Dear Sentinels

In this week's edition, we are watching the watchers, specifically Flock! It is an American company that makes Automated License Plate Reader cameras, or so they did until their new Pan-Tilt-Zoom cameras were released, explicitly designed to track people. This unprecedented surveillance is nothing new in the world, but it does mean we shouldn't stand idly by…

In a totally unrelated academic article, we are looking at an Automated License Plate Reader, but using AI. 😉 This work introduces Sighthoundś, a fully automated license plate detection and recognition system. So what Flock used to offer before they went over to the dark side.

But before we crack on with that, it is time for news from the web, and of course a word from our sponsors.

With AdQuick, you can now easily plan, deploy and measure campaigns just as easily as digital ads, making them a no-brainer to add to your team’s toolbox.

You can learn more at www.AdQuick.com

Scientists build a device that pulls electricity directly from Earth's rotation!

Robots Mastering "Needle Kung Fu"?

Meetings to weddings: Chinese firm AgiBot rolls out humanoid robot rentals!

Trump administration's ban on foreign-made drones starts this week — you can say goodbye to new DJI models!

Scientists may have found the best place for humans to land on Mars!

Shells, beans, and plant fibers-made artificial synapse mimics the human brain!

On the corner of Harris Road and Young Street in Bakersfield, California, a person stands beneath a traffic signal, looking up at a Flock surveillance camera bolted high above the intersection. At the same time, they look down at their phone, where they can see themselves, live, on the screen. The camera is streaming video in real time directly to the open internet. No password. No login. No authentication of any kind.

Hundreds of miles away, colleagues are watching the same live feed, observing the scene unfold remotely. This moment is unsettling, not because it required technical sophistication, insider access, or a clever exploit. It required none of those things. The livestream was available because a digital door had been left wide open... This jarring experience exposes a critical failure within a nationwide surveillance network and underscores the profound privacy risks embedded in the rapid deployment of smart city technologies.

To grasp the severity of this exposure, one must first understand the specifics of surveillance tools. Not all cameras are created equal, and the capabilities of Flock Safety's systems represent a significant escalation in public tracking technology.

Flock's more common Automated License Plate Reader (ALPR) cameras are already a point of concern for civil liberties. Unlike simple red-light cameras that trigger on violations, Flock's ALPRs watch and record every car that drives by. This data is then uploaded, creating a searchable "fingerprint" of a vehicle based on its license plate, make, and even distinct features like fender damage. Police can then construct a traceable path of that vehicle's movement through a city, a capability that civil liberties advocates argue amounts to prolonged, warrant-less surveillance.

The cameras at the centre of this security failure, however, were Flock's more advanced "Condor" models. These are Pan-Tilt-Zoom (PTZ) cameras explicitly designed to track people, not just vehicles. According to the company's own marketing, Condor cameras use artificial intelligence to automatically zoom in on individuals' faces and follow them as they move through public spaces.

The exposed feeds provided direct evidence of these capabilities in action: one camera in suburban Atlanta zoomed in on a woman walking her dog on a bike path; another tracked a man through a Macy's parking lot in Bakersfield. In one particularly intrusive example, a camera on a bike path followed a man as he rollerbladed, zoomed in on him when he stopped, and was able to record with enough resolution to show that he was watching rollerblading videos on his own phone.

The discovery of Flock's exposed cameras was not the result of a complex breach but rather the result of a publicly available tool. The internet is not just a collection of websites; it is a vast, interconnected network of physical devices, from industrial water pumps and gas tank readers to servers and webcams. A specialised search engine called Shodan indexes these devices. Shodan functions by scanning the internet for connected devices and cataloguing the information they send back. Security researchers use simple queries to identify systems that are vulnerable or have been left exposed online. By searching for an organisation, an open port, or devices that have taken a screenshot, a researcher can quickly map out a target's digital footprint and identify potential weaknesses.

It was precisely this method that YouTuber and technologist Benn Jordan, along with security researcher Jon 'GainSec' Gaines, used to uncover the Flock camera exposure. Using Shodan, they identified dozens of Flock cameras streaming their live feeds and administrative panels directly to the public internet, completely unprotected. Shodan did not create this vulnerability; it simply highlighted a pre-existing, critical security failure.

There is a critical distinction between a theoretical vulnerability and an active, real-world exposure. The significance of the Flock incident lies in its shocking simplicity and the sheer volume of sensitive, real-time data it made available to anyone with a web browser. The security failure was absolute. Accessing these Flock cameras required no username, password, or encryption. This unfettered access granted anyone on the internet the ability to watch live feeds in real time, download a full 30-day archive of recorded footage, and even access administrative panels to view log files or change camera settings. As one researcher described it, the system was like "Netflix for stalkers."

This exposure directly contradicted Flock's public reassurances about its robust security policies. The company had previously dismissed similar security concerns by likening vulnerable test devices to "an iPhone stolen off a truck before it was ever connected to the cloud," implying such issues were irrelevant to customer-deployed systems. The reality uncovered on Shodan proved these statements false, revealing a deep chasm between the company's promises and the insecure reality of its deployed network.

The actual impact of a surveillance breach is not measured in terabytes of data but in the erosion of personal privacy and security. The exposed footage provided a direct, unvarnished window into the private moments of ordinary people. "I think it was like the first time that I actually got like immediately scared," said Benn Jordan, who discovered the breach. "I think the one that affected me most was a playground. You could see unattended kids, and that's something I want people to know about so they can understand how dangerous this is."

Researchers documented a chilling catalogue of intimate scenes: children playing on a playground near the Bay Area, a family loading their infant and purchases into a car in a Lowe's parking lot, and a couple arguing at a street market in Atlanta. The danger went far beyond passive observation. One researcher demonstrated the disturbing ease with which this footage could be weaponised. Using open-source investigation tools, he de-anonymised the arguing couple and, within minutes, uncovered a trove of private data, including debt-to-income ratio, recent childbirth, and home address. This incident also highlights a subtler but equally damaging consequence of mass surveillance known as the Hawthorne effect. The phenomenon in which individuals change their behaviour when they know they are being observed.

While surveillance proponents champion this effect for deterring crime, they ignore how it also deters creativity, experimentation, and moments of healthy escapism. One piece of footage was so powerful that it brought the researcher who found it to tears: a grown man who, believing he was alone in a park, took a moment to swing on a swing set. It was a simple, harmless act of reconnecting with a simpler time. Mass surveillance chills these moments, imposing on our fundamental right to form our identities without the constant fear of being watched.

While Flock Safety bears direct responsibility for this technical failure, a breach of this magnitude is rarely the result of a single mistake. It is a symptom of a much larger systemic problem: a rush to deploy surveillance technology without adequate security auditing, independent oversight, or public accountability.

The cities and police departments that purchase and deploy these systems share in the responsibility. As researcher Benn Jordan bluntly states, "the underlying problem is not Flock Safety; the problem is cities wanting a cloud-connected AI-enhanced mass surveillance system but are too lazy to conduct their own security audit or research the efficacy versus risk." This rush to create what one police chief called a "curtain of technology" across communities, often without independent verification of security claims, creates an industry-wide problem.

Furthermore, the very nature of this technology raises profound constitutional questions. Civil liberties groups like the ACLU and EFF argue that the prolonged, warrantless surveillance of entire populations constitutes an unreasonable search, violating foundational privacy rights. The Supreme Court has already ruled that prolonged tracking using cell phone data requires a warrant, and legal challenges are now being mounted against municipal ALPR programs on similar grounds. Flock's corporate response, which contrasted its security boasts with the reality of dozens of exposed, customer-deployed cameras, only underscores the disconnect between the surveillance industry and the communities it claims to protect.

The exposure of Flock's live camera feeds is more than a technical glitch; it is a stark case study of a profound disconnect between the promise of technological security and its implementation. The journey from a single journalist watching himself on a phone in Bakersfield to the discovery of a widespread security failure with profound personal and constitutional implications serves as a critical warning.

This incident demonstrates that true public safety cannot be achieved by sacrificing the very privacy and freedom that define a secure society. When surveillance systems designed to watch everyone are themselves left unwatched and unsecured, they become a threat to the public they are meant to protect. This failure is not merely a flaw to be patched and forgotten.

This investigation was based, in part, on this, this, this, this, this, and this.

This document details Sighthound's fully automated system for license plate detection and recognition, which utilises a sophisticated sequence of deep Convolutional Neural Networks (CNN) to process various vehicle images. The presented technology is engineered to remain robust across diverse environmental conditions, including lighting shifts and occlusions, while outperforming state-of-the-art benchmarks.

Automated license plate recognition has long been a critical focus for law enforcement agencies to monitor traffic violations, tolling, and accidents. Historically, systems have been limited by stationary camera requirements, specific viewing angles, and restricted regional templates that hinder performance in dynamic real-world environments. Most traditional methods relied on heuristic techniques and single-feature processing, which often failed when faced with moving cameras or varied international plate designs.

To address these limitations, the authors leverage recent advancements in deep CNNs and the availability of faster processing hardware to create a more resilient solution. This new approach moves away from restrictive stationary models to an end-to-end system capable of detecting plates across various fonts, sizes, and backgrounds. By utilising a sequence of deep networks, the system achieves low error rates and maintains accuracy regardless of the camera's pose or lighting conditions.

The primary use case for this technology is in the public safety and law enforcement sectors, for tasks such as accident monitoring and toll enforcement. By providing a fully automated pipeline, the system allows agencies to recognise plates from moving vehicles without the manual intervention required by older technologies. This capability is essential for large-scale urban monitoring where vehicles from different regions and with different plate templates are constantly in motion.

Additionally, the system is deployed via the Sighthound Cloud API, making it accessible to developers for integration into third-party applications and software suites. The model's unified nature means it can be applied internationally, as it does not require users to manually specify whether a plate is from the USA or Europe. This flexibility allows for broad application in commercial parking management, security gate automation, and cross-border traffic analysis.

The paper concludes by affirming that the novel pipeline architecture successfully addresses the challenges of license plate detection and recognition through its deep CNN sequence. Quantitative results demonstrate that the Sighthound system consistently outperforms state-of-the-art commercial solutions across multiple benchmark datasets. Ultimately, the authors provide an end-to-end system that is both computationally inexpensive and highly accurate for real-world deployment.

You can download the article here.