The Growing Interest in License Plate Surveillance
The FBI intelligence division has set its sights on a vast network of road cameras. These are not the red-light or speed cameras you might expect. Instead, they are automated license plate readers (ALPRs) mounted on patrol cars, traffic poles, and even private property. The agency wants direct, real-time access to the data these devices collect. This move sparks a familiar tug-of-war: improved law enforcement coordination versus the erosion of personal privacy and local oversight. Thousands of these cameras are already operating across the United States, and the prospect of federal agents tapping into the feed raises serious questions about who controls the information and how it might be used.
The company at the center of this discussion is Flock Safety. Flock provides a large share of the ALPR systems used by local police departments. According to the company, sharing data with federal agencies is not automatic. It requires a deliberate opt-in decision by the local agency that owns the cameras. Yet the FBI’s request for proposals (RFP) suggests a different ambition: direct, streamlined access. The RFP specifically asks contractors to identify the geographic location of their servers. This detail hints at a desire to verify that data handling complies with the patchwork of state and local laws that currently limit license plate data sharing. The tension between federal investigative needs and state-level privacy protections defines this unfolding story.
How Flock’s Opt-In Model Works
Flock Safety maintains that its system is not a surveillance free-for-all. The company has repeatedly stated that there is no backdoor into its network. Local law enforcement agencies own the data their cameras generate. If a town council or police department decides to grant data access to a federal body, they must actively enable that sharing. By default, the sharing toggle is set to off. This design places the decision squarely in local hands.
However, the line has blurred before. Last year, Flock ran a pilot program that temporarily gave access to several federal entities. These included Customs and Border Protection, Homeland Security Investigations, the Secret Service, and the Naval Criminal Investigative Service. Senator Ron Wyden’s office confirmed the pilot after Flock disclosed it. The company also notes that it counts federal customers among its clients, such as National Parks, Veterans Affairs hospitals, and military bases. Yet it explicitly states it does not work with Immigration and Customs Enforcement. These distinctions matter because they show that federal involvement is not hypothetical. It is already happening, albeit in limited ways.
The company’s own words are instructive: “Flock data belongs to the agency that owns the cameras. There is no backdoor into Flock. Any access is explicitly permission-based and opt-in by the local agency.” This statement frames the company as a neutral technology provider. But the political pressure is mounting. In March of last year, Flock announced it was “defining a new relationship with federal law enforcement” that would include conditions to preserve local control. The FBI’s RFP suggests that the agency wants to bypass the opt-in friction and move toward a more direct, always-on connection.
State Laws That Complicate Federal Access
California has taken a hard stance on license plate data. State law prohibits state and local agencies from sharing ALPR information with out-of-state or federal law enforcement bodies. This is one of the strongest privacy protections in the nation, and it directly clashes with the FBI’s plan. Virginia followed a similar path. A law enacted last year imposes comparable limits on data sharing with federal authorities.
But laws are only as good as their enforcement. In January 2024, the Electronic Frontier Foundation (EFF) published a report revealing that dozens of California law enforcement agencies had violated the state’s ALPR sharing restrictions. They had passed data to out-of-state agencies, likely unintentionally in many cases. This gap between written law and real-world practice highlights a fundamental challenge. Even when states try to build walls, the technology’s default settings or simple human error can create leaks.
The FBI’s RFP includes a requirement that contractors disclose the physical location of their servers. This seems like a compliance audit tool. The agency wants to know where the data resides to ensure it is not violating state laws. Yet the request also implies that the FBI expects to navigate a complex legal landscape. It raises the question: if the data never leaves a state’s borders, does that satisfy the law? Or does remote access by federal agents itself constitute a violation, regardless of server location? These are the gray areas that courts may eventually have to resolve.
Privacy Concerns and the Risk of Mission Creep
License plate readers are not new. They have been used for years to track stolen vehicles, solve hit-and-runs, and locate wanted suspects. What has changed is the scale. A single camera on a busy street can capture thousands of plates in a day. When multiple cameras are networked, the system can reconstruct a person’s movements over time. For a local police department, this might mean solving a property crime. For a federal agency, it could mean tracking someone of interest across state lines.
The danger of mission creep is real. A system designed for local traffic enforcement can easily be repurposed for immigration monitoring, national security surveillance, or even political intelligence gathering. Although Flock says it does not work with ICE, the FBI’s interest signals that federal appetite for this data is expanding. Privacy advocates worry that once the pipeline is opened, it will be nearly impossible to shut down. The technology does not discriminate between a stolen car and a routine commute. It records everything.
Consider a hypothetical driver. They live in a small town that recently installed Flock cameras. The town council, without much public debate, opted in to federal data sharing as part of a crime prevention grant. That driver’s plate is captured every day as they drive to work. That data, timestamped and geotagged, becomes accessible to federal analysts. They do not need a warrant. They do not need to suspect this person of a crime. They simply search the database. This is the kind of scenario that fuels the privacy versus security debate.
What This Means for Local Police Chiefs
Local police chiefs face a difficult decision. They must balance the promise of federal partnerships against the legal and ethical risks. If a chief opts in to federal sharing, they may receive faster support in a joint investigation. But they also open themselves to liability. If their state has a law like California’s, they could be violating it. Even in states without specific restrictions, the public may react negatively once they learn their data is flowing to Washington.
Chiefs need to understand their state’s legal framework. They should review their ALPR vendor contracts and ask pointed questions about data access logs. They should also hold public meetings to explain the technology and its uses. Transparency builds trust. Without it, a community may push back hard, as some already have. Several cities have voted to remove Flock cameras after residents voiced privacy concerns. The local leader is on the front line of this debate.
You may also enjoy reading: FortiSandbox & FortiAuthenticator RCE Flaws: Fortinet Warns.
Questions About Data Sharing Compliance
What if a local agency unknowingly violates state law by sharing ALPR data?
Ignorance is not a legal defense, but it is a realistic scenario. The EFF report showed that many California agencies likely did not realize the data was leaving their jurisdiction. The fault often lies in default settings or third-party agreements. To avoid this, agencies should conduct annual audits of their data sharing. They should request from their vendor a complete list of entities with access privileges. If any unauthorized sharing is found, it should be stopped immediately and reported to the state’s privacy office. Training for officers and IT staff on the specific state law is also essential.
How do I find out if my community’s ALPR cameras are sharing data with federal agencies?
This information is not always easy to come by. Start by filing a public records request with your local police department or town council. Ask for any memoranda of understanding or data sharing agreements with federal bodies. Also ask for the vendor logs that show who has accessed the system. Some states, like California, require agencies to publish annual transparency reports on their ALPR use. If your state has such a requirement, check the agency’s website. If not, you can contact groups like the Electronic Frontier Foundation for guidance on how to request the data.
Why does the FBI specify server location in its request for proposals, and what does that mean for state compliance?
The server location requirement is a compliance indicator. The FBI wants to know that the data is stored within the United States and, more importantly, within states whose laws allow for federal access. If a vendor stores data in California, the FBI may not be able to access it legally under current California law. By forcing vendors to reveal server locations, the FBI can check whether a particular agency’s data is accessible. This could lead to a scenario where the FBI only contracts with vendors whose servers are in states with permissive sharing laws. For local agencies in restrictive states, this might mean their data is effectively walled off from the FBI unless they change their vendor or server location.
Are there any federal laws that would override state restrictions on ALPR data sharing?
Currently, no federal statute directly overrides state privacy laws on license plate readers. However, federal agencies often argue that their work falls under national security or interstate law enforcement, which can sometimes preempt state bans. The Fourth Amendment requires a warrant for searches, but license plate data is often considered “public” since plates are visible in public. The Supreme Court has not directly ruled on whether warrantless mass collection of plate data violates privacy. Until Congress acts or the Court rules, the legal landscape remains a patchwork. The FBI’s RFP suggests they are trying to work within existing constraints, but they are also pushing the boundaries.
The Broader Debate: Security Versus Privacy
Proponents of broad ALPR access argue that the technology saves lives. A stolen child or a fleeing suspect can be located in minutes rather than hours. Federal involvement allows for coordination across state lines, which is crucial in a mobile society. The FBI intelligence division already shares information with local, state, tribal, and federal partners. Giving them direct read access to ALPR networks could cut response times and close cases that would otherwise go cold.
Critics counter that convenience should not trump constitutional protections. They point to the potential for abuse, especially against marginalized communities. The pilot program that included Customs and Border Protection and Homeland Security Investigations raises flags for immigration advocates. Even though Flock says it does not work with ICE, the data path is there. A local agency that opts in could be funneling information to federal partners who then pass it to ICE through back channels. The EFF report on California violations shows that data flows are not always transparent. Once shared, data can be copied, stored, and analyzed indefinitely.
The debate is not just about rights. It is about local control. Communities should have the final say over surveillance tools deployed on their streets. State laws like those in California and Virginia are attempts to preserve that control. The FBI’s push for wide access is a centralizing force. It treats license plate data as a national resource, not a local one. This fundamental conflict will play out in city councils, state legislatures, and possibly the courts for years to come.
The story of the FBI’s pursuit of license plate cameras is not over. It is a snapshot of a larger struggle over data, privacy, and the balance of power in a connected world. For now, the best defense is awareness. Know your local policies. Ask questions. Hold your leaders accountable. The cameras are watching, but so should we.
