Flock Safety Pauses All Federal Programs After Privacy Violations Surface
Bottom Line Up Front: U.S. Customs and Border Protection secretly accessed more than 80,000 automated license plate reader cameras across the nation through undisclosed pilot programs, creating a massive federal surveillance network that many local police departments didn’t even know they were participating in. Following revelations of state law violations and privacy breaches, Flock Safety has suspended all federal agency partnerships.
Smart City Cybersecurity Assessment | CyberSafe.City
A sweeping federal surveillance program has been exposed that gave U.S. Customs and Border Protection (CBP) direct access to more than 80,000 Flock automated license plate reader (ALPR) cameras nationwide, according to new reporting and data obtained from police departments. The revelation shows that CBP’s surveillance reach was far more extensive than previously known, creating what privacy advocates describe as a dangerous expansion of federal monitoring capabilities into American communities.
Secret Pilot Programs Revealed
The data shows that CBP’s access to Flock’s network is far more robust and widespread than has been previously reported, contradicting earlier claims by Flock Safety that federal access was limited to rare, one-to-one sharing agreements. The company had initially characterized these arrangements as minimal pilot programs, but the scope of access tells a different story.
The controversy began to unfold when 9 News in Colorado reported that CBP has direct access to Flock’s ALPR backend “through a pilot program” and revealed that the Loveland, Colorado police department was sharing access to its Flock cameras directly with CBP. According to Flock Safety representatives, Border Patrol requested access from agencies nationwide, with 25 Colorado departments agreeing to share data.
What made this revelation particularly concerning was that one of the police departments 404 Media spoke to said it did not know or understand that it was sharing data with CBP. This lack of awareness among local agencies highlighted a fundamental breakdown in transparency about how their surveillance data was being used by federal authorities.
The Flock Safety Network: More Than License Plates
Flock Safety operates what has become the nation’s largest automated license plate reader network, with cameras installed in over 5,000 communities across 49 U.S. states, performing over 20 billion scans of vehicles in the U.S. every month. But these cameras do far more than simply read license plates.
The surveillance system creates what the company calls “vehicle fingerprints” with make, model, color, and other identifying characteristics of the vehicles captured such as roof racks. It can also distinguish between permanent and temporary (paper) plates. The cameras record license plates, and collect images to create a vehicle fingerprint that are searchable for features such as type, color, bumper stickers or roof racks.
This comprehensive data collection creates a powerful surveillance tool that can track vehicles across vast geographic areas. Flock’s goal is to expand to “every city in the United States,” and its cameras are already in use in over 2,000 cities in at least 42 states, creating what privacy advocates describe as a nationwide mass surveillance system.
State Law Violations Surface
The full scope of the problem became clear when Illinois Secretary of State Alexi Giannoulias alleged that Flock Safety illegally shared data with federal agencies. Following an audit, Giannoulias said Flock Safety permitted CBP to access cameras on Illinois roads and surveil drivers, which violated state privacy laws.
Illinois has a 2023 state law that prohibits the sharing of license plate data with police departments investigating issues related to out-of-state abortions or undocumented immigrants. The violation was “compounded by the fact that the company was running a pilot program with U.S. Customs and Border Protection, which Flock leadership was unaware of”, according to Giannoulias.
This revelation about Illinois was particularly significant because it demonstrated how the federal pilot program could circumvent state-level privacy protections that communities had specifically enacted to protect residents.
Company Response: “We Clearly Communicated Poorly”
Faced with mounting criticism and evidence of widespread violations, Flock Safety CEO Garrett Langley acknowledged significant failures in the company’s federal partnerships. “We clearly communicated poorly. We also didn’t create distinct permissions and protocols in the Flock system to ensure local compliance for federal agency users,” Langley admitted in a public statement.
In response to the controversy, Flock told 404 Media Monday that it has “paused all federal pilots”. The company has also implemented several changes to its system:
- Search term blocking: Flock Safety implemented a system update that blocks searches containing terms such as “abortion,” “immigration,” or “ICE” (Immigration and Customs Enforcement)- Federal identification: Federal inquiries are now clearly identified as such, and federal agencies will no longer be able to make blanket national or even statewide searches, but only one-on-one searches with particular police agencies- Enhanced compliance tools: The company says it is developing new compliance mechanisms, though details remain limited
Previous ICE Connections
This CBP access revelation builds on earlier reporting about federal immigration enforcement using Flock’s network. In May, 404 Media reported that local police were performing lookups across Flock on behalf of ICE, because that part of the Department of Homeland Security did not have its own direct access. The new findings show that CBP had developed its own direct access capabilities, expanding federal surveillance reach even further.
The distinction is important: while ICE had been relying on local police to conduct searches on their behalf, CBP had obtained the ability to directly query the massive camera network independently, representing a significant escalation in federal surveillance capabilities.
Privacy Advocates Sound Alarms
Civil liberties organizations have long warned about the dangers of Flock Safety’s expanding surveillance network. The American Civil Liberties Union argues that “there’s no reason the technology should be used to create comprehensive records of everybody’s comings and goings — and that is precisely what ALPR databases like Flock’s are doing”.
The Electronic Frontier Foundation has been particularly critical, noting that Flock’s data-sharing network does not account for how law enforcement policies, regulations, and accountability vary by jurisdiction. This creates a situation where “if an officer on the other side of the country violates your privacy, it’d be difficult to hold them accountable”.
Examples of Misuse
The federal access controversy is just the latest in a series of documented abuses of the Flock system:
- Personal harassment: A police chief in Kansas City admitted to using it to track his ex-girlfriend 228 times- Abortion-related surveillance: In Illinois, a police department shared data with a Texas sheriff on a missing woman after her family said she underwent a self-administered abortion- Mistaken identity: In Española, New Mexico, a 21-year-old woman and her 12-year-old sister were handcuffed at gunpoint after a Flock camera misread their license plate, confusing a “2” for a “7”
Broader Surveillance Context
The CBP access revelation comes as the agency is significantly expanding its surveillance capabilities under the Trump administration. CBP is seeking “advanced AI” technologies to surveil urban residential areas, increasingly sophisticated autonomous systems, and even the ability to see through walls, according to documents obtained by The Intercept.
This urban surveillance expansion represents a detailed wish list of tech CBP hopes to purchase, with state-of-the-art, AI-augmented surveillance technologies central to the Trump administration’s anti-immigrant campaign, which will extend deep into the interior of the North American continent.
State-Level Pushback
Several states and localities have enacted or are considering restrictions on license plate reader data sharing:
- Colorado: Passed a 2025 law banning state and local governments from sharing personal identifying information for immigration enforcement, with license plates considered personal identifying information- Denver: Removed itself from the nationwide network in April due to immigration enforcement concerns and cut off Loveland’s access to its Flock data after learning about the CBP sharing- Various cities: Communities from Austin to Norfolk are pushing back against Flock deployments over privacy concerns
Technical Vulnerabilities
Privacy experts emphasize that the problems with Flock’s system go beyond policy issues. ALPR surveillance systems are inherently vulnerable to both technical exploitation and human manipulation, making them difficult to secure against abuse regardless of the safeguards put in place.
The interconnected nature of the system means that Austin, Texas, had implemented one of the most restrictive ALPR programs in the country, and the program still failed: the city’s own audit revealed systematic compliance failures that rendered its guardrails meaningless.
What This Means for Privacy
The revelation of CBP’s extensive access to Flock cameras represents a fundamental shift in federal surveillance capabilities. By leveraging local police camera networks, federal agencies have gained the ability to track vehicle movements across the entire United States without deploying their own infrastructure or navigating traditional oversight mechanisms.
This creates what privacy advocates call a “backdoor” surveillance system that bypasses many of the legal protections and oversight mechanisms typically required for federal surveillance programs. The fact that many local police departments were unaware of the data sharing suggests a deliberate effort to obscure the extent of federal surveillance activities.
Current Status and Future Concerns
While Flock Safety has paused its federal pilot programs, significant questions remain about the future of these partnerships and the data that was already collected. The company has not disclosed:
- How long the CBP access existed- What data was actually accessed or used- Whether other federal agencies had similar access- What safeguards will prevent future unauthorized access
Flock Safety’s cameras capture billions of photos of license plates each month, creating a vast database of American travel patterns. The company’s goal of expanding to every city in the United States, combined with the demonstrated willingness to provide federal access, raises profound questions about privacy and civil liberties in an increasingly surveilled society.
As communities across the country grapple with decisions about whether to deploy these surveillance systems, the CBP access scandal serves as a stark reminder that the promise of enhanced public safety through technology often comes with hidden costs to privacy and democratic oversight that may only be discovered after the surveillance infrastructure is already in place.
The pause in federal pilot programs represents a temporary reprieve, but the fundamental architecture that enabled this massive surveillance network remains intact. Without comprehensive federal privacy legislation and stronger local oversight, similar breaches of public trust are likely to occur as surveillance technology continues to expand across American communities.