Flock Safety Nova uses dark web data for surveillance

Flock Safety has a program called Nova, which combines their surveillance technology into a database of personal information from the internet. In a leak reported by 404 Media, a Flock Safety employee claims that the company is using information from data breaches to provide this information. When questioned on this, Flock Safety's spokeperson claims that Flock "thought about using dark web data but we changed our mind," further claiming that the information leak from the employee to 404 Media was not based off "finalized" information.

Flock Safety's Nova is a software developed that accesses data from other sources, including other companies and other sources on the web.

One Flock employee stated: “You're going to be able to access data and jump from LPR to person and understand what that context is, link to other people that are related to that person [...] marriage or through gang affiliation, et cetera,” Supposedly Nova has 20 types of data agencies can search through. Flock said that "the tool is already being used by some law enforcement agencies in an early access program...".

A Slack message stated that Flock's philosophy is "We live in a western democracy governed by the rule of law, set by democratically elected representatives. Nova will always operate within those boundaries."

In meeting audio obtained by 404 Media, a Flock employee went on to describe the types of data that will supplement the company's ALPR data with. The employee listed three kinds; Data breaches, with one specific example being a data breach from Park Mobile, an app that allows users to pay for parking despite not actually being there, or in spots where parking meters no longer remain. This leaked data included owners’ associated email addresses, phone numbers, and in some cases mailing addresses of the owners. On Flock, the employee said: “Nova ingests that and is able to use that to contextualize the data. So we're now able to make that cognitive leap from LPR to person,”. The second type was commercially available data, specifically naming credit bureaus Equifax and TransUnion. Some companies repackage the information given to them by customers when opening up a new credit card account and sell it to law enforcement or data brokers. The last kind described was public records, with information included such as marriage licenses, property records, and campaign finance records. It was said that Nova will also pull from law enforcement Records Management Systems (RMS), typically used to store information on cases, and also Computer Aided Dispatch (CAD) systems, which are used to manage responses to 911 calls.

Flock stated that “Nova is a public safety data platform that helps investigators analyze and connect data they already have access to, surfacing insights to uncover leads and close cases faster. The software is completely customizable—customers choose what data inputs they want in Nova and what permissions each user has access to. In other words, Nova is a software product and the data sources are chosen by the customer.” They also stated that all actions within the Nova platform are permanently recorded in an audit trail. Added was: “While officers may have access to similar information through other means, centralizing it within Nova adds a crucial layer of transparency and accountability, so our democratically-elected governing bodies can ensure it is used in accordance with the law,” Flock declined to specify where they get their data sources from, saying that some of the questions pertained to proprietary data. They stated that while Nova is in early access, general availability of it will be available in June.

To further try and fix the damage done, Flock stated that “Nova is currently being used by select law enforcement in an Early Access program. It has already helped a detective investigating Internet Crimes Against Children (ICAC) cases identify leads and confirm suspects (who were sentenced to 80 years in jail), amongst other successes,”, that "Nova will be backed by the same built-in privacy and transparency features as all Flock products,", and that they "thought about using dark web data but changed our mind,".

On their official page addressing this accusation, they stated that, "While in early development stages, all Flock products go through a Policy Evaluation, led by our Policy team of attorneys and product leaders. This process starts with first principles: would this product contribute meaningfully toward a community becoming safer? And if so, does it align with our values of protecting individual privacy, enabling accountability and transparency, and ensuring democratic authorization? How can we mitigate any foreseeable risk associated with the use of a given product? Then, the Evaluation considers the potential impact and any risks of each feature within the product, including legal, ethical, privacy, public opinion, and feasibility considerations. The goal is to ensure the product or tool stands up to Flock’s ethical creed and is designed to deliver a safer future for communities nationwide. Only once a product passes through this evaluation, and product leaders and executives have a chance to assess and mitigate potential risk, does it move into full-scale production and release. Following the lengthy, intentional process described above, we have decided that Flock Nova will supply the following data sources: public records information, Open-Source Intelligence (OSINT), and License Plate Reader (LPR) data. The Flock Nova tool can also enable agencies to connect their Records Management Systems (RMS), Computer-Aided Dispatch (CAD), and data from jail systems, as well as all of the above from other agencies who agree to share that data. "

https://web.archive.org/web/20250514140531/https://www.404media.co/license-plate-reader-company-flock-is-building-a-massive-people-lookup-tool-leak-shows/

https://www.flocksafety.com/blog/correcting-the-record-flock-nova-will-not-supply-dark-web-data

https://www.govtech.com/biz/flock-safety-pushes-back-on-data-breach-product-criticism