Feds Used Cop's Password for Illegal Immigration Surveillance with Flock ALPRs

A recent revelation has cast a spotlight on the shadowy world of inter-agency data sharing, exposing how a federal Drug Enforcement Administration (DEA) agent allegedly bypassed established protocols to conduct immigration surveillance using a local police department’s access to Flock Safety cameras. The incident, which occurred in late January 2025, involved a DEA agent on a Chicago-area task force utilizing the login credentials of Palos Heights Detective Todd Hutchinson to perform unauthorized searches for an “immigration violation” without the detective’s knowledge of that specific use. While Detective Hutchinson, who was also a DEA task force officer, reportedly shared his login for drug investigations as a “common” practice within the group, the Palos Heights Police Department has since disciplined him, changed passwords, and reinforced security training.

This incident highlights critical vulnerabilities in the rapidly expanding network of Automated License Plate Readers (ALPRs), such as those provided by Flock Safety. These cameras are designed to continuously scan and record license plates, capturing not just the plate number but also the time, location, and sometimes even the vehicle’s make, model, and color. With Flock Safety cameras deployed in thousands of communities nationwide, they create a vast, searchable database of vehicle movements.

Flock Safety, the company behind these ubiquitous surveillance tools, maintains that its customers—local law enforcement agencies—retain 100% ownership of their data and dictate who has access. The company also states it does not sell or share data and explicitly claims it does not collaborate with federal agencies for immigration enforcement purposes. However, reports indicate that an “informal data-sharing environment” often allows federal agencies to access these networks through local partnerships, effectively circumventing the more stringent transparency and legal constraints that would typically apply to direct federal contracts.

The alleged misuse in Illinois is particularly concerning given that state legislation explicitly prohibits the use of license plate reader data for immigration enforcement. Despite such prohibitions, audit logs have previously revealed thousands of potential immigration-related searches conducted by various law enforcement agencies across the country. This raises significant questions about accountability and the potential for “mission creep,” where technologies intended for local crime-fighting are repurposed for broader federal objectives without adequate oversight.

Privacy advocates have long voiced alarm over the widespread deployment of ALPRs, pointing out that an exceedingly small percentage of scanned vehicles are ever linked to criminal activity—often less than one percent. The indiscriminate nature of this data collection means that the movements of countless law-abiding citizens are routinely tracked and stored, creating detailed records that can reveal intimate aspects of their lives. Critics argue that when amassed, this data transforms ALPRs into “pseudo-GPS devices,” offering pervasive surveillance capabilities that could infringe upon individual privacy rights.

In response to growing scrutiny and reports of misuse, including a separate incident where a Texas officer used Flock cameras to search for a woman who self-administered an abortion, Flock Safety has taken some steps. The company implemented an “Illinois Policy Attestation” in early 2024, requiring out-of-state agencies to acknowledge and comply with Illinois’s restrictions on using ALPR data for immigration, abortion, or gender-affirming care. Furthermore, following recent reporting, Flock has reportedly disabled the ability for out-of-state agencies to search cameras in California, Illinois, and Virginia through its national lookup tool. The company also plans to introduce new features like a “Proactive Search Term Tool” and “Proactive Auditing Alerts” by the end of 2025 to enhance compliance.

However, the Palos Heights incident underscores that technical safeguards and policy attestations alone may not be enough to prevent circumvention through human actions, such as unauthorized password sharing. While inter-agency data sharing can be beneficial for coordinated law enforcement efforts, the lack of a clear federal legislative framework governing ALPR use and the inconsistent adherence to existing protocols create a fertile ground for privacy breaches and the erosion of public trust. As surveillance technology continues to advance, the imperative for robust oversight, transparent data-sharing agreements, and strict accountability measures for all law enforcement entities becomes ever more critical to protect civil liberties.