Learn More

1
2
3

Table of Contents

Click any of the items below to jump to that section

  1. Cybersecurity Concerns
  2. Is Flock Effective?
  3. Transparency - Flock
  4. Guilty Until Proven Innocent
  5. Useful Links

1. Cybersecurity Concerns

Thanks to independent researchers who took it upon themselves to ethically hack offline Flock devices, we have some insight into the security measures (or lack-therof) that Flock has gone to to protect the vast amount of personal data they collect on Americans. Below are some highlights from the published research report[1] and a video by another researcher, Benn Jordan[2] covering it, as well as Flock's official response.

The first half of the video shows a detailed account of some of the most basic security vulnerabilities found in the Flock systems, as well as demonstrates that their claims about image deletion and encryption are blatantly false. These are not small issues that can be fixed with guardrails or use-policies. In fact, Flock's security is so lacking that Oregon Senator Ron Wyden is urging the FTC to investigate Flock for "needlessly exposing Americans' personal data to theft by hackers, foreign spies, and criminals."[3]

Here are some highlights from the report:

This level of security is a joke and is a testament to a fundamental lack of organizational respect for the security and privacy of customer and public data.

Flock acknowledged and responded on their blog in May 2025[4] to the initial public disclosure from the researchers and in Nov 2025[5] to the published report. They made no attempt to discredit the research, thus legitimizing it and showing us that we can trust the information. The posts were mostly typical corporate speak but a few things stood out. The below quote, which appears in bold text on their blog, really speaks to their priorities:

"Overall, none of the vulnerabilities detailed in the report have an impact on our customers' ability to carry out their public safety objectives."[4]

Members of the general public, the ones who stand to lose the most in the event of a security breach at Flock, are not customers of Flock. So long as the customers (government agencies and private businesses) don't lose access to their tracking tools, everything else is an afterthought. But even then, one of the vulnerabilities was possible remote control by a bad actor, so their statement isn't even true. They blatantly lied to their customers.

Flock also tried to downplay the vulnerabilities in their blog posts, but they offered some weak examples:

"Exploitation of these vulnerabilities would... require physical access to a device...[4] typically placed on a pole several feet above normal height."[5]

LPR cameras are left unattended on the side of the road. It's reasonable to expect that anyone can get physical access to these devices, no Mission Impossible stunts required. Unless you consider ladders to require specialized skill and access.

Update 12/23/25: 404 Media and Benn Jordan covered another vulnerability: Flock camera live feeds streaming online for anyone to view.[15] Benn appropriately called this "Netflix For Stalkers." In the 11-minute video, he shows footage of a family loading their Lowe's purchase into their truck, a man roller blading and then watching a roller blading video on his phone, a woman running on a trail alone, and children playing in a park unsupervised. Maybe the woman feels safe running that trail alone knowing that it has cameras, but I bet she would think twice if she knew who was really watching.

2. Is Flock Effective?

Some believe that the benefits of ALPR's are worth the sacrifice. But if you're going to force people to forgo their constitutional rights, you should at least be able to prove what the return is.

Flock claims that their ALPR's reduce crime, and that they're "instrumental in solving 10 percent of reported crime in America." These claims are backed by a study that was conducted by 2 Flock employees (how convenient). [16] The methodology of the study was later questioned by one of the researchers.[17][18]

There is not a single independently conducted study on the efficacy of ALPR's against crime. That leaves us with anecdotal stories both for and against ALPR's. There have been multiple instances of leadership around the country being quick to credit Flock with saving the day, only to be proven wrong upon taking a closer look.[19][20] In light of that, I tend to not take anything at face value.

One example of Flock being ineffective is in the kidnapping of a 16 year-old girl from Wisconsin. Police in 23 states searched the Flock system 3,466 times over 2 months with zero hits of the kidnapper's vehicle.[21] The girl was found the old school way, when a woman saw her at a truck stop and reported it. The sad part is, she could have been saved much sooner if the police had acted when the kidnapper's probationary ankle monitor went off, or later when they knew who the kidnapper was but failed to put an alert on his EBT card that he used while taking the girl into Walmart. You can read the article for a full breakdown of how Flock does not seem to be a system that's effective at finding missing children.

The Spartanburg County Sheriff's office has stated repeatedly that Flock "reduces response time from 30 minutes down to 5 minutes." If you do an internet search for this phrase, there are no matching or similar results - studies, articles, or Flock's online marketing material - to indicate where these statistics come from. The only thing that comes up about "response times" is in relation to Flock911 and Flock's DFR (Drone as First Responder) products. Neither of which the Sheriff's office has. Neither of which is the topic of discussion when these stats are mentioned. I will provide an update if/when these stats can be substantiated.

Update 5/14/25: It's estimated that $1.6 billion taxpayer dollars per year are spent on Flock contracts across the US. This breaks down to $13.1 million per AMBER alert, or $25k per car theft cleared. See more stats and where the data comes from on haveibeenflocked.com

3. Transparency - Flock

Flock says that they believe in transparency, but do they meaningfully practice it?

the wayback machine flock url error: sorry, this url has been excluded from the wayback machine

The first red flag is that Flock's website is blocked on the Wayback Machine. The Wayback Machine is an internet archive that takes snapshots of webpages at different times, allowing people to see old versions of webpages in case anything changes. When eyesoffgsp.org quotes Flock's blog to demonstrate their attitude towards something, Flock could later edit the blog and there won't be a good way to prove what they originally said. In contrast, the eyesoffgsp.org code is stored on GitHub, meaning anyone can see every change that was ever made to the website.

Speaking of Flock's blog, they posted a three part series on transparency. Here's how they introduce the series:

"We're presenting this new blog series, Policy Pulse, because the burden of compliance - navigating this messy lattice of rules and oversight - should not stand in the way of public safety."[6]

If they're trying to say that they want to make transparency easier so that officers can spend more time fighting crime and less time on FOIA requests, this is the worst way to say it. The connotations imply a loathing of transparency and a hint of disregard for the rule of law and constitutional protections. But there's still two more posts, so let's see if they double down or redeem themselves:

"In the past, law enforcement agencies had little choice in how public search audits were exported from the Transparency Portal. The field of Search Reason was always included, without the option to remove it. And oftentimes, an officer may include sensitive information in this field regarding a current, active investigation."[7]

If they're trying to say that there used to not be an easy way to redact confidential info, this is the worst way to say it. It feels like coded language for an intent to make it easier for agencies to disclose as little information as possible in FOIA requests, when considering the context of how the search reason field has been used in the past, with thousands of examples of "investigation," "suspect," "donut," "asdf," and similarly vague or meaningless terms being revealed through FOIA requests.[8][9]

In order to address those concerns, Flock went on to introduce a new feature: mandatory Offense Type drop-down selection. Now, if an officer is stalking his ex-girlfriend, instead of typing "inves" as the search reason, he will just have to pick a random crime from the drop-down to pretend to be investigating. This does little to help leadership monitor use of the system, but let's look at a solution that could.

An independent analyst used sample data to build a search anomaly dashboard (below).[10] It graphs a user's historical search queries by hour and performs statistical analysis to flag suspicious search frequencies or other anomalies.

dashboard with search anomaly index score, summary, z-score, hourly activity graph, and search volume

Building on this example dashboard, the system could then have automated alerts, or weekly user analytics reports sent to supervisors for review. It's not a very big ask for a multi-billion dollar company to think of or to implement something that an independent analyst can put together in their free time. Flock could have developed analytics and reporting features years ago, but instead they've been developing new products (something that actually generates revenue). It's also worth noting that law enforcement and council leaderships have not been demanding such accountability measures as customers.

It's easy to talk about transparency, but true values are imbued into all actions big and small, from decision-making to simple word choices. Flock has demonstrated that they are unable or unwilling to put transparency first.

Update 12/17/25: Flock tried to shut down the website of the independent analyst mentioned here, by falsely accusing them of phishing and trademark infringement.[11]

Update 12/19/25: 404 Media reported back in May 2025 that Flock's upcoming product Nova uses breached data obtained from the dark web based on leaked information.[12] This would mean that officers could perform a person search in Nova and receive information about them that was leaked in a data breach. Flock tried to gaslight everyone by explaining that the dark web data discussions only surfaced because some of the agencies in the beta program asked for the option but ultimately they decided not to pursue it.[13] However, an independent researcher uncovered evidence that says otherwise.[14] By inspecting the html code of the Nova front-end website, the researcher showcases data sources explicitly named "Dark Data" with fields for social security number, credit card number, IP addresses, and other sensitive types of personal information.

4. Guilty Until Proven Innocent - AI in Policing

Broadly speaking, society is rapidly embracing the use of AI tools in all sectors, from education to medicine to policing, and we don't really know what the consequences are going to be. One pattern that's beginning to emerge when it comes to AI in policing is a shift from "innocent until proven guilty" to the other way around: guilty unless and until you can prove your innocence. Here are 3 examples of this happening.

First, an innocent trucker was wrongfully arrested after visiting a Casino in Las Vegas because AI said he was a trespasser.[22] It was his first time ever stepping foot inside this Casino, yet security's facial recognition cameras flagged him as someone else, a man who was banned from the Casino. Upon request, the trucker showed security his ID. He had a valid, government issued photo ID saying that he was himself, yet security detained him anyway and called the police because it was a "100% match." The officer confirmed that the ID of the trucker and the banned man on file were both real. The trucker had many other documents in his truck that proved his identity. Regardless, the trucker was arrested and taken to the station for fingerprinting. Only then did the police have sufficient evidence of his innocence and let him go. Because the trucker had fingerprints on file, he was able to prove his innocence. What would've happened if he hadn't had fingerprints on file?

Second, an innocent Tennessee grandmother spent 6 months in jail without bail because AI said she robbed a bank in North Dakota.[23] Investigators used AI facial recognition software on crime scene footage and the results led them to her. She had never been to North Dakota before. If law enforcement hadn't used this software, she never would've been dragged into the investigation to begin with. She was eventually able to prove her innocence with bank records that placed her in Tennessee at the time the crime took place, so investigators dropped the case. She was then released, on Christmas Eve in North Dakota with no jacket and no money to get home. She lost her house, her car, and her dog because of her time stuck in jail. AI made a mistake, the police relied too heavily on it, and the consequences were devastating.

Lastly, an innocent Denver citizen was wrongfully accused of porch piracy because of Flock search results.[24] An officer who was investigating the porch piracy case went fishing in the Flock database and somehow came up with this woman as a suspect. He went to her door and said "you know we have cameras in that town, you can't get a breath of fresh air in or out of that place without us knowing, correct?" First of all, the audacity of this man to say such a thing to an American citizen. But he's not quite wrong; this is where the American surveillance state is. Well, it's not perfect yet considering the "suspect" was in a store when the crime took place. She was able to prove that with self-inflicted surveillance: her phone's GPS timeline data and truck's video footage showed her travel route, and her photos showed her outfit that day which didn't match the porch pirate's. Upon sharing the evidence of her innocence to the Police Chief, the case against her was dropped. What would've happened if she hadn't been collecting all that data on herself?

The theme here is that innocent people get roped into investigations that they never would've been a suspect in, never would've been on law enforecment's radar, if it hadn't been for AI. Then, law enforcement treats the AI's output as hard evidence. The latter is debatable on whether or not that could be changed through policy and legislation, but the former is the core of the issue for me especially as it relates to Flock and ALPR's. ALPR's are a form of dragnet surveillance that create a database of millions of innocent people's whereabouts, which law enforecment can go fishing through any time without a warrant. Mass surveillance / mass data collection, powered by AI, creates these scenarios by definition, not just by mistake. If you're tracking innocent people's travel history, you're already treating them like a potential suspect of a future crime.

p.s. here's a scenario that Flock's AI technology is capable of creating. The following quotes are from a Flock webinar discussing the AI integration between their ALPR's and Raven gunshot detectors.

"What this does is you get a RAVEN alert, an audio detection alert, that there have been gunshots. And our machine learning model will take a look at all of the LPR hits that happened in that area around the time of the gunshot event and deliver you the top five vehicles to really narrow down, instead of having you search for a needle in a haystack, who your top five suspect vehicles might be... Every day, the system compares audio reads were seen nearby audio events and sourced by the most frequent offenders. Take this vehicle, for instance. It has been seen near nine separate instances of gunfire over the last week. Now, this could be a vehicle that was unfortunately in the wrong place at the wrong time, or this could be a repeat offender and a data-driven lead that you could pursue. You can see it displayed on the map here with the specific locations of the LPR read, as well as the audio events."

4. Useful Links

deflock.me
alpr.watch
haveibeenflocked.com
eyesonflock.com
alpranalysis.com
gettheflockoutofhere.com
stopflock.com
plateprivacy.com
alprwatch.org
banishbigbrother.com

Sites like eyesoffgsp in other cities:
deflocksc.org (South Carolina)
livefreeaz.com (Sedona, AZ)
eyesoffeugene.org (Eugene and Springfield, OR)
eyesoffcr.org (Cedar Rapids, IA)
noalprs.org (Austin, TX)
deflocklynnwood.com (Lynnwood, WA)
friendlycitydrivesfree.org (Scottsville, KY)

General surveillance related:
banfacialrecognition.com
Southerners Against Surveillance (SASSI)
lucyparsonslabs.com

References

  1. Gaines, Jon; Cohen, Joseph (11-05-2025). "Examining the Security Posture of an Anti-Crime Ecosystem." zenodo.
  2. Jordan, Benn (11-15-2025). "We Hacked Flock Safety Cameras in under 30 Seconds." YouTube.
  3. (11-03-2025). "Wyden, Krishnamoorthi Urge FTC to Investigate Surveillance Tech Company on Negligently Handling Americans' Personal Data." senate.gov
  4. (11-06-2025). "Response to Compiled Security Research on Flock Safety Devices." Flock Safety.
  5. (05-05-2025). "Gunshot Detection and License Plate Reader Security Alert." Flock Safety.
  6. Thomas, Josh (09-12-2025). "Policy Pulse: Compliance Doesn't Have to Be So Hard." Flock Safety.
  7. Thomas, Josh (10-30-2025). "Policy Pulse: Transparency, Control, and the Path Forward." Flock Safety.
  8. Begley, Ghisolfi, and deGrood (06-10-2025). "Houston police use a powerful surveillance tool to track vehicles. But they're not explaining why." Houston Chronicle.
  9. "Reason Search - Search the reasons given for Flock database searches." Have I Been Flocked?
  10. H.C. van Pelt (12-03-2025). "Feature: Search Anomalies and Account Sharing." Have I Been Flocked?
  11. H.C. van Pelt (12-16-2025). "Flock and Cyble Inc. Weaponize "Cybercrime" Takedowns to Silence Critics." Have I Been Flocked?
  12. Cox, Joseph (05-14-2025). "License Plate Reader Company Flock Is Building a Massive People Lookup Tool, Leak Shows." 404 media.
  13. (05-30-2025). "Correcting the Record: Flock Nova Will Not Supply Dark Web Data." Flock Safety.
  14. Joshua (12-11-2025). "License Plate Reader Company Flock Said It Does Not Use Dark Web Data. My Analysis of Their Code Tells a Different Story." Nexanet
  15. Jordan, Benn (12-22-2025). "This Flock Camera Leak is like Netflix For Stalkers." YouTube.
  16. Snow, Adam and Carpentier, Cory (01-2024). "Flock Safety Technologies in Law Enforcement: An Initial Evaluation of Effectiveness in Aiding Police in Real-World Crime Clearance." ResearchGate.
  17. Cushing, Tim (04-01-2024). "Studies Show Flock's ALPRs Reduce Crime… So Long As Flock Controls The Inputs And The Methodology." techdirt.
  18. Koebler, Jason (03-20-2024). "Let’s Talk About the Flock Study That Says It Solves Crime." 404 media.
  19. Soicher, Spencer (10-25-2025). "Denver mayor touts Flock cameras for solving a case that isn't solved." 9 News.
  20. Community Data Clinic (Fall 2023). "Automated License Plate Readers (ALPRs): Surveillance & Policing." Illinois.edu.
  21. H.C. van Pelt (12-28-2025). "3,466 Searches, Zero Hits: How Flock Failed an Amber Alert." Have I Been Flocked?
  22. EWU Bodycam (12-11-2025). "When AI Gets an Innocent Man Arrested." YouTube.
  23. Dunbar, Marina (03-12-2025). "Tennessee Grandmother Jailed After AI Facial Recognition Error Links Her to Fraud." The Guardian.
  24. Kenney, Andrew (10-27-2025). "Police used Flock cameras to accuse a Denver woman of package theft. She had her own evidence" Denverite.