IPVM's report frames the chiefs-stalking-women pattern as proof that internal audit logs are reactive at best — they catch abuse after the fact but cannot prevent it. The argument is that only judicial pre-authorization (warrants) can close the gap when the people running the audit policy are themselves the abusers.
Invokes Scott Adams' formulation that wherever people can commit fraud without monitoring, you should assume they are. Applied to Flock, this means the abuse pattern wasn't a surprise — it was the predictable equilibrium of giving thousands of operators query access with only post-hoc audit logs.
Points to the Men in Black scene where Agent K uses government surveillance to check on his ex — wistful in 1997, damning in 2026. The cultural reference makes the point that this misuse mode has been obvious for decades; the only new thing is the scale Flock provides.
The editorial dissects Flock's spokesperson contradiction: calling stalking 'rare' while simultaneously identifying it as 'the most common form of abuse' of the platform. Both can be true — rare per query, systemic per operator — and that distinction is the policy argument: a low base rate over billions of reads still produces a steady stream of victims.
Resolves the Flock spokesperson's apparent contradiction by separating rarity of individual incidents from the systemic frequency with which stalking shows up as the dominant abuse vector. The point: 'rare' is a marketing frame; 'most common abuse' is the operational reality.
IPVM emphasizes that the documented abusers are chiefs of police — the very people responsible for setting and enforcing audit policy. When the policy author is the policy violator, internal governance is structurally incapable of solving the problem and external (judicial) controls become necessary.
IPVM, the surveillance-industry research outfit, published a report documenting a pattern that anyone who's read a privacy threat model saw coming: police chiefs using Flock Safety's nationwide license-plate-reader (LPR) network to track women they were dating, separating from, or trying to find. The report hit 481 on Hacker News, which is what 'this is exactly what we warned you about' looks like as a score.
Flock operates an estimated 40,000+ cameras across more than 5,000 communities in the United States. Any participating agency can, in practice, query the national hot-list and historical-read database. The cases IPVM surfaces are not edge cases involving rogue patrol officers — they involve chiefs of police, the people responsible for setting and enforcing the audit policies that were supposed to prevent this. In one case the queries were run against a current romantic partner. In others, against ex-partners. The audit logs caught them, eventually. The audit logs did not prevent them.
Flock's public response, as quoted by IPVM, contains the tell: a spokesperson characterized the behavior as rare while in the same breath identifying it as the most common form of abuse of the platform. Both statements can be true — rare per query, systemic per operator — and that distinction is the entire policy argument in one sentence.
The Hacker News commentary on this story is unusually clear-eyed, and worth quoting because it's where the engineering audience and the civil-liberties audience finally agree. User `alexpotato` surfaces Scott Adams' formulation: 'Whenever people have the opportunity to commit fraud and there is no monitoring, you can assume they are committing fraud.' User `gattr` points at the *Men in Black* scene where Agent K pulls up surveillance of his ex — played in 1997 as wistful, reads in 2026 as a confession. User `nkrisc` resolves the Flock spokesperson's contradiction directly: rarity of incidents and dominance of a single abuse category are not in tension; they describe the same underlying access pattern.
The technical situation is not subtle. Flock built a system where any credentialed officer can query 'where has this plate been seen' across thousands of jurisdictions, and the only thing standing between that query and a stalking incident is the integrity of the person typing. Audit logs exist, but audit logs are a post-hoc control. They detect; they do not prevent. They work in proportion to the willingness of the agency to investigate its own leadership — which, in the cases IPVM documents, is the leadership doing the querying.
Compare this to how the same engineering problem is solved when the stakes are financial rather than physical. No bank lets a teller pull up the CEO's transaction history on their own authority; production database access at any competent fintech requires a ticket, an approver, and a time-boxed credential. These are not exotic controls. They are Tuesday-afternoon controls. The reason they don't exist in LPR systems is not that they're hard to build — it's that frictionless query is the product. Flock's pitch to small-town departments is 'instant answers across the national network.' Add a warrant requirement and the demo gets worse.
HN user `arjie` makes the cynical-but-correct point that there's a homeostasis to enforcement: if you make warrants slow, the warrantless camera search becomes the default investigative tool, and the carve-outs expand to swallow the rule. We are watching that expansion happen in real time. The Fourth Amendment was written for a world where surveilling a person required a human to physically follow them — an implicit cost cap on government tracking. LPR networks remove the cost. The Constitution, in practice, was load-bearing on the friction it didn't have to specify.
There's also a vendor-accountability question that the engineering community keeps under-pricing. Flock is not a neutral substrate; it is a product company that ships features and configures defaults. They chose to make queries frictionless. They chose what the audit-log retention is. They chose whether supervisor approval is a hard gate or a checkbox. Each of those is a knob they can turn tomorrow, and each one would reduce the abuse surface area without any legislative action. The fact that they haven't tells you what their customers — police chiefs — are actually asking for.
If you build, sell, or contribute to systems that aggregate location data, identity data, or any 'where has X been' index, this story is your threat model in the wild. Per-query authorization with a named, accountable approver is the minimum bar for any product where a lookup can ruin a life. Specifically:
- Default to friction on sensitive queries. Searching a specific identifier (plate, face, phone, email, name) should require justification text and a second-party approval. Bulk analytics queries — 'how many cars passed this intersection on Tuesday' — can stay fast. The dangerous query is the one targeting a specific human. - Make the audit log adversarial. Send query logs to a destination the querying agency cannot edit, suppress, or delete. Mirror them to a state-level or federal oversight body if the contract permits, or to a tamper-evident log (sigstore-style transparency log, append-only S3 with object lock) if it doesn't. An audit log controlled by the person being audited is theater. - Surface abuse signals to the subject. The single highest-leverage change Flock could ship tomorrow is a notification path — direct, or via a state AG portal — that tells a person 'your plate was queried N times by department X in the last 90 days, here are the case numbers.' This is exactly how credit-bureau access notifications work. It is exactly how Google's 'security activity' tab works. It is not a novel pattern. - Price the abuse into the procurement contract. Municipal contracts should include per-incident liquidated damages on the vendor when audit-log review uncovers unauthorized queries. Right now the externality lands entirely on the surveilled person.
The broader point for engineers: if your product makes queries trivially cheap, your product is a stalking tool unless you've explicitly designed it not to be. Defaults are policy. Latency is policy. Approval workflow is policy. 'We have audit logs' is the security equivalent of 'we have a smoke detector' — useful after the fire, not a substitute for not pouring gasoline in the hallway.
The legal fix here is a warrant requirement for targeted LPR lookups, and several states are moving on it, but the legislative timeline is years. The product fix is a Tuesday. The question Flock will have to answer, in court or in front of a state attorney general, is why the controls that every bank, every healthcare provider, and every competent SaaS company ship by default are absent from a product whose worst-case failure mode is a chief of police knowing where his ex sleeps. That answer is not going to age well, and the companies building the next generation of identity-aggregation products — face search, gait recognition, phone-location resale — should read these IPVM reports as a preview of their own deposition.
Remember that scene from "Men in Black" where K watches surveillance video feed of his ex? In the movie it was meant to be wistful and cute, I guess. Now that such systems are getting closer to reality, you realize the potential for abuse in enormous.
This shouldn't be hard to understand. Don't talk to the police, without your attorney present, under any circumstances whatsoever.Dating the police is just such an astoundingly egregious violation of this principle that I can only wonder what, if anything, those people are thinking.Anyway,
Scott Adams' had a great line:"Whenever people have the opportunity to commit fraud and there is no monitoring, you can assume they are committing fraud."
Ultimately, there’s a sort of homeostasis in people’s tolerance for crime. If you need video evidence for prosecution, those who want it prosecuted will produce video cameras. If you make warrants impossible to produce in a timely manner, the camera search will be warrant exempted.Attempts to damage
Top 10 dev stories every morning at 8am UTC. AI-curated. Retro terminal HTML email.
No, it shows that we have a destructive, trust undermining security industry that sells abusive surveillance software that by spirit of the law would be clearly illegal in any country that pretends to be a free and open society and has a constitution in the direction.