San Francisco audit finds improper access to license-plate reader data
San Francisco’s plate-reader network was supposed to be tightly limited, but an audit found outside agencies improperly queried city data 299 times.
A San Francisco Police Department audit found that federal and out-of-state agencies improperly accessed city license-plate reader data hundreds of times, exposing a gap in the city’s surveillance safeguards. Police said they caught the problem through routine audits and disabled outside access to the Flock network after discovering the issue.
The findings land in the middle of San Francisco’s fast expansion of automated surveillance. The city began installing Flock Safety cameras on March 19, 2024, with plans for 400 public-safety cameras at 100 intersections, backed by a $17.3 million state Organized Retail Theft Grant Program grant. Police have described the system as a major crime-solving tool, but the audit has sharpened concerns that the city could not control who was seeing the data or how it was being used.
The access problem appears to have involved about 299 queries made on behalf of federal and out-of-state agencies, rather than direct logins by those agencies into SFPD’s system. Local reporting identified the Northern California Regional Intelligence Center and the Western States Information Network in the access chain. Flock Safety has said no federal agencies directly accessed the San Francisco camera system.
Police Chief Derrick Lew acknowledged the problem at a San Francisco Police Commission meeting and said the department was concerned even as he defended the cameras’ usefulness. The issue has also renewed scrutiny of the city’s promise that plate-reader data would be tightly governed under California law, especially after Attorney General Rob Bonta issued formal guidance on October 27, 2023, on how law enforcement agencies must handle automated license-plate recognition data. California’s SB 34 remains the central statute in disputes over sharing that information with federal or out-of-state agencies.
The stakes in San Francisco are broader than a single access lapse. Plate-reader logs can reveal where a vehicle travels, when it moves and what other cars or places it may be associated with, which is why privacy advocates have argued that data sharing can expose residents to monitoring by a sprawling network of agencies. The current fight is not only over cameras, but over governance: who may query the data, who reviews those queries and what happens when the rules are broken.
That debate is already spreading across the Bay Area. Oakland approved a two-year, $2.25 million Flock contract in late 2025 that kept 291 existing cameras and added 40 more pan-tilt-zoom units, despite sustained privacy objections. Berkeley has faced similar public concern, and California has already sued El Cajon over allegedly illegal sharing of plate data with federal and out-of-state agencies. San Francisco’s audit now puts city leaders under pressure to show that their surveillance limits are real, enforceable and more than a promise on paper.
This article was produced by Prism’s automated news system from verified source data, official records, and press releases, then run through automated quality and moderation checks before publishing. The system is built and supervised by the people who set the standards it runs under. Read our full AI policy.
Know something we missed? Have a correction or additional information?
Submit a Tip
