Flock license plate readers: Difference between revisions

Line 57:

===State legislation===

Several states have enacted restrictions on ALPR use. Illinois ~~requires~~ law enforcement agencies ~~to establish usage policies and prohibits~~ data ~~retention beyond 90 days unless related~~ to ~~ongoing investigations~~.<ref>{{Cite web |title=~~Illinois Compiled Statutes~~ - ~~Freedom from Drone Surveillance Act~~ |url=https://www.ilga.gov/legislation/~~ilcs~~/~~ilcs3~~.~~asp?ActID=3541&ChapterID=53~~ |url-status=usurped |access-date=23 Aug 2025 |work=Illinois General Assembly}}</ref> New Hampshire ~~banned~~ ALPR use ~~entirely except for specific toll collection purposes~~.<ref>{{Cite web |title=~~RSA 236~~:~~130 Automated License~~ Plate ~~Recognition~~ |url=~~http~~://~~www.gencourt~~.~~state~~.~~nh.us~~/~~rsa~~/~~html~~/~~XXI~~/~~236~~/~~236~~-~~130.htm~~ |url-status=usurped |access-date=23 Aug 2025 |work=New Hampshire General Court}}</ref>

Several states have enacted restrictions on ALPR use. Illinois prohibits law enforcement agencies from sharing ALPR data with other jurisdictions in relation to a person's immigration status.<ref>{{Cite web |title=Public Act 103-0540 |url=https://www.ilga.gov/documents/legislation/publicacts/103/PDF/103-0540.pdf |url-status=usurped |access-date=23 Aug 2025 |work=Illinois General Assembly}}</ref> New Hampshire requires a three-minute purge of data from ALPR use with the exception of ongoing investigations. <ref>{{Cite web |title=261:75-b Use of Number Plate Scanning Devices Regulated. |url=https://law.justia.com/codes/new-hampshire/title-xxi/chapter-261/section-261-75-b/ |url-status=usurped |access-date=23 Aug 2025 |work=New Hampshire General Court}}</ref>

~~California's~~ SB 34 requires ~~law enforcement~~ to ~~establish~~ privacy policies~~, conduct annual audits, and delete non-hit~~ data ~~within 60 days~~.<ref>{{Cite web |url=https://leginfo.legislature.ca.gov/faces/billNavClient.xhtml?bill_id=201520160SB34 |title=SB-34 Automated license plate recognition systems: use of data |work=California Legislative Information |access-date=23 Aug 2025}}</ref> However, enforcement remains inconsistent, with a 2020 state audit finding widespread non-compliance.<ref>{{Cite web |url=https://www.auditor.ca.gov/reports/2019-118/index.html |title=Automated License Plate Readers |work=California State Auditor |date=13 Feb 2020 |access-date=23 Aug 2025}}</ref>

California’s SB 34 requires public agencies using ALPR systems to implement usage and privacy policies as well as limits to data sharing. <ref name=":3">{{Cite web |url=https://leginfo.legislature.ca.gov/faces/billNavClient.xhtml?bill_id=201520160SB34 |title=SB-34 Automated license plate recognition systems: use of data |work=California Legislative Information |access-date=23 Aug 2025}}</ref> However, enforcement remains inconsistent, with a 2020 state audit finding widespread non-compliance.<ref>{{Cite web |url=https://www.auditor.ca.gov/reports/2019-118/index.html |title=Automated License Plate Readers |work=California State Auditor |date=13 Feb 2020 |access-date=23 Aug 2025}}</ref>

==Notable incidents==

===Immigration enforcement controversy===

Internal emails obtained through {{Wplink|Freedom of Information Act (United States)|Freedom of Information Act}} (FOIA) requests revealed ~~Flock provided~~ Immigration and Customs Enforcement (ICE) ~~real-time access~~ to track vehicles across sanctuary cities~~, contradicting public statements about limiting federal agency~~ access.<ref>{{Cite web |date=~~15 Jul 2024~~ |title=~~Surveillance firm provided~~ ICE ~~access to~~ license plate reader ~~systems~~ |url=https://~~www~~.~~theguardian.com~~/us-~~news/2024/jul/15/~~flock-~~safety-ice~~-license-plate-reader |url-status=usurped |access-date=23 Aug 2025 |work=~~The Guardian~~}}</ref> Following public outcry, Flock restricted ICE access in California, Illinois, and several other states, though access continues in most jurisdictions.~~<ref>~~{{Cite web |date=28 Mar 2024 |title=How Flock Safety is Building a Surveillance Network for ICE |url=https://www.eff.org/deeplinks/2024/03/flock-safety-and-ice |url-status=usurped |access-date=23 Aug 2025 |work=Electronic Frontier Foundation}}~~</ref>~~

Internal emails obtained through {{Wplink|Freedom of Information Act (United States)|Freedom of Information Act}} (FOIA) requests revealed Immigration and Customs Enforcement (ICE) were able to track vehicles across sanctuary cities by requesting access from local law enforcement agencies.<ref>{{Cite web |date=27 May 2025 |title=Reported: ICE using automated license-plate-reader cameras for immigration enforcement via state/local police |url=https://immpolicytracking.org/policies/reported-ice-accessing-flock-automated-license-plate-reader-cameras-via-local-law-enforcement/ |url-status=usurped |access-date=23 Aug 2025 |work=Immigration Policy Tracking Project}}</ref> Following public outcry, Flock restricted ICE access in California, Illinois, and several other states, though access continues in most jurisdictions.{{Citation needed}}

Documents show ICE used Flock cameras to identify and track vehicles associated with immigrant advocacy organizations, churches providing sanctuary, and legal aid offices.<ref>{{Cite web |date=2024 |title=ICE Surveillance of Immigrants and Advocates |url=https://americanoversight.org/investigation/ice-surveillance-of-immigrants-and-advocates/ |url-status=usurped |access-date=23 Aug 2025 |work=American Oversight}}</ref> In one case, ICE tracked a vehicle from a church in Oakland to a residential address, leading to an enforcement action.<ref>{{Cite web |date=2024 |title=ACLU Obtains Records Showing ICE Using License Plate Readers in Sanctuary Cities |url=https://www.aclunc.org/news/aclu-obtains-records-showing-ice-using-license-plate-readers-sanctuary-cities |url-status=usurped |access-date=23 Aug 2025 |work=ACLU of Northern California}}</ref>

===Abortion access surveillance===

After {{Wplink|Roe v. Wade}}'s overturn, prosecutors in states with abortion bans gained new tools for enforcement through Flock's network. Public records show law enforcement in Texas~~, Alabama, and Idaho~~ requested Flock data on vehicles traveling to and from reproductive health clinics.<ref>{{Cite web |date=~~2023~~ |title=License Plate ~~Readers Are Creating~~ a ~~US-Wide Database of More Than Just Cars~~ |url=https://www.~~vice~~.~~com~~/en/~~article~~/license-plate-~~readers~~-~~abortion~~-~~clinics~~-~~texas~~ |url-status=usurped |access-date=2025-08-23 |work=~~Vice~~}}</ref>

After {{Wplink|Roe v. Wade}}'s overturn, prosecutors in states with abortion bans gained new tools for enforcement through Flock's network. Public records show law enforcement in Texas requested Flock data on vehicles traveling to and from reproductive health clinics.<ref>{{Cite web |last=Maass |first=Dave |date=7 Oct 2025 |title=Flock Safety and Texas Sheriff Claimed License Plate Search Was for a Missing Person. It Was an Abortion Investigation. |url=https://www.eff.org/deeplinks/2025/10/flock-safety-and-texas-sheriff-claimed-license-plate-search-was-missing-person-it |url-status=usurped |access-date=2025-08-23 |work=Electronic Frontier Foundation}}</ref>

Privacy advocates documented cases where ALPR data was used to identify women crossing state lines for reproductive care.<ref>{{Cite web |date=2024 |title=Reproductive Surveillance in Post-Roe America |url=https://www.surveillancewatch.io/reproductive-surveillance-post-roe/ |url-status=usurped |access-date=23 Aug 2025 |work=Surveillance Watch}}</ref> In response, some states enacted "shield laws" prohibiting the use of ALPR data for abortion-related prosecutions.<ref>{{~~Cite web |date=2024 |title=State Shield Laws and Reproductive Privacy |url=https://reproductiverights.gov/shield-laws/ |url-status=usurped |access-date=23 Aug 2025 |work=Center for Reproductive Rights~~}}~~</ref>~~

Privacy advocates documented cases where ALPR data was used to identify women crossing state lines for reproductive care. In response, some states enacted "shield laws" prohibiting the use of ALPR data for abortion-related prosecutions.<ref name=":3" />{{Citation needed}}

===Data breaches and misuse===

A 2024 investigation revealed Flock employees accessed customer data without authorization, including running searches on romantic partners, neighbors, and journalists.<ref>{{Cite web |date=2024 |title=Flock Safety Employees Caught Misusing Access to Surveillance Network |url=https://www.wired.com/story/flock-safety-employees-misuse-access/ |url-status=usurped |access-date=23 Aug 2025 |work=Wired}}</ref> Internal audits found over 200 instances of inappropriate access between 2022 and 2024, though Flock claims to have implemented additional access controls.<ref>{{Cite web |date=2024-05-15 |title=Audit Reveals Hundreds of Flock Safety Privacy Violations |url=https://www.techdirt.com/2024/05/15/audit-reveals-hundreds-of-flock-safety-privacy-violations/ |url-status=usurped |access-date=23 Aug 2025 |work=Techdirt}}</ref>

Law enforcement misuse includes officers tracking ex-partners. A Kansas officer used Flock to track his ex-wife's movements for six months.<ref>{{Cite web |last=Tucker |first=Hailey |date=31 Oct 2022 |title=Kechi officer stalking incident prompts concerns about WPD ‘FLOCK‘ technology |url=https://www.kwch.com/2022/11/01/ff12-kechi-officer-stalking-incident-prompts-concerns-about-wpd-flock-technology/ |website=KWCH 12 News}}</ref>

Law enforcement misuse includes officers tracking ex-partners~~, stalking cases, and selling data to private investigators~~.<ref>{{Cite web |date=2024 |title=When License Plate Readers Become Tools for Stalking |url=https://apnews.com/article/license-plate-readers-police-misuse-stalking |url-status=usurped |access-date=23 Aug 2025 |work=Associated Press}}</ref> A ~~Detroit~~ officer ~~was terminated after using~~ Flock to track his ex-wife's movements for six months.<ref>{{Cite web |date=~~Mar 2024~~ |title=~~Detroit Officer Fired for Using City Cameras to Track Ex-Wife~~ |url=https://www.~~detroitnews~~.com/~~story~~/~~news~~/~~local~~/~~detroit~~-~~city/2024/03/~~officer-~~fired~~-~~tracking~~-ex-~~wife/ |url~~-~~status=usurped |access~~-~~date=23 Aug 2025~~ |~~work~~=~~Detroit~~ News}}</ref>

==Security vulnerabilities==

Flock Safety ~~self-disclosed critical~~ vulnerabilities in ~~Q2 2025~~ and submitted them to MITRE~~<sup>[''who?'']</sup>~~ for inclusion in the National Vulnerability Database.<ref>{{Cite web ~~|date=2025~~ |title=~~Proactive Security Disclosure Q2 2025~~ |url=https://www.flocksafety.com/blog/~~proactive~~-~~security~~-~~disclosure~~-q2-~~2025~~ |url~~-status~~=~~usurped |access~~-~~date=23 Aug~~ 2025 ~~|work=Flock Safety~~}}</ref> ~~Vulnerabilities in similar~~ ALPR systems ~~have included hard-coded~~ passwords and unencrypted data storage.<ref>{{Cite web |url=https://www.eff.org/deeplinks/~~2024~~/06/~~new-alpr~~-~~vulnerabilities~~-~~prove~~-~~mass~~-~~surveillance~~-public-safety-~~threat~~ |~~title=New ALPR Vulnerabilities Prove Mass Surveillance Is a Public Safety Threat |work~~=Electronic Frontier Foundation ~~|date=18 Jun 2024 |access-date=23 Aug 2025~~}}</ref>

In 2025, Flock Safety reported security vulnerabilities in its devices and submitted them to MITRE for inclusion in the National Vulnerability Database, including issues such as hard-coded credentials and improper access controls.<ref>{{Cite web |title= |url=https://www.flocksafety.com/blog/gunshot-detection-and-license-plate-reader-security-alert}}</ref><ref>{{Cite web |title= |url=https://www.cvedetails.com/cve/CVE-2025-59403/}}</ref> Similar security concerns have affected other ALPR systems, including exposure of default passwords and unencrypted data storage.<ref name=":4">{{Cite web |last=Quintin |first=Cooper |date=28 Oct 2015 |title=License Plate Readers Exposed! How Public Safety Agencies Responded to Major Vulnerabilities in Vehicle Surveillance Tech |url=https://www.eff.org/ur/deeplinks/2015/10/license-plate-readers-exposed-how-public-safety-agencies-responded-massive |website=Electronic Frontier Foundation}}</ref>

This ~~marks the third~~ major ~~ALPR~~ security ~~disclosure~~ in a decade. In 2015, ~~{{Wplink|~~Electronic Frontier Foundation~~}} (EFF) investigators found over~~ 100 ALPR cameras ~~unsecured~~ on the internet. ~~The most~~ serious documented breach occurred in 2019 when ~~a cyberattack compromised~~ Perceptics, LLC, a U.S. Customs and Border ~~Patrol (CBP) sub-contractor~~, ~~exposing~~ 105,000 license plate images and 184,000 traveler facial images.<ref>{{~~cite~~ web ~~|date=23 May 2019~~ |title=~~Maker of US border's license-plate scanning tech ransacked by hacker, blueprints and files dumped online • The Register~~ |url=https://www.~~theregister~~.~~com~~/~~2019~~/05/23/~~perceptics_hacked_license_plate_recognition~~/ ~~|access~~-~~date=5 Oct 2025 |website=Department of Homeland Security~~ OIG}}</ref>

This represents one of several major security disclosures in the past decade. In 2015, the Electronic Frontier Foundation documented more than 100 ALPR cameras accessible on the open internet, often without passwords or proper configuration.<ref name=":4" /> A more serious documented breach occurred in 2019, when Perceptics, LLC, a subcontractor for U.S. Customs and Border Protection, exposed approximately 105,000 license plate images and 184,000 traveler facial images.<ref>{{Cite web |title= |url=https://www.oig.dhs.gov/sites/default/files/assets/2020-09/OIG-20-71-Sep20.pdf}}</ref>

==Government accountability and oversight==

@@ Line 57: / Line 57: @@
 ===State legislation===
-Several states have enacted restrictions on ALPR use. Illinois requires law enforcement agencies to establish usage policies and prohibits data retention beyond 90 days unless related to ongoing investigations.<ref>{{Cite web |title=Illinois Compiled Statutes - Freedom from Drone Surveillance Act |url=https://www.ilga.gov/legislation/ilcs/ilcs3.asp?ActID=3541&ChapterID=53 |url-status=usurped |access-date=23 Aug 2025 |work=Illinois General Assembly}}</ref> New Hampshire banned ALPR use entirely except for specific toll collection purposes.<ref>{{Cite web |title=RSA 236:130 Automated License Plate Recognition |url=http://www.gencourt.state.nh.us/rsa/html/XXI/236/236-130.htm |url-status=usurped |access-date=23 Aug 2025 |work=New Hampshire General Court}}</ref>
+Several states have enacted restrictions on ALPR use. Illinois prohibits law enforcement agencies from sharing ALPR data with other jurisdictions in relation to a person's immigration status.<ref>{{Cite web |title=Public Act 103-0540 |url=https://www.ilga.gov/documents/legislation/publicacts/103/PDF/103-0540.pdf |url-status=usurped |access-date=23 Aug 2025 |work=Illinois General Assembly}}</ref> New Hampshire requires a three-minute purge of data from ALPR use with the exception of ongoing investigations. <ref>{{Cite web |title=261:75-b Use of Number Plate Scanning Devices Regulated. |url=https://law.justia.com/codes/new-hampshire/title-xxi/chapter-261/section-261-75-b/ |url-status=usurped |access-date=23 Aug 2025 |work=New Hampshire General Court}}</ref>
-California's SB 34 requires law enforcement to establish privacy policies, conduct annual audits, and delete non-hit data within 60 days.<ref>{{Cite web |url=https://leginfo.legislature.ca.gov/faces/billNavClient.xhtml?bill_id=201520160SB34 |title=SB-34 Automated license plate recognition systems: use of data |work=California Legislative Information |access-date=23 Aug 2025}}</ref> However, enforcement remains inconsistent, with a 2020 state audit finding widespread non-compliance.<ref>{{Cite web |url=https://www.auditor.ca.gov/reports/2019-118/index.html |title=Automated License Plate Readers |work=California State Auditor |date=13 Feb 2020 |access-date=23 Aug 2025}}</ref>
+California’s SB 34 requires public agencies using ALPR systems to implement usage and privacy policies as well as limits to data sharing. <ref name=":3">{{Cite web |url=https://leginfo.legislature.ca.gov/faces/billNavClient.xhtml?bill_id=201520160SB34 |title=SB-34 Automated license plate recognition systems: use of data |work=California Legislative Information |access-date=23 Aug 2025}}</ref> However, enforcement remains inconsistent, with a 2020 state audit finding widespread non-compliance.<ref>{{Cite web |url=https://www.auditor.ca.gov/reports/2019-118/index.html |title=Automated License Plate Readers |work=California State Auditor |date=13 Feb 2020 |access-date=23 Aug 2025}}</ref>
 ==Notable incidents==
 ===Immigration enforcement controversy===
-Internal emails obtained through {{Wplink|Freedom of Information Act (United States)|Freedom of Information Act}} (FOIA) requests revealed Flock provided Immigration and Customs Enforcement (ICE) real-time access to track vehicles across sanctuary cities, contradicting public statements about limiting federal agency access.<ref>{{Cite web |date=15 Jul 2024 |title=Surveillance firm provided ICE access to license plate reader systems |url=https://www.theguardian.com/us-news/2024/jul/15/flock-safety-ice-license-plate-reader |url-status=usurped |access-date=23 Aug 2025 |work=The Guardian}}</ref> Following public outcry, Flock restricted ICE access in California, Illinois, and several other states, though access continues in most jurisdictions.<ref>{{Cite web |date=28 Mar 2024 |title=How Flock Safety is Building a Surveillance Network for ICE |url=https://www.eff.org/deeplinks/2024/03/flock-safety-and-ice |url-status=usurped |access-date=23 Aug 2025 |work=Electronic Frontier Foundation}}</ref>
+Internal emails obtained through {{Wplink|Freedom of Information Act (United States)|Freedom of Information Act}} (FOIA) requests revealed Immigration and Customs Enforcement (ICE) were able to track vehicles across sanctuary cities by requesting access from local law enforcement agencies.<ref>{{Cite web |date=27 May 2025 |title=Reported: ICE using automated license-plate-reader cameras for immigration enforcement via state/local police |url=https://immpolicytracking.org/policies/reported-ice-accessing-flock-automated-license-plate-reader-cameras-via-local-law-enforcement/ |url-status=usurped |access-date=23 Aug 2025 |work=Immigration Policy Tracking Project}}</ref> Following public outcry, Flock restricted ICE access in California, Illinois, and several other states, though access continues in most jurisdictions.{{Citation needed}}
-Documents show ICE used Flock cameras to identify and track vehicles associated with immigrant advocacy organizations, churches providing sanctuary, and legal aid offices.<ref>{{Cite web |date=2024 |title=ICE Surveillance of Immigrants and Advocates |url=https://americanoversight.org/investigation/ice-surveillance-of-immigrants-and-advocates/ |url-status=usurped |access-date=23 Aug 2025 |work=American Oversight}}</ref> In one case, ICE tracked a vehicle from a church in Oakland to a residential address, leading to an enforcement action.<ref>{{Cite web |date=2024 |title=ACLU Obtains Records Showing ICE Using License Plate Readers in Sanctuary Cities |url=https://www.aclunc.org/news/aclu-obtains-records-showing-ice-using-license-plate-readers-sanctuary-cities |url-status=usurped |access-date=23 Aug 2025 |work=ACLU of Northern California}}</ref>
 ===Abortion access surveillance===
-After {{Wplink|Roe v. Wade}}'s overturn, prosecutors in states with abortion bans gained new tools for enforcement through Flock's network. Public records show law enforcement in Texas, Alabama, and Idaho requested Flock data on vehicles traveling to and from reproductive health clinics.<ref>{{Cite web |date=2023 |title=License Plate Readers Are Creating a US-Wide Database of More Than Just Cars |url=https://www.vice.com/en/article/license-plate-readers-abortion-clinics-texas |url-status=usurped |access-date=2025-08-23 |work=Vice}}</ref>
+After {{Wplink|Roe v. Wade}}'s overturn, prosecutors in states with abortion bans gained new tools for enforcement through Flock's network. Public records show law enforcement in Texas requested Flock data on vehicles traveling to and from reproductive health clinics.<ref>{{Cite web |last=Maass |first=Dave |date=7 Oct 2025 |title=Flock Safety and Texas Sheriff Claimed License Plate Search Was for a Missing Person. It Was an Abortion Investigation. |url=https://www.eff.org/deeplinks/2025/10/flock-safety-and-texas-sheriff-claimed-license-plate-search-was-missing-person-it |url-status=usurped |access-date=2025-08-23 |work=Electronic Frontier Foundation}}</ref>
-Privacy advocates documented cases where ALPR data was used to identify women crossing state lines for reproductive care.<ref>{{Cite web |date=2024 |title=Reproductive Surveillance in Post-Roe America |url=https://www.surveillancewatch.io/reproductive-surveillance-post-roe/ |url-status=usurped |access-date=23 Aug 2025 |work=Surveillance Watch}}</ref> In response, some states enacted "shield laws" prohibiting the use of ALPR data for abortion-related prosecutions.<ref>{{Cite web |date=2024 |title=State Shield Laws and Reproductive Privacy |url=https://reproductiverights.gov/shield-laws/ |url-status=usurped |access-date=23 Aug 2025 |work=Center for Reproductive Rights}}</ref>
+Privacy advocates documented cases where ALPR data was used to identify women crossing state lines for reproductive care. In response, some states enacted "shield laws" prohibiting the use of ALPR data for abortion-related prosecutions.<ref name=":3" />{{Citation needed}}
 ===Data breaches and misuse===
-A 2024 investigation revealed Flock employees accessed customer data without authorization, including running searches on romantic partners, neighbors, and journalists.<ref>{{Cite web |date=2024 |title=Flock Safety Employees Caught Misusing Access to Surveillance Network |url=https://www.wired.com/story/flock-safety-employees-misuse-access/ |url-status=usurped |access-date=23 Aug 2025 |work=Wired}}</ref> Internal audits found over 200 instances of inappropriate access between 2022 and 2024, though Flock claims to have implemented additional access controls.<ref>{{Cite web |date=2024-05-15 |title=Audit Reveals Hundreds of Flock Safety Privacy Violations |url=https://www.techdirt.com/2024/05/15/audit-reveals-hundreds-of-flock-safety-privacy-violations/ |url-status=usurped |access-date=23 Aug 2025 |work=Techdirt}}</ref>
+Law enforcement misuse includes officers tracking ex-partners. A Kansas officer used Flock to track his ex-wife's movements for six months.<ref>{{Cite web |last=Tucker |first=Hailey |date=31 Oct 2022 |title=Kechi officer stalking incident prompts concerns about WPD ‘FLOCK‘ technology |url=https://www.kwch.com/2022/11/01/ff12-kechi-officer-stalking-incident-prompts-concerns-about-wpd-flock-technology/ |website=KWCH 12 News}}</ref>
-Law enforcement misuse includes officers tracking ex-partners, stalking cases, and selling data to private investigators.<ref>{{Cite web |date=2024 |title=When License Plate Readers Become Tools for Stalking |url=https://apnews.com/article/license-plate-readers-police-misuse-stalking |url-status=usurped |access-date=23 Aug 2025 |work=Associated Press}}</ref> A Detroit officer was terminated after using Flock to track his ex-wife's movements for six months.<ref>{{Cite web |date=Mar 2024 |title=Detroit Officer Fired for Using City Cameras to Track Ex-Wife |url=https://www.detroitnews.com/story/news/local/detroit-city/2024/03/officer-fired-tracking-ex-wife/ |url-status=usurped |access-date=23 Aug 2025 |work=Detroit News}}</ref>
 ==Security vulnerabilities==
-Flock Safety self-disclosed critical vulnerabilities in Q2 2025 and submitted them to MITRE<sup>[''who?'']</sup> for inclusion in the National Vulnerability Database.<ref>{{Cite web |date=2025 |title=Proactive Security Disclosure Q2 2025 |url=https://www.flocksafety.com/blog/proactive-security-disclosure-q2-2025 |url-status=usurped |access-date=23 Aug 2025 |work=Flock Safety}}</ref> Vulnerabilities in similar ALPR systems have included hard-coded passwords and unencrypted data storage.<ref>{{Cite web |url=https://www.eff.org/deeplinks/2024/06/new-alpr-vulnerabilities-prove-mass-surveillance-public-safety-threat |title=New ALPR Vulnerabilities Prove Mass Surveillance Is a Public Safety Threat |work=Electronic Frontier Foundation |date=18 Jun 2024 |access-date=23 Aug 2025}}</ref>
+In 2025, Flock Safety reported security vulnerabilities in its devices and submitted them to MITRE for inclusion in the National Vulnerability Database, including issues such as hard-coded credentials and improper access controls.<ref>{{Cite web |title= |url=https://www.flocksafety.com/blog/gunshot-detection-and-license-plate-reader-security-alert}}</ref><ref>{{Cite web |title= |url=https://www.cvedetails.com/cve/CVE-2025-59403/}}</ref>  Similar security concerns have affected other ALPR systems, including exposure of default passwords and unencrypted data storage.<ref name=":4">{{Cite web |last=Quintin |first=Cooper |date=28 Oct 2015 |title=License Plate Readers Exposed! How Public Safety Agencies Responded to Major Vulnerabilities in Vehicle Surveillance Tech |url=https://www.eff.org/ur/deeplinks/2015/10/license-plate-readers-exposed-how-public-safety-agencies-responded-massive |website=Electronic Frontier Foundation}}</ref>
-This marks the third major ALPR security disclosure in a decade. In 2015, {{Wplink|Electronic Frontier Foundation}} (EFF) investigators found over 100 ALPR cameras unsecured on the internet. The most serious documented breach occurred in 2019 when a cyberattack compromised Perceptics, LLC, a U.S. Customs and Border Patrol (CBP) sub-contractor, exposing 105,000 license plate images and 184,000 traveler facial images.<ref>{{cite web |date=23 May 2019 |title=Maker of US border's license-plate scanning tech ransacked by hacker, blueprints and files dumped online • The Register |url=https://www.theregister.com/2019/05/23/perceptics_hacked_license_plate_recognition/ |access-date=5 Oct 2025 |website=Department of Homeland Security OIG}}</ref>
+This represents one of several major security disclosures in the past decade. In 2015, the Electronic Frontier Foundation documented more than 100 ALPR cameras accessible on the open internet, often without passwords or proper configuration.<ref name=":4" /> A more serious documented breach occurred in 2019, when Perceptics, LLC, a subcontractor for U.S. Customs and Border Protection, exposed approximately 105,000 license plate images and 184,000 traveler facial images.<ref>{{Cite web |title= |url=https://www.oig.dhs.gov/sites/default/files/assets/2020-09/OIG-20-71-Sep20.pdf}}</ref>
 ==Government accountability and oversight==