Police officers are being told to “be as vague as permissible” about why they are using the Flock surveillance system in order to not leak sensitive information via public records requests, according to records obtained using a public records request. The warning originated from a Houston-area police intelligence center that includes members of the FBI and ICE and suggests without evidence that people are using a website called HaveIBeenFlocked.com to “potentially retaliate against law enforcement.”
The warnings were shared with 404 Media by researchers from Southerners Against Surveillance Systems and Infrastructure and Lucy Parsons Lab after our article about police unwittingly leaking the details of millions of surveillance targets nationwide due to public records redaction errors made by several Flock automated license plate reader system customers. This data was aggregated into a searchable tool called HaveIBeenFlocked.
Rather than looking at this incident as a huge operational security failure associated with using a massive commercial surveillance system, police see this as something that puts their officers directly in harm’s way. The data released by police departments includes the agency doing a search, the officer’s name, time of search, the license plate searched, and a “reason” field, which is the justification for doing a specific search.
In an “Officer Safety Situational Awareness Bulletin,” the Houston Investigative Support Center, an intelligence apparatus consisting of members of Houston-area police departments, the FBI, the Drug Enforcement Administration, and Immigration and Customs Enforcement’s Homeland Security Investigations told members that HaveIBeenFlocked “poses a significant officer safety risk to law enforcement personnel because suspects can determine if they are the target of an investigation and potentially retaliate against law enforcement and/or those cooperating with law enforcement.”
It goes on to say in a “recommendations for Flock Users/Agency Administrators” section that “Flock Administrators should ensure that the reason for the query be as vague as permissible,” with a suggestion being that cops just write “investigation” as the reason for a search.
"A group of self-styled privacy advocates have filed a series of Freedom of Information Act (FOIA) requests with law enforcement agencies around the country to obtain agency Flock audit logs," the warning reads. "The Flock system itself has not been compromised. Currently, this information appears to be coming from Washington State, Colorado, California, Georgia, Illinois, and Virginia. Agencies in these states held data from other jurisdictions pertaining to inquiries that had been made against the national Flock platform. The data on the website is not 'real time' and, as of December 8, 2025, the most recently confirmed data appeared to be from late October 2025."
A member of the FBI also sent the warning from the Houston Investigative Support Center to Atlanta-area police, according to an email obtained via public records request and shared with 404 Media. In another email, the Georgia Bureau of Investigation-GISAC, which is an Atlanta-area fusion center, issued a similar warning and said that a fusion center in Illinois had done the same. Fusion centers are intelligence sharing centers in which state and local police partner with federal agencies. "This website, and others like it, poses obvious risks to officer safety, operational security, and investigative integrity. Do not use your department systems to check these sites, as their ability to pull data and leave behind code is suspect." This email also warns agencies they "should consider reviewing their current license plate reader permissions and seek guidance from their respective customer service representative for any software they have."
The Georgia fusion center warning was then further shared by a member of the United States Department of Justice, the emails show.
The flurry of warnings highlight just how bad of an operational security screwup Flock's information sharing design was, leaving the investigations of thousands of police departments vulnerable to a redaction error by any single one of its customers. It further highlights how law enforcement see themselves as being consistently and universally under threat from the people it is supposed to protect. This is a narrative we have seen tragically play out in Minneapolis as legal observers shot dead in the streets by ICE have been branded "domestic terrorists" who were threatening ICE agents by the Trump administration despite video evidence showing this was not the case.
ICE has also been obsessed with not revealing the identity of its officers, with its agents wearing masks during raids, refusing to give their names or ID numbers, and the agency refusing to reveal the names of agents during court proceedings. The warnings issued by fusion centers about Flock show that this obsession with secrecy and officer anonymity is filtering down to the state and local level, because Flock is most often used by local police.
The suggestion that officers should be as “vague as permissible” about why they are using Flock is also a problem. Police currently do not get a warrant to use Flock, and have revealed that they use it for legitimate investigations, but also for all sorts of other purposes. Flock search audit logs have been used to reveal officers who have used the system to allegedly illegally stalk people and have been used to reveal informal cooperation between local police and ICE, as well as the search for a woman who had an abortion. We revealed last year that some of these searches were illegal in some states where they were conducted. An analysis by the Electronic Frontier Foundation, meanwhile, showed that many police officers do not put any reason at all for their Flock search.
