Flock Safety Email to Police: Security Research or Activism?

Understanding Flock Safety's Controversial Police Email

When Flock Safety CEO Garrett Langley emailed law enforcement agencies claiming coordinated attacks from "activist groups wanting to defund police," it sparked immediate backlash. Security researchers demonstrated vulnerabilities in Flock's systems months prior through proper channels—cooperating with legislators and notifying the company itself. Yet Langley's message framed scrutiny as "lawlessness," a tactic starkly opposed by police leaders like Chief Jim Williams of Staunton, Virginia. His department terminated their Flock contract, calling public records requests "democracy in action." This clash reveals critical questions about surveillance vendors and police transparency.

How Responsible Security Research Actually Works

Legitimate technology security follows established protocols that Flock's email dangerously misrepresents. Industry standards require:

1. Vulnerability disclosure: Researchers privately notify companies first (as happened here months before public demonstrations)
2. Collaborative remediation: Vendors patch flaws without attacking researchers
3. Transparent communication: Affected parties receive apologies and fixes

Most companies thank researchers—they don't accuse them of normalizing lawlessness. The video author documented this process meticulously, sharing findings with federal and local legislators. This contrasts sharply with Flock's narrative, which ignores their advanced notice of security gaps. As the researcher notes: "IT security is a normal challenge for companies worldwide—handling it without demonizing critics separates trustworthy vendors from others."

Why Police Chiefs Rejected Flock's Narrative

Staunton PD's contract termination wasn't isolated—it reflected core law enforcement principles:

• Accountability to citizens: Public records requests are legal tools, not weapons
• Evidence-based decisions: Police tech must withstand scrutiny
• Democratic integrity: Agencies serve communities, not vendor PR campaigns

Chief Williams' response highlights a critical divide: Some vendors prioritize reputation control, while police leaders prioritize public trust. His statement that citizens were "exercising their rights" underscores how Flock's email misunderstood law enforcement values. When surveillance vendors frame security audits as attacks, they force agencies into unnecessary conflicts that undermine community relationships.

Evaluating Surveillance Vendor Credibility: 3 Key Questions

After analyzing this controversy, law enforcement should ask these questions about any security tech provider:

1. How do they handle criticism?
   Trustworthy vendors disclose vulnerabilities proactively—they don't blame researchers. Demand documentation of past security responses.

2. Who controls the data?
   Flock's ALPR systems store millions of license plates. Agencies need contractual guarantees about data access, retention periods, and breach protocols.

3. What's their transparency track record?
   Review past incidents: Did they notify agencies promptly? Did they retaliate against auditors?

Red flag: Vendors who label scrutiny as "activism" often lack robust security cultures. As demonstrated here, such framing backfires—institutions like Staunton PD prioritize integrity over vendor relationships.

Essential Resources for Police Technology Procurement

• Electronic Frontier Foundation's Surveillance Scorecard (eff.org): Evaluates vendor transparency and civil liberties impact
• SANS Institute Security Policies (sans.org): Framework for vetting tech partners
• Police Executive Research Forum (policeforum.org): Procurement guidelines balancing safety and privacy

Conclusion: Transparency Builds Safer Communities

Security research strengthens policing tools—it doesn't weaken public safety. Flock's attempt to frame scrutiny as activism failed because police leaders recognize accountability as fundamental to their mission. Vendors aligning with law enforcement values welcome audits, fix flaws, and respect democratic processes. Agencies receiving similar emails should scrutinize claims, consult independent experts, and remember: Their duty is to citizens, not vendors.

What vendor behavior would make your agency reconsider a contract? Share your criteria below.