Automatic license plate reader (ALPR) company Flock exposed the reasons cops conducted searches, and sometimes the specific searched license plates, in common search engines like DuckDuckGo and Bing, according to tests by privacy advocates and 404 Media and a statement from the company.
The news marks an unusual data breach, and shows that sometimes surveillance technology can leak data in unexpected ways. 404 Media previously reported that Flock exposed the live feeds of some of its cameras.
In May the NoCo Privacy Coalition, an activist organization focused on Northern Colorado, shared with 404 Media multiple search engine results that appeared to expose some data related to Flock searches.
💡
Do you know anything else about Flock? I would love to hear from you. Using a non-work device, you can message me securely on Signal at joseph.404 or send me an email at joseph@404media.co.
“Flock appears to be leaking tons of law enforcement vehicle queries and possible user data. Data publicly visible in search result URLs includes: license plate state and numbers, make, model, color, identifiers such as ‘window stickers’ and ‘top rack,’ case number, and more,” the organization said.
404 Media performed some of the searches on DuckDuckGo and found multiple URLs that included apparent license plates; the reason for the search (such as what appears to be a case number, or another that says “GTA,” short for grand theft auto, and another reading “Investigation”); and in some cases the date range of the search.
“We are continuing to review how this information may have been indexed and are working with relevant parties to remove any cached content where appropriate,” a Flock spokesperson told 404 Media in an email.
Flock’s cameras, which are stationed in thousands of communities around the country, continually scan the license plate, brand, model, color and some other identifying features of all vehicles that drive past them. Flock then makes this data available to law enforcement to search, typically without a warrant. An ongoing debate around the privacy implications of Flock cameras has resulted in many communities deciding to stop their use of the cameras entirely, or in some cases keep using them.
In its statement Flock said, “The content appearing in search engine caches does not appear to include search results or underlying law enforcement data. Rather, the examples appear to reflect portions of search queries indexed by third-party search engines, like Bing search on Yahoo and DuckDuckGo.” Flock said the results appear to be around 70 in total, and date from 2024 to 2025.
“Protecting customer data is a top priority for Flock, and we take reports of potential data exposure seriously. We will continue investigating this matter and take any appropriate action based on our findings,” the company added.
