License plate reader privacy risks: how Flock Safety became mass surveillance
In April 2026, the city of Oshkosh, Wisconsin approved a contract with Flock Safety during an evening council meeting and revoked it the following morning. The reason: Flock's own chief information security officer had told the council, under direct questioning, that the system could not map a vehicle's movements over time. By the next day, officials had confirmed that was false. "I don't know how I can make a decision if you lie to me," Deputy Mayor Joe Stephenson said. Mayor Matt Mugerauer was blunter: "Shame on them." The contract was gone in under 24 hours, setting what the ACLU described earlier this month as a record for the shortest span between contract approval and cancellation in Flock's history.
Automatic license plate readers, or ALPRs, are cameras mounted at roadsides and intersections that photograph every passing vehicle, logging the plate, make, model, color, location, and timestamp. The pitch is crime-fighting. What Oshkosh's council didn't know until the morning after is the core problem with license plate reader privacy risks: these systems don't just capture criminals. They track everyone, continuously, and the data stays searchable for years. That's not incidental to how they work. It is how they work.
There is no warrant requirement to search Flock's database. Any officer with access can query any plate for any reason, and the only thing standing between that query and abuse is a text field asking why. That design choice, made by the vendor and accepted by thousands of agencies, is the central failure this piece examines.
What follows explains how Flock's network actually functions, why its architecture makes stalking cases and policy violations not exceptional but foreseeable, and what meaningful safeguards would genuinely require. The stalking cases are the proof of concept. The surveillance infrastructure is the real story.
What the system actually captures: scale, retention, and the tracking problem
Video of the Day

To understand why ALPR data is so sensitive, it helps to trace what happens between a camera and a search result.
When a vehicle passes a Flock camera, the system extracts the plate number, make, model, color, and distinguishing features, then attaches a timestamp and geotag to that record. That observation gets stored in a searchable database. Each subsequent sighting of the same plate adds another data point. Query that plate later and you get not a single observation but a map: where the vehicle appeared, when, and in what sequence. Flock later confirmed, after initially denying this capability to Oshkosh officials, that its system can generate a "heat map" of every location where a specific vehicle was sighted over a rolling 30-day window, as the ACLU documented. California's legislative analysis of proposed ALPR reform describes these systems explicitly as "a form of location surveillance" capable of revealing daily routines, medical and religious destinations, and personal associations, with most ALPR data stored for extended periods, often up to five years, per the California Assembly Policy Analysis of SB 274.
This is less like a security camera and more like a barcode scanner running continuously on every car in the city. It doesn't wait for a suspicious vehicle. It logs everyone. And because Flock's lower-cost model allows not just police departments but homeowners' associations, neighborhood groups, and private citizens to install readers and share data with law enforcement, the network is far larger than any public agency has built on its own, as the UW Center for Human Rights documented in late 2022.
The dragnet catches almost no crime relative to the surveillance it conducts. Nationwide, the ACLU estimates fewer than 0.2% of plate scans are linked to criminal activity or registration violations, a figure cited by the UW Center for Human Rights. Individual Washington state agencies fared even worse: Bellingham Police Department reported a hit rate of roughly 0.00003%, Monroe came in at 0.00032%. Those numbers define the ratio of privacy consumed to safety produced.
A common defense is that ALPRs are just a faster version of an officer writing down plates. One Ridgeland, Mississippi department runs more than 50 cameras, roughly one per 500 residents, with query access to tens of thousands more across Flock's national network, EFF reported in May 2026. No officer with a notepad builds a permanent, searchable archive of where every resident drove over the past five years. The analogy fails because the scale changes what the thing is.
Video of the Day
How the network enables license plate tracking: sharing, hotlists, and what no one voted for

The database a Flock camera feeds is only part of the picture. What amplifies the surveillance is how agencies connect to each other.
Agencies that lease Flock cameras can opt into a shared national pool, meaning a single plate query can sweep across thousands of networks simultaneously. Most agencies choose to share broadly; a single city's camera network is commonly searched hundreds of thousands of times each month as part of that pool, EFF found. The decision to share, or to subscribe to federal enforcement lists, is largely made at the administrative level, without public deliberation.
A 2020 California state audit found agencies had "risked individuals' privacy by not making informed decisions about sharing data, by following poor practices for granting staff access, and by failing to audit system use," a finding that predates Flock's current scale and remains substantially unaddressed, per the SB 274 legislative analysis.
Buried in Flock's administrative interface is a dropdown menu where agencies select which federal hotlists their cameras cross-reference. One option, the "Immigration Violator" list, is populated exclusively by ICE, includes plates associated with administrative warrants issued without judicial review, and routes alerts to local officers when ICE-flagged vehicles are spotted, according to EFF's investigation published last month. EFF found that Sparks Police Department in Nevada publicly listed immigration enforcement as a prohibited use in its transparency portal while simultaneously running the ICE Immigration Violator hotlist in its backend settings.
Subscribing to that hotlist requires no public vote, no policy change, no announcement. It is a checkbox. That is how a department with a written sanctuary policy can be running immigration enforcement through the same system, without anyone necessarily lying, just by not examining the settings. The gap between official policy and actual system configuration is not a loophole; it is the design.
The sharing defaults and hotlist architecture distribute tracking capacity broadly while concentrating accountability nowhere. That structural fact explains why misuse is predictable before examining any specific incident.
What agencies actually use it for, and how routine the overreach has become

EFF's analysis of millions of Flock searches, published in May 2026, found agencies using the system for school enrollment residency checks, employment background investigations, noise complaints, and similar non-criminal bureaucratic purposes. This is not occasional. It is routine, EFF found.
Between January 2025 and March 2026, one school police agency ran more than 375 ALPR searches listed as residency verification. By the first three months of 2026, three-quarters of all that agency's searches carried that purpose, EFF reported. Every such search can expose a family's doctor visits, worship attendance, and daily travel patterns to a district administrator pursuing a zoning dispute. EFF also identified 26 agencies that queried ALPR networks over noise complaints, in some cases sweeping more than 6,500 camera networks to investigate a loud exhaust or thumping bass.
Then there are the harder cases. Texas law enforcement conducted a search across more than 83,000 Flock cameras in a case involving a woman alleged to have self-managed an abortion, according to reporting cited in the SB 274 legislative analysis.
What makes this possible is the access architecture. The primary control between an officer and a plate search is a free-text reason field. In September 2025 alone, a single Oregon department cleared Flock's oversight system 111 times by typing "investigation" and 20 more times by typing "hehehe," each logged, none flagged, as the ACLU documented. The audit log creates a paper trail; it does not create a gate.
The school residency, noise, and abortion cases are not edge cases. They demonstrate that a system sold for serious crime is, in practice, general-purpose location surveillance deployed at institutional convenience.
When tracking becomes stalking: the personal abuse cases

The pattern above describes institutional overreach. What happens when the same unconstrained access is available to individual officers with personal motives is a logical extension of the same system. The mechanism is identical. The target is a person, not a case.
Investigations and civil society reporting document at least 20 cases in which officers used Flock to monitor romantic partners or ex-partners, predominantly women, over extended periods, often involving hundreds of individual lookups, per the Business & Human Rights Resource Centre. In one documented case from summer 2024, a Florida police officer allegedly queried his ex-girlfriend's plate at least 69 times over several months, her mother's plate at least 24 times, and her father's at least 15 times, all without a warrant and apparently without triggering any automated alert, according to the Business & Human Rights Resource Centre.
Most of these cases came to light only after external complaints, audits, or public records investigations, not through any proactive detection built into the system. The documented cases almost certainly undercount total abuse, representing only incidents severe enough to result in termination or arrest, the Business & Human Rights Resource Centre notes.
Flock told 404 Media it was aware of 15 abuse incidents, describing them as "rare" relative to 140,000 monthly active users, and argued its platform actually surfaces misconduct through transparency tools, as summarized by the Business & Human Rights Resource Centre. That claim has a specific problem: the ACLU Massachusetts audit shows those tools are easily bypassed by typing generic or nonsensical justifications into the search reason field. A transparency system that logs "hehehe" as a valid search reason is not surfacing misconduct; it is recording it after the fact.
The Florida officer tracked a woman's daily movements across her entire family for months using the same interface, the same hotlists, and the same warrant-free query process used for noise complaints and school residency checks. That's the point. It is what unconstrained access to a mass tracking system produces, regardless of who is sitting at the keyboard.
What meaningful oversight would actually require
Legislation is moving. The question is whether it addresses the structural problem or only its paperwork.
California's SB 274, which passed the state senate 26-10, would require supervisory approval for database access, mandatory privacy training, annual state audits, and deletion of non-hotlist data within 60 days of collection, per the bill's legislative analysis. Each of those measures would raise the cost of the abuses documented above. Shorter retention windows alone would have meaningfully limited the Florida stalking case, which depended on months of accumulated sighting history.
But the bill's own analysis acknowledges a hard limit: the annual audits are designed to verify whether agencies have a compliant written policy, not whether that policy governs actual behavior, as the legislative analysis notes. The Sparks hotlist gap, where policy says one thing while the system does another, would survive an audit of exactly that kind.
Then there is the vendor credibility problem. Flock told an Urbana, Illinois city council in 2021 that it had collaborated with the ACLU in designing its system's civil liberties protections. The ACLU states flatly that neither it nor any affiliate has ever partnered with Flock Safety or contributed to the design of any Flock product, as the ACLU confirmed earlier this month. That pattern matters because city councils rely on vendor representations to make decisions they lack the technical expertise to verify independently. The information asymmetry is structural, and reform has to account for it.
A council evaluating an ALPR contract should ask not whether the agency has a privacy policy, but whether the system enforces one. The questions worth putting to any vendor:
- Does accessing a plate require preapproval from a supervisor, built into the system rather than just policy on paper?
- Does the system block hotlist subscriptions that contradict the agency's posted policy?
- Is there a warrant requirement for any category of search?
- Are private cameras disclosed as feeding the network, and is there public notice?
- What happens when someone types "hehehe" into the justification field?
If the answers are vague, that is itself diagnostic.
Where things stand, and what to check locally
Oshkosh reversed its contract in 24 hours once it had accurate information. The harder question is how many councils approved contracts without it, and whether the agencies already running these systems are reporting back to the elected officials who funded them: What hotlists are active? Who can query a plate without supervisory approval? Where does the data go, and for how long?
Pending bills like California's SB 274 represent genuine progress on retention limits and access controls. What they cannot do, by design, is verify whether agency behavior matches written policy. Closing that gap requires either technical enforcement built into the platform itself, independent audits with actual query-log access, or both.
Readers who want to assess their own jurisdiction can start with EFF's Atlas of Surveillance and the EyesonFlock.com index of agency transparency portals. In those portals, look for: retention period (anything over 60 days for non-hotlist data warrants scrutiny), which NCIC hotlists are listed, whether immigration enforcement appears as a prohibited use alongside an active NCIC subscription, whether warrant language appears anywhere, and whether private cameras are disclosed as feeding the network. If those answers are missing or inconsistent, that is itself the answer.