Why is Flock a big deal? – Eyes Off Eugene | Stop Flock Surveillance in Eugene, Oregon

Surveillance is everywhere. What makes Flock so bad?

You see cameras everywhere today. The store you visit has cameras watching you, there are already lots of traffic cams, many homes have a camera inside or out, drivers have cameras in their cars, and most people carry a camera in their pocket all the time.

So what’s the big deal here?

Flock is not just cameras

Flock Safety is a surveillance platform aggressively marketed to police departments, HOAs, and other organizations around the country. It includes an AI-powered search engine that allows Flock users to search for vehicles not just by their license plate number, but also by descriptions of their vehicle: year, make, model, color, damage, roof rack, bumper stickers, and more.

Flock has designed its platform for sharing data

Lots of Flock’s marketing material is focused on the security of its platform. They say that their users “own” the data (but never describe what ownership means for surveillance data), but Flock — and only Flock — owns the encryption keys for the data.

That means Flock users have no means of preventing Flock from sharing data with third parties.

In fact, sharing surveillance data is a key part of Flock’s service. On June 24, Eugene Police Department had granted direct access to Eugene’s brand new Flock installation to 38 other agencies across Washington, Oregon, California, and Nevada:

Screenshot showing the list of external agencies that have direct access to Eugene's Flock surveillance system.

Just a few days after we began asking questions about Eugene’s installation of Flock surveillance systems, the “External organizations with access” section of their transparency page, but you can still find it here: https://archive.ph/U3JQ9

Even if you have complete faith and trust in Eugene Police Department, do you have the same trust and faith in the Sparks, Nevada police department? EPD made the decision to give them direct access to Eugene’s surveillance system because that is a key feature of Flock Safety’s software platform.

Look for more transparency pages for other agencies and it’s easy to find examples where they are sharing access with hundreds of other agencies. This is what Flock is designed to do. The list of agencies that EPD is providing with direct access to Eugene’s Flock installation is going to grow, and grow, and grow; any of those agencies will be able to run searches on all of the data collected by Flock in Eugene for any reason.

There is no legal, judicial, or regulatory oversight

Flock Safety allows users to run searches at any time for any reason. It is up to the individual agency to define usage policies. Agencies only need to add a simple “reason” for their search, and this text can be anything. We have found audit logs with hundreds of empty “reason” fields, and the overwhelming majority of the rest are given in the vaguest possible terms: “Investigation” being a common one.

Flock also provides a convenient mobile app allowing users to search the Flock surveillance network from the convenience of their personal mobile device at any time:

This is a system that is ripe for abuse and is already being abused.

There are already published reports of Flock being used to stalk people unrelated to crimes and being used for Immigration and Customs Enforcement (ICE) purposes.

Flock gives the Eugene Police Department a powerful new tool that allows them to easily collect information on the movements and location of anyone, at any time, for any reason.

EPD does not own the encryption keys for the data

Flock and EPD both promise that the surveillance data collected by Flock is totally safe, but Flock — and Flock alone — holds the encryption keys to the data. That means that Flock has the technical capability to share this data at any time, with anyone, for any reason they choose, without EPD’s knowledge.

EPD promises that their contract with Flock forbids this, but federal agencies can request access to this system and Flock will be obligated to provide it without notifying EPD. A national security letter is just one example of a legal mechanism for this.

Flock’s own privacy policy states that they may use up to 1% of the data they collect for AI training purposes.

If Flock wanted to build a truly secure system, Flock would have built an architecture with end-to-end encryption. That architecture would still allow users like EPD to share information with external agencies, but it would be protected from misuse by Flock themselves, or any of Flock’s current or future partners in business or government.

Flock is a VC-funded tech startup

Last, but not least, Flock Safety is a VC-funded, Silicon Valley tech startup. To date, they have raised $950 million in venture capital over 9 funding rounds since their launch in 2017 (Reuters) (TechCrunch) (Sacra).

Their most recent funding round valued them at $7.5 billion despite an estimated $300 million in annual revenue.

Flock is a tech startup designed to commercialize mass surveillance. Flock’s investors expect a return on their investment, and the most valuable thing that Flock possesses is the data captured by their surveillance network.

VC-funded tech startups like these have a growth phase during which they burn cash to capture a market, and then that is eventually followed by cashing-out phase, where investors get their money back by selling the business, or its assets, to someone else.

Flock is in the surveillance business, and one of their early funding rounds came from Peter Thiel’s Founders Fund, which makes Palantir an obvious potential choice when it’s time for Flock to be sold.