Atherton's Flock ALPR Network: How Policy Failures Enable Mass Surveillance Data Sharing
Share this article
In the affluent enclave of Atherton, California, a network of 50 automated license plate readers (ALPRs) from Flock Safety captures approximately 45 million vehicle movements annually. What began as a burglary-deterrent system following a 2018 crime wave has morphed into a surveillance hub with alarming privacy implications. Investigative findings reveal the town has systematically violated its own policies and California law by granting 295 external agencies—including federal immigration authorities—unfettered access to this sensitive data.
The Policy-Implementation Chasm
Atherton's ALPR policy, meticulously crafted during 2020 council debates, mandates:
1. Commander review of every external data request
2. Specific justification for each search
3. Annual audits
4. Explicit prohibition of federal immigration enforcement access
Yet logs obtained via public records requests tell a different story: 2.9 million searches occurred between January-July 2025 alone, averaging 40 searches per user monthly. Police Commander Dan Larsen admitted the policy is "no longer feasible" due to volume, acknowledging systemic non-compliance despite state law California Civil Code § 1798.90.5 requiring adherence to these safeguards.
Federal Access Through Backchannels
Investigative analysis uncovered 832 searches explicitly tagged for immigration and border agencies:
- Bakersfield PD conducted 18 searches for Homeland Security Investigations (HSI)
- Newport Beach PD performed 4 searches for Customs and Border Protection (CBP)
- Anaheim PD executed 14 "ICE"-tagged queries (later claimed as protest-related)
This occurs despite California's SB 54 prohibiting local-federal immigration collaboration. Flock's architecture enables this circumvention—while ICE can't directly query the system, partner agencies perform searches on their behalf. Notably, Amador County Sheriff's Office (which publicly defies state immigration limits) accessed Atherton's data 13 times without providing search reasons.
The Technical Accountability Crisis
Core system failures enable this surveillance free-for-all:
1. Purpose Field Exploitation: June logs show 466 searches with only "crime" as justification—a meaningless descriptor violating policy
2. No Audit Trail: Flock's design lacks granular access logs, preventing verification of legitimate law enforcement purposes
3. Scalability Issues: The network's expansion to 295 agencies makes manual review impossible, yet no automated compliance checks replaced human oversight
Broader Implications for Tech Governance
This case exemplifies how well-intentioned surveillance systems degrade into privacy threats without:
- Enforceable technical guardrails (automated purpose validation, strict RBAC)
- Scalable compliance mechanisms (ML-based anomaly detection vs manual review)
- Transparent auditing (publicly verifiable access logs with redaction safeguards)
As Flock systems proliferate across San Mateo County (Menlo Park, Redwood City, Sheriff's Office), Atherton's failures signal an urgent need for:
"Architecture-first privacy—where policy requirements are engineered into system design rather than bolted on as procedural afterthoughts" - Privacy Engineer's Manifesto
The unresolved tension remains: Can mass surveillance systems ever comply with democratic safeguards when scale inherently conflicts with oversight? As lawsuits challenge ALPR constitutionality in Virginia, Atherton's experience suggests technology is outpacing governance—with fundamental rights hanging in the balance.
Source: The Almanac