An evidence-first repository of contracts, audits, incidents, and research surrounding Flock Safety deployments — built for residents, journalists, and policymakers who refuse to accept marketing in place of accountability.
The public impact of ALPR networks comes from what is captured, how it's stored, what can be searched, and who can access it. Flock markets a nationwide "connected" network with "20B+ monthly reads" and 5,000+ communities. Here's what that means in practice.
Roadside devices photograph vehicles and extract plate text plus attributes — make, model, color, and distinctive identifiers via "Vehicle Fingerprint" technology.
Data is stored and searchable via the vendor platform. Retention defaults to ~30 days in many deployments but varies by contract. Longer retention = exponentially more risk.
Cross-organization lookups are enabled by configuration. "National Lookup" can allow agencies nationwide to search your city's camera data — sometimes without local awareness.
New PTZ video products and AI features like "People Detection Alerts" and "Guardian Mode" shift the system from plate reads to broader video surveillance and tracking.
Flock says "customers own and control their data." But publicly posted contract language tells a different story — agencies retain ownership while the vendor receives broad disclosure licenses for investigative purposes, plus perpetual rights to aggregated/anonymized data. The ACLU warns these default terms can undercut any practical "opt-out" expectations. The gap between marketing and contract language is the governance crisis.
Each claim is timestamped. Each evidence packet links to the strongest available primary source. The pattern isn't a single "gotcha" — it's repeated governance fragility.
| Public Claim | Documentary Evidence | Strength | Site Framing |
|---|---|---|---|
| "No customer data has ever been compromised; the cloud platform has never had a data breach." | Company acknowledges a Condor "debug interface" exposure but asserts it didn't allow cloud/account access. Independent reporting and local news describe broader exposure risks and dispute the minimization. | Medium | Definitional dispute: "cloud breach" vs. "device/interface exposure." Requires consistent incident taxonomy and timestamped statements. |
| "Flock does not share data with ICE; federal agencies are not part of lookup networks; sharing is default off." | Illinois Secretary of State found CBP accessed in-state ALPR data and ordered shutoff, describing an undisclosed pilot and inadequate safeguards. A local police department reports 262 immigration-related searches occurred via "National Lookup" without its prior awareness. | High | Documents focus on CBP and "immigration-related" usage. Track federal agency categories and whether post-incident remedies are technical vs. policy-only. |
| "Customers own and control their data." | Posted agreements state agency data belongs to the agency — yet grant vendor licenses enabling disclosure for investigative purposes and perpetual use of aggregated/anonymized data. The ACLU warns this undercuts practical opt-out expectations. | High | Publish "contract clause explainers" and an amendment playbook: remove perpetual disclosure licenses; require warrants; prohibit ML training without opt-in. |
| "ALPRs do not and cannot 'track' vehicles/people; they are point-in-time images." | A federal court upheld one program's limited photos over 21 days — but explicitly warned that future capabilities could change the analysis. Dense deployment + long retention = tracking capability. | Medium | Depends on density + retention + complementary tools. Higher camera counts and longer storage fundamentally alter the calculus. |
| "A nationwide search was about a missing person, not abortion enforcement." | EFF cites a sworn affidavit describing a death investigation triggered by a report of an abortion, directly contradicting the "missing person" characterization in the company's public messaging. | Medium | "Company framing disputed by affidavit-based reporting." Link to underlying affidavits; avoid overstating either side. |
| "Errors and false positives are minimized." | Policy research highlights significant misread rates. Documented incidents show downstream harms: wrongful stops, accusations, and forced "prove your innocence" scenarios when police over-rely on ALPR inferences. | High | Separate OCR/vision errors from database/hotlist errors, and model how error rates translate into wrongful stops at scale. |
Incidents in four categories: technical security incidents, access-control failures, policy misuse, and procurement irregularities. Discovery almost always occurs after the fact — through audits, public records requests, or investigative journalism.
State officials issue notices and cease-and-desist concerns tied to licensing requirements for private/home/business deployments — revealing that parts of the deployment model may require private-security or private-investigation licensure.
Procurement / ComplianceAudits and investigations reveal that opting into "National Lookup" allowed other agencies to search local camera data without a direct data-sharing agreement. A municipal police department reports 262 immigration-related searches occurred without its prior awareness — a textbook case of "functionality surprise."
Access ControlThe Secretary of State publicly states that a sample audit found Customs and Border Protection gained access to Illinois license plate camera data — calling it a state law violation and ordering the company to terminate CBP access. The statement describes an undisclosed pilot program that leadership was "unaware of."
Access Control / FederalReporting based on public records and audit logs describes how federal immigration agencies obtained access via direct 1:1 sharing and a broader "nationwide lookup" toggle. Multiple agencies reported they didn't understand the implications until notified or audited.
Access Control / FederalMultiple lawsuits challenge warrantless ALPR searches. EFF and ACLU-NC file in California state court; a federal lawsuit in San Francisco challenges a large network as unconstitutional mass surveillance. Courts grapple with where density and retention cross constitutional lines.
Legal / ConstitutionalIndependent reporting reveals Condor video feeds accessible via the internet. The company describes it as a limited "debug interface" that didn't allow cloud access. Reporters and commentators dispute the minimization — noting that internet-accessible surveillance feeds from PTZ cameras with people-detection features constitute a serious security incident regardless of cloud-backend access.
Technical SecuritySanta Cruz terminates its contract citing privacy concerns. San Marcos declines renewal. Denver announces a vendor switch with new federal-sharing and retention controls. Yet investigative reporting shows that "cancelling" a local contract doesn't end access when neighbors still share data — the network persists even after local opt-out.
Governance / ProcurementProcurement is the lever that determines everything else. No sharing setting matters if the contract grants broad disclosure rights, fails to require audits, or lacks enforceable termination terms. Local democracy often has its strongest voice at procurement time.
| Entity | Date | Amount | Status | Key Details |
|---|---|---|---|---|
| Pembroke Pines | 2022-02 | $99,000 | Approved | Piggyback agreement for 36 LPR readers |
| Palo Alto | 2023-04 | $174,400 | Approved | Three-year contract with surveillance use policy required by local ordinance |
| Oakland | 2025-12 | $2,000,000 | Approved | Two-year renewal for ~290–300 LPR cameras amid controversy over sharing and oversight |
| Midland | 2026-02 | $451,000 | Approved | 24-month extension; 30-day retention unless council approves longer |
| Santa Cruz | 2026-01 | — | Terminated | Contract cancelled citing privacy concerns and out-of-state access reports |
| San Marcos | 2025-12 | — | Declined | Council voted not to renew, citing privacy and legal liability concerns |
| Denver | 2026-02 | — | Replaced | Will transition vendors; new provisions limit retention and federal sharing |
Ending a local contract does not necessarily stop data access. If neighboring agencies retain cameras and share data through the network, your city's vehicles are still being tracked. Investigative reporting documents cases where a city ended its program while its police department still accessed ALPR data from neighbors — regional sharing undermines local policy decisions unless the policy explicitly covers indirect access.
Peer-reviewed evidence is mixed — and far more limited than marketing suggests. Three questions that are often conflated: operational utility, deterrent effect, and civil-liberties cost.
A place-based RCT across two jurisdictions: 30 hot spots, 15 treatment, 15 control. Structured deployment consistent with hot-spot policing principles.
Government-linked summaries of a randomized experiment emphasizing benefits for combating auto theft: more plates scanned, more hits, arrests, and recoveries.
Major meta-analysis covering decades of CCTV evaluations across multiple countries and settings.
Found CCTV had no effect on violent crimes in included studies, with desirable effects limited to vehicle crimes. North American studies were concentrated among "no effect" results.
Policy research shows substantial misread rates. Civil-liberties reporting documents harms from both OCR errors and stale hotlist data. In Colorado, an officer used Flock cameras to wrongly accuse a resident of theft — charges were dropped and the officer faced discipline.
Bias may not be "in the camera" but in deployment — placing cameras in "high-crime" areas defined by historically biased enforcement patterns, or using hotlists correlated with unequal policing.
Constitutional challenges are active. Public-records fights are forcing operational choices. State laws on sharing and retention are tightening. Here's where things stand.
Court found limited photos over a 21-day rolling window from camera clusters did not amount to "whole-of-movements" tracking — but explicitly anchored the analysis to that program's specific density and retention, implying different facts could change the outcome.
EFF and ACLU-NC filed in California state court challenging a city police department's warrantless searching of stored location records, arguing ALPR data reveals private habits, associations, and movements.
Federal lawsuit challenges a large ALPR network as unconstitutional mass surveillance, emphasizing how multi-week movement records reveal sensitive association patterns. Seeks to halt use or require warrants.
Courts determined ALPR images stored via vendors remain "public records" — creating tension between transparency (oversight of surveillance) and privacy (stalking risk from location data access). Cities paused programs in response.
California bars out-of-state/federal ALPR sharing but enforcement is weak. Illinois used audit powers to compel shutoff. Virginia passed a new law restricting storage/sharing/usage effective July 1. Models vary — some technical, some policy-only.
State advisory committee determined the company wasn't properly licensed for certain operations and issued a cease-and-desist. Ongoing investigation into licensing compliance for private deployments.
Policy-only promises are insufficient for systems whose core risks arise from scale, sharing, and long retention. Audits show violations are discovered after the fact. Here are five layers of enforceable protection.
Delete vendor disclosure licenses. Prohibit ML training without opt-in. Define breach notification timelines. Require independent security audits. Allow termination for network participant misuse.
Require explicit whitelisting for cross-jurisdiction access. Eliminate broad lookup by default. Hard technical blocks in states that prohibit sharing. Independent verification, not vendor self-reporting.
Short retention by default (7–30 days). Council approval for extensions with strict criteria. Aligns with judicial reasoning that limited capture reduces "whole-of-movements" claims.
Require warrants for retrospective searches beyond a short window. Supervisor sign-off and case numbers for every query. Special protections near protests, clinics, and religious institutions.
Hit confirmation protocols before stops. Public reporting of false positives. Hotlist update audits. Non-punitive remediation for wrongful stops. Published error rates at deployment scale.
Every deployment begins with a procurement decision. Every contract can include — or omit — enforceable safeguards. Whether your city is considering Flock, renewing, or watching neighbors deploy, the time to act is before the next vote.