Flock Cameras Apr 2026 City Council QA Thread

# Flock Cameras — Apr 2026 City Council Q&A Thread The single corpus thread that directly references **Conway City Council inquiry about Flock**. Burningham reaches out to Flock Support on **2026-04-20** asking for "talking points about the program. They are wanting to know specifically about information security and if Flock has ever had any data breaches." Flock's `[email protected]` (Gena Hatch, Customer Success Manager) responds with vendor talking points and an attached "Security Claims and Facts" one-pager. **This is the documentary evidence that the Conway City Council was actively questioning the Flock deployment in spring 2026 — the surrounding context of the FOIA Joshua filed three days earlier (2026-04-17).** ## What's inside Forward-chain across April 2-20, 2026. Key passages, verbatim: **2026-04-20 10:33 AM — Burningham → [email protected] (forwarded into wider Flock org):** > Since you asked, Our city council is wanting some information about Flock. Can you send me some talking points about the program. They are wanting to know specifically about information security and if Flock has ever had any data breaches. That along with any other points would be very helpful. **2026-04-20 (afternoon) — Ashley at Flock Safety Support → Burningham:** > Sure thing! I am passing you to your Customer Success Management Team to further assist with this request. You should be hearing back soon, thank you for your patience. **2026-04-20 9:58 PM — Gena Hatch (Flock CSM) → Burningham, attached "Flock Safety Security Claims and Facts (3) (1).pdf":** > Thank you for reaching out and for sharing your city council's questions about Flock and our information security practices. > > At a high level, Flock operates with a dedicated information security program led by our Chief Information Security Officer and a cybersecurity team that is focused specifically on protecting sensitive law enforcement data. We also operate in a manner consistent with CJIS requirements and regularly work with agencies on audits and related compliance items. > > On the specific question about "data breaches": Flock has not experienced a data breach or been hacked. Recent media coverage and websites that reference Flock data are based on audit-log information that certain agencies themselves released in response to public-records / FOIA requests. Flock did not publish those logs, and we do not provide search histories or audit data to public websites or other third parties. All Flock data is owned and controlled by the agency that collects it. > > Our system is also designed to minimize sensitive personal information. We do not use facial recognition, and our LPR product does not provide personal identifying information such as race, registered owner information, or sexual orientation. Agencies have access to detailed audit logs, required search reasons, and configurable sharing settings so they can monitor use, respond to records requests appropriately, and align with their own policies and legal guidance. **Earlier in the thread (2026-04-02):** Burningham to Flock: "Some of my detectives have reported that our cameras are not working this morning. They are not loading results when they search. Also I was wanting to follow up on getting access to the privately owned Home Depot Cameras in town." → Loops in `[email protected]` (the "Customer Success Management" / Home Depot rollout team) and `[email protected]` separately. **Attached "Security Claims and Facts" one-pager** (Flock-published marketing PDF, pages 7–8 of the OCR'd `.msg`): - ISO 27001 compliance certification, SOC 2 Type II, NIST 800-53, Secure By Design (CISA principles) - **"Flock has not experienced a data breach or been hacked."** — vendor-asserted statement. - "Recent YouTube video claims '80,000 cameras' have been hacked. This is false." — vendor's rebuttal to a public researcher claim. (The 2024 vulnerability disclosure of Flock cameras by independent researchers is referenced obliquely.) - "Flock publicly discloses identified vulnerabilities … to the public vulnerability database maintained by MITRE, most recently in May 2025." - "In November 2024, Flock made Multi-Factor Authentication (MFA) the default for all users …" - "It is not possible to hack into Flock's cloud database from a Flock camera. Alleged vulnerabilities circulating on the internet have no effect on our cloud platform …" - "There is zero evidence that foreign actors have or have had any access whatsoever to Flock's system or cloud platform." ## Key takeaways - **The Conway City Council was actively raising information-security and data-breach questions about Flock in April 2026.** This is the only documented Council inquiry in the corpus. The header diagnostic ([[2026-05 Bounce-Scope Diagnostic]]) showed **zero Council email addresses** in From/To/Cc/Bcc fields across all 389 `.msg` files — but here we have a CPD-internal email *referring to* Council questions. The Council's inquiry happened through a non-email channel (in-person meeting, work-session question, hallway conversation) and reached Burningham who relayed it to Flock. The pattern: Council members do not directly email Flock or the CPD admin-staff; they raise questions verbally that filter through Chief Harris or Lt. Burningham. - **Joshua's FOIA was filed 3 days earlier (2026-04-17).** This sequence is suggestive: the Council was asking about Flock in mid-April; Joshua's FOIA covering CPD-Flock correspondence landed 2026-04-17; Burningham asked Flock for talking points on 2026-04-20. The FOIA and the Council questioning are independent but contemporary, and both reflect a broader 2026-spring scrutiny moment for the Conway Flock deployment. - **Flock's vendor talking points concede an interesting fact**: "Recent media coverage and websites that reference Flock data are based on audit-log information that certain agencies themselves released in response to public-records / FOIA requests." This is Flock acknowledging the FOIA pathway (and 404 Media / DDoSecrets-style public-records dataset publishing) as the channel by which Flock audit-log data reaches the public. Conway PD's [[Conway PD Audit Logs Series]] is exactly such a public-records release. - **"All Flock data is owned and controlled by the agency that collects it."** Flock's vendor-positioning statement is that the agency (Conway PD) controls disposition. Under that framing, every data-sharing configuration in the [[SharedNetworks 2025-12-17 Snapshot]] is a Conway PD decision, not a Flock decision. This is contractually plausible and operationally significant: the 1,384-organization sharing topology is something Conway PD owns the configuration of, not something Flock imposed. - **The "Home Depot cameras in town" follow-up** in Burningham's 2026-04-02 email links this thread to [[Home Depot Camera Sharing Series]] — confirming Burningham was actively soliciting THD access weeks before the corporate rollout completed for Conway's six stores. - **No data-breach disclosure is provided**, only assertions of negative. Flock's "no data breach" statement is unverifiable from the corpus; it is a vendor self-assertion. The 2024 independent-researcher vulnerability disclosure that Flock obliquely references is acknowledged but characterized as ineffective ("limited access to one older generation camera that had never been connected to our system and had never received a security update"). ## People and orgs mentioned - [[Lt. Andrew Burningham]] — relays Council questions to Flock. - [[Gena Hatch]] — Flock Customer Success Manager; sent the 2026-04-20 talking-points reply. - "Ashley" (Flock Safety Support) — Flock first-line support; named only by given name, so no entity page. - [[Garrett Yosenick]] — Flock Project Manager (Majors); appears in the 2026-04-02 sub-thread as the agent who routed the camera-malfunction and Home Depot questions. - [[Conway City Council]] — implicit author of the questions, not directly in any header. - [[Conway Police Department]] - [[Flock Safety, Inc.]] - [[The Home Depot, Inc.]] — referenced as "privately owned Home Depot Cameras." ## Concepts invoked - [[Vendor Information Security Posture]] - [[CJIS Compliance]] - [[Flock Network Sharing - Hot Lists]] - [[Private-Business Camera Sharing into LE Networks]] - [[Flock Audit Logs and Retention]] ## Events documented - [[2026-04 Council Questions Flock Information Security]] — 2026-04-20 (Burningham relays Council questions to Flock). - *2026-04-20 (evening) — [[Gena Hatch]] (Flock CSM) replies with vendor talking points and the "Security Claims and Facts" one-pager.* - *2026-04-02 — earlier sub-thread: a camera-malfunction report and a Home Depot camera-access follow-up.* ## Cross-references - [[2026-05 Bounce-Scope Diagnostic]] — why this Council-touching thread does not surface any Council email *headers*: the questions came through non-email channels. - [[Home Depot Camera Sharing Series]] — the THD rollout this thread anticipates. - [[Flock Safety Order Form and Contract]] — the contract whose terms are being questioned. ## Open questions / follow-ups 1. **Which Council member(s) raised the questions?** The corpus does not identify them. A supplemental FOIA to the Council's work-session minutes or to specific Council members may resolve. A pending supplemental request seeks Council-mentioning emails; this thread is one such email already present. 2. **Did the Council get satisfactory answers?** The talking points + Security Claims one-pager are Flock's preferred answer. Whether the Council accepted or pushed back is outside the corpus. 3. **Flock's "no data breach" assertion.** Tier 2 verification: cross-check against public CVE databases (MITRE, NVD) and any published research (e.g., 404 Media, EFF, ACLU) on Flock-specific incidents. An open web-research question. 4. **The 2024 researcher vulnerability disclosure.** Flock refers obliquely to a "YouTuber" claim about 80,000 cameras. Identifying the actual disclosure remains an open research question.