Flock Safety Shared Your Plates with the Feds

Class action lawsuit reveals 1.6 million illegal database searches. Oxnard suspends cameras. California drivers sue.

TL;DR: Flock Safety, the license plate surveillance company, is facing a class action lawsuit for illegally sharing California drivers' location data with federal agencies including ICE, CBP, FBI, and ATF. San Francisco Police Department cameras were searched by out-of-state agencies over 1.6 million times in seven months. Oxnard Police suspended their Flock cameras after discovering a "vendor-based issue" allowed federal access without their knowledge. Ventura County found 364,000 unauthorized searches. California law explicitly bans sharing ALPR data outside the state. Plaintiffs are seeking $2,500+ per violation.

The Class Action

On February 26, 2026, Oakland-based law firm Gibbs Mura filed a class action lawsuit against Flock Safety in San Francisco Superior Court [1]. The suit, co-filed with Milberg PLLC, accuses Flock of violating California's ALPR Privacy Act by sharing license plate data with out-of-state and federal law enforcement agencies.

"Flock has to be beholden to the laws they claim they are trying to enforce," said Gibbs Mura partner David Berger [2].

The lead plaintiffs include a San Francisco resident and Anthony Mayor of San Rafael, who drives a red Kia Niro around the Bay Area. Every time he passes a Flock camera, his plate gets logged. That data was supposed to stay in California. It didn't.

The Numbers Are Staggering

1.6 Million Searches

Out-of-state agencies queried San Francisco PD's Flock database in just seven months[1]

1 Million+ Searches

Outside agencies accessed Los Altos camera data[2]

364,000 Unauthorized

Illegal searches found in Ventura County audit[3]

$2,500+ Per Violation

Minimum damages sought under California privacy law[1]

Who Was Searching?

Audit logs pulled from California police departments reveal which federal agencies were accessing the data [4]:

  • FBI: Federal Bureau of Investigation
  • ATF: Bureau of Alcohol, Tobacco, Firearms, and Explosives
  • ICE: Immigration and Customs Enforcement
  • CBP: Customs and Border Protection
  • DEA: Drug Enforcement Administration (search reasons included "fresno dea intel")
  • USPS: United States Postal Inspection Service
  • GSA OIG: General Services Administration Office of Inspector General
  • VA Police: Loma Linda Healthcare System Veterans Affairs Police

Some San Jose PD audit logs showed search reasons listed as simply "CBP" and "ICE" [1]. The lawsuit describes this as a "side door" that let federal immigration enforcement access California data in violation of the state's sanctuary laws.

Oxnard Pulls the Plug

On February 27, 2026, Oxnard Police Department suspended all Flock Safety cameras [5].

The department discovered that despite setting security to "California only" access, a "vendor-based issue" enabled a "nationwide query" feature. Federal agencies could search their data without Oxnard's knowledge or approval.

"Proper guardrails must not only be in place, but they must work reliably," said Police Chief Jason Benites [3].

The suspension will continue until Oxnard is "fully confident that our data is secure and that appropriate searching safeguards have shown a track record" of reliability.

Ventura County's Damning Audit

The Ventura County Sheriff's Office conducted an audit after discovering irregularities. What they found [3]:

  • 364,000+ unauthorized accesses between February and March 2025
  • The "National Lookup" feature had been disabled in June 2023 to comply with California law
  • Somehow, it got reactivated without anyone's knowledge
  • The Sheriff's Office confirmed: "No one from our agency activated the national lookup feature"

Flock couldn't explain what happened. The company cited three possibilities: internal sheriff's office personnel, a Flock employee, or an automatic system bug. They claimed "technical logging limitations" prevented determining the cause [3].

In other words: they don't know how it happened, can't prove it won't happen again, and kept no records that would let anyone figure it out.

What California Law Actually Says

California's ALPR Privacy Act (SB 34, passed 2015) is explicit [1]:

  • Civil Code § 1798.90.55(b): Prohibits sharing ALPR data except with California public agencies
  • Civil Code § 1798.90.51(a): Requires reasonable security safeguards
  • Civil Code § 1798.90.51-52(b): Mandates privacy policies ensuring data use only for authorized purposes

SB 54 (California's sanctuary law) separately prohibits sharing data for immigration enforcement.

Flock's centralized database architecture appears designed to make sharing easy. The lawsuit argues this structure inherently violates laws that prohibit exactly that kind of sharing.

CHP Already Warned Them

This isn't news to Flock. In November 2025, California Highway Patrol Commissioner Sean Duryee sent a letter to Flock CEO Garrett Langley reaffirming contractual prohibitions against sharing data with the federal government or any entities outside California [6].

Flock's response: they're "aligned with CHP's commitment to responsible, privacy-first public safety technology" and that customers control their own data.

Months later, audits reveal the exact sharing CHP warned against. Customers didn't control anything. The data flowed anyway.

Cities Are Responding

The revelations have triggered a wave of action:

  • Oxnard: Suspended all Flock cameras (February 27, 2026) [5]
  • Mountain View: City Council voted to end Flock contract [4]
  • Richmond: Police department blocked federal agency access [4]
  • Oakland: City Council rejected $2 million Flock expansion in November 2025 [6]

Related: Silicon Valley cities are banning Flock cameras over surveillance concerns.

Flock's Position

Flock maintains that customers control their own data and that the company doesn't independently share law enforcement information. Access requires "explicit customer authorization consistent with California law" [6].

The audit logs tell a different story. When 1.6 million searches happen from out-of-state agencies against a California police database, someone authorized it. If it wasn't the police department and it wasn't documented, who was it?

The company took "full responsibility" for the vendor-based issue that reactivated national lookups [5]. But responsibility without explanation isn't accountability.

What This Means For You

If you've driven past a Flock camera in California, your license plate and location data may have been:

  • Logged and stored without your consent
  • Searched by federal agencies including ICE and CBP
  • Shared in violation of California privacy law
  • Accessed by out-of-state law enforcement

The class action seeks minimum damages of $2,500 per violation under California law, plus punitive damages for willful violations [1].

What You Can Do

Check Your City

Use the EFF's Atlas of Surveillance to see if your city has Flock cameras.

File Public Records Requests

Request Flock audit logs from your local police department through MuckRock.

Contact Your Council

Ask your city council if they know who's searching their ALPR database and whether federal access is blocked.

Join the Lawsuit

If you've driven in California, Gibbs Mura is collecting potential class members.

References

  1. Gibbs Mura - Flock Safety License Plate Reader Cameras Lawsuit (February 26, 2026)
  2. KTVU - Class action lawsuit alleges Flock license plate readers violate CA law (February 27, 2026)
  3. CBS Los Angeles - Flock license plate readers shared data with out-of-state agencies (February 2026)
  4. SFist - Lawsuit Says SFPD's Flock Cameras Were Accessed by Federal Agencies 1.6 Million Times (February 28, 2026)
  5. Edhat - Oxnard police suspend Flock license-plate readers (February 2026)
  6. KTVU - CHP warns Flock over sharing of surveillance data with federal government (November 2025)

Published: March 17, 2026