For creators and artists, the landscape of surveillance technology is becoming increasingly opaque, yet the recent exposure of Flock’s data practices highlights a critical vulnerability that extends far beyond the studio. While this leak concerns law enforcement databases rather than creative assets, it serves as a stark reminder that automated systems designed for efficiency can inadvertently expose sensitive information in public view, a risk that parallels the privacy concerns artists face when deploying their own digital tools.
The Leak Explained
Automatic license plate reader (ALPR) provider Flock inadvertently revealed the rationale behind police searches, alongside specific license plate details, within standard search engines such as DuckDuckGo and Bing. This anomaly was confirmed through rigorous testing by privacy advocates, 404 Media, and a subsequent official statement from the company.
The incident represents an atypical data breach, illustrating how surveillance infrastructure can leak information through unexpected channels. 404 Media previously reported that Flock had also exposed live feeds from certain cameras, suggesting a pattern of systemic data exposure.
In May, the NoCo Privacy Coalition, an activist group focused on Northern Colorado, shared with 404 Media several search engine results that appeared to disclose data linked to Flock queries.
“Flock appears to be leaking tons of law enforcement vehicle queries and possible user data. Data publicly visible in search result URLs includes: license plate state and numbers, make, model, color, identifiers such as ‘window stickers’ and ‘top rack,’ case number, and more,” the organization said.
404 Media replicated these findings on DuckDuckGo, uncovering multiple URLs containing apparent license plates. These results also displayed the reason for the search—ranging from specific case numbers to terms like “GTA,” short for grand theft auto, and “Investigation”—and, in some instances, the date range of the scan.
“We are continuing to review how this information may have been indexed and are working with relevant parties to remove any cached content where appropriate,” a Flock spokesperson told 404 Media via email.
How the Cameras Work
Flock’s cameras, deployed across thousands of communities nationwide, continuously scan passing vehicles to capture license plates, brand, model, colour, and other identifying features. The company then makes this data accessible to law enforcement for searching, typically without the requirement of a warrant. This practice has ignited an ongoing debate regarding privacy implications, leading many communities to either abolish the use of these cameras entirely or maintain their deployment despite the controversy.
In its official response, Flock stated that the content appearing in search engine caches does not seem to include actual search results or underlying law enforcement data. Instead, the examples appear to reflect portions of search queries indexed by third-party engines like Bing search on Yahoo and DuckDuckGo. The company noted that the results appear to number around 70 in total, dating from 2024 to 2025.
“Protecting customer data is a top priority for Flock, and we take reports of potential data exposure seriously. We will continue investigating this matter and take any appropriate action based on our findings,” the company added.
Key takeaways
- Privacy advocates and 404 Media confirmed that Flock exposed specific license plate data and search rationales in public search engine results.
- The NoCo Privacy Coalition identified that URLs revealed details such as vehicle colour, make, model, and case identifiers.
- Flock attributes the issue to third-party indexing of search queries rather than a direct leak of law enforcement data.
- The company has pledged to investigate the matter further and remove cached content where appropriate.
Stay ahead of AI. Get the most important stories delivered to your inbox — no spam, no noise.
