3 min read

Mountain View Suspends ALPR Program Amid Data Sharing Scandal

Mountain View Suspends ALPR Program Amid Data Sharing Scandal
Photo by Zhouxing Lu / Unsplash

The city of Mountain View, California, has suspended its use of Automated License Plate Reader cameras following the discovery that hundreds of federal and state law enforcement agencies had been accessing local surveillance data without authorization. The incident has reignited a national debate over whether ALPR technology—and the companies profiting from it—can ever be trusted to operate within the boundaries communities set for them.

What Happened in Mountain View

Mountain View Police Chief Mike Canfield announced he had lost confidence in the system after an audit revealed that Flock Safety, the private company operating the cameras, had configured the very first deployed camera to allow "nationwide" access—without the police department's knowledge or consent. This wasn't a bug or an oversight. It was the default setting.

Between August and November 2024, agencies ranging from the ATF in Kentucky to Langley Air Force Base in Virginia were accessing Mountain View's surveillance data. Additionally, 29 of 30 cameras had a "statewide" search function enabled that directly violated the protocols the city had carefully established for its pilot program.

Chief Canfield called the situation "frankly unacceptable". The incident raises a more troubling question: if Flock's default configuration undermines local privacy protections, whose interests is the company actually serving?

Flock's Business Model Deserves Scrutiny

Flock Safety has positioned itself as a partner to local law enforcement, but its business model depends on network effects the more agencies that share data, the more valuable the platform becomes. This creates a fundamental tension between what communities want (local control, limited data sharing) and what makes Flock profitable (expansive, interconnected surveillance networks).

The Mountain View incident suggests that Flock's incentives may be steering the company toward configurations that maximize data sharing rather than privacy protection. When the default setting exposes local data to hundreds of outside agencies, that's not a neutral technical choice—it's a business decision that prioritizes network growth over the trust communities place in local police departments.

A Pattern of Abuse

Mountain View isn't an isolated case. ALPR technology has a troubling track record that extends far beyond configuration errors.

The fundamental privacy concern is that these systems collect massive amounts of location data on people without any prior justification for investigation, a 4th amendment violation. Most jurisdictions lack clear retention policies, meaning scans of your license plate—documenting where you were and when can be stored indefinitely and be used maliciously. Over time, this data paints an intimate picture of your life: where you worship, who you visit, what doctors you see, who your friends are, where you work, which political rallies you attend.

Then there's the human element. Officers have repeatedly misused ALPR databases for personal reasons tracking ex-partners, surveilling neighbors, monitoring journalists. A police chief in Kansas resigned after admitting he used the system to stalk his ex-girlfriend. These aren't hypothetical risks they're documented abuses that keep happening because the temptation of easy access to comprehensive surveillance data proves irresistible.

The technology itself is also unreliable. High misread rates have led to innocent people being detained at gunpoint, handcuffed in front of their children, and treated as criminal suspects because an algorithm misread a digit on their plate. When police departments over-rely on ALPR hits without verification, the consequences fall on ordinary people who happen to drive cars with similar plate numbers.

Perhaps most concerning is the pipeline to federal agencies. In Washington state, local ALPR data is frequently accessed by immigration enforcement agencies often in direct contradiction of sanctuary policies that communities have democratically enacted. Local surveillance becomes federal surveillance, regardless of local intent.

The Push for Accountability in Orange County

The Mountain View revelations should serve as a wake-up call for communities across California, including Orange County, where debates over ALPR deployment continue. Departments defend ALPRs by pointing to solved crimes, but this framing conveniently ignores the costs: mass surveillance, data shared without reasonable privacy protection or oversight, and a surveillance infrastructure that can be turned to any purpose once it's built.

Some cities have decided the tradeoff isn't worth it. Denver voted to stop using ALPRs altogether. In California, legislative efforts have attempted to establish model policies, but voluntary guidelines have clearly proven insufficient. The Mountain View breach demonstrates that without enforceable rules with real consequences for violations privacy protections exist only on paper.

For Orange County residents the lesson is clear: the time to demand accountability is before these systems are deployed, not after the data has already been shared with agencies across the country. Once the surveillance infrastructure exists, controlling it becomes exponentially harder. The question isn't whether ALPRs can help solve some crimes—it's whether that benefit justifies building a system that treats every driver as a subject of ongoing surveillance, managed by private companies whose profits depend on making that surveillance as expansive as possible.