Flock Safety, one of the largest automated license plate reader (ALPR) companies in America, does not seem to like public records requests, or the headlines critical of their practices that those requests have generated.
A slew of communications the company, which has contracts with over 5,000 cities across the country (including in Connecticut), has sent to police departments in recent months make that clear.
Earlier this year, in connection with a complaint I currently have before the Freedom of Information Commission (FOIC), I submitted a request for email communication between members of the Manchester Police Department (MPD) and employees at Flock Safety, with whom MPD has an active contract for the ALPR cameras in their town.
The request covered a roughly two month time period and, though unrelated to what I was looking for, uncovered copies of several emails sent by Flock Safety apparently to all members of the police department with an account to access Flock’s data, attempting to counter recent stories raising red flags about how the company operates as “misinformation,” and smearing records requests in the process.
“Let’s call this what it is: Flock, and the law enforcement agencies we partner with, are under coordinated attack.” an email from Flock CEO Garrett Langley sent on December 8, 2025 claims. “The attacks aren’t new. You’ve been dealing with this forever, and we’ve been dealing with this since our founding, from the same activist groups who want to defund the police, weaken public safety, and normalize lawlessness. Now, they’re producing YouTube videos with misleading headlines. They’re also trying to turn a public records process into a weapon against you and us.”
The email is referencing the discovery of vulnerabilities in over 60 of Flock’s AI-powered Condor camera streams that allowed anyone to access them without an account or password. Unlike ALPR’s, the Condor system is designed to track people rather than vehicles. Not only were live camera feeds accessible, but in some cases, the administrative portals to the cameras could be accessed without login credentials, allowing anyone to change their settings.
Days earlier, on December 5, Flock sent out another email, addressed from Senior Vice President of Customer Experience Chris Colwell, again positioning “claims” made about Flock in news stories as misinformation and offering to hold “30-minute, small-group Q&A sessions” with Langley, other Flock officials, and command staff and administrators with Connecticut departments contracted with Flock.
“We understand that in this era of unprecedented misinformation, you are hearing many claims about Flock Safety. The recent headlines about our company are largely a result of this environment. The best way for us to clear up these misconceptions and address your concerns is to speak to you directly.” the email, which also promised the sessions would contain no “marketing” or “spin,” promised.
Despite what the emails say, it’s hard to see these emails as anything other than crisis public relations communications. And it’s hardly surprising, given that the Condor vulnerability was not the only recent hit the company has taken.
404 Media has broken numerous stories shedding light on Flock’s practices, including federal immigration authorities’ ability to access and search local agencies’ data, the company’s use of overseas gig labor to train its cameras, and the unwitting exposure of audit logs that led data on millions of searches to be leaked to the public.
This latter story led to the creation of the website HaveIBeenFlocked, a searchable database that allows users to see if their vehicle has been captured by Flock cameras. Flock has since clamped down on what’s releasable in audit logs, gone after the creator of the website, and blamed increased public records requests for their recent woes.
What the two emails, sent to MPD officers days apart, capture is a company worried about its reputation because stories, many able to be broken because of information obtained through public records requests, are shedding light on how ALPR cameras operate in their communities.
ALPR data, in particular, can be difficult to obtain. The technology is relatively new and in many communities has been deployed quickly and with little public oversight or clear approval. Whether information related to ALPRs is disclosable under existing statute of public records laws has been a murky area, with law enforcement not only arguing that releasing captured information would damage public safety but, as in my case against MPD, that they can’t access data because Flock owns the database.
But court decisions have begun to turn in favor of journalists and privacy advocates who are acting as watchdogs. In my case, the FOIC ruled largely in my favor, finding MPD had a duty to communicate with Flock and access the data I requested and likely couldn’t claim the information was exempt from disclosure under FOIA’s law enforcement exemption.
That’s why it’s so frustrating to see a number of states, including Connecticut, roll out legislation that would exempt information collected by ALPR cameras from public records disclosure.
Last week, the General Law Committee released SB 4, a consumer privacy bill that includes an outright ban on information collected by ALPR cameras from FOIA disclosure in a section of the bill intended to limit federal authorities’, chiefly immigration enforcement officers, access to ALPR data.
That part of the bill, Section 18, is apparently in response to recent reporting from CT Insider that revealed immigration enforcement had searched ALPR data from at least six Connecticut municipalities.
That police from across the country can access data from anywhere in Flock’s network is a concern raised by many privacy advocacy organizations.
But exempting ALPR information from FOIA does nothing to address this. As CT Insider‘s reporting notes, the searches are already likely at odds with the provisions of Connecticut’s Trust Act, which limits cooperation with immigration authorities. Exempting ALPR information from FOIA does nothing to address that issue.
In this case, as in many stories involving ALPR abuse, FOIA requests exposed an issue and potential illegality that otherwise may not have been made public. The proposed legislation is responding to that by cutting off public access to that information. How many other stories of abuse or areas of concern will remain unknown if journalists and privacy advocates can no longer rely on public records to obtain ALPR information?
The provision in the bill sticks out particularly because it bears little relation to the other provisions in Section 18, which are aimed at limiting how ALPR information can be shared, particularly when federal immigration authorities are seeking it. The bill places strict limits on when police can enter into a contract with an ALPR provider or share information, particularly if they know it is being sought for immigration enforcement activities.
The provision exempting ALPR data from FOIA is at odds with the rest of the section of the bill because it does not limit government authorities. Rather, it limits the public. And the data it would put beyond public reach has no meaningful relationship to the rest of the provisions in the bill, i.e., it does not restrict law enforcement’s ability to abuse personal information for purposes the state does not like.
While journalists can currently FOIA for searches of ALPR systems by law enforcement officials, and can request data collected by ALPR cameras, we can’t access the information that would enable us (or anyone interested in abusing the FOIC process) to see sensitive personal information.
I’ve obtained data from ALPR cameras through FOIA requests. While I’ve received license plate numbers through FOIA before, the hits don’t record any information about who owns a vehicle, let alone who was driving at the time a vehicle hit was recorded. Driver’s license information is already exempt from CT’s FOI law.
Police can program ALPR systems to alert them any time a vehicle on a law enforcement hot list is captured by a camera, but any identifying information tied to that wanted person or their alleged crime is not passed on through the disclosable data recorded by ALPR systems. It’s contained in separate law enforcement databases, such as the National Crime Information Center, that are not publicly accessible.
Banning the release of ALPR information from FOIA not only doesn’t accomplish the goal of limiting how ALPR data can be shared and potentially abused by law enforcement, since they already have separate access to systems that contain identifying information that have no relationship to what’s publicly releasable, it also risks making oversight of the technology impossible.
If journalists, advocates, and concerned citizens worried about how a controversial technology is being rolled out in their community, can’t access ALPR information, they won’t know when abuses are happening and can’t alert the public or legislators who might want to do something about it, as is the overarching goal of Section 18 of SB 4.
It’s silly to respond to news stories that have uncovered issues impacting the public by cutting off the tools needed to report similar problems in the future. And it’s giving ALPR companies, which are clearly unhappy with what records requests are revealing about them, exactly what they want.
Sunshine Week 2026 is March 15 to March 21. We’ll have FOIA stories and tips to help you better use the state’s public records law. Have questions of topics you’d like to see addressed? Email katherine@insideinvestigator.org.
Opportunity for Student Journalists: NEFAC, MuckRock, and SPJ’s New England Chapter recently launched a monthly public records contest open to all student journalists. Prizes are awarded for the best story uncovered through records requests or the most egregious violation of a public records law.
Was this article helpful?
Republish our articles for free, online or in print, under a Creative Commons license.
