Anyone driving in the United States today has almost certainly passed under the gaze of a Flock camera. No need to break the law: these roadside devices log every passing vehicle. A quiet habit that is redrawing the surveillance map, while Flock Safety consolidates a near-absolute market dominance. According to data reported by Engadget and relayed by The Next Web, Flock manufactures the vast majority of the more than 100,000 automatic license plate readers (ALPRs) blanketing the country.

But calling these units mere “plate readers” is reductive, if not misleading. The compact hardware hides a much richer data acquisition pipeline, capable of extracting contextual information ranging from vehicle type to movement patterns. Each pass becomes a dot in a vast database, searchable by law enforcement and, increasingly, by private entities.

Why license plate reading is just the start

Modern ALPRs are not simple optical sensors. They integrate high-resolution cameras, infrared illuminators, and, in many cases, edge processing capabilities. That means inference is performed directly on the device, turning a video stream into structured metadata before the data even leaves the camera. The license plate is just the starting point: make, model, color, any body damage, and even the number of occupants can be captured and analyzed. For Flock, this translates into a steady stream of georeferenced events, sold as a service to local administrations and residential communities.

The sovereignty node: where does the data go?

For those dealing with IT infrastructure and on-premise deployment, Flock’s model raises precise questions. In many implementations, collected data is sent to the cloud for centralized aggregation and analysis. This approach simplifies management but shifts the control center away from the local entity: the apparently low TCO hides lock-in costs, limitations in data access, and compliance risks.

If a public administration wants to retain full data sovereignty, it must evaluate a self-hosted architecture, where the entire pipeline – from capture to storage – remains on local infrastructure. This is not an academic exercise: GDPR in Europe imposes strict constraints on data residency and retention, and US states are multiplying privacy regulations. An ALPR system operating on-premise requires dedicated hardware investments (servers with sufficient VRAM for any inference workloads, redundant storage, low-latency connectivity) but gives the owner granular control over who accesses the data and for how long it is stored.

Beyond the cloud: the local deployment dilemma

The choice between cloud and edge (or pure on-premise) is not binary. Some cameras perform plate recognition locally and send only the results, reducing bandwidth needs and better respecting privacy requirements. However, this configuration demands that each device has sufficient computational power and that the organization manages a distributed fleet, with all the update and maintenance complexities that entails.

Those opting for full control can go further: a dedicated on-premise infrastructure allows training or fine-tuning proprietary models on local data, without exposing them to third parties. It is an approach that banks, critical infrastructure operators, and companies attentive to intellectual property are beginning to consider seriously. The trade-off is clear: higher CapEx and solid in-house skills in exchange for autonomy and security.

An ecosystem demanding rules

Flock's expansion is a wake-up call not only for privacy advocates but for anyone designing long-term data architectures. When a single vendor controls the overwhelming majority of collection nodes, the entire infrastructure becomes a black box. The shift to a more transparent and controllable model – be it on-premise, hybrid, or federated – requires open standards for data formats and communication protocols, as well as orchestration frameworks that allow monitoring the entire pipeline.

For those evaluating on-premise deployments, well-documented trade-offs exist on AI-RADAR, where costs, performance, and compliance requirements are analyzed. The spread of ALPR systems shows that surveillance is no longer just a matter of hardware, but of who controls the resulting information flow – a central theme for anyone building data infrastructures meant to serve the owner, not the other way around.