Are Your Local Police Using Flock Safety ALPRs to Scan for Immigrants?

1 week 1 day ago

When a car passes an automated license plate reader (ALPR), its plate is captured and instantly compared against a list of vehicles that police are actively looking for or that police have identified for real-time surveillance. These are called “hotlists,” and EFF has learned that one used by agencies across the country targets immigrants on behalf of Immigration and Customs Enforcement (ICE). 

Agencies using Flock Safety ALPR systems commonly allow the plates their cameras collect to be compared against the FBI's National Crime Information Center (NCIC) hotlists. These hotlists are broken into "topics," such as "Gang or Suspected Terrorist," "Stolen Vehicle," and "Missing Person." 

Flock Safety told EFF via email: "Local agencies add/remove license plates from the NCIC list. The FBI curates the NCIC list, and pushes it out to local agencies. Once the list leaves the FBI, they do not see any agency alerts. They only see when a local agency adds or removes plates from the list."

But one list is different: The "Immigration Violator" hotlist is populated exclusively by ICE, and it is the only agency authorized to enter or maintain records in this system, according to the NCIC operator manual. It includes license plates associated with administrative warrants, which are issued by ICE agents without judicial review. The manual further describes the data:

The Immigration Violator File contains records on criminal aliens who have been deported for drug trafficking, firearms trafficking, or serious violent crimes and on foreign-born individuals who have violated some section of the Immigration and Nationality Act.

And: 

If the ICE has reasonable grounds to believe that the subject may be operating a particular vehicle or a vehicle bearing a particular license plate, the vehicle and/or license data may be included in the record.

Buried in the Flock Safety administrative interface, there is a drop-down menu where agencies select which NCIC topics to subscribe to. If Immigration Violator is selected, the local agency will receive an alert that a vehicle ICE is looking for has been sighted. According to Flock Safety, ICE itself does not get an alert, although the local agency may contact ICE to let them know. Many agencies also participate or collaborate with immigration enforcement (through, for example, 287(g) agreements) and may take steps to stop a vehicle based on one of these alerts. 

In many places, using ALPRs for immigration enforcement is against city or state law–or at minimum, against agency policy. But using this hotlist is immigration enforcement. 

For example, Sparks Police Department's ALPR transparency portal lists immigration enforcement among the "prohibited uses." Yet, records show Sparks utilizes ICE's Immigration Violator hotlist.

Many agencies publicly acknowledge using NCIC hotlists, but don't publish which ones. So, EFF filed public records requests with agencies around the country to figure how to identify at least which agencies may be using the Immigration Violator hotlist. Here are links to the documents from the 13 agencies that have responded so far. 

Agencies with the Immigration Violators Hotlist Enabled

Agencies Using NCIC Hotslists, But Immigration Violators Is Disabled

Knowing whether your agency has this box checked isn't just useful information—it's the kind of evidence that can change how officials vote when a contract comes up for renewal. So, how can you find out if your local agency is using the Immigration Violator list? It takes some digging, and you may not be successful. But here's what has worked for us in some instances. 

STEP 1: Conduct background research. 

The first questions you want to try to answer are: 

  • Does your local agency use Flock Safety ALPRs, and if so, 
  • Are they using NCIC hotlists? 

To answer the first question, here are two sites to try: 

  • AtlasofSurveillance.org - This is an EFF project to catalog the technologies law enforcement agencies use. You can search for your agency to see if they use ALPR.

  • EyesonFlock.com  - This site includes an index of every agency that maintains a Flock Safety "Transparency Portal." These portals often disclose what hotlists an agency uses. You'll want to look for your agency, then click the outbound link to their transparency portal, if they have one. 

Once you're on the transparency portal, you'll want to look for two things. 

  • Is "immigration enforcement" a prohibited use? If it is, you might find that the agency is violating its own policies. 

  • Does the agency list "NCIC" as one of its hot lists? 

Not all agencies disclose this information, so even if you don't find anything, you can move on to these next steps. 

STEP 2: File a public records request. 

Every state has a law that allows the public to request information from the government. This can often be done by emailing the police department or sheriff’s office, using the agency's online public records portalYou can usually find these emails or portals quickly online by searching for the agency's website and contact information. You can also subscribe to a service like MuckRock, which is how we filed these requests

We have developed language to request the hotlist topics. It doesn't always work, due to differences in how agencies interpret public records laws, but it is still worth a shot. 

Note: This is template language. A Google doc version is available here (Google's Privacy Policy applies). 

To Whom It May Concern:

Pursuant to the [INSERT LOCAL PUBLIC RECORDS LAW - FIND THAT HERE], I hereby request the following information:

- The NCIC topics that the agency has selected.

Within the Flock Safety ALPR administrative controls for hotlists, there is an NCIC drop-down menu to allow an agency to choose which NCIC "Topics" it will alert on. For example, "Gang or Suspected Terrorist" or "Missing Person." 

You may provide this as a print out or a screen grab, or simply copy-paste the selected items. If you'd prefer to do a full CSV export, that is also acceptable but may take more effort.

I leave the format at your discretion, but I would prefer to use as little of your agency's resources as possible for this request. You can see an example here: https://www.documentcloud.org/documents/28277589-20260414084201725/

The requested documents will be made available to the general public, and this request is not being made for commercial purposes.

In the event that there are fees, I would be grateful if you would inform me of the total charges in advance of fulfilling my request. I would prefer the request filled electronically, by e-mail attachment if available or CD-ROM if not.

Thank you in advance for your anticipated cooperation in this matter. Please do not hesitate to contact me with any questions at [CONTACT DETAILS].

Sincerely,

[Your Name]

STEP 3: Wait for a response.

Depending on the agency and the state law, it may take anywhere from days to weeks to receive a response. 

If the agency provides the records, they might look something like this: 

If "Immigration Violator" is checked, then yes–police are scanning vehicles for immigration enforcement. 

You can then put this information to work, sharing it with local reporters or bringing it directly to city officials who have the authority to modify, restrict, or cancel your agency's Flock contract. This is especially important if the agency has the box checked but also claims ALPR data is not used for immigration enforcement. Government officials like easy fixes, and "uncheck the box" is about as easy as it gets. But remember: If that's where it stops, the infrastructure for immigration surveillance stays fully intact, and the system is one policy, personnel change, or error away from being switched back on.

In many cases, you will not receive records. The agency may claim it's protected under legal exemptions or that it is not actually a public record under state law. For example, we received rejections from the Abington Police Department in Massachusetts and the Akron Police Department in Ohio.

If that happens, push back politely. You can explain that many other agencies across the country have produced this information and that it would greatly help inform the public. You can try contacting the police department's public information officer. Another option is alerting local press that the agency is refusing to disclose basic information about a public surveillance system, shutting residents out of decisions about how that system is being used. If you have the resources and time, you may also consider litigating a denial or lack of response.

You can also email your city council or board of supervisors member. Explain why this matters: The law enforcement agency may be facilitating immigration enforcement in secret, potentially in violation of its own policies. Ask them to use their oversight authority to demand answers from the agency, including pressing the vendor directly. Elected officials hold real leverage here: In most cities, either the council or the city manager controls the contract, and both are accountable to the public. If your agency's contract is up for renewal—or if a new pilot program is on the horizon—this is exactly the kind of information that should be part of that public debate before officials sign anything.

While we have filed dozens of these requests, we need locals to help gather even more. Drop us a line with the records you receive (or don't) at aos@eff.org

Dave Maass

【おすすめ本】トマ・ピケティ (著)・山本 知子(訳)『エコロジー社会主義に向けて――世界を読む2020–2024』―〈脱商品化〉の領域拡大 富裕層・大企業に適切な課税を=本田 浩邦(獨協大学教授)<br />

1 week 1 day ago
 コロナ・パンデミック最中の2020年7月から24年9月まで『ルモンド』紙に連載されたエッセイに書き下ろしの序章を加えた作品である。 20世紀は「社会民主主義」の時代であったが、21世紀はさらに進んで「民主的でエコロジカルな社会主義」でなければならないというのが本書のモチーフである。 「社会主義」といっても、それは「生産手段の社会化」によってイメージされる従来のオーソドックスなそれではない。その柱は、「脱商品化」の領域の拡大と、強い所得再分配(富裕層や大企業に対する限界税率..
JCJ

〈国民国家と文明〉内田樹

1 week 1 day ago
 英国在住のブレイディみかこさんとオンラインでおしゃべりをした。英国と日本の政治状況があまりに似ているので、話を聴いているうちに少し寒気がしてきた。  それは両国とも「ポピュリズム国家」だということである。かつて有権者た […]
admin

〈非戦の意志を憲法に書き込む〉想田和弘

1 week 1 day ago
 解釈改憲にも、ほどがある。  高市政権下、そう思わざるをえない政策が、次々に実行されつつある。武器輸出解禁、敵基地攻撃能力を有するミサイルの配備、軍事費の倍増、国旗損壊罪……。  そもそも日本国憲法第9条は、その制定時 […]
admin

コラム〈いやな予感〉 田中優子

1 week 1 day ago
 沖縄県名護市の辺野古沖で船が転覆し、研修旅行中の生徒が亡くなった。その後、新潟市の高校生の乗ったマイクロバスの事故があり、やはり高校生が亡くなった。どちらも痛ましい事故である。船やバスの安全対策も学校の管理体制も見直さ […]
admin

The KIDS Act Would Require Age Checks To Get Online

1 week 1 day ago

Within the next week, Congress is preparing to vote on the KIDS Act, a sprawling package of legislation that seeks to control Americans’ web browsing and private messaging. The package includes a revised version of the Kids Online Safety Act, or KOSA, combined with a collection of other internet bills, study bills, reporting requirements, and new regulations. Instead of debating any of these proposals on their merits, lawmakers are attempting to move them all at once under an ultra-expedited process. 

The package of cobbled-together bills is a mess, with different age-gating schemes for different services, using different standards. It’s a lot of complexity, and a lot of legal risk. Faced with that, many companies will conclude that the safest option is restrictive age-checking practices across their entire platforms.

Buried inside the KIDS Act are provisions that will push online services to verify all users’ ages, require government-directed moderation policies for online speech, and even create new rules about private and encrypted communications. While supporters continue to claim this bill protects minors online, its requirements come at the expense of privacy, free expression, and the ability of people of all ages to use the internet without revealing sensitive data. 

Take action

Tell Congress to reject this age-gating bill

The KIDS Act Pressures Platforms to Check Everyone's Age

Supporters of KOSA have said the bill doesn’t require age verification. And technically, the KOSA section of the bill does say that KOSA shouldn’t be read to require age verification. 

But if you read the rest of the bill, that disclaimer starts to look hollow. 

Throughout the KOSA section of the legislation, special protections, controls, messaging settings, and parental tools are required whenever a website or app “knows or should have known” a user is a child (defined in the bill as anyone under 13) or a teen (defined as anyone between 13 and 16 years old). 

The problem is a website operator doesn’t need actual knowledge that a user is a minor to get in legal trouble. It applies when a platform “knows or should have known” a user’s age—a low, negligence-style standard of knowledge. If an online service gets it wrong, it’s going to be up to courts and regulators to decide, after the fact, if an online service “should” have known a user was 16. 

To try to avoid liability, services will have to determine which users are teenagers and which are not. Most won’t be able to simply trust their users. They’ll have to collect more information about age, before any lawsuit or government action arises. Some companies may respond by requesting driver's licenses or passports. Others will rely on age-estimation systems that attempt to guess users' ages by looking at existing activity or doing facial scans. Existing estimation systems make mistakes when estimating children’s ages correctly, which is a big problem when that is the population KOSA is trying to protect. And the systems fail more frequently for people of color, people with disabilities, and trans and nonbinary people.

The bill’s authors seem to know this is a problem. On the one hand, the new KOSA section says age verification is not required. On the other, it repeatedly imposes obligations that depend on knowing whether a user is under 17. But a disclaimer doesn’t magically eliminate legal risk, especially for smaller services and startups that can’t afford to defend lawsuits or fight regulators.  

Take action

The "KIDS Act" Is an Age Surveillance Bill

KOSA is not the only part of this package that creates age-verification pressure. The SAFE BOTS Act, like KOSA, goes back to the standard that if a service “knows or should have known” that a user is a minor it can’t offer certain chatbot features. 

The SCREEN Act requires services that host sexually explicit content to determine whether users are “more likely than not” under the relevant age limit, before allowing access to certain content. 

The consequences of this liability will not be limited to minors. If websites and apps are expected to reliably identify teenagers, adults will be asked to prove they are adults. The result is a less private internet for everyone.

The KIDS Act Pressures Platforms To Police Lawful Speech 

The new version of KOSA removes the bill’s infamous "duty of care" provision, a significant change. The revised KOSA requires covered platforms to "establish, implement, maintain, and enforce" policies and procedures addressing several categories of content and conduct. 

Some categories, such as true threats and sexual exploitation, involve unlawful activity. Others are much broader. The bill specifically requires policies addressing the "sale or use" of narcotic drugs, tobacco products, cannabis products, gambling, and alcohol. It also restricts discussions around financial fraud.

Sounds straightforward enough. Then you remember how people actually talk—online and off. Can teens discuss addiction and recovery? Can a 15-year-old post that she’s worried she has a friend who is drinking too much? Can they seek advice about a parent’s gambling problem, or get help if they or a family member have been scammed? Can they participate in harm-reduction communities or discuss substance abuse treatment? All of these young people would be engaging in lawful speech when discussing topics covered by KOSA’s enumerated harms. 

The bill does not directly ban those conversations. But it places platforms under huge pressure to create and enforce moderation policies around broad categories of lawful speech. Faced with legal risk, many services will inevitably choose to remove that speech or restrict those discussions to spaces where they know only adults can participate. We’ve seen this movie before. When legal risk goes up, platforms will take down more speech. 

The KIDS Act Regulates Private Messages, Too 

Several provisions of the bill create new rules around direct messages, disappearing or “ephemeral” messages, and AI chat services. 

The bill includes language stating that certain KOSA requirements should not be construed to override strong encryption. But the protection is incomplete. The carve-out applies to certain features and messaging controls, but doesn’t apply to KOSA’s separate requirement that platforms "address" a list of harms to minors. 

The KIDS Act never answers an obvious question: how exactly is a platform supposed to address those activities if they’re inside encrypted communications that it can’t read? That will create pressure for providers to weaken private communications or limit features on encrypted private services. 

That approach is especially troubling when it comes to ephemeral messaging. Disappearing messages are not a “loophole” or a dangerous design trick. They are a useful privacy feature that allows online conversations to function more like ordinary real-world conversations, which are not preserved forever in a permanent database.

Like many other parts of the KIDS Act, these private messaging provisions also depend on websites and apps knowing who is a minor and who is not. The result is more age checks, more restrictions, and less privacy online.

Take action

Tell congress: no online age checkpoints

Joe Mullin