Northern Colorado privacy advocates made an unsettling discovery while browsing search results: police license plate searches were appearing in DuckDuckGo and Bing. The URLs, generated by Flock Safety’s automatic license plate reader (ALPR) system, exposed full license plates, case numbers, vehicle descriptions, and investigation reasons like “GTA” (grand theft auto). According to 404 Media, Flock acknowledged that roughly 70 such URLs from 2024-2025 had been indexed by search engines before the company moved to remove them.
When Police Databases Meet Web Crawlers
Search engines accidentally indexed sensitive law enforcement query URLs containing investigation details.
Flock’s ALPR network uses AI-powered cameras to scan passing vehicles and upload plate data to cloud servers. When officers search the system, they enter reasons for each query—creating audit logs meant for accountability. Those search parameters ended up in URLs that search engine crawlers treated like any other web content. The exposed data revealed not just which plates were investigated, but when, why, and by which agencies.
The Pattern Behind the Problem
This leak follows Mountain View’s discovery that Flock shared city data with hundreds of unauthorized agencies.
Mountain View, California officials found that over 250 external agencies conducted an estimated 600,000 searches using their city’s Flock data—all without permission. The city shut down all 30 cameras in February 2026. That incident revealed how Flock’s default sharing settings can expose local data far beyond what municipalities intend, even before any public web exposure occurs.
The Surveillance Scale Most People Never See
Independent research shows the massive volume of plate tracking happening through centralized systems.
The “Have I Been Flocked?” database—compiled from publicly obtained audit logs—reveals 184,195,968 Flock searches covering 4,437,098 license plates. Your daily commute generates machine-readable trails that persist in cloud databases, searchable by thousands of law enforcement users across jurisdictions. The search engine leak simply made a tiny fraction of that tracking visible to anyone with a browser.
URL parameters containing investigation details shouldn’t end up in public search results—but centralized surveillance infrastructure creates new failure modes that extend far beyond traditional data breaches. As cities nationwide evaluate these systems, the question isn’t just whether ALPR cameras solve crimes, but whether vendors can actually secure the investigative machinery they’re selling to police departments.
