Dane County recently voted not to renew its contract with Flock Safety, the license plate reader company used by the Dane County Sheriff’s Office. The resolution’s author, Supervisor Chad Kemp, was direct about the reasoning: “Nothing about this action suggests that our deputies have misused this system. But the sheriff’s office has not been able to affirmatively confirm that the agencies it shares data with, or Flock itself, are not misusing the information collected by cameras in Dane County.” Board Chair Patrick Miles described Flock as “a proven bad actor” on Fourth Amendment grounds.

At the same time, the Village of Cottage Grove continues to expand its own Flock camera network. A village board member recently asked whether the village’s contract actually protects resident data. It is a good question, and the national record on Flock suggests it deserves a direct answer.

What Flock Is

Flock Safety manufactures and operates automated license plate reader cameras. The cameras capture every vehicle that passes, recording the plate, location, and timestamp. That data is stored in Flock’s system and, depending on how a contract is configured, can be shared with other law enforcement agencies, locally, statewide, or nationwide.

As of 2025, Flock operates in over 5,000 communities across 49 states and performs over 20 billion vehicle scans per month. It is not a small vendor. The company has raised nearly $1 billion in venture funding and is backed by Andreessen Horowitz. At least 221 Wisconsin law enforcement departments use Flock cameras or automated license plate readers.

The technology does produce results. Flock has documented contributions to stolen vehicle recovery and criminal investigations, and many agencies describe it as one of their most effective tools. That is real, and it is worth acknowledging. The argument here is not that those benefits are fictional. It is that they do not resolve the question of whether the contractual and architectural protections around resident data are adequate.

The False Comparison

A common response to privacy concerns about tools like Flock is some version of: you already share your data with Facebook, your phone tracks your location, so what is the difference?

The difference is architecture. Facebook and your cellphone carrier are not designed to give law enforcement agencies rapid, low-friction access to your data as a core feature of their product. Flock is. The entire value proposition of Flock’s nationwide network is that thousands of law enforcement agencies can query each other’s data with minimal friction. Getting data from Facebook or a carrier requires affirmative legal steps by law enforcement. While Flock’s system includes permissioning and audit controls, it is designed to make cross-agency querying operationally easy once that access is granted. That is not analogous to a private company holding your data. It functions as a form of surveillance infrastructure built specifically for government access.

What the National Record Shows

Flock’s stated position is that customers own their data and control who accesses it. The documented record is more complicated.

According to public reporting and audit records, including ACLU reporting on California agency access and local audit findings obtained through public records requests, agencies that configured their systems for local access only discovered that a vendor-side issue or system behavior had enabled nationwide queries beyond what agencies believed they had configured. In California, federal agencies including ICE and CBP accessed local Flock databases through a mechanism local departments did not authorize and, in some cases, did not know existed. One audit found over 364,000 unauthorized accesses of the Ventura County Sheriff’s database in roughly one month. San Francisco PD’s database was searched by out-of-state agencies over 1.6 million times in seven months.

A Texas officer used Flock’s national network to search for a woman suspected of having a self-administered abortion, entering “had an abortion, search for female” as the search reason. Flock initially characterized this as a welfare check. Subsequent public records requests revealed the investigation was a death inquiry and that the safety justification was added retroactively after press coverage.

These are not hypothetical risks. They are documented outcomes.

The Contract Is the Problem

Flock’s marketing says customers own 100% of their data. What the standard template contract actually grants is a broad license for Flock to process and share that data for law enforcement purposes, which may extend well beyond what residents assume based on interface settings. Restricting that requires affirmatively rewriting the contract language, something most small municipalities lack the legal resources to do or even know to ask for. While processing license language is common in software agreements, in this case it intersects with a product specifically designed for cross-agency data sharing, raising real questions about how far that sharing extends in practice.

In February 2026, Flock updated its Terms and Conditions. Independent legal analysis found the update made things worse for customers, not better. It introduced mandatory arbitration under Georgia law, stripped language that could have limited data monetization, and preserved Flock’s broad license rights while maintaining the “customers own the data” marketing language.

This is not a settings problem. The settings sit on top of a contract that may not protect residents regardless of what those settings say.

Privacy Is the Concern, Not Just Bad Actors

What makes Flock different from other law enforcement tools is not simply that misuse is possible. Every database system carries that risk. What distinguishes Flock is that it enables large-scale, cross-jurisdictional querying of historical movement data, something traditional law enforcement systems were not designed to do. A credentialed officer within the Flock network, depending on sharing configuration, can query the movements of a vehicle across thousands of jurisdictions without a warrant requirement built into the system itself. That is a structural privacy concern that exists independent of whether any individual officer behaves responsibly.

The documented misuse record is worth understanding in that context. A Milwaukee police officer used Flock to run his dating partner’s plate 124 times over a two-month period and the partner’s ex-boyfriend’s plate 55 additional times, listing “investigation” as the reason each time. The Braselton, Georgia police chief was arrested for using Flock cameras to stalk and harass multiple private citizens. The former police chief of Sedgwick, Kansas used Flock to track his ex-girlfriend’s vehicles 228 times over more than four months. In Wisconsin, the Wauwatosa Police Department conducted nearly 1,900 Flock searches in six months with the sole listed justification being “investigation.”

While these cases represent a small fraction of total usage, they illustrate the types of misuse that the system’s architecture makes possible at scale. Audit logs exist to catch misconduct after the fact, but the search reason field routinely shows entries like “investigation” or “susp.” At 450,000 searches per month across the national network, case-by-case oversight is not realistic.

What the Village Should Ask

The Village of Cottage Grove has its own Flock contract, separate from the county. Wisconsin has no specific statewide LPR statute, meaning guardrails are largely defined by contract terms and agency policy rather than uniform law. The February 2026 Terms and Conditions update did not improve that situation.

The question is not whether to use license plate reader technology. It is whether this vendor’s contract architecture provides the protections residents would reasonably expect. A few specific questions the village board should be able to answer: Does the village’s contract mirror Flock’s standard template, or was it negotiated to remove Flock’s broad license rights? What are the village’s current data retention and sharing settings, and who has authority to change them? Has the village conducted an audit of who has accessed its Flock data and under what stated justification?

If the village chooses to continue using Flock, the focus should be on tightening contract language around data sharing, limiting retention periods, and requiring independent auditability of access across the network.

In practice, local police departments treat their Flock usage policies carefully because they understand the political sensitivity. The village is not likely to casually change its data retention settings or sharing configuration. But as Supervisor Kemp noted at the county level, the issue is not whether local officers are trustworthy. It is whether anyone can affirmatively confirm that Flock and its network partners are not misusing the data. That protection should be anchored in enforceable contract terms, not rely primarily on institutional goodwill. Audit logs and internal policies provide some accountability, but they operate through after-the-fact review rather than enforceable limits on access.

Dane County’s decision not to renew is a reasonable moment for the village to ask these questions. The village board seated following the April 7 election is a reasonable body to ask them.

Disclosure: The author of this blog post voted to approve the village’s Flock contract while serving on the village board, and more recently voted as a Dane County Supervisor to end the county’s Flock contract. That experience with both decisions informs this post.