If Flock Safety’s audit logs caught five former Albany officers, how many improper license-plate searches never triggered an audit at all?
That is the question Georgia officials should be asking now. The arrests are not merely a privacy scare. They are evidence of a governance failure around license plate reader data — one that cities, police departments, HOAs, and private businesses should not dismiss as a few bad actors. Multiple Georgia departments uncovered troubling use of surveillance systems after internal audits, including officers allegedly using LPR tools to track ex-girlfriends, romantic interests, and co-workers, according to Notebookcheck.
When police misuse Flock data, is this still an abstract privacy debate?
No. The debate has moved from “could this be abused?” to “it was allegedly abused, and now people have been arrested.”
The most concrete case cited in the related reporting is Albany, Georgia, where an internal audit of the police department’s Flock license plate reader camera system led to a request for a GBI investigation on June 25, 2026. The bureau later said five former officers were charged with misuse of license plate data and violation of oath of office in a July 6 statement.
Notebookcheck also points to a broader Georgia pattern: in more than five districts, officers were found to have used LPR systems for personal tracking, including romantic and workplace targets. One of the more serious examples involved former police chief Michael Steffman, who allegedly used the department’s LPR system to stalk and harass multiple people before resigning and being arrested by the GBI.
That matters because the public was often asked to evaluate these systems as crime-fighting infrastructure. The Georgia cases show the other side: once movement data exists and insiders can search it, the abuse scenario does not require a hacker. It can come from someone with a login.
What power does a plate search give a local officer?
Flock-style automated license plate readers do not need to identify a face to reveal sensitive behavior. A vehicle record tied to time and location can expose visits to a home, workplace, medical office, political event, religious institution, or personal relationship.
Flock describes its own value proposition bluntly: users can “search vehicles, time, and location in seconds,” and the company says its platform connects neighborhoods, businesses, and law enforcement around shared evidence. On its site, Flock Safety also says “communities decide how it’s used.”
That local-control pitch is exactly where the Georgia cases bite. If a department’s rules are loose, if supervision is sporadic, or if audits happen only after suspicion emerges, “local control” can mean local vulnerability.
Flock says its cameras focus on vehicles, not faces, and that data is held for 30 days unless otherwise required by law. That does not erase the concern. Thirty days of searchable vehicle movement is enough to map a person’s life if the wrong authorized user decides to look.
Does Flock’s audit defense solve the problem it exposed?
Flock’s strongest argument is that the Albany case proves the system worked. In a July 8, 2026 statement distributed through GlobeNewswire and carried by Markets Insider, the company said its audit records helped identify and document the unauthorized searches. It said every search can record who searched, when, what was searched, and the associated investigative case when applicable.
That is not nothing. Audit logs are better than blind trust.
“Technology doesn't create misconduct. People do,” said Paige Todd, Co-Founder of Flock Safety. “The question isn't whether someone will attempt to misuse technology. The question is whether the technology is designed to expose that misuse and help agencies hold bad actors accountable.”
The quote is clever. It is also incomplete.
Accountability after abuse is not the same as control before abuse. If the public learns about misuse only after terminations, arrests, or criminal charges, oversight has already failed at least one person whose movements were searched for personal reasons.
| Flock’s accountability claim | The governance problem Georgia exposes |
|---|---|
| Audit logs record searches | Logs matter only if someone reviews them aggressively |
| Role-based permissions can limit access | Permissions are only as strong as department policy |
| Case attribution can tie searches to investigations | Vague or missing case requirements invite casual access |
| Local control lets communities decide use | Local officials may approve tools before rules are mature |
Flock says the Albany investigation is the first publicly confirmed instance in which its Audit Assistance capabilities helped identify police misconduct. That is important. It also raises the harder question: if this is the first public confirmation, what has not been confirmed publicly?
Did deployment outrun the rules meant to control it?
MLXIO analysis: yes, that is the reasonable inference from the supplied facts.
Notebookcheck describes Flock as pursuing an aggressive model of signing as many clients as quickly as possible. Flock says it has more than 12,000 customers. The company’s network is not limited to police departments; its cameras are also used by private businesses, HOAs, and shopping centers, and those cameras can feed into the same broader system.
That creates a policy gap. A city council may approve cameras as a public safety tool. A homeowners association may install them as a neighborhood security measure. A shopping center may see them as protection for property. But the data can become part of a wider search environment with consequences beyond the original pitch.
This is the same basic governance challenge MLXIO readers see across sensitive data systems: rules written after deployment rarely inspire confidence. For adjacent context, see our coverage of data-control pressure points in 180-Day Clock Puts AI Health Data Sales on Notice and privacy-by-design choices in Lumo 2.0 Grabs AI Memory Without Selling Your Data.
The lesson is not that every data tool is illegitimate. The lesson is that access controls, retention limits, audit duties, and public reporting cannot be optional extras bolted on after abuse becomes embarrassing.
Can crime-fighting value excuse casual access to movement data?
This is the strongest counterargument for Flock: license plate readers can support investigations. Related reporting says Flock cameras in Atlanta helped law enforcement agencies identify an accused shooter in a string of attacks that included the death of a Department of Homeland Security employee. Flock also claims it helped reunite more than 10,000 missing people with loved ones in 2025.
Those are serious claims. Communities are allowed to care about safety. Police departments are allowed to use technology that helps identify vehicles connected to incidents.
But usefulness does not lower the oversight bar. It raises it.
A powerful investigative tool should not be available for broad, casual, or personal searches. The line is simple: a legitimate case, a documented purpose, a limited search, and a reviewable record. If a department cannot enforce that line, it should not be expanding access.
What should Georgia officials refuse to approve until audits catch up?
Georgia cities and counties should pause new Flock expansions and renewals until independent audits show the data is being controlled. Not internal assurances. Not vendor talking points. Independent review of actual access logs.
At minimum, public agencies using Flock LPR data should require:
- Documented purpose: Every sensitive search should require a case number or written justification.
- Automatic alerts: Queries involving repeated searches, personal targets, or unusual patterns should be flagged.
- Short retention: Departments should justify any retention beyond the stated 30-day default.
- Public reports: Cities should disclose search volumes, audit results, violations, and data-sharing relationships.
- Real penalties: Misuse should bring discipline, referral when warranted, and loss of access.
The question that will not be answered for months is how many other departments will find similar misuse once they look closely. That uncertainty should change the default.
Surveillance that cannot be controlled should not be expanded. Public safety cannot rest on secret databases the public is asked to trust blindly.
Impact Analysis
- The arrests show license plate reader misuse is a real governance problem, not just a hypothetical privacy risk.
- Insider access to movement data can enable stalking, harassment, and personal targeting when oversight fails.
- Cities, police departments, HOAs, and businesses using LPR systems may face pressure to strengthen audits, access controls, and accountability.










