesn’t expire when the contract ends. And clause (b) allows Flock to use all Customer Data, including the footage it just folded back in, for its own product development. No restrictions. No limitations.

In December, customers owned the metadata but not the footage. In February, customers “own” everything — but Flock has a perpetual, irrevocable license to use all of it for anything it wants, forever.

The customer owns the house. Flock has a permanent, rent-free key.

Training Data Guardrails: Deleted

The December terms, for all their problems, included a detailed Training Data section^[5] with ostensible privacy commitments: images “stripped of all metadata and identifying information,” used “solely for the limited purpose of improving the Flock Services through machine learning,” “never sold or shared with third parties,” and “maintained separately and never combined in a manner that would render it personally identifiable.”

February deletes all of it. Section 4.3 is gone. In its place: clause (b) of the new data license — “use Customer Data to support and improve Flock’s products and services.”

Every guardrail the December terms promised for machine learning training has been removed:

• De-identification? Not required.
• Separate maintenance? Not required.
• Limited to “a small fraction of images”? No — the license covers all Customer Data.
• “Never sold or shared with third parties”? That commitment no longer exists.

The scope of data available for product development expanded from “a small fraction of images” stripped of identifying information, to the entire corpus of Customer Data — including footage, metadata, license plate numbers, timestamps, and geospatial coordinates — with no privacy restrictions whatsoever.

Governing Law: Georgia on Everyone’s Mind

This is the most significant net-new change the February terms introduce.

The December terms used the law of the state where the customer is located, with venue in that state’s courts.^[6] This was a standard and customer-favorable provision, particularly for government agencies that may have statutory rights to litigate in their home jurisdictions.

February replaces this with:

The Agreement … shall be governed exclusively by, and construed and enforced in accordance with, the laws of the State of Georgia, without regard to its conflicts of laws principles.^[7]

And it doesn’t stop at choice of law. The December terms contemplated normal court litigation. February imposes mandatory mediation followed by binding arbitration through the American Arbitration Association:

If any Dispute cannot be settled through direct discussions, the Parties agree to endeavor first to settle such Dispute by mediation administered by the American Arbitration Association under its Commercial Mediation Procedures before resorting to arbitration. The Parties further agree that any Dispute that remains unresolved by mediation shall be settled by arbitration.^[7:1]

For a government agency in Iowa, or California, or any state that isn’t Georgia, this means: if Flock breaches the contract, you don’t get to sue in your own courts under your own laws. You mediate, then arbitrate, under Georgia law, through the AAA.

Many state and local governments have statutes requiring government contracts to be governed by local law and adjudicated in local courts. Whether a mandatory arbitration clause in click-through terms can override those requirements is an open question — but one that a city’s attorney should be answering before the Order Form hits the consent agenda, not after.

Iowa’s Arbitration Statute: A Potential Defense

Although this will vary from state to state, for Iowa municipalities in particular, the mandatory arbitration clause may not survive contact with Iowa Code §679A.1(2). That statute provides that arbitration clauses for future controversies do not apply to “take it or leave it” contracts of adhesion.^[8]

Given the mechanism we’ve documented — Flock posts terms on its website, changes them at will, blocks Wayback Machine archiving, and requires cities to accept them via Order Form signature with no negotiation — there is a strong argument these qualify.

Iowa law also excludes tort claims from mandatory arbitration unless there is a separate writing executed by all parties specifically agreeing to arbitrate torts.^[9] Flock’s T&C is a single document — there is no separate tort arbitration agreement.

So if a city has a negligence claim against Flock — say, a data breach caused by failure to maintain reasonable security — the arbitration clause may not reach it under Iowa law regardless of whether the contract is adhesive.^[10]

Unfortunately, the taxpayer would be on the hook for the litigation—which could exceed the cost of the contract—either way.

Liability: The Gross Negligence Loophole Closes

The December terms capped Flock’s liability at 12 months of fees — standard SaaS boilerplate. But they included a critical exception:

NOTWITHSTANDING ANYTHING TO THE CONTRARY, THE FOREGOING LIMITATIONS OF LIABILITY SHALL NOT APPLY (I) IN THE EVENT OF GROSS NEGLIGENCE OR WILLFUL MISCONDUCT, OR (II) INDEMNIFICATION OBLIGATIONS.^[11]

February deletes this exception entirely.

Under the new terms, Flock’s liability is capped at 12 months of fees even if Flock acts with gross negligence or willful misconduct. If Flock deliberately or recklessly causes harm — say, through a data breach caused by knowing failure to maintain reasonable security — the customer’s maximum recovery is whatever it paid in the prior year.

The indemnification provisions are gone too. December’s §9.3 required Flock to indemnify customers for IP infringement claims and installation damage. February eliminates all indemnification language — Flock’s and the customer’s.

The removal of customer indemnity (which I flagged in December as a new and concerning addition) is technically customer-favorable in isolation.

The overall trade — dropping indemnification entirely while also removing the gross negligence exception — leaves customers in a strictly worse position.

Non-Appropriation: From Exit Ramp to Dead End

The December terms allowed government customers to terminate for non-appropriation with 30 days’ written notice “without penalty or other cost.”^[12]

February adds two restrictions:

Customer shall remain responsible for all amounts incurred prior to termination, and non-appropriation shall not be based on discretionary budget decisions or operate as a termination for convenience right.^[13]

The “discretionary budget decisions” language is the operative weapon here. When a city council decides not to fund a surveillance program, is that a “discretionary budget decision”?

Almost by definition, yes.

This provision appears designed to prevent government customers from using non-appropriation as an exit ramp when they simply decide they no longer want the service — which is, of course, the entire point of non-appropriation clauses.

The Constitutional Problem

In Iowa (and many other states), the non-appropriation clause isn’t a negotiating courtesy but the mechanism that keeps multi-year vendor contracts from being classified as “debt” under constitutional limits.

Debt levels for local governments can be capped.^[14] The standard way to keep a multi-year contract outside that cap is the non-appropriation clause: because the government can walk away if funds aren’t appropriated, the contract is a “current expense” rather than an enforceable multi-year debt obligation.

Iowa’s Department of Administrative Services procurement manual states that service contracts crossing fiscal year lines “should include a non-appropriation provision.”^[15] The Iowa League of Cities’ model debt policy is even more direct: certain agreements “must contain ‘annual appropriation’ provisions so that the agreement does not count against the city’s constitutional debt limit.”^[16]

If Flock’s restrictive language effectively nullifies the non-appropriation clause — by preventing cities from exercising it whenever the non-appropriation results from a “discretionary budget decision” — then the contract arguably creates an enforceable multi-year financial obligation.

That’s debt.

And if it’s debt, it may count against the constitutional cap, or worse, may require voter approval that was never obtained.

A Flock contract is unlikely to push a city over its debt limit on its own. But the principle matters: if a vendor can contractually prohibit a municipality from exercising its non-appropriation right, the constitutional protection is meaningless. Every vendor can do it. The debt limit becomes advisory.

Cities should ask their attorneys a simple question before signing: does this non-appropriation clause actually let us non-appropriate?

What Got Better

In the interest of completeness: a few changes are at least facially customer-favorable.

IP non-infringement warranty. February adds a new warranty that Flock’s services don’t infringe valid U.S. patents or registered copyrights.^[17] This is a real addition, though the carve-outs for customer combinations and customer breaches are standard.

Insurance specifics. December referenced a vague “Exhibit B” for insurance. February adds a detailed Exhibit A specifying $1M/$2M commercial general liability, $1M auto, $5M professional liability/E&O, and $5M cyber liability.^[18] Actual numbers are better than vague promises.

Retention Period coverage. December’s Retention Period applied to “Customer Data” (which excluded Footage), creating the implicit permission for indefinite footage retention that we identified in our previous analysis. February redefines the Retention Period to cover “footage captured by the Flock Hardware or Customer Hardware via the Flock Services and the associated metadata.”^[19] This theoretically closes that gap — though the period itself is still “as specified in the applicable Order Form,” which means Flock and the customer still negotiate it (or don’t) separately.

The Pattern

The December revision was the hostile restructuring. February is the cleanup.

December moved contract terms online, carved footage out of customer data, and expanded Flock’s IP claims. But it left contradictions and rough edges — the Training Data section still promised privacy guardrails that the rest of the contract was busy undermining; the governing law provision still favored customers; the liability cap still had exceptions for truly bad behavior.

February resolves those contradictions. Every resolution favors Flock.

The terms are now internally consistent: Flock has a perpetual, irrevocable license to all customer data for any purpose; disputes go to Georgia-law arbitration; liability is hard-capped regardless of fault; and the non-appropriation exit for government customers has been narrowed to the point where it may not function as intended — raising questions about whether these contracts create unconstitutional debt obligations for the municipalities that sign them.

Flock’s marketing materials, as of this writing, continue to claim that “Customers own 100% of the data collected.” The February contract no longer directly contradicts that claim but it does make it an elegant lie.

Flock Loblaw’s Law Blog

This section was added February 17, 2026. The points below address Flock’s blog post.

A Simpler, Clearer Definition of “Customer Data”

(Section text)

Agreed. It’s simple, it’s clear: there’s one big bucket of Customer Data and Flock gets a license to do whatever it wants with it.

Flock Does Not Own or Sell Customer Data

(Section text)

James Cameron owns the movie Titanic, but Walt Disney and Paramount can still charge me to see it. Cameron licensed the movie to them—to “support and improve their services.”

Ownership is irrelevant when the license grants control.

Clarifying the “Perpetual” License

(Section text)

First, “[t]his is a standard software industry provision” should hold no weight here. According to Flock (when it suits), we are dealing with sensitive criminal justice information and information that can jeopardize officer safety. Let’s not base protections on Silicon Valley trends.

The right to use data to support and improve those services must extend beyond the duration of a single customer’s contract.

Why? Why does Customer Data need to be used beyond the duration of the contract to “support and improve products and services”? It would be one thing to hang on to, say, user-submitted feedback, but that category was deleted in favor of the simplified “Customer Data” that includes the footage.

Removing that distinction is a choice.

Updates Around Disclosure Provisions

(Section text)

Similar to the “Customer Data” simplification, this deletes specific disclosure rules for each category of data in favor of a single simple and clear rule: “we can disclose what we want when we want to whomever we want.”

Governing Law

(Section text)

The updated Terms specify Georgia law as the governing law for the agreement, which is standard commercial practice

Standard practice or not, up until two days ago Flock “agree[d] that venue would be proper in the chosen courts of the State of which the Customer is located.”

Flock then quickly fast-forwards on the part where binding arbitration is now mandatory and Georgia law governs. This removes the contract from the state that its local government customers operate under.

Whether the actual arbitration ultimately happens at a Ramada in Des Moines or in a boardroom in Atlanta is irrelevant: the point is that anyone with a contract dispute must now hire a Georgia lawyer to play an Away game.

Standard Terms, Collaborative Approach

(Section text)

Finally, Flock claims it’s happy to negotiate while it continues to make its customers sign order forms that reference the terms on its website—where it can (and just did) update them at any time.

Updated February 18, 2026: Added “Section text” links. Added some clarifying statements.

I am not an attorney. This analysis reflects my interpretation of contract language and is subject to change. Cities should consult qualified attorneys regarding their specific agreements.

Precrime as a Business Model

In the broader context of AI doing investigative police work—something Flock is pushing hard with Nova and its “Night Shift” feature—Langley had this to say when asked about Minority Report:

[When] you think about it, it was decades of arrests with only one wrongful arrest. How nice would that be if our current judicial system and policing system only had one wrongful arrest and multiple deaths? That sounds great.

The only problem with this system, according to Langley, is that the “terminal decision” lies with the “precog”^[1] rather than a human—the old “local decision” mantra Flock repeats in public, but puts aside when it unilaterally removes “permanent” information from its product.

Langley either completely misses the point of the movie, or he aims to bring about its dystopia in his stated, quixotic quest to eliminate crime.

Minority Report’s problem was never that the precogs were, like AI, “inhuman,” as Langley puts it. The movie is a warning that putting blind faith into a system—any system—is a terrible mistake.

The term “Minority Report” in the movie’s universe refers to an outlying data point: a piece of evidence that contradicts the other evidence and, at minimum, raises doubt about the system’s fallibility. The government’s solution in the movie? Purge minority reports from the record and hide their existence from the public.

The “one wrongful arrest”—which was actually a conviction—serves to highlight that the system has always been fallible. There are likely thousands of innocents who could not have been convicted but for the purged minority reports, removed from society “to eliminate crime in America.”

It’s a fitting reference for a company whose approach to inconvenient data is to make it disappear.

Blurring the Line Between Arrest and Conviction

In the same interview, Langley speaks on real-world problems in proving crime. The first, he claims, is that people will no longer come forward as witnesses.^[2] He continues:

The second is: our expectations of truth have gone through the roof. And and this is, like, largely a good thing, but you know, people like you and me watch NCIS on TV and we assume there’s cameras everywhere. … and you watch [shows like NCIS] and you’re like, “Oh, like this is how [it works]”, but the real world doesn’t work this way.

And so you you get to a judge, you get to a jury, and absent incredibly hard evidence, an arrest will not occur. And that’s actually, I think, good. We’re holding ourselves to a higher standard of eliminating wrongful arrest, but that kind of moves the difficulty level up. And then those two things are compounded by [the third issue of] a staffing crisis, right?

There’s a tell buried in this quote: Langley keeps saying “arrest” when he means “conviction.” He did it with Minority Report, and he does it again here. Judges and juries don’t decide arrests—they decide convictions. The standard for arrest is probable cause, which is far lower than the courtroom standard of beyond a reasonable doubt.

This conflation is not accidental. It’s strategic. Flock’s product is strong enough to generate arrests—point a camera at a road, flag a plate, send a cop. But generating a conviction requires evidence that can survive cross-examination, expert challenge, and judicial scrutiny. As we’ll see below, Flock’s evidence authentication doesn’t clear that bar. Langley blurs the terms because admitting the distinction would expose the gap between what Flock can trigger and what Flock can prove.

The CSI Effect and the “Burden of Truth”

Langley is gesturing at something real: the so-called “CSI Effect,” where jurors exposed to forensic-heavy TV dramas expect more scientific evidence than prosecutors can realistically provide. It’s a documented phenomenon, and it has made some prosecutions harder.

But Langley doesn’t frame it that way. Instead, he frames rising evidentiary expectations as a problem to be solved—a “difficulty level” that Flock can help overcome. The implication is that courts should lower the bar, or that Flock’s evidence should clear it. Neither follows. The standard in criminal proceedings exists to protect defendants from wrongful conviction. That standard hasn’t “gone through the roof.” It’s exactly where it’s supposed to be.

What has changed is that Flock wants to be the one supplying the evidence—and the evidence it produces, as we’ll see, doesn’t hold up.

Why Flock’s Evidence Doesn’t Hold Up

First, a caveat: I don’t claim authority on the Rules of Evidence. It’s a complex topic. If any lawyers want to correct me on anything, please reach out.

Here’s the gist: you can’t just make shit up and throw it at the judge. Courts require any evidence to have a basis and to be introduced by someone. This is, in part, why the prosecutor can’t show up with bodycam footage of you rolling up to the Louvre with your ladder—a police officer who was wearing the bodycam has to show up and say “I saw this guy carrying a ladder through the streets of Paris.”

When it comes to Flock footage, that means either (1) a witness comes in and says “I saw this,” (2) an expert comes in and says “this is authentic and has not been tampered with,” or (3) the court relies on more circumstantial evidence like metadata and affidavits.

Option 1 is impossible—there is no witness. Option 2 is expensive and exposes technical details in open court. Which leaves option 3: the weakest possible basis and, apparently, the focus of Langley’s complaint about standards going “through the roof.”

How Flock Authenticates Evidence

The details are sketchy, because of Flock’s continued lack of transparency, but I believe that some time last year, Flock changed how it authenticates evidence. Where it used to sign an affidavit on request, it now appears to use an automated process. Based on what I can determine, this is roughly how it works since July 1, 2025:

• A Flock camera takes a picture
• It creates a hash (shortened representation) of the image
• Flock stores the image and the hash
• An investigator goes into the Flock portal and downloads an image
• (Optional) Flock deletes the image due to retention periods, but keeps the hash
• The investigator, months later preparing for court, uploads the stored image to Flock
• The server generates a hash of the uploaded image
• The server compares it to the hash stored for the original capture
• The server returns a PDF with the image and the date, time, and location of capture that says “we checked: we took this picture and these items all belong together.”

Sounds reasonable. It isn’t.

The Chain of Custody Problem

The Chain of Custody is a key part of the rules of evidence: you have to be able to show that evidence has not been tampered with. For physical evidence, there are rigid protocols—sealing, unsealing, signing in and out of secure storage.

For Flock’s images: nobody, most likely including Flock, knows who has had access to the image, the metadata, or the hash at any point in the process. This is the reason CJIS requires permanent, immutable audit logs.

Images captured by Flock cameras are stored unencrypted on the device before transmission. Flock has previously said images are stored “for up to 7 days” on the camera, which means the metadata—capture times, location data—is also stored for up to 7 days.

This asynchronous processing is a technical necessity when operating over spotty LTE networks, but it also means there is a multi-day window in which images and metadata sit on an unattended, unsecured device.

It’s the digital equivalent of finding a dead body in an alley and saying “we’ll come back in a few days to collect the evidence.”

The Metadata Integrity Problem

There is no mechanism to validate that the metadata belongs to the image. A properly secured device would have a TPM (Trusted Platform Module) that cryptographically binds the data, image, and hash together so they cannot be separated, altered, or accessed independently. Flock’s cameras are not such devices and, from the teardowns I’ve seen, contain no TPM.

By all appearances, the file hash and the metadata are simply stored in AWS alongside everything else. Anyone with access to AWS—a Flock employee, a compromised account, a contractor—could update the data. With a few keystrokes, a photo of your car taken in Langley, VA, could be associated with a camera in Paris, IL.

Flock’s automated system will attest to this fact in court.

What Flock’s System Actually Proves

Flock’s authentication is a convoluted version of “trust me, bro.” Instead of verifying that a photo was taken where it was taken, when it was taken, it attests only to the fact that an image downloaded from Flock matches another image in Flock’s system.

That’s not authentication. That’s “both our watches say it’s 2:37pm, so it must be 2:37pm”—while ignoring that you left them unattended in your hotel room for three days before driving from Chicago to L.A. All it proves is that both watches show the same time.

Langley wants us—and the courts—to accept 2:37pm as the absolute, indisputable truth. The times match, and he’s wearing one of the watches—how could it not be the truth?

The law demands more, and so should the courts when they are deciding someone’s life and liberty.

Staff shortage be damned.

Back in November, I wrote about the Iowa DOT’s lack of a consistent permitting process. Further research shows that the DOT also lacks a verification process and an inspection process. The permits it does issue are approved based on plans that violate the safety standards printed on the application itself.

In the article What Is the Clear Zone and Why Is It Critical to Roadway Safety?, John Carlton, a licensed Professional Engineer, discusses “why the clear zone is important to the safety of roadway users and provide examples of commonly experienced violations that have resulted in personal injury litigation.”

This table is included on DOT’s standard utility accommodation form and shows the clear zone distances (ADT = Average Daily Traffic). The numbers matter: they are the minimum distance between a roadside obstacle and the travel lane that gives a driver a reasonable chance of recovery in a run-off-road event.

The Missing Permits

As noted in the previous article, the information in the permit applications for roadside cameras is sketchy at best. In some cases, they’re sketched-up screenshots of Google Maps by a Sheriff’s Deputy, and signed off on by the Sheriff, with little to no helpful descriptive information.

The plans above were submitted to, and approved by, the Iowa DOT.

The middle image shows the clearest violation: the minimum “acceptable clear zone” area, listed on the very form the permit was submitted on, is 12 feet. The plan shows “10–12 feet.” The DOT approved it anyway.

The Missing Failsafes

But at least there are failsafes. On paper. After construction, the DOT’s regulations require an “as-built” plan to be submitted with a certified engineer’s stamp. If a plan is not submitted, the DOT is authorized to perform an inspection at the permittee’s expense. This would uncover any shoddy work by unqualified site planners and straighten out any problems with approvals.

It turns out that the DOT does not follow its own regulations. Instead, it has replaced regulation with policy. In the words of my formal complaint:

For equipment installed under the utility accommodation program, Iowa Admin. Code 761—115.7(8) (2025) requires the utility owner “to submit to the department an as-built plan in an electronic format in accordance with department specifications.”

Iowa DOT writes that it maintains a policy that “[w]hen not submitted we accept the permitted plans as the asbuilt plan if the permittee did not contact us with a change.”

Iowa DOT confirms that for this installation “no as-builts were submitted,” and explains that “we identify the permitted plans as the as-builts.”

In other words: Iowa DOT does nothing, even when the camera is obviously installed in a way that appears unsafe. If it is somehow compliant, there is no information in any of the DOT’s records that would demonstrate that compliance.

It approves permits proposing non-compliant installations for “utilities” that are owned by private corporations and deliver no service to the public, based on the say-so of police officers and sheriff’s deputies.

To make matters worse, Flock—the contractor listed on many of these permits—is not even a licensed contractor in the State of Iowa.

The DOT’s Response

I brought these issues to the attention of Iowa DOT director Scott Marler.^[1]

@January 12, 2026, letter to the Iowa DOT @Exhibit A — 22A-2024-016 @Exhibit B — 33A-2024-014 @Exhibit C — Installation @Exhibit D — Carlisle PD @Exhibit E — Checklist @[Exhibit F — Altoona PD TCD Application](/blog/dot-permits-pt2/F-Altoona PD TCD Application Signed_08302022.pdf){.collapsible} @Exhibit G — Flock @[Exhibit H — DOT Emails](/blog/dot-permits-pt2/H-DOT Emails.pdf)

His responses met expectations:

The Iowa Department of Transportation acknowledges receipt of your request, sent to Director Marler on January 12, 2026.

We understand the importance of establishing a formal policy for license plate readers and have been actively working on this matter since last fall. At that time, we prohibited any additional installations of LPR’s on DOT ROW until the policy is put in place.

We aim to finalize our ALPR policy by the end of February. We appreciate your expertise and insights on this subject and will ensure that our policy team has access to review your contributions.

To which I replied:

Thank you for the response. While I appreciate that the Department is drafting a specific ALPR policy, the core of my concern is not a lack of policy, but a systemic failure to enforce existing Iowa Code and Administrative Rules.

The DOT recently finalized its EO10 review, affirming that the existing regulations—including those governing the Utility Accommodation Program and contractor licensing—are necessary and effective. A new policy cannot retroactively excuse the Department’s decision to ignore those regulations and standards.

Regarding the “prohibition” on new installations, there appears to be a disconnect. Since the date you claim a prohibition was enacted, Flock has expanded its network along the I-380 corridor in Cedar Rapids, including in the I-380 ROW on state-owned land, and in other municipalities.

If the DOT has been working on this issue since last fall, it raises the question of why the Department continues to allow unlicensed contractors to perform work and why these specific permits were not stayed or denied.

By declining to act in a meaningful way while unsafe installations (like the non-compliant “breakaway pole” on Hwy 52) put drivers at risk, the DOT is tacitly approving these hazards. In doing so, the Department assumes significant legal and financial liability for the State should a collision involving this equipment occur and foreseeably result in injury or death.

Note the DOT’s claim that it “prohibited any additional installations” since last fall. Since that date, Flock has expanded its camera network along the I-380 corridor in Cedar Rapids—including on state-owned land in the I-380 right-of-way—and in other municipalities. The moratorium appears to exist only in the DOT’s correspondence.

The DOT’s final response:

We greatly appreciate the time and effort you have invested in bringing these matters to our attention. Please be assured that we are investigating your allegations.

I will be sending in an open records request for the DOT’s new policy at the end of the month for Part III in this series, unless someone beats me to it.

If you’re in Iowa and you crash your car into a roadside camera, be sure to tell your lawyer about this post.

Permit Documents

The table below lists every LPR permit I have obtained from the Iowa DOT. This may be a complete set; it is emphatically not a complete accounting of cameras installed in DOT right-of-way. Many appear to lack permits entirely.

@[April 8, 2022 — IA-136 LPR](/dot-permits/2022.04.08 - IA-136 LPR.pdf){.collapsible} @[April 8, 2022 — US-30 LPR](/dot-permits/2022.04.08 - US-30 LPR.pdf){.collapsible} @[August 30, 2022 — Altoona PD — TCD Application CCP](/dot-permits/2022.08.30 - Altoona PD - TCD Application CCP.pdf){.collapsible} @[August 30, 2022 — Altoona PD — TCD Application](/dot-permits/2022.08.30 - Altoona PD - TCD Application.pdf){.collapsible} @[January 2023 — Council Bluffs US-275 — LPR TCD](/dot-permits/2023.01 - Council Bluffs US-275 - LPR TCD.pdf){.collapsible} @[January 17, 2023 — Council Bluffs — Admin](/dot-permits/2023.01.17 - Council Bluffs - Admin.pdf){.collapsible} @[January 24, 2023 — Council Bluffs US-275 — LPR TCD Approved](/dot-permits/2023.01.24 - Council Bluffs US-275 - LPR TCD Approved.pdf){.collapsible} @[May 8, 2023 — Permit](/dot-permits/2023.05.08 - Permit.pdf){.collapsible} @[May 30, 2023 — South Sioux City PD — Woodbury County](/dot-permits/2023.05.30 - South Sioux City PD - Woodbury County.pdf){.collapsible} @[October 6, 2023 — Ankeny PD — LPR Application](/dot-permits/2023.10.06 - Ankeny PD - LPR Application.pdf){.collapsible} @[October 6, 2023 — TCD Application](/dot-permits/2023.10.06 - TCD Application.pdf){.collapsible} @[December 22, 2023 — 85A-2023-034 — Story County US-30](/dot-permits/2023.12.22 - 85A-2023-034 - Story County US-30.pdf){.collapsible} @[December 22, 2023 — Story County Flock TCD](/dot-permits/2023.12.22 - Story County Flock TCD.pdf){.collapsible} @[January 2024 — Pleasant Hill PD](/dot-permits/2024.01 - Pleasant Hill PD.pdf){.collapsible} @[January 2024 — Pleasant Hill US-65](/dot-permits/2024.01 - Pleasant Hill US-65.pdf){.collapsible} @[January 23, 2024 — Pleasant Hill IA-163](/dot-permits/2024.01.23 - Pleasant Hill IA-163.pdf){.collapsible} @[2024 — Indianola — LPR Application](/dot-permits/2024 - Indianola - LPR Application.pdf){.collapsible} @[May 10, 2024 — 483754 — Marshalltown PD IA-14](/dot-permits/2024.05.10 - 483754 - Marshalltown PD IA-14.pdf){.collapsible} @[May 10, 2024 — 502480 — Newton PD](/dot-permits/2024.05.10 - 502480 - Newton PD.pdf){.collapsible} @[June 2024 — Altoona](/dot-permits/2024.06 - Altoona.pdf){.collapsible} @[June 25, 2024 — Polk City PD](/dot-permits/2024.06.25 - Polk City PD.pdf){.collapsible} @[October 25, 2024 — 96A-2024-011 — Winneshiek County IA-9 Decorah](/dot-permits/2024.10.25 - 96A-2024-011 - Winneshiek County IA-9 Decorah.pdf){.collapsible} @[October 25, 2024 — Fayette County IA-150 West Plum St](/dot-permits/2024.10.25 - Fayette County IA-150 West Plum St.pdf){.collapsible} @[October 25, 2024 — Fayette County US-18 E Bradford St](/dot-permits/2024.10.25 - Fayette County US-18 E Bradford St.pdf){.collapsible} @[November 4, 2024 — 33A-2024-014 — Fayette County IA-150 Major Rd](/dot-permits/2024.11.04 - 33A-2024-014 - Fayette County IA-150 Major Rd.pdf){.collapsible} @[November 4, 2024 — Fayette County IA-3 W Ave](/dot-permits/2024.11.04 - Fayette County IA-3 W Ave.pdf){.collapsible} @[November 15, 2024 — Fayette County IA-3 S Avenue](/dot-permits/2024.11.15 - Fayette County IA-3 S Avenue.pdf){.collapsible} @[2024 — 19A-2024-008 — Fayette County US-63](/dot-permits/2024 - 19A-2024-008 - Fayette County US-63.pdf){.collapsible} @[2024 — 19U-2024-009 — Fayette County US-63 NHSX](/dot-permits/2024 - 19U-2024-009 - Fayette County US-63 NHSX.pdf){.collapsible} @[2024 — 19U-2024-009 — Fayette County US-63](/dot-permits/2024 - 19U-2024-009 - Fayette County US-63.pdf){.collapsible} @[2024 — 22A-2024-016 — Fayette County US-52](/dot-permits/2024 - 22A-2024-016 - Fayette County US-52.pdf){.collapsible} @[2024 — 33A-2024-009 — Fayette County US-18](/dot-permits/2024 - 33A-2024-009 - Fayette County US-18.pdf){.collapsible} @[2024 — 33A-2024-010 — Fayette County IA-150](/dot-permits/2024 - 33A-2024-010 - Fayette County IA-150.pdf){.collapsible} @[2024 — 33A-2024-013 — Fayette County IA-3](/dot-permits/2024 - 33A-2024-013 - Fayette County IA-3.pdf){.collapsible} @[2024 — 33A-2024-014 — Fayette County IA-150](/dot-permits/2024 - 33A-2024-014 - Fayette County IA-150.pdf){.collapsible} @[2024 — 33A-2024-015 — Fayette County IA-3](/dot-permits/2024 - 33A-2024-015 - Fayette County IA-3.pdf){.collapsible} @[2024 — 3A-2024-008 — Fayette County US-18](/dot-permits/2024 - 3A-2024-008 - Fayette County US-18.pdf){.collapsible} @[2024 — 45U-2024-004 — Fayette County US-63](/dot-permits/2024 - 45U-2024-004 - Fayette County US-63.pdf){.collapsible} @[2024 — 96A-2024-011 — Fayette County IA-9](/dot-permits/2024 - 96A-2024-011 - Fayette County IA-9.pdf){.collapsible} @[December 16, 2024 — Sioux City PD IA-12](/dot-permits/2024.12.16 - Sioux City PD IA-12.pdf){.collapsible} @[December 16, 2024 — Storm Lake PD — PTZ and LPR](/dot-permits/2024.12.16 - Storm Lake PD - PTZ and LPR.pdf){.collapsible} @[December 16, 2024 — Woodbury County SO](/dot-permits/2024.12.16 - Woodbury County SO.pdf){.collapsible} @[February 11, 2025 — Wapello County SO](/dot-permits/2025.02.11 - Wapello County SO.pdf){.collapsible} @[February 20, 2025 — 91A-2025-006 — Warren County SO](/dot-permits/2025.02.20 - 91A-2025-006 - Warren County SO.pdf){.collapsible} @[February 20, 2025 — Carlisle PD](/dot-permits/2025.02.20 - Carlisle PD.pdf){.collapsible} @[May 11, 2025 — 29A-2025-001 — Burlington US-34](/dot-permits/2025.05.11 - 29A-2025-001 - Burlington US-34.pdf){.collapsible} @[2025 — 33A-2025-002 — Fayette County IA-150](/dot-permits/2025 - 33A-2025-002 - Fayette County IA-150.pdf){.collapsible} @[2025 — 36A-2025-004 — Fremont County](/dot-permits/2025 - 36A-2025-004 - Fremont County.pdf)

FOIA mode is now available from the theme selector in the top right:

Enabling FOIA mode will style the page in … well, FOIA mode:

In FOIA mode, an advanced simulator will simulate printing the page in black and white, it will apply redactions at random, without legal justification, before finally simulating scanning it at an angle to prevent successful character recognition and text extraction.

It is certainly the most inefficient way to render data, but it appears the one the government prefers; Roma locuta, causa finita.

You’re welcome.

FOIAing the FOIAers

haveibeenflocked.com retains no data on its regular visitors, but the privacy policy does permit collecting and retaining data on government visitors.

Although accessing the public records maintained on your local police department’s transparency portal is impossible when you’re using a VPN, anyone is welcome to visit this site using one. In fact, the Houston HIDTA bulletin that was forwarded by the FBI notes:

Law enforcement should be cautious when accessing haveibeenflocked.com, as it is unknown what information the site may be collecting. It is recommended that this website not be accessed by any computer that is connected to a law enforcement agency network

Below are the aggregate numbers of requests from government networks since about two weeks after that bulletin was forwarded to the broader “intelligence community” by the FBI.

The announcement is, of course, almost entirely marketing gibberish; to the extent that there’s any meat on its bones, this is it:

Bishop Fox’s offensive security experts will engage in complex, multistage and multilayer adversarial testing across all of Flock’s products, both hardware and software. The results and any ensuing updates will be communicated transparently to reinforce confidence in Flock’s strong security posture. — Dumb title omitted, Flock via GlobeNewswire, Feb 2, 2026

The key phrase is “multistage and multilayer adversarial testing.” This suggests^[1] they will engage Bishop Fox for some good old-fashioned red teaming.

It would be good news. If this announcement passed the smell test.

Why would Flock announce this to the world?

For readers not familiar with the term, “red teaming” is industry shorthand for hiring people who will attempt to break into your systems. It can include everything from physical entry (by breaking into buildings), to social engineering, to “hacking” systems over the Internet.

This is an incredibly useful exercise for security teams. Red teams (and actual attackers) can test vectors that employees typically can’t—for example, leaving USB sticks containing malware in company parking lots, putting on a hi-viz vest and carrying a clipboard into the server room, or sweet-talking Sam from HR into giving them an employee login.

If you want to test your everyday preparedness, announcing it to the world is not a good idea, for obvious reasons.

Perhaps more importantly for a company like Flock, an announcement like this sets expectations:

The results and any ensuing updates will be communicated transparently to reinforce confidence in Flock’s strong security posture.

A red team exercise at any organization, let alone one with a track record like Flock’s, is not a one-shot third-party validation exercise. Testing and addressing vulnerabilities is a months-long coordinated effort between senior management, in-house security staff, external consultants, and engineering teams.

If done right, the result is not a report to be presented in a shareholder call; it’s a binder documenting the work your management and engineering teams will be doing for the next six months.

And that’s just about the best-case scenario, which I do not expect for Flock.

Instead, Flock blasts out a press release with little to no context, creating unnecessary friction between shareholders who simply want a stamp of approval and security teams who want meaningful, long-term fixes.

Flock uses the language of success to set itself up to fail.

The Bishop Fox Choice

Bishop Fox is generally a well-regarded offensive security firm—the kind of company you hire when you’re serious about finding vulnerabilities. But …

Late last year, I published “Y Combinator funds both surveillance infrastructure and the machinery to silence its critics” which described some of the Y Combinator ties between Flock and its alleged other cybersecurity partner, Cyble.

I say “alleged,” because in that post, I questioned how formal the relationship is, writing “I would expect one of them to do a press release announcing a ‘strategic partnership.’” Here, Flock did not choose Cyble. It chose Bishop Fox. And it put out a press release.

While the ties between the companies do not suggest the same level of intertwinement as between Flock and Cyble, interesting overlaps remain.

Reddit co-founder Alexis Ohanian was Flock’s first investor while Reddit co-founder Steve Huffman currently serves on the board of Bishop Fox.

Chris Castaldo, Flock’s new CISO, worked at IronNet CyberSecurity before being hired at Flock. Don Dixon, managing director of Forgepoint Capital, serves on the board of both IronNet and Bishop Fox.

Castaldo also worked with Will Lin—another managing director and founding member of ForgePoint Capital^[2]: they co-founded the non-profit Security Tinkerers in 2018 and continue to collaborate on it today.

The “follow the money” connection between Flock and Bishop Fox is not as obvious or direct as the one between Flock and Cyble, but the close personal relationship Flock’s new CISO maintains with managing directors and board members of a “neutral third party” that could add or remove billions from Flock’s valuation raises serious red flags.

We’ll see if Flock publicly acknowledges this appearance of a conflict at any point before the “results” are in, or if we’re expected to take everything at face value.

The impossible bind

The CJIS Security Policy (CJISSECPOL), also name-dropped^[3] in the press release, creates an inescapable problem for any “production” testing of Flock’s systems.

There is a commonly-used CJISSECPOL workaround for giving contractors temporary access to CJI without full vetting: a Flock employee “escorts” the contractors while they work. This avoids fingerprinting, background checks, and the cascade of compliance certifications that would otherwise be required from every agency customer in states without centralized contractor vetting.

The problem is that in an “escort” scenario, the escort is legally required to prevent Bishop Fox from accessing unencrypted CJI. CJISSECPOL § 5.1.1.5 is explicit: physical access must be “controlled” and the escort must maintain “observation” to ensure the contractor cannot view protected data.^[4]

As soon as Bishop Fox successfully discovers a vulnerability that exposes real data—which is, after all, the entire point of red teaming—the escort has failed in their duties. The incident becomes reportable under CJISSECPOL. CGAs must be notified, as well as the FBI, and mitigation plans must be submitted.

Success equals failure. The very act of doing the security audit competently would trigger mandatory incident reporting.

Neither alternative works

For Flock, as the defending “blue team,” there are two paths forward, and both lead nowhere good.

Option 1: Test on a replica environment.

There is a lot of evidence of Flock using development-specific code and keys in production and vice-versa, suggesting poor logical separation and cross-environment contamination. If I had to make a list of “organizations I would expect can roll out an accurate replica of their production environment,” Flock would definitely not be on it.

Even assuming Flock could create an accurate replica software environment, if your penetration testing is multilayer and includes physical security, you have to include the security of your office and server buildings, as well as any parts of your network you’re leaving unattended on a stick on the side of the road.

And while a replica might yield valid results for a blue team interested in making improvements, because we can’t verify the fidelity of the replica, it would invalidate a lot of the “third party” claims that Flock raises in its press release. (Again, I ask: why announce it in a press release?)

Option 2: Test in production.

This creates the impossible bind described above. But even setting aside the escort paradox, testing in production without the escort workaround would be worse.

Some states, through their CSAs, have centralized vetting for contractors. Many do not. For states without centralized vetting, each Bishop Fox employee with access to unencrypted CJI would have to be fingerprinted, background checked, and certify their knowledge of, and agreement with, CJISSECPOL to each Flock customer with an active CJIS security addendum.

To be compliant with CJISSECPOL, all governmental Flock customers in those states must independently ensure this has happened. Failing to do so, even in a single jurisdiction, would bring all of Flock’s customers—including those in states with centralized compliance—out of compliance the moment Bishop Fox touches a live packet.

We already know Flock sends data to Denmark and the Philippines. The certifications I have received in open records requests did not include these contractors.

Ultimately, it’s on local criminal justice agencies and their state CSAs—not Flock—to remain in compliance with CJISSECPOL.

If Flock were to add another subcontractor to access its customers’ CJI without obtaining necessary authorizations, conducting the necessary background checks, and providing the required compliance documentation, it would bring its agency customers even further out of compliance.

We’ve tried nothing, and we’re all out of ideas

Flock continues to sit on the report by GainSec, which documents dozens of vulnerabilities that were reported to Flock in February 2025 but, by all accounts, remain unfixed. It also continues to ignore the unrelated issue from late 2025, where it hardcoded passwords in production.

The red team should have no trouble finding and flagging these issues. Then we’ll have another report for Flock to fail to act on.

In its press release, Flock writes that “[t]he results and any ensuing updates will be communicated transparently to reinforce confidence in Flock’s strong security posture.”

Flock could start on that today by acknowledging and fixing the already-documented vulnerabilities in its products.

Flock could also own up to all the security incidents it has experienced, from accidentally disclosing a file with customer emails, to hardcoding passwords in roadside cameras. It could transparently implement fixes, or even provide a schedule for these fixes.

The company could address the issues with compliance, which include failures to mitigate critical security vulnerabilities within 15 days as CJISSECPOL requires, designing the system to disseminate CJI indiscriminately, and leaking entire murder investigations.

Instead of falsely claiming “we have never been hacked” and removing accountability measures, Flock could work with independent security researchers, rather than try to get them to sign NDAs.

Flock could even work with CSAs and the FBI, which are authorized to audit Flock’s systems. After several unanswered requests to the Iowa Department of Public Safety (Iowa’s CSA), in December 2025, I even requested the FBI perform such an audit, citing incidents where Flock disseminated warrant information from NCIC, and the 157 pages of murder investigation mentioned earlier.^[5]

The company has not issued a single press release indicating it has done, or plans to do, any of these things.

From inception, this announcement has all the hallmarks of compliance theater—perhaps producing a meaningless report by an “independent” third party, before CJISSECPOL’s stricter “Supply Chain Risk Management” controls come into full effect with version 6, is a way to avoid the Department of Justice needing to wade into the mess Flock, local agencies, and CSAs have created.

Flock’s goal should be to improve its security posture, not to “reinforce confidence” in it. One is security, the other is managing public perception—i.e., marketing.

Location histories and the Fourth Amendment

The most pertinent discussion, or lack thereof, can be found in the lower court’s holding in Carpenter v. United States, which SCOTUS described as:

The Court declines to say whether there is any sufficiently limited period of time “for which the Government may obtain an individual’s historical [location information] free from Fourth Amendment scrutiny.” But then it tells us that access to seven days’ worth of information does trigger Fourth Amendment scrutiny […] Why seven days instead of ten or three or one? And in what possible sense did the government “search” five days’ worth of location information it was never even sent? We do not know. — Carpenter v. United States, 585 U.S. 296, 395–96, 138 S. Ct. 2206, 2266–67, 201 L. Ed. 2d 507 (2018) (internal citations omitted)

There was clearly some concern at the Supreme Court and among the parties regarding the length of the location history. The Supreme Court’s holding in Carpenter was narrow and it declined to address the confusion, writing in a footnote that “[i]t is sufficient for our purposes today to hold that accessing seven days of CSLI constitutes a Fourth Amendment search.”

Whether a cut-off exists under which retrieving location history data would no longer be a Fourth Amendment search, or where that cut-off would be, were not questions addressed by the Court, but in Carpenter, seven days of location history was enough.

Although Flock downplays the completeness of its data and the general usefulness and accuracy of its “critical tool” when it comes to defending it in the face of Carpenter, a federal court in Virginia has already found that 176 Flock cameras in Norfolk, VA “plausibly violate” the Fourth Amendment.^[1]

Courts have not yet addressed Flock’s actual network density, suspected to include more than a quarter million cameras.

Disproportionate by Default

Flock’s lookup tool, which is used for exact plate searches across the state- and nationwide networks, offers users limited options for the length of the requested location history: 1 day, 7 days, or 30 days.

Its “search” tool, which can search for partial plates, vehicle characteristics, and use “freeform” text queries, is not restricted in that way. It can do both longer and shorter searches.

It is unclear whether there is a default setting for either, what the default setting is if there is one, or who would configure the default setting. I do not recall ever seeing an ALPR policy or city council minutes that discuss this.

Examining per-state data for lookups^[2] yields the following results:

Considering this chart, a per-state or per-organization default setting seems unlikely, however, the uniformity of location history lengths has changed over time:

The high uniformity suggests a system-wide default that users are accepting. The sudden change in mid-2025, where users begin choosing different lengths for location history, may be part of the same systemwide changes that appeared in Santa Cruz in August.

The suddenness of the shift in uniformity suggests that Flock switched to a 7-day default around that time and users are less accepting of that default than they were of the earlier, 30-day default.

Regardless of any default, individual users still passively or actively choose to retrieve these histories without much apparent concern for proportionality. A seven- or thirty-day location history because an officer can’t be bothered to select a more appropriate menu option strays far from the reasonableness the Fourth Amendment demands.

Finally, for all searches in our database that have timeframe information, the average length of location histories retrieved is 18 days, 5 hours, 39 minutes. That includes “search” queries as well as “lookup” and other types of queries.

Before the Dropdown

But why are users pulling these long-term histories? “Every search must be accompanied by a reason.” Before switching to dropdowns in January 2026, Flock users were free to enter their own reasons. Although they often did not—beyond “inv” or “sus”—the reasons that were entered do provide a glimpse into what might trigger long-term lookups of location histories.

• Suspicious Person on Campus: 30 days
• stranger danger: 30 days
• Suspicious Auto (bullet holes): 30 days^[3]
• fishing violation: 33 days, 1 hour
• h&r vehicle: 217 days
• lowes theft: 366 days

It’s hard to come up with a reason why, or how this would contribute to the investigations described.

Dropdown Reasons

Maybe Flock’s new reason dropdown will live up to the marketing hype and provide more transparency. To be clear: these are the reasons that someone, somewhere, found acceptable enough as a reason for location history retrieval.

Traffic Infractions and DUIs

Through the dropdown, the Texas Department of Public Safety states it frequently uses the system for “Traffic Infraction - Criminal Justice Purpose.”

Although we can’t know what “Traffic Infraction - Criminal Justice Purpose” actually means, we know that most traffic infractions are short-lived; where someone had lunch last week has little probative value in cases where someone failed to stop at a stop sign.

Regardless, the vast majority of Texas DPS’s traffic-related location history retrievals exceeded the seven-day threshold the Supreme Court found implicated the Fourth Amendment in Carpenter.

DPS pulled histories exceeding 250 days in several cases.

The California Highway Patrol similarly uses Flock for DUI investigations.

California, of course, has much stricter controls on ALPRs and the Ninth Circuit tends to be more privacy-friendly than its counterparts elsewhere in the country. This may explain why CHP’s use appears much more restrained than Texas’.

But that restraint is relative—CHP still retrieved location histories for seven or more days in more than half of the DUI investigations where it used Flock. What evidentiary value this could possibly have is anyone’s guess.

Welfare Checks

Perhaps even more concerning is the Harris County, Texas, Sheriff’s Office use of Flock for welfare checks.

Welfare checks are not criminal investigations, and they are not generally triggered by accusations of any crime. They are also not the same as missing persons cases. They can range from neighborly concern to someone actively threatening suicide. In these cases, there may be a clear defense for the legality of retrieving a person’s current location to prevent harm, but the government does not need to know where they’ve previously been.

Yet here too, for more than half of “Welfare Checks” the Harris County, Texas, Sheriff’s Office retrieves location histories of seven days or more: a length the Supreme Court found sufficient to trigger the Fourth Amendment.

And they’re doing it in cases where there is no criminal investigation, and no evidence of a crime.

The Reason Behind the Reason

The implications of some of these long-term searches are concerning.

While a DUI suspect’s long-term location history seems like a mostly pointless violation of rights, what possible conclusion could someone draw from a shoplifter’s vehicle’s location a year ago? How does knowing where the “suspicious person on campus” has been decrease the suspiciousness of his actions today?

A 30-day history will tell you at a glance the general area where a person lives and works. That reveals information about their socio-economic status and, in many cases to a degree of statistical certainty, their race. Maybe the reasoning is that a person who lives a wealthy suburb is less “suspicious” when they’re walking around campus, while someone from the wrong side of the tracks presents more “stranger danger.”

Whether it’s laziness or active profiling, the system is designed to make disproportionate surveillance the path of least resistance. Flock could have defaulted to 1 day. They could have required more justification for longer histories. Instead, they built a system where retrieving a month of someone’s movements requires less thought than ordering a cup of coffee.

The Fourth Amendment doesn’t distinguish between malice and indifference. Neither should we.

The screenshot is from a Flock training video which shows a Flock user interface for automatic data sharing. The video was posted by ACLU of Massachusetts in October 2025, but various dates in the video suggest it was recorded in May 2024.

California’s Workaround

After Flock disabled the “nationwide network” for its California customers “1:1” sharing exploded. Rather than—or more likely, in addition to—switching to the statewide network, agencies in California increased the number of partner networks they added—from fewer than 7 new partnerships per week on average to more than 40.

When searches are done through a 1:1 sharing connection they are only logged in the originating agency’s “Organization Audit” and in the receiving agency’s “Network Audit.” This is unlike national searches, which are broadcast to the world and will almost certainly make their way into someone’s open records request. Agencies aren’t limited to actually performing 1:1 searches. They can trawl through data from all of their 1:1 connections seamlessly.

This leads to situations like those in Pittsboro, IN, where the agency entered into 3,968 partner agreements for a system it only used 17 times in the last 30 days.^[2] A slightly-outdated visualization of the 1:1 sharing network is available.

The data for this is hard to come by. Uncertainties persist due to what are presumably major data issues in Flock’s log files, as well as seemingly arbitrary redaction of the total_devices_searched and/or total_networks_searched columns both by Flock and agencies.

The available data does, however, support the idea that Flock and police have been building a shadow network, and that some restricted agencies, like those in California, have been using it.

The trend is not explained by Flock growing its customer base, or the overall number of networks. In fact, nationally the number of networks appears to be stagnating.^[3]

The Data Problem

The data must be interpreted with the caveat that Flock’s audit logs appear to be extremely unreliable.

We’ve seen the search inversion in August 2025 and the accompanying drop in log entries. Examining counts more broadly shows even more bizarre outliers, and inexplicable patterns.

The chart above shows the most popular (approximate) network pool size for “search” queries in three populous states. While Illinois and California at least appear plausible, the same can’t be said for Texas’ odd saw-pattern; I can see no plausible reason why agencies would suddenly search 50% fewer networks for a week.

There is no evidence that these anomalies have bothered auditors in any way, or that any questions have been asked. Flock certainly has not addressed it in a blog post or customer update.

The Telltale Ratios

Another piece of the puzzle that suggests this workaround is in active use is usage patterns.

The chart shows the proportion of queries made through 1:1 search connections versus TALON (the nationwide network). California agencies use 1:1 searches for 31% of their queries—three times the rate of unrestricted states like Texas (11%) or Arizona (3%). Minnesota and Virginia, which have also enacted restrictions on ALPR, show similarly elevated rates. This pattern is consistent with restricted agencies routing queries through 1:1 partnerships to bypass network limitations.

The scale of some agencies’ 1:1 networks is staggering. We have seen 358 agencies in California do searches on (a median of) 449 networks. These numbers seem realistic in the context of a national estimate of ~5,000–6,000 agencies.

Yet El Cajon PD searches 3,584 networks through 1:1 connections—ten times the number of in-state agencies. The California Highway Patrol searches 2,181, and the Riverside County District Attorney searches 2,896.

These outliers use a shadow network reaching 60–95% of TALON’s nationwide coverage, all while technically using “bilateral” sharing agreements.

Secrets and Silence

It’s important to note at this stage that although these 1:1 agreements are often understood to be reciprocal in nature, it is unclear whether they in fact are. Washington University research notes that the “shifting and sometimes inaccurate statements made by Flock about its product’s sharing features” contribute to this confusion.

To further frustrate analysis, Flock does not make its product documentation available to the public, and agencies do not generally release it responsive to public records requests. It is therefore unclear if the restrictions seen in the (presumptive) May 2024 video still apply, or if, in 2026, agencies can automatically accept requests from anyone, anywhere.

Still, while the exact scope and mechanism remain unknown, the available information does demonstrate the existence of a shadow network, powered by some form of “auto-accept” or similar feature.

California agencies are not, on average, hammering out between six and forty new agreements in any given week. Going by recent public records responses, agencies are not exchanging emails about these partnerships, let alone validating policies are in place. It has all the hallmarks of a checkbox.

That checkbox appears to be a “set and forget.” Nothing suggests that administrators are notified when a request is auto-accepted. The Washington University report highlights that many police chiefs were entirely unaware that third parties had access until notified by the researchers, who reviewed the logs.

Flock’s CEO Langley told us that “it is a local decision. Not my decision, and not Flock’s decision.”

What he built, buoyed by the FBI’s unsubtle threat of retaliation for complying with public records requests, does create local decision-makers—ones who’ve decided that laws are optional and silence is policy.

The FBI agent provided a summary of the bulletin in his email (emphasis added):

The website lists the total number of searches by an officer, when those searches were conducted, case numbers, the officer’s work schedule, how long they have been employed by the agency, and partial personal identifying information. This poses a significant officer safety risk to law enforcement personnel because suspects can determine if they are the target of a criminal investigation and potentially retaliate against law enforcement and/or those cooperating with law enforcement. Flock has committed to removing officer usernames from future audits.

@December 11, 2025 email from FBI @Houston HIDTA Officer Safety Situational Awareness Bulletin December 2025

Under Federal Pressure

This email was sent shortly after Flock’s email blast announcing reduced audit capabilities (“Flock has committed to removing officer usernames from future audits”). The agent who sent the email is based in Atlanta (as is Flock’s HQ). Flock used the same “officer safety” language.

Flock’s removal of critical auditing capabilities was clearly done in coordination with the FBI.

The FBI-endorsed bulletin recommends that, in configuring data sharing, agencies “exclude the states/agencies that release their audit logs.”

Information exchange happens on an ongoing reciprocal basis; the proposal is, in effect, to reduce the operational capabilities of the Flock system for states with effective open record laws, and specifically for agencies in compliance with those laws.

The FBI encourages agencies to violate the law by quietly threatening retaliation against those who don’t.

Follow the law, lose network access.

The Good Recommendations

Recipients of this bulletin should ensure that their agency Flock Administrators check that the agency Flock settings have limited searches to sharing within state only or exclude the states/agencies that release their audit logs. … Flock users should also limit their searches to “My Network” or draw a geofence around the area they wish to search. This will mitigate the risk of information being released by an outside agency that has different criteria as to what is redacted when responding to FOIA requests.

Agreed. Police should not default to pulling nationwide location histories for reasons like “graffiti”, “trespassing,” or “expired tag.” They should not be pulling any location history, of course, but current scopes are especially hard to justify as serving a legitimate investigative purpose.

The nationwide lookup is often cited as a “why we need Flock.” Apparently, when faced with a risk of oversight, that need evaporates. Police seem to prefer less intelligence over more accountability.

Regardless, although the reasons for wanting to reduce the scope and breadth of warrantless searches differ, we can at least agree this outcome is an improvement.

To further improve its recommendation, the FBI might consider suggesting following its own security policy. If the data and audit logs Flock stores are in fact CJI—as Flock and agencies claim whenever convenient—access and dissemination would be strictly limited to those with prior approval and a particularized “need to know.”

That does not include haveibeenflocked.com. It also does not include Flock or random users on the nationwide network (i.e. “paying customers Flock says are probably cool.”)

The Bad Recommendations

Flock Administrators/users should ensure that the reason for the query be as vague as permissible (e.g., “Investigation”).

This is one to take to your city council.

Elected officials have been promised that agencies have the ability to see the reasons for a search. The FBI is now telling agencies across the country not to enter meaningful reasons.

We’ve long known that entered reasons are borderline meaningless, but now, in addition to Flock’s new anti-transparency measures, it is federal policy.

The Ugly Recommendation

[A]gency Flock Administrators should coordinate with their respective Legal Departments to ensure that law enforcement sensitive information is redacted prior to releasing information.

The information on this website is lawfully obtained via public records. This isn’t in dispute: even after filing its takedown requests stating the opposite, Flock admits as much.

Additionally, there is a basic legal reality that license plates are not categorically exempt from open records requests. If Flock (a private corporation) can have access to the data, so can you.

Houston HIDTA appears to agree. Its recommendation is not “you should never release license plates.” Its phrasing signals an awareness that license plates are not categorically “law enforcement sensitive” or confidential for the purpose of public records requests.

At no point does the bulletin suggest that logs were leaked or improperly redacted.

Instead, the bulletin recommends agencies “coordinate with their legal departments.” On this too, we can agree, but for different reasons. The question posed to lawyers should be if sending “law enforcement sensitive” information to an unregulated private company to be disseminated through a “nationwide sharing” network where tens (if not hundreds) of thousands of people have access, would violate state law and federal regulations.

The question should not be the one implied—how agencies can get away with disclosing “sensitive” information to a group of individuals managed exclusively by Flock, while keeping it hidden from “activists” and “self-styled privacy advocates.”

The “Self-Styled Advocates”

A group of self-styled privacy advocates have filed a series of Freedom of Information Act (FOIA) requests with law enforcement agencies around the country to obtain agency Flock audit logs.

In context, “self-styled” is a deliberate pejorative. It is spook-speak used to delegitimize. It implies those seeking accountability aren’t experts or journalists, but meddling hobbyists.

Police use the language of counter-terrorism to describe citizens exercising a statutory legal right. In their framing, a citizen with a PDF reader is a “threat actor,” and a public record is a “vulnerability.”

At the same time, everything, including the actual surveillance data can be disclosed without restriction to Flock, everyone on the national network (as managed by Flock), Flock’s subcontractors, Flock’s gig-workers in the Phillipines, and the Danish corporation Flock uses to record user sessions.

We’re coming up on a year since several P1 CJISSECPOL violations were reported to Flock. Flock still hasn’t announced a patch. A vulnerability exposing real-time locations for officers went unfixed for months. If we are to take the FBI at its word, these vulnerabilities pose less of a threat to officers than public accountability.

Maybe the actual security problem here is the government contracting out the creation of a massive surveillance database based on a company’s claim that it has a “CJIS ACE Compliance Seal” (provided by Diverse Computing, Inc., of Tallahassee, FL).

Regardless, I want to assure the FBI that there is no “group of self-styled privacy advocates.” A handful of individuals have sent me audit logs, and I’ve pulled a few directly off Muckrock. The persistent belief that this project publishes information from many sources is mistaken.

Although as of right now there are 93M records in the database, they cover a limited time period and were sourced from a handful of releases. At the bottom of the daily statistics pages you can see the number of sources that cover a given month, and the number of search records for that month.

In months with more sources we see significantly more searches logged, yet out of the ~6,000 or so agencies using the system, we have logs from maybe a dozen for any given month.

This information is continuously being disseminated to Flock and by Flock. Anyone with access to the Flock system can get more complete, and more accurate, logs than this project has.

If your position is that “a group of self-styled privacy advocates”—which is really one developer in rural Iowa and the folks who have sent him emails—can use inaccurate, incomplete data to derive so much information that it “poses a significant officer safety risk,” what do you think a Flock employee or contractor—or someone exploiting documented, unpatched security vulnerabilities—could do with realtime access to accurate information?

Agencies are right to be worried. They’re wrong to worry about the messenger while ignoring the problem.

What You Can Do

Get Answers from Public Officials

• Does your PD follow the FBI’s recommendation to enter vague search reasons like “Investigation,” or does it require specific reasons and case numbers for every query?
• Has your PD stopped searching data from jurisdictions that comply with public records laws?
• Since Flock has removed officer usernames from audit logs, how does your city verify that individual officers aren’t using this system for personal or other impermissible reasons?
• Do Flock or the FBI have the right to dictate which public records your city is allowed to release?

Get Answers from the Public Record

Even without the logs, it’s worth finding out if your city complies with open records laws, if only so the FBI will continue to recommend that your city be excluded from future searches.

The FBI suggesting consequences for complying with transparency laws underscores the need to remind these self-appointed surveillance authorities that, in free societies, we don’t treat the rule of law as optional for police.

Tired of Self-Styling? Get Self-Certified

Demanding transparency, speaking at local meetings, and writing your representatives is a lot of work. You may want to be more than just a self-styled privacy advocate.

That’s why haveibeenflocked.com is offering you the opportunity to become a Certified Privacy Advocate. If the government is going to pathologize transparency, you might as well have the credentials to back it up.

This certificate is every bit as legitimate as a commercial CJIS seal and it may even fit in a frame if you print it correctly.

Get certified today!

Pay what you want to print as many certificates as you like, or don’t pay at all. If you frame it and hang it anywhere good, send me a picture.

Although the obvious headline in that debacle is the attempt to suppress public discussion and the outright rejection of transparency, another part of the sheriff’s email is perhaps even more disturbing:

The technology has also allowed us to conduct truth verification on victim and witness statements, allowing us to determine very quickly that one or more victim or witness was giving us false information about what actually occurred. This keeps us from wasting valuable resources on chasing false leads or, worse yet, investigating crimes that never occurred. — Sheriff Al Nienhuis in his March, 2024 email to Hernando County Board of County Commissioners.

The sheriff suggests he is willing to dismiss cases and leads based on information from Flock.

Does that mean he will not investigate when a citizen reports a vehicle is involved in a crime, but Flock didn’t detect it? Will he dismiss valid witness statements when a plate is misread? When a bug in the Flock software doesn’t register it?

We have no idea how accurate Flock’s technology is exactly. That’s both “for obvious reasons” and because it is being used without oversight or external audits. Governments will spend millions on these contracts without asking the question. Still, all technology is fallible, and we know Flock neither contractually guarantees any level of accuracy, nor permits validation of accuracy.

Flock is not contractually obligated to disclose information about inaccuracies, outages, or errors. It is negatively incentivized to do so; its customers don’t like hearing results are inaccurate, they prefer to assume they are.

The idea that a sheriff would use the system for “truth verification” and to direct resources should be deeply disturbing to anyone who values the integrity of criminal investigations.

A search result proves nothing. A lack of search results proves nothing. It’s Flock making an unverified, and unverifiable, claim on the basis of a compromised system.

Courts and police should treat it that way.

The department didn’t discover this. Citizens did—by reading audit logs that haveibeenflocked.com published, finding patterns that fourteen months of agency oversight had missed, and reporting them.

@Joplin, MO Statement

Today, 404 Media ran an article about this site and Flock’s takedown attempts. The reporting is accurate. But both 404 Media and the EFF frame unredacted license plates as “leaked” or “missed redactions.”

They’re wrong. The plates are the point.

The legal reality

Flock’s entire business model depends on license plates being unprotected information. If plates were regulated like SSNs or medical records, Flock couldn’t operate—collection would require warrants, sharing would require consent, and the nationwide dragnet would be illegal.

Flock chose this legal regime. They benefit from it every time a camera captures a plate without a warrant, every time that data flows to thousands of agencies without restriction, every time a cop searches the network without probable cause.

But that same legal framework means audit logs are public records.

As I’ve documented, agencies have no lawful basis for redacting plates precisely because plates aren’t protected information. You can’t claim data is too sensitive for public records while simultaneously arguing it’s not sensitive enough to require a warrant.

Flock wants regulatory immunity and operational secrecy. That’s not a coherent legal position—it’s lobbying.

This legal vacuum enables the abuse we’ve seen in Georgia, Kansas, Colorado, and now Joplin. It also makes unredacted audit logs the only functional check on that abuse.

Where I part with the EFF

The EFF has done—and continues to do—important work. But on this, we disagree.

Their position treats plate exposure as a privacy harm to be minimized. Mine treats it as the precondition for accountability. As long as Flock can collect this information without restriction, the public must be able to see how it’s used—including who searched whom, and when.

Redacting audit logs doesn’t protect the surveilled. It protects the surveillers.

As long as Flock can have the information, you should too.