Introduction: Automated Surveillance and Its Risks

Automatic License Plate Reader (ALPR) systems represent an increasingly widespread surveillance technology, capable of documenting every vehicle that passes their sensors, creating a vast network of data on people's movements. While designed to support law enforcement in legitimate investigations, recent inquiries have highlighted a disturbing pattern of abuse, with police officers using these tools for personal purposes, particularly for stalking ex-partners or romantic interests. These incidents raise fundamental questions about privacy, data sovereignty, and the adequacy of existing safeguards.

Jarmarus Brown's case, an Orange City, Florida police officer, is emblematic. For months, Brown queried the Flock ALPR system database at least 69 times for his ex-girlfriend's license plate, and dozens of times for those of her parents. The frequency and nature of these searches were such that even a colleague noticed and warned him about the risks. Brown, who had also placed an Apple AirTag in the woman's wallet, admitted using the system to verify her whereabouts, convinced she was lying to him. Ultimately, he was charged with stalking and hacking-related offenses, receiving a sentence of one day in prison and five years of probation.

The Technology and Risks of Abuse

ALPR systems, such as those offered by Flock, collect and store vehicle movement data on a large scale. Law enforcement agencies can access these databases to track the movements of a specific vehicle, and by extension, the person using it, over time. The primary issue, as highlighted by various civil rights organizations, is that a warrant is often not required to use these systems, granting officers the technical ability to look up any license plate for any reason, without adequate oversight.

The pattern of these incidents repeats with concerning regularity across the country. Numerous local news reports detail officers abusing access to surveillance systems to track partners or ex-partners for weeks or months. An investigation by the Institute for Justice documented at least 18 cases of officers caught using Flock for stalking in recent years, while a database called the ALPR Abuse Library has recorded 20. These numbers are almost certainly an underestimation, as they primarily include the most egregious cases that led to firings or arrests.

The Role of Auditing and the Discovery of Abuse

Flock has stated it is aware of 15 incidents of abuse, emphasizing that these surfaced due to the transparency and accountability features deliberately built into the platform. The company also highlighted that, with 140,000 monthly active users, abuses are relatively rare. However, the reality on the ground suggests a more complex dynamic. Many abuse cases were not detected by police departments themselves, but by citizens, journalists, and stalking victims who analyzed audit logs obtained through public records requests.

A significant example is Deflock Joplin, a citizens' anti-surveillance group, which found anomalous searches by a police officer in Joplin, Missouri. By analyzing Flock audit logs obtained via public records requests, they identified a single license plate searched 395 times in ten months by one officer, and another plate searched 147 times. This data, which the group argued should have been evident to any internal audit, led to the officer's firing. Cases like these, along with Josue Ayala in Milwaukee (over 100 searches per plate) or Chris Rozar in Georgia (charged with eight crimes, including computer invasion of privacy), demonstrate that while audit tools are useful, their effectiveness depends on the implementation of stringent usage policies and constant vigilance, often external to the organization itself.

Implications for Data Sovereignty and On-Premise Deployments

The fundamental problem with these systems, as highlighted by Michael Soyfer, an attorney for the Institute for Justice, lies in the fact that they place private information about people's movements over time in the hands of every officer. Without the constitutional safeguard of a warrant requirement, this predictably allows officers to abuse their access for personal reasons. This situation underscores the crucial importance of data governance, compliance, and data sovereignty, central themes for AI-RADAR.

For organizations evaluating the deployment of on-premise AI/LLM systems, these cases serve as a warning. The ability to physically control infrastructure and data does not negate the need to implement extremely rigorous access and usage policies, robust audit systems, and clear accountability mechanisms. Managing sensitive data, whether collected by ALPRs or generated by LLMs, requires meticulous attention to security, privacy, and abuse prevention. Choosing an on-premise deployment can offer greater control over data location and access, but protection against misuse ultimately depends on the strength of internal policies and the transparency of audit processes. For those evaluating on-premise deployments, AI-RADAR offers analytical frameworks on /llm-onpremise to assess trade-offs and constraints related to data sovereignty and security.