A growing controversy has hit Flock Safety, the U.S. surveillance company behind one of the nation’s largest networks of license plate-scanning cameras. Lawmakers Sen. Ron Wyden (D-OR) and Rep. Raja Krishnamoorthi (D-IL) have formally urged the Federal Trade Commission (FTC) to investigate the company for failing to adequately protect sensitive data from hackers — sparking a major Flock Safety cybersecurity debate.
Exposed Logins Could Risk Massive Surveillance Breach
In their letter to FTC Chairman Andrew Ferguson, the lawmakers warned that Flock’s platform may be dangerously exposed because the company does not require the use of multi-factor authentication (MFA). This key security feature prevents unauthorized access even if a password is compromised.
Wyden and Krishnamoorthi stated that without mandatory MFA, stolen police logins could allow hackers or foreign actors to access “law-enforcement-only areas” of Flock’s system — and search through billions of photos of Americans’ license plates captured by cameras funded with taxpayer money.
The risk, they said, is not theoretical. Data shared by cybersecurity firm Hudson Rock reportedly shows that some law enforcement credentials were stolen and circulated online, while independent researcher Benn Jordan found a Russian cybercrime forum selling alleged access to Flock accounts.
Flock Safety Defends Its Security Measures
In response, Flock’s Chief Legal Officer Dan Haley said the company made MFA a default setting for all new customers starting in November 2024. According to his letter, 97% of law enforcement clients have already enabled MFA, leaving around 3% of agencies without the additional protection.
Haley said the remaining agencies declined MFA for “specific reasons,” but Flock declined to reveal how many departments were affected or whether any federal agencies were among them. Company spokesperson Holly Beilin did not provide details on enforcement timelines or potential penalties for noncompliance.
Broader Implications for Privacy and Oversight
Flock Safety’s network spans over 5,000 police departments and private entities nationwide, giving officers and agencies the ability to track vehicle movements across states in real time. The lawmakers’ letter underscores how critical these systems have become — and how devastating a breach could be if exploited by hackers or foreign intelligence groups.
Adding to the concern, prior reporting revealed that the U.S. Drug Enforcement Administration once used a local officer’s Flock login to conduct surveillance without authorization. The department later activated MFA after the incident.
The call for a Flock Safety cybersecurity probe signals growing federal scrutiny of surveillance technology companies. As the U.S. relies increasingly on AI-driven monitoring and automated data collection, lawmakers appear determined to ensure that digital safeguards keep pace with the expanding reach of law enforcement tech.
