Flock Safety's AI-powered license plate readers have been deployed across more than 100,000 locations in the United States. For years, the company's pitch to municipalities was straightforward: install the cameras, reduce crime, keep your community safer. What the contracts did not make clear was that Flock had enabled a "nationwide sharing" feature by default, one that gave federal agencies access to local data without any action, notice, or agreement from the customer.
TL;DR: Flock Safety's cameras silently routed plate data to ICE, CBP, the FBI, and ATF, 1.6 million times in seven months in San Francisco alone, all without city authorization. Over 53 municipalities have cancelled their Flock contracts since the issue surfaced. The governance lesson applies to any team using third-party AI tools with network connectivity: vendor defaults can create data flows you never agreed to, and your contract probably does not protect you from them.
What Flock Safety actually did
In January 2026, the Mountain View Police Department disclosed that between August and November 2024, federal agencies, including the ATF, GSA OIG, and military installations, had accessed the city's Flock camera data through a feature called "nationwide sharing." The department had not authorized this feature. Flock had enabled it without notification.
Further investigation revealed the problem was larger than one city. Mountain View estimates 600,000 unauthorized searches occurred across its camera network by more than 250 agencies that had never signed a data-sharing agreement with the city. A separate class action filed in San Francisco Superior Court in February 2026 alleged that out-of-state and federal agencies, including ICE, CBP, the FBI, and ATF, had queried San Francisco's Flock cameras more than 1.6 million times in seven months. California's sanctuary state laws (SB 54) explicitly prohibit sharing data with federal immigration authorities. The city's contract with Flock did not protect it from a feature the vendor had activated unilaterally.
In Dayton, Ohio, a routine compliance audit found that the city's cameras had been searched more than 7,100 times for immigration enforcement purposes, searches explicitly prohibited under Dayton's own policy with Flock. City workers eventually put black garbage bags over 72 Flock cameras while the contract was reviewed.
Gibbs Mura filed an amended class action complaint against Flock Safety on April 3, 2026, alleging violations of California privacy law and seeking $2,500 per violation. Across 1.6 million alleged unauthorized queries, the claimed exposure is in the billions.
As of late June 2026, more than 53 municipalities had cancelled or rejected Flock Safety contracts, with the pace of cancellations accelerating, 38 of those decisions came in the six months between January and June 2026.
The governance lesson is not about surveillance cameras
The Flock Safety story has circulated primarily as a civil liberties and immigration story, which it is. But for teams managing AI tool deployments, the underlying mechanism is a vendor governance problem that appears across many product categories.
Flock's cameras are networked. They share a common platform. That platform has features, "nationwide sharing," "statewide lookup", that are controlled by the vendor, not the customer. The customer's contract specified what the city intended. The vendor's platform defaults determined what actually happened.
This structure is not unique to Flock Safety. It describes most SaaS-delivered AI products:
AI meeting transcription tools often connect to centralized processing infrastructure where the vendor determines retention policies, subprocessor access, and model training opt-outs. The default is usually vendor-friendly, not customer-protective.
HR monitoring platforms commonly aggregate behavioral data across their customer base to build benchmarks and train models. Customers may technically opt out of model training, but whether their data remains isolated from cross-customer analytics is a different question, one whose answer usually lives in the data processing agreement, not the main contract.
AI customer service platforms frequently use customer conversation data to improve base models unless the customer has negotiated a specific data isolation provision. The default is contribution.
Workplace analytics tools may route data through regional or global processing hubs in ways that create data residency issues customers did not anticipate when signing.
In each case, the vendor's technical architecture creates data flows that the customer's contract language may not have addressed. The question is not whether your vendor is trustworthy. The question is whether you have verified what the vendor's defaults actually do.
Six questions to ask before your next AI vendor contract renewal
These questions target the specific failure mode the Flock Safety case exposed: vendor-controlled defaults that affect your data access scope without your knowledge or consent.
1. What data sharing features exist on this platform, and which are enabled by default?
Ask for a written list of all data sharing, consortium access, or network sharing features, and which ones are active on your account by default. If the vendor cannot produce this in writing, that is itself a material disclosure gap.
2. Can the vendor change our configuration without notifying us in advance?
Flock activated "nationwide sharing" without notifying Mountain View. The contract did not prohibit this. Your contract should require written notice before any default configuration change that affects data access scope, with a defined opt-out period.
3. Which third parties can access our data, and under what conditions?
This includes subprocessors, law enforcement, federal agencies, other government bodies, and the vendor's other customers if data is shared across a consortium. Ask for a current subprocessor list and a written representation that no other third party can access your data without your prior written consent.
4. Do we have audit rights to see who has accessed our data?
Mountain View discovered the unauthorized access only because it ran a compliance audit. Your contract should give you the right to request access logs showing who queried your data, when, and from where. If the vendor cannot provide this, you cannot verify their compliance with your contract.
5. Is our data isolated from other customers' data?
If your data sits in a shared infrastructure layer, vendor employees, partner agencies, or other mechanisms may be able to reach it in ways not explicitly covered by your data processing agreement. Ask specifically whether your data is logically isolated and under what circumstances it is combined with other customers' data for any purpose.
6. What is the vendor's process when a government agency requests access to our data?
Ask the vendor for their law enforcement response policy in writing. A vendor that cannot produce one, or whose policy does not require customer notification before complying with government data requests (except where legally prohibited), is a vendor whose access control posture you do not understand.
What to do with the answers
Not every vendor will answer all six questions satisfactorily. For high-risk AI deployments, tools that process personal data about customers, employees, or the public, the answers should be contractual representations, not verbal assurances. A vendor that says "we don't share data" but will not put that in the contract has told you something important.
For lower-risk tools, the answers still matter for your AI governance documentation. If a regulator, auditor, or data subject ever asks you what data flows exist in your AI tool stack, "we signed the standard contract" is not a complete answer.
The Flock Safety case is notable for its scale and the specific agencies involved. But the structural failure, a vendor platform enabled a data flow the customer did not authorize, is reproducible in any category of networked AI product. Checking whether your current vendor contracts address this is a one-afternoon audit that is considerably cheaper than discovering the gap in litigation.
Related Reading
- AI Vendor Due Diligence Checklist 2026
- Agentic AI Vendor Contract Clauses 2026
- Vetting AI Tools: What the Fake Malware Cases Teach Us
- AI Vendor Contract Redline Template 2026
- Meta Project Cannes: What the Fake Teen Account Story Means for AI Vendor Trust
- ChatGPT Product Liability Lawsuits: What JCCP 5431 Means for AI Vendors
Sources: TechTimes, "Flock Safety Crosses 100,000 Cameras as 53 Cities Cancel Over Unauthorized Federal Data Access", State of Surveillance, "Class Action Lawsuit: Flock Safety Illegally Shared California License Plate Data with Federal Agencies 1.6 Million Times", El Estoque, "Flock Safety faces investigations after unauthorized federal data access", Courthouse News Service.
