TechPulseTechPulse
Back to News
Advertisement
Advertisement

⚡ Community Insights

Discussion Sentiment

66% Positive

Analyzed from 4441 words in the discussion.

Trending Topics

#data#flock#ccpa#information#delete#https#privacy#business#customers#camera

Discussion (172 Comments)Read Original on HackerNews

kstrauser•about 4 hours ago
I wrote this. I had/have absolutely no expectation that Flock would comply with my request, but figured I should try anyway For Science. Their reply rubbed me wrong, though. They seem to claim that there are no restrictions on their collection and processing of PII because other people pay them for it. They say:

> Flock Safety’s customers own the data and make all decisions around how such data is used and shared.

which seems to directly oppose the CCPA. It's my data, not their customers'.

Again, I didn't really expect this to work. And yet, I'm still disappointed with the path by which it didn't work.

carefree-bob•about 4 hours ago
They were saying "don't write to us, talk to the people who own the cameras and ask them to delete the data". A company that manufactures video cameras is not the one to talk to when someone records you, talk to the person who recorded you.

But a reasonable person would say -- the data is stored on Flock servers, not with the camera owners. And Flock would say, just because we sell data storage functionality to camera owners doesn't mean we own the data, anymore than a storage service you rent a space from owns what you put in that space.

But then an even more reasonable person would say: the infrastructure is designed in such a way as to create inadvertent sharing, and the system has vulnerabilities that compromise the data, so Flock has responsibility for setting up the system in such a way that it's basically designed to violate privacy.

And that is the main criticism of Flock. You need to have a more nuanced criticism. It would be really interesting to see this litigated.

fudgy73•about 4 hours ago
AFAIK Flock owns the cameras and leases them out [0].

[0] https://www.flocksafety.com/blog/flock-safety-does-my-neighb...

ldoughty•about 4 hours ago
But the data collected is property of the government and flock is not allowed to use that data for additional business gain (according to their statements)...

So they can't sell the fact that you're at Target at 8:00 p.m. on Thursday to anybody... Nor build profiles to sell to advertisers... And if that's the case that's very similar to cloud storage vendors.

If I access hacker news, and the record of my visit is stored in an AWS S3 bucket, I can't submit to AWS to delete my visitor record, even though the server, network cards, wires, and storage medium are AWS property, it was hacker news' website that generated that record and their responsibility to take my request to delete it.. AWS' stance would rightly be "talk to the website operator for CCPA requests"

mminer237•about 4 hours ago
If you go to Rent-A-Center and rent a DSLR, that doesn't make Rent-A-Center responsible for the pictures taken by their cameras.
halJordan•about 3 hours ago
It easily goes both ways. But we do sue American gun makers for deaths caused by lunatics. We sue drug makers for drugs prescribed by a doctor. We sue cloud providers for not reporting illegal photos. Printers are forced to id every printed page to combat counterfeiting. Banks are forced to do close accounts even though it's not their dirty money
BobaFloutist•32 minutes ago
> But we do sue American gun makers for deaths caused by lunatics.

No we don't, there's a federal law explicitly protecting gun manufacturers from liability for gun crime. https://en.wikipedia.org/wiki/Protection_of_Lawful_Commerce_...

thebaine•about 2 hours ago
Most of those examples have to do with the manufacturers knowing that their products were dangerous, addictive or illegal and advertising them aggressively as safe. They're mostly litigated on product liability claims. Banks are regulated by an entire architecture of laws, and we could enact laws that would regulate Flock too, as one of the other commenters pointed out they're doing in Oregon.
robot-wrangler•about 1 hour ago
> They were saying "don't write to us, talk to the people who own the cameras and ask them to delete the data".

The response to this should just be, "Yes, very well, please divulge a complete list of your customers, their contact information, and information about camera locations so I will be able to pursue this per instructions".

When that obviously doesn't work either then we can all agree the law as written is completely useless, and feel great about rewriting it in a way that's calculated for maximum damage to both the vendor and their customers, and collateral damage to the whole panopticon. Or, just spitballing here, we can just skip to the punchline here and do all that anyway

dozerly•about 3 hours ago
I don’t think you’re informed on the topic. They do not just manufacture cameras.
mistrial9•about 4 hours ago
the way this has been addressed in complex product liability in the past in the USA is that the public-facing Brand Owner has certain legal liability for the product, despite contractors or supply chains. In this case, it appears that the Flock company is the brand owner and is public-facing.
Glyptodon•about 4 hours ago
I think you should write them back and ask that they provide you with a customer list and continually update you as they get new customers so that you may follow the advice they've given you.
kstrauser•about 4 hours ago
Ooh. I like this.
kube-system•about 3 hours ago
Why? The response is predictable. No company is going to give you a customer list.
AlBugdy•18 minutes ago
Read a few of your posts. Just wanted to comment on how I like your to-the-point succinct style and how you care about privacy. :)

As a suggestion, I saw you have RSS:

https://honeypot.net/feed.xml

I didn't it mentioned in the main page or About or Archive. Maybe add it to a more visible place?

kstrauser•11 minutes ago
Aww, thanks! I appreciate that.

And that's a good point. I'll look at that when I get home.

tptacek•about 3 hours ago
Wait, is it your data? If you drive your car in front of a Ring camera on my house (I don't have a Ring camera don't @ me), is it your claim that you own the data on that camera?
kstrauser•about 3 hours ago
Did you put up a Ring camera on a stand in front of your house for the specific purpose of selling that I drove past at this specific timestamp? If so, yes. The CCPA[0] gives me explicit legal rights:

* The right to know about the personal information a business collects about them and how it is used and shared;

* The right to delete personal information collected from them (with some exceptions);

* The right to opt-out of the sale or sharing of their personal information including via the GPC;

This isn't someone incidentally taking pictures of license plates in an otherwise noncommercial setting. It's a company literally created to collect and sell PII. Laws are different for them than for us.

[0]https://oag.ca.gov/privacy/ccpa

tptacek•about 3 hours ago
I think you're going to find that you're wrong about this, and that you're not going to get anywhere targeting Flock in particular, as opposed to the owners of Flock cameras. Consider that California has had multiple rounds of legislation about red light camera legislation, including new limitations on it, and all of those cameras are also from commercial providers collecting your PII. Your argument proves too much.

You're going to get a lot of cheerleading and support about this in venues like HN and Reddit, because you're narrowcasting to an audience already primed to be hyperconcerned about surveillance technology (I am too). I think you're going to find those attitudes do not in fact generalize to the public at large, and especially not to the legal system.

Best of luck either way. It'll be an interesting experience to write up, and I'm happy to read about the outcome, even if I do think it's highly predictable.

snowwrestler•about 3 hours ago
“Personal information” has a legal definition and photos of you in a public street might not satisfy it, regardless of the photographer’s intent.
danudey•about 3 hours ago
The laws say that data about you is your data, information about you is your information. No one is saying that you "own the data", but by virtue of the data being personal information about you specificially you are allowed to exert control over that data, such as asking for it to be deleted.
kasey_junk•about 2 hours ago
That view of data ownership is _highly_ jurisdiction dependent and is not the overwhelming norm in the US.
necovek•about 3 hours ago
I believe you are still the owner of that data, but if you are holding someone's PII — which time of passage, car model and license plates can be argued to be especially with a fixed location — according to privacy regulations, they can ask a business to remove it unless they have a legally acceptable reason to keep it (eg. they hit-and-run a parked vehicle).

Now, with you likely not keeping that Ring tied to a business account, how that applies to non-businesses holding PII is a different matter.

mindslight•about 3 hours ago
"Your data" isn't really a well defined term, right?

But yes, data that can be used to track my movements in my vehicle is certainly a type of personally identifiable information. I'd argue there should be some exemptions for individuals operating on a small scale, which I believe the CCPA has (and if we actually got a US GDPR, that it should have). But also that kind of exception shouldn't apply to a camera jointly operated by and backhauling to Ring.

wakamoleguy•about 2 hours ago
The data ownership is really interesting, as many threads here are going into. I wonder if it's possible to sidestep that entirely, though! Under the CCPA, "personal information" is defined as information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked — directly or indirectly — with a particular consumer or household. That says nothing about ownership.

To the extent that Flock is only storing the data on behalf of their customers, I'd understand they wouldn't be required to delete it. But to the extent that they are indexing it, deriving from it, aggregating it across customers, and sharing it via their platform, it seems they should be required to remove that data from those services.

But then again, I am not a lawyer!

everdrive•about 4 hours ago
Nice work all the same. These systems need to be prodded and tested. Even unsuccessful results such as this tell us something about the situation we're in.
necovek•about 3 hours ago
This answer is relevant: https://oag.ca.gov/privacy/ccpa#collapse6d

In short, Flock is a "service provider" and not the entity doing the recording.

Perhaps you can make a case that they are a "data broker" instead (https://oag.ca.gov/privacy/ccpa#collapse1i), but that is a separate law, and what you are really looking at is a combination of license plate, time and location being collected as data being collected and sold without your consent.

Obviously, I am not a lawyer (and not even US-based), but I like when privacy is respected :)

jsw97•about 1 hour ago
You might reach out to the California AG. I suspect they are itching for this kind of thing right now.
kstrauser•about 1 hour ago
Because life is weird, my kid played little league baseball against his.

I might have to do that.

ratdragon•about 3 hours ago
maybe eff.org would be able to help you lawyer up or otherwise to push this forward. good luck!
kstrauser•about 3 hours ago
I've reached out, albeit very informally. I'll completely understand if this isn't something they have the time and energy to help with. If I accidentally caught them at a weak moment when they're looking for something to do, though, I'm all in.
nainachirps_•about 4 hours ago
I am not a lawyer myself but can't one argue that this company has duty to ensure that data it is processing for client is legally obtained.

If they are processing data after being told it was not obtained with consent do they not have any liability?

snowwrestler•about 3 hours ago
It’s not clear to me that it is actually your data. If I take a picture of you in a public place, I own the picture, not you.

But maybe I am unclear on how Flock works.

throwway120385•about 2 hours ago
You also might not be considered a commercial entity under the law. It's a bit more nuanced and the words written in a particular statute have to be interpreted together. So statements about "commercial entities" have to be limited to such entities even if we'd really like to be able to go to our neighbor's house and ask them to delete all of the surveillance they have of our cars driving up and down the street in front of their house. I think these laws are often narrowly written to avoid unintended consequences like de-facto banning private operation of surveillance systems on private property.
pksebben•about 3 hours ago
Isn't flock's whole thing that they extract information from the pictures they have?

Like, say I have an interview in your office and you step out for coffee. I take a picture of the applicant list on your desk. That doesn't make the list of applicants "my data".

lotsofpulp•about 2 hours ago
>I take a picture of the applicant list on your desk. That doesn't make the list of applicants "my data".

If the list is sitting there out in the open, then yes, it does make it your data.

bjt•about 3 hours ago
Setting aside Flock, the "ownership" situation is not as clear as you say above.

What you own is the image copyright. But the right to copy is only one of the rights at issue.

Under various state laws (California in particular), you might not be entitled to do all the things with that picture that you could do of one that doesn't have my likeness. Privacy laws like the CCPA are one possible carve-out. A "right of publicity" is another.

There's an old saying about property law that "property is a bundle of sticks". The bundle can be subdivided.

https://www.law.cornell.edu/wex/publicity

lmkg•about 2 hours ago
> which seems to directly oppose the CCPA.

I have some background in data privacy compliance.

It sounds like they are claiming to be a Service Provider under CCPA, which is similar to a Processor under GDPR. Long story short, a Controller is the one legally responsible for ensuring the rights of the data subject, and a service provider/processor is a "dumb pipe" for a Controller that does what they're told. So IF they are actually a Service Provider, they're correct that the legal responsibility for CCPA belongs to their customers and not them.

That's a big IF, though.

Being a Processor/Service Providor means trade-offs. The data you collect isn't yours, you're not allowed to benefit from it. If Flock aggregates data from one customer and sells that aggregate to a different customer, they're no longer just a service provider. They're using data for their own purposes, and cannot claim to be "just" a service provider.

tgsovlerkhgsel•about 2 hours ago
Under GDPR, I believe that would be accurate. I think CCPA was to some extent inspired by GDPR so I wouldn't be surprised if they copied this point too.

Which, hilariously, means that under GDPR, you only need to contact the web site, and they have to go talk to their 1207 partners that value your privacy to fulfill your request (I'm sure that in practice they'll say "sorry it's all 'anonymous' so we can't" or "we can't be sure that it's you even though you provided the identifier from your cookies"). I'm really disappointed that NOYB hasn't started going after web sites like that - that's quickly put a damper on the whole web surveillance economy.

zbrozek•about 3 hours ago
I tried the same, got a similar response, and complained to the AG. Nothing.
themafia•about 4 hours ago
These laws get complicated quickly. There's a specific ALPR law in the CA civil code which seems to carve out several exceptions for a business like Flock:

https://leginfo.legislature.ca.gov/faces/codes_displayText.x...

The enforcement provisions are rather bleak as well and afford no opportunity to directly bring a case against the agency that operates the system but instead just the individual who misuses it.

I think one of the more direct attacks would be going after jurisdictions that chronically have officers misusing the system. I think you're going to have to create precedent in this way to foment actual change.

charcircuit•about 2 hours ago
>It's my data, not their customers'.

Just because data is about you, that doesn't mean it is your data.

john_strinlai•about 2 hours ago
you may be minunderstanding the california consumer privacy act (ccpa). in the ccpa, personal data is defined as:

"Personal information is information that identifies, relates to, or could reasonably be linked with you or your household."

and, you do have the rights set forth in the ccpa (know, delete, correct, limit exposure, etc.) regarding that data.

goodluckchuck•about 3 hours ago
The CCPA clearly violates the 1st Amendment. If you're out in public, then people are allowed to see you, to remember it, to communicate that it happened, etc.
mindslight•about 3 hours ago
Isn't this just the routine fascist playbook at this point? Start by declaring that the law doesn't even apply to them, on whatever flimsiest of bases.

Personally I would really like to see torts for attorneys who willfully promulgate blatantly incorrect legal interpretations - they're effectively providing incorrect legal advice. A non-attorney is likely to believe such advice coming from a member of the Bar, and the net goal is to discourage the target from seeking further legal advice.

SoftTalker•about 3 hours ago
An attorney whom you have not engaged in counsel is not providing legal advice.
mindslight•about 1 hour ago
I'm well aware of how it's currently legally defined - hence "effectively". My comment is in the context of what ought, not what is.
empathy_m•about 3 hours ago
I noticed that the company is glossed as "Flock" and not "Flock Safety (YC S17)" in posts like this and last week's "US cities are axing Flock Safety surveillance technology", https://news.ycombinator.com/item?id=47689237.

Did YC house style change a while back to drop the "(YC xxx)" annotation since so many popular firms particpate / or because it's well known?

mikey_p•about 3 hours ago
Who know, maybe they're trying to distance themselves from the privacy disaster, but I doubt anyone at YC or HN is smart enough to read the room on Flock.
bix6•about 3 hours ago
Which room? The one paying them millions to spy on people? Cash Rules Everything Around Me.
dsr_•about 2 hours ago
Remember that the difference between "Flock can do whatever the hell it wants" and "Flock is required to delete your data at your request" is a law. Citizens vote for legislators. If you want this to be a higher priority for your legislators, buy them off.

Or vote for/against them, that might work too.

joquarky•about 1 hour ago
Reminds me of this article from a while back:

https://theonion.com/american-people-hire-high-powered-lobby...

wcv•about 3 hours ago
Flock has stonewalled with the "we are not the controllers" excuse here in MN too. We have similar rights to opt-out and delete under the MCDPA [0].

[0] https://ag.state.mn.us/Data-Privacy/Consumer/

ldoughty•about 4 hours ago
I think you're going to have a hard time with this...

Flock seems to leave the data in ownership of the government. They are just providing the service of being custodians for storing and accessing that data.

You probably would get a similar response by submitting your request to Amazon web services or Google cloud or whoever has Flocks data: "sorry, we're just holding the data on behalf of Flock"

In either my example case or your stated case, you would have a very hard time convincing the host business to destroy their customers data without a court order or court case that shows their policy is invalid and they must comply.

Not a lawyer, just noting the parallel.

I do appreciate that Flock's response says that they cannot use the data they've collected for other purposes.. which further reinforces my cloud storage analogy -- the cloud vendor can't look at your data you upload to storage to e.g. build profiles on you/your business.

Barbing•about 3 hours ago
> the cloud vendor can't look at your data you upload to storage to e.g. build profiles on you/your business.

Would our main check on this be whistleblowers?

hmokiguess•about 3 hours ago
https://www.flocksafety.com/legal/lpr-policy

> In accordance with its Terms and Conditions, Flock Safety may access, use, preserve and/or disclose the LPR data to law enforcement authorities, government officials, and/or third parties, if legally required to do so or if Flock has a good faith belief that such access, use, preservation or disclosure is reasonably necessary to comply with a legal process, enforce the agreement between Flock and the customer, or detect, prevent or otherwise address security, privacy, fraud or technical issues. Additionally, Flock uses a fraction of LPR images (less than one percent), which are stripped of all metadata and identifying information, solely for the purpose of improving Flock Services through machine learning.

In this document, to which they linked in their reply, it says clearly "address ... privacy ... issues."

Does your case not constitute a privacy issue? I would say so.

Continuing down below, their claim on "Trust Us" about how they employ machine learning would need some proper transparency into how can that be guaranteed.

FireBeyond•about 3 hours ago
> Continuing down below, their claim on "Trust Us" about how they employ machine learning would need some proper transparency into how can that be guaranteed.

Wait til you see their "Transparency Portal" which, if my County and neighboring can be used as a sample size, doesn't even name at least 30% of agencies using Flock.

calmbonsai•about 4 hours ago
Per my understanding of the law for these sorts of data collectors, at least in the U.S., you need to contact the local municipalities (Flock's customers) for this redaction and the jurisprudence is governed at the state and municipal level.

The best source of this information is https://deflock.org/ . FWIW, this is run by a neighbor in Boulder, CO which has been wrestling with the use of these cameras.

cousinbryce•about 3 hours ago
Automating requests to every municipality sure would be fun
deepsun•about 3 hours ago
If Flock collects and processes PII data, then all their customers are "subprocessors". Flock should really have a Data Processing Agreement with their subprocessors, to legally ensure they follow the same PII handling controls as Flock does.

For example, if Flock receives a legitimate request to delete some data, then Flock must forward that request to all their Data Processors (e.g. including AWS/GCP/Cloudflare) and they must delete it as well.

Aaargh20318•about 3 hours ago
It’s the other way around. Flock is the subprocessor for whoever hired them to collect data. If they are collecting data on behalf a city or municipality, those are the entities you need to address.
barelysapient•about 4 hours ago
If that's a valid excuse than the CCPA isn't worth the paper its written on.
ldoughty•about 4 hours ago
I would argue that the request was invalid in the first place.

If I see a flash on a speed camera operated by a business on behalf of a police department, your argument states I should be able to use CCPA to force the business to delete my picture and the record of me speeding If I can get the request to them before the police can file with the court and request that data as evidence.

The data belongs to the government, and you can't get around that right by going to business that holds the data and asking them to delete it.

inetknght•about 3 hours ago
> If I see a flash on a speed camera operated by a business on behalf of a police department, your argument states I should be able to use CCPA to force the business to delete my picture and the record of me speeding If I can get the request to them before the police can file with the court and request that data as evidence.

Sounds reasonable to me. If the police want to put up a camera, then the police should put up a camera.

Offloading their legal responsibilities to a third party company is shitty.

SoftTalker•about 3 hours ago
So police departments should have to develop and host all their administrative software also? I think we can all see why that would be a terrible idea. Police are like any other government agency or business in that they contract with the private sector for a variety of services that are not in their area of expertise.
stephbook•about 2 hours ago
"Hey private prison please delete all data you have about me. And by the way, I'm locked up here by accident. Please release me."
barelysapient•about 3 hours ago
But we're not talking about speed cameras or a private entity with exclusive contract with the police to provide traffic enforcement.

We're talking about Flock. A company offering surveillance as a service. Per their website:

>Trusted by over 12,000 public safety customers including cities, towns, counties, and business partners.

If Flock's argument holds then most of the CCPA be circumvented this same way. All it takes is a few entities and clever contract language.

TheRealPomax•about 2 hours ago
Except the data does NOT belong to the government, that's the whole point of Flock operating the way it does. It's not governmental data collection it's data collection by a private company that is then made available to the government upon request. And yeah: it is literally allowed to delete data, because again: it's not a government agency, it's just private data, collected by a private company, with the exact same status as you recording an public intersection with a camera from your window.
dylan604•about 4 hours ago
The rule of any documentation is that it is out of date as soon as the ink is dry. By the time a regulation is enacted, workarounds/loopholes have already been found (if not intentionally worked into it).
gguncth•about 1 hour ago
It’s fascinating how America could completely get rid of Flock cameras by sending criminals to prison and leaving them there, but we won’t do that so we have these endless arguments about these cameras.
AlotOfReading•19 minutes ago
I'm trying to understand the argument here. Are you saying that never releasing convicted criminals would completely eliminate crime?

That doesn't seem correct, even leaving aside the obvious moral issues with that.

kstrauser•10 minutes ago
My interpretation was that they were saying Flock were criminals who should be sent away for good. I don't know if that's right but it would be consistent that way.
thangalin•15 minutes ago
Sent to Benn Jordan:

https://i.ibb.co/WWWYznHX/flock-future.png

See also a poster from IBM’s German subsidiary, circa 1934. The approximate translation: “See everything with Hollerith punch cards.”

https://www.clevelandjewishnews.com/opinion/op-eds/new-detai...

Advertisement
pext•about 1 hour ago
This reminds me of the Andrew Yang's "Data Dividend" project that ideally would have paid end users for their data rather than knowingly giving it aware for free. IMO, it was a great idea but flawed execution against all the lobbying.
cold_tom•about 1 hour ago
Feels like a classic “we’re just the processor” answer But in reality you have no way to find or contact whoever actually controls the data, so it doesn’t really help. Kind of shows the gap between how the law works on paper vs how these systems work in practice.
rdiddly•about 2 hours ago
Flock's customers own the data the same way Uber drivers are independent contractors, i.e. it's designed for weaseling out of obligations.
sklargh•about 1 hour ago
The concept of what constitutes a sale under CCPA is pretty expansive. An exchange of value can be a sale that occurs outside of a processing relationship. I’d say their note is inaccurate.
atmosx•about 1 hour ago
Back in 2018, CloudFormation data leaked through a public gist (misconfigured gist plugin, I thought the gist was private but it wasn't... I had change the default config) and showed up on an obscure website being served via CloudFlare. When I contacted CF, they claimed they couldn’t remove the cached content because their system “doesn’t work like that". I pushed back and then they said that they're not responsible for the content and that I should send another email to abuse@cf... to get data about the hosting provider and deal with the content provider (e.g. VPS, ISP, whatever). After a few back and forth msgs, I made it clear that if the data wasn’t taken down within a week or so, I would escalate the issue to the local and German GDPR authority (see https://www.ombudsman.europa.eu/en/european-network-of-ombud...).

And what do you know? I got not reply, but the content disappeared in ~48hrs.

_moof•about 3 hours ago
They seem to be implying that because they are a "service provider," they aren't responsible for complying with CCPA rules even though they are the ones with the data.

Does this hold water? I'm reading the CCPA rules now but if anyone knows, it would save me some tedious research.

ezfe•about 2 hours ago
I guess if one likens it to AWS S3 holding your data on behalf of Apple it makes sense
pugworthy•about 3 hours ago
An interesting quandary here is that they'd need to constantly scan for you and your vehicle, etc. so that they could know it was you then delete you. So to ensure they don't observe you, they need to observe you.
lacker•about 2 hours ago
Isn't that how it should work?

If you write the police and ask them to delete all their data about you, that isn't a thing that they do. It shouldn't matter if the police store their data on AWS or their own servers.

Flock is a tool used by the police so it should work the same way.

nerevarthelame•about 2 hours ago
You're right are exemptions for both GDPR [0] and the CCPA [1] where organizations aren't obligated to comply with erasure requests if it would limit their ability to prevent or investigate crimes, fraud, or similar matters.

But that's not what Flock is claiming. They're claiming that they don't even have to consider the request because they don't own the data.

[0] https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-re...

[1] https://www.clarip.com/data-privacy/ccpa-erasure-exemptions/

kube-system•about 3 hours ago
I don't think they need your permission to use ALPR on your publicly displayed license plate.

> (2) (A) “Personal information” does not include publicly available information [...]

> (B) (i) For purposes of this paragraph, “publicly available” means any of the following:

> (I) Information that is lawfully made available from federal, state, or local government records.

> (II) Information that a business has a reasonable basis to believe is lawfully made available to the general public by the consumer

_moof•about 2 hours ago
The information being collected isn't your license plate, it's your location. (Still might not be personal information.)
nekusar•about 4 hours ago
The only opt-out the citizenry has is with any of the following:

    2x4
    rebar
    spraypaint
    spray foam
    battery powered metal cutter
And bash those pieces of shit to chunks or completely ruin the lens and solar.

Republican community? They love corporate surveillance. Democrat community? They too love corporate surveillance.

There is no "Peoples' Party" that rejects this garbage.

pugworthy•about 3 hours ago
All materials available at major home improvement centers - which happen to be very popular Flock camera locations.
MengerSponge•about 3 hours ago
https://www.techspot.com/news/108045-lidar-great-cars-but-ca...

It would be a pity if someone made dense point clouds of these devices.

maccam912•about 1 hour ago
One could start doing tours of their city to show tourists where each and every camera is. They're kinda small though, it might be worth a strong laser pointer so you can direct their attention to the cameras easily...
Advertisement
mmmlinux•about 3 hours ago
Lot of Flock Defenders in here.
pwython•about 2 hours ago
Not Flock defenders, just people explaining how this is not a CCPA violation. I could set up 100 cameras around town (with property owners permission) and record cars driving by, birds, etc all day. Then I could sell access to that footage to whoever I want. If they want to scrape license plates that's up to the customer and their problem. Or if they want to track birds, cool, that could be in the frame too.
kstrauser•about 2 hours ago
It gets a little weird when you explicitly market them for a purpose, though. Flock doesn't advertise a fleet of cameras suitable for birdwatching or other random activities. They market them specifically for the collection and processing of PII.

By analogy, Google Docs isn't marketed for healthcare use. If you wanted, you could put a bunch of PHI in a Google doc and it wouldn't be their responsibility. They certainly didn't tell you to do that. However, if they marketed Google Docs as a great place to store PHI, yeah, then suddenly they're on the hook for complying with the relevant laws like HIPAA.

(Although in this case Google will sign a HIPAA business associate agreement with you and voluntarily agree to comply. They still don't market it that way, or at least don't predominantly do so.)

rbbydotdev•about 1 hour ago
it would be nice if flock did not and could not exist
carabiner•about 1 hour ago
It's not much worse than all the tracking adtech used by FAANG industry. Smartest people in the world working on these systems.
kstrauser•about 1 hour ago
I'd contend that it absolutely is. Adtech is creepy and invasive and weird. Flock is going a step further and actively tracking our movement through the cities where we live.

I don't like either of those activities, but I think one of them is much worse.

jakeydus•about 1 hour ago
One is making implicit assumptions based on data available to it. The other is literally saying "hey they're right here at this time". At least adtech has _some_ level of obfuscation to it.

But I'm with you both suck.

annoyingnoob•about 3 hours ago
I've had the same kind of response from Email providers like Sendgrid, they claim its not their data. There is no way to have Sendgrid block you in their entire network, you have to play whack-a-mole with their customers. Seems like a flaw in these privacy laws when you can't ask the actual record holder to remove the records.
ranger_danger•about 4 hours ago
To me this sounds like the equivalent of visiting a website that sells your data, and then asking AWS to delete your personal data when it actually belongs to a customer of theirs and only resides within their private storage.

Would you ask your local ISP to delete data they provided to Tinder like your IP address? That doesn't make sense to me.

monooso•about 4 hours ago
As I understand it, the author wrote to Flock as they are the entity collecting the PII. Your analogy would only make sense if the author had written to Flock's customers (and even then it's a rather strained comparison).
ranger_danger•about 2 hours ago
> they are the entity collecting the PII

I'm not convinced this is the case. It might be equipment made by them, but does that necessarily mean they were ever even in possession of the data in question?

Would you ask the manufacturer of your oven what you ate for dinner last week? No, you're just using an appliance that they made.

In the case of Flock I don't think we have any evidence of whether Flock themselves ever hold or store any data produced by their devices when operated by a customer.

terrabitz•about 4 hours ago
Yeah I was getting the same feeling. I wonder if an equivalent request to California police agencies that contract Flock technologies would work though.
OkayPhysicist•about 4 hours ago
Probably not, as the law enforcement agencies get a bunch of exceptions to the CCPA.
alt227•about 3 hours ago
Yes, I have asked multiple companies to destroy my data under GDPR. Its quite common in Europe.