Flock Says Cameras 'Worked Correctly' in Wrongful Police Ambush
Flock Safety, one of America's fastest-growing automated license-plate recognition (ALPR) companies, is standing behind its machine-learning system after
Researched and drafted with AI assistance, then screened by automated editorial checks before publishing. How we work.

Flock Safety, one of America's fastest-growing automated license-plate recognition (ALPR) companies, is standing behind its machine-learning system after that system played a central role in four armed police cruisers boxing in a journalist and his wife at a Minnesota Kohl's — over a plate that was never actually stolen. The incident, reported in depth by The Drive, reveals a cascade of systemic failures that transformed a garbled database entry into a high-risk police stop, and raises serious questions about the accountability architecture — or conspicuous lack of one — governing AI-assisted policing at scale. When asked directly, Flock says its cameras worked correctly throughout the episode. That response, as the full record shows, is itself the heart of the problem.
What Actually Happened: A Box-and-Pin at the Kohl's Parking Lot
Joel Feder, a writer for The Drive, was testing a $155,000 Range Rover on loan from Jaguar Land Rover when he pulled into a Kohl's in Plymouth, Minnesota, with his wife to run errands. As he backed out of a parking space, four police cruisers converged on the vehicle and, in the language of the subsequent police report, "initiated a box and pin." Officers approached with hands on their weapons, ordered both occupants out, patted them down, and explained that the Range Rover's New Jersey license plate — 34 10 DTM — had been flagged as stolen.
What Feder learned next made the encounter even more alarming: officers told him they had used Flock Safety cameras to track the vehicle over the previous two days before making the stop. This was not a one-time scan — it was a protracted, automated dragnet operating without Feder's knowledge across an entire suburban camera network. Officers on the scene indicated that any car in the New Jersey 34 ## DTM plate sequence would keep getting flagged, and they were right. Days later, Tim Esterdahl — publisher of Pickup Truck + SUV Talk — was pulled over in Scotts Bluff, Nebraska, while driving a different JLR-loaned Range Rover Sport bearing plates 34 08 DTM. His 14-year-old child was in the car. According to The Drive, two officers stopped him without pat-downs or hands on weapons, and he was released after roughly an hour.
Neither plate was stolen. Neither vehicle was stolen. The entire chain of events originated with a single, fatally incomplete entry in a federal law enforcement database.
The Data Error That Started Everything: NCIC and the Missing Digits
The plate that actually was reported lost — 34 03 DTM — was a New Jersey plate misplaced by Land Rover during a California photo shoot. According to The Drive, the record was entered into the National Crime Information Center (NCIC) — the FBI-managed federal database used by law enforcement agencies nationwide to flag stolen vehicles, stolen plates, and wanted persons — as just "34 DTM," omitting the middle two digits ("03"). On New Jersey specialty plates, those middle digits appear in a physically smaller font between the alpha clusters, a formatting detail that apparently escaped the person entering the record. The agency responsible was initially reported as the Los Angeles Police Department; per The Drive, the LAPD subsequently told Feder that the entry actually came from someone at the Los Angeles Sheriff's Department (LASD), which did not return a request for comment. That correction is itself worth flagging: even the question of which agency created the flawed record was initially misattributed, underscoring how opaque the provenance of a single NCIC entry can be.
That truncated string — three tokens instead of the full plate — then flowed into Flock Safety's hotlist system. Flock ingests NCIC data to populate the alerts its cameras generate. When Feder's vehicle drove past any of Plymouth's 18 Flock cameras, the system scanned his plate, found the characters "34" and "DTM" present in the read, and fired an alert to officers' phones. The intervening "10" was not treated as a disqualifier. Under the system's matching logic as it existed at the time of the incident, it was effectively irrelevant noise.
Why it matters: The NCIC database is a foundational layer of American law enforcement, queried millions of times daily. Any automated system that ingests it without validating entry completeness inherits every human error upstream — and then amplifies those errors at machine speed and machine scale, across thousands of jurisdictions simultaneously.
Flock Says Cameras Worked Correctly — and That Framing Is the Problem
When Feder spoke by phone with Flock Safety's Chief Communications Officer, Joshua Thomas, the company's position was unambiguous: Flock says cameras worked correctly within the operational parameters they were given. Thomas explained the underlying logic with notable candor:
"The way that the ML [machine learning] works is it correctly read what it was supposed to read. It was fed those characters that you said, 34 DTM, and it spit back out [a result] with the characters, 34 DTM. It was asked, can you find this? And it did find that. It just didn't say if there's more here, then don't do it. It just simply said, is it there? And the answer was yes."
Thomas went further, describing this as a design that reflects how law enforcement customers — who frequently work from partial plate information and want maximum recall rather than conservative precision — prefer to use the tool:

"The way that law enforcement likes to use these tools is, if any of the characters that they have put into these hot lists get read, they want to get those alerts. Now, what we try to train officers to do is to do what you said, which is to verify that 34 DTM is what I'm looking for, and what I'm seeing is 34 10 DTM."
This is a textbook precision-versus-recall trade-off, and by Thomas's own account Flock has optimized for recall. In machine-learning terms, the system minimizes false negatives (missed matches) at the direct expense of false positives (wrongful stops). That engineering choice can be defensible in certain low-stakes contexts. It is considerably harder to defend when false positives result in civilians being held at gunpoint in a suburban parking lot — especially when, as Feder describes, the vehicle is tracked for two days before anyone makes a move.
Thomas did acknowledge, when pressed, that the gap between a partial match and a perfect match ought to be surfaced to users: "I think you're right… our machine learning should look to see: Is it a perfect match as opposed to just, is it there? I mean, that's fair feedback that I should take back to our team and see what can we do about that." That concession matters on two counts: it confirms the flaw is known, and it confirms the flaw is correctable. This is not a fundamental limitation of the technology — it is, on the company's own telling, an unaddressed design gap in a production system already deployed at national scale.
The Scale Problem: 20 Billion Reads and ~200 Million Potential Misreads
According to figures Thomas cited to The Drive, Flock Safety's system performs 20 billion license plate reads per month across its national camera network, and the company describes the system as 99% accurate. Those two figures together imply approximately 200 million erroneous reads per month — a straightforward extrapolation (1% of 20 billion) that Flock has not publicly reconciled. No public accounting exists for how many of those misreads trigger hotlist alerts, how many of those alerts lead to police stops, or how many of those stops escalate to the kind of armed confrontation Feder experienced. (The ~200 million figure is an editorial calculation, not a Flock disclosure.)
To appreciate the local footprint of this infrastructure, consider Plymouth, Minnesota in isolation: a single mid-sized suburb operating 18 Flock cameras that, per records cited by The Drive, scanned over 580,000 license plates in a single 30-day period and generated more than 14,800 hotlist hits. That works out to roughly 494 hotlist alerts per day in one city, against just 45 manual user searches over the same window. The rate at which those hits correspond to actual crimes — versus erroneous NCIC entries, partial plates, transcription errors, or other data-quality failures — is not publicly disclosed by Flock, by Plymouth, or by any state or federal regulator.
| Metric | Figure | Source |
|---|---|---|
| Monthly plate reads (national) | 20 billion | Flock Safety (via The Drive) |
| Stated accuracy rate | 99% | Flock Safety (via The Drive) |
| Implied monthly misreads (calculated) | ~200 million | Editorial calculation (1% of 20B) |
| Flock cameras in Plymouth, MN | 18 | The Drive / Plymouth PD records |
| Plates scanned (Plymouth, 30 days) | 580,000+ | The Drive / Plymouth PD records |
| Hotlist hits (Plymouth, 30 days) | 14,800+ | The Drive / Plymouth PD records |
| Manual user searches (Plymouth, 30 days) | 45 | The Drive / Plymouth PD records |
This is the uncomfortable arithmetic of surveillance infrastructure deployed without mandatory error-rate auditing. A 1% error rate sounds reassuringly small until you apply it to a system running continuously across thousands of jurisdictions — one that, as this case makes clear, can trigger armed police responses from a single false-positive alert. For technically literate readers, it is worth noting that ML-based systems like Flock's ALPR are frequently marketed under the broad "AI" umbrella even when the underlying mechanism is more precisely described as pattern-matching computer vision — a distinction that matters considerably when evaluating accountability and liability claims.
A Cascade of Human Failures That the Technology Made Worse
Thomas was careful to frame the incident primarily as a human-error story — "A human entered this into a system. And a human didn't put enough information into the system," he told Feder — and he is not entirely wrong. But that framing also conveniently distributes blame away from the platform and its design decisions. The actual failure chain involved at least five distinct decision points, each of which the technology touched or enabled:
- The originating NCIC entry: Someone at the agency that created the record — reported by The Drive as the Los Angeles Sheriff's Department after an initial LAPD attribution — entered only "34 DTM" into NCIC for the lost plate 34 03 DTM, omitting the middle digits "03" that were physically printed on the plate in a smaller font, producing a truncated string where the full plate was required.
- Flock's data ingestion: Flock's system accepted the truncated string as a valid hotlist entry without any completeness check, character-count validation, or data-quality flag that might have prompted human review before the entry went live.
- The matching algorithm: When Feder's plate was scanned, Flock's algorithm flagged it as a hit because the queried characters were present within the plate string — without surfacing any indication to end users that the queried string was shorter than the scanned plate, or that the match was therefore partial rather than exact.
- Alert presentation to officers: The Flock alert reached officers accompanied by imagery of the plate showing the full string "34 10 DTM." Officers did not, per Feder's account, re-query or manually verify the complete plate number against NCIC before initiating the stop. The interface gave them no visible prompt to do so.
- The stop itself: Officers escalated directly to a box-and-pin maneuver — a high-risk tactical approach — rather than conducting any secondary verification of the discrepancy between the queried fragment and the photographed plate.
Each failure compounded the one before it. The technology did not cause the upstream human error, but it laundered that error — converting a sloppy, incomplete database entry into an authoritative-looking, machine-generated alert on an officer's phone, with no visible caveat that the match was partial. This is precisely the risk critics of automated surveillance tools have consistently warned about: the false authority that algorithmic output confers on uncertain or degraded data. When an alert originates from a system marketed as AI-powered, the psychological weight it carries in the field can suppress the kind of manual cross-checking that would have caught this discrepancy in seconds. The officers had everything needed to spot the mismatch — the interface just gave no reason to look for one.

What Flock Is — and Isn't — Doing to Fix It
In his conversation with Feder, Thomas outlined remedial directions the company said it would pursue. He indicated Flock would engage with the FBI's NCIC apparatus so that automated alerts sourced from NCIC — rather than custom alerts entered by an individual agency — could be checked for whether they are a perfect match. And he acknowledged the matching algorithm itself should be revised to distinguish explicitly between a partial match (queried characters are present within a longer plate string) and a perfect match (the complete plate string matches the queried string exactly), committing to carry that feedback back to the engineering team.
Notably absent from Flock's public response, as reported: any committed timeline for deploying these changes; any acknowledgment of how many similar incidents may have occurred in cases where the affected person was not a journalist with a platform; any proactive audit of existing NCIC-sourced hotlist entries for the same truncation problem; or any mechanism for tracking hotlist-alert-to-stop escalations going forward. Per The Drive, the reporting also prompted the Plymouth, Minnesota city council to open a conversation about the city's use of Flock cameras — one of the few instances of local democratic scrutiny surfacing in direct response to a commercial ALPR deployment.
Thomas also articulated what Flock believes the proper scope of its product's role should be, telling Feder that an alert "does not equal probable cause. It's like an alarm going off. It doesn't mean that there's necessarily anything there." That is a reasonable principle. In practice, however, it places the entire burden of verification on officers receiving machine-generated alerts in real time, under operational pressure, with no visible indicator in the Flock interface distinguishing a partial match from a complete one. Designing accountability out of the interface and then locating it entirely in the human operator is a pattern with troubling precedents — one also visible in healthcare settings, where clinicians have warned that AI-driven decision-support tools can create dangerous levels of over-reliance on automated outputs, eroding the very verification habits the system depends upon.
Why This Should Matter to Developers and Technical Readers
For engineers building or evaluating ML-powered systems — particularly those whose outputs trigger consequential real-world actions — the Flock case is a parable worth studying in detail. It surfaces several failure modes that are broadly applicable across domains, not specific to ALPR:
- Garbage-in, authority-out: An ML pipeline that ingests external data without validating its completeness or structural integrity does not merely inherit upstream errors — it amplifies them and coats them in a layer of algorithmic credibility that human reviewers are poorly positioned to strip away under time pressure.
- Recall optimization without consequence modeling: Tuning for high recall is appropriate engineering when false positives are cheap — a spam filter miscategorizing a newsletter, for example. When a false positive can result in civilians held at gunpoint, the precision/recall trade-off requires explicit, documented justification at the design stage, ongoing review as deployment scales, and transparent disclosure to the law enforcement customers operating the system.
- The partial-match UX gap: Flock's alert reached officers with imagery of a plate — "34 10 DTM" — that plainly contradicted the three-token query "34 DTM" in the hotlist. The interface did not surface that contradiction. Effective UI design for high-stakes decision support must make uncertainty and match confidence visible and salient, not invisible. A simple confidence score or "partial match" label would have changed the entire officer decision tree.
- Error-rate arithmetic at operational scale: A 99% accuracy rate is not a reassuring number when the denominator is 20 billion events per month. Developers must model the absolute frequency of failures — not just the relative rate — particularly when individual failures carry severe human consequences. A system operating at this scale with no public incident-logging produces no feedback loop for improvement.
- Accountability by design, not by retrofit: There is no publicly known mechanism for tracking how many Flock hotlist alerts lead to police stops, let alone how many of those stops escalate to armed confrontations. Systems deployed at this scale in consequential public-safety contexts should have mandatory audit trails, anomaly reporting, and outcome tracking built into the architecture from day one — not added after a journalist gets ambushed in a parking lot. Responsible data stewardship extends far beyond accuracy metrics, a principle as applicable to ALPR as it is to any domain where automated systems process sensitive personal information at scale.
- The systemic vs. anecdotal distinction: The second stop — Esterdahl in Nebraska — is the detail that moves this story from unfortunate incident to documented pattern. Two independent victims sharing the same plate prefix, in a system processing 20 billion reads monthly, is the kind of signal that warrants an immediate audit rather than a promise to relay feedback to the engineering team.
Key Takeaways
- Flock says its cameras worked correctly when they triggered a wrongful armed stop — and, by the company's own account, that is precisely the problem. The system did exactly what it was designed to do. The design itself needs to change.
- The root error was an incomplete NCIC database entry — "34 DTM" instead of "34 03 DTM" — attributed by The Drive to the Los Angeles Sheriff's Department after an initial LAPD attribution, which Flock's ingestion pipeline accepted without any completeness validation or quality flag.
- By Chief Communications Officer Joshua Thomas's account, Flock's matching logic is optimized for recall over precision at law enforcement's request, meaning partial plate fragments trigger full alerts with no on-screen indication that the match is incomplete rather than exact.
- The system performs 20 billion plate reads per month at a stated 99% accuracy rate, implying roughly 200 million misreads per month (an editorial calculation) — with no public mechanism for tracking how many generate hotlist alerts or police stops.
- Plymouth, MN's 18 cameras alone scanned 580,000+ plates and generated 14,800+ hotlist hits in a single 30-day period — against just 45 manual user searches — illustrating how aggressively this infrastructure has been deployed in ordinary American suburbs.
- A second driver, Tim Esterdahl, publisher of Pickup Truck + SUV Talk, was stopped days later under closely related circumstances in a different state — indicating the flaw is systemic, not a one-off anomaly.
- Flock has acknowledged the matching logic should be revised and signaled it would engage the FBI/NCIC on data-quality checks, but the reporting notes no deployment timeline, no retroactive audit commitment, and no incident-tracking mechanism.
- The Plymouth, Minnesota city council has opened a conversation about the city's Flock cameras — a rare instance of local democratic scrutiny responding directly to ALPR deployment.
What Comes Next
Thomas called the algorithm fix "fair feedback" — but acknowledgment and production deployment are separated by a substantial gap that, as of The Drive's reporting, the company had made no public commitment to close on any defined schedule. Any FBI-NCIC coordination could produce meaningful upstream data-hygiene improvements, but NCIC data quality has been a documented concern in law enforcement and civil-liberties circles for years, and a single vendor's advocacy is unlikely to resolve it quickly.
The deeper structural question — who bears legal liability when a commercial AI-assisted system triggers an unjustified armed stop of a civilian — remains largely unresolved in U.S. law. There is no federal statute specifically mandating incident logging, false-positive auditing, or public reporting for commercial ALPR providers, and privacy and civil-liberties advocates have generally pushed for stronger transparency requirements around this class of technology. Absent such a standard, the burden of surfacing failures falls elsewhere.
Until courts, legislatures, or federal regulators impose mandatory incident-logging and accountability standards on commercial ALPR providers, the burden will keep falling on journalists, civil-liberties organizations, and the occasional city council to perform the auditing that the technology's operators have declined to build in themselves. The Flock case did not result in injury — this time. At 20 billion reads a month, across thousands of jurisdictions, in a system where partial matches generate the same alert weight as exact matches and officers receive no on-screen confidence indicator, the probability that this remains a near-miss story is not a function of good design. It is a function of luck.
Topics
Sources
Comments(0)
No comments yet. Be the first to share your thoughts.
Join the conversation
Your email stays private and comments are reviewed before appearing.


