This is Behind the Blog, where we share our behind-the-scenes thoughts about how a few of our top stories of the week came together. This week, we discuss wrestling over a good headline, what to read this summer, and Super 8 film.

EMANUEL: I would really love it if the people who accuse us of using “clickbait” headlines saw how long, pedantic, and annoying our internal debates are about headlines for some stories. Case in point is Jason’s story this week, which had the headline “Judge Rules Training AI on Authors' Books Is Legal But Pirating Them Is Not.” 

This is an important decision so it got covered everywhere. I don’t think any of the other headlines I saw from other big publications are wrong, but they do reflect why it was hard to summarize this story in a headline, and different headlines reflect what different publications’ thought was most important and notable about it. If you want a full breakdown you should read Jason’s story, but the gist is that a judge ruled that it’s okay for companies to use copyrighted books for their training data, but it’s not okay for them to get these books by pirating them, which many of them did. That’s the simplest way I can think of to sum it up and that’s what our headline says, but there are still many levels of complexity to the story that no headline could fully capture. 

Immigration and Customs Enforcement (ICE) is using a new mobile phone app that can identify someone based on their fingerprints or face by simply pointing a smartphone camera at them, according to internal ICE emails viewed by 404 Media. The underlying system used for the facial recognition component of the app is ordinarily used when people enter or exit the U.S. Now, that system is being used inside the U.S. by ICE to identify people in the field. 

The news highlights the Trump administration’s growing use of sophisticated technology for its mass deportation efforts and ICE’s enforcement of its arrest quotas. The document also shows how biometric systems built for one reason can be repurposed for another, a constant fear and critique from civil liberties proponents of facial recognition tools.

“Face recognition technology is notoriously unreliable, frequently generating false matches and resulting in a number of known wrongful arrests across the country. Immigration agents relying on this technology to try to identify people on the street is a recipe for disaster. Congress has never authorized DHS to use face recognition technology in this way, and the agency should shut this dangerous experiment down,” Nathan Freed Wessler, deputy director of the American Civil Liberties Union’s Speech, Privacy, and Technology Project, told 404 Media in an email.

“The Mobile Fortify App empowers users with real-time biometric identity verification capabilities utilizing contactless fingerprints and facial images captured by the camera on an ICE issued cell phone without a secondary collection device,” one of the emails, which was sent to all Enforcement and Removal Operations (ERO) personnel and seen by 404 Media, reads. ERO is the section of ICE specifically focused on deporting people.

The Airlines Reporting Corporation (ARC), a data broker owned by the country’s major airlines which sells travellers’ detailed flight records in bulk to the government, only just registered as a data broker with the state of California, which is a legal requirement, despite selling such data for years, according to records maintained by the California Privacy Protection Agency (CPPA).

The news comes after 404 Media recently reported that ARC included a clause in its contract barring Customs and Border Protection (CBP), one of its many government customers, from revealing where the data came from. ARC is owned by airlines including Delta, American Airlines, and United. 

“It sure looks like ARC has been in violation of California’s data broker law—it’s been selling airline customers’ data for years without registering,” Senator Ron Wyden told 404 Media in a statement. “I don’t have much faith the Trump administration is going to step up and protect Americans’ privacy from the airlines’ greedy decision to sell flight information to anyone with a credit card, so states like California and Oregon are our last line of defense.” 

Flock, the automatic license plate reader (ALPR) company with a presence in thousands of communities across the U.S., has stopped agencies across the country from searching cameras inside Illinois, California, and Virginia, 404 Media has learned. The dramatic moves come after 404 Media revealed local police departments were repeatedly performing lookups around the country on behalf of ICE, a Texas officer searched cameras nationwide for a woman who self-administered an abortion, and lawmakers recently signed a new law in Virginia. Ordinarily Flock allows agencies to opt into a national lookup database, where agencies in one state can access data collected in another, as long as they also share their own data. This practice violates multiple state laws which bar the sharing of ALPR data out of state or it being accessed for immigration or healthcare purposes.

The changes also come after a wave of similar coverage in local and state-focused media outlets, with many replicating our reporting to learn more about what agencies are accessing Flock cameras in their communities and for what purpose. The Illinois Secretary of State is investigating whether Illinois police departments broke the law by sharing data with outside agencies for immigration or abortion related reasons. Some police departments have also shut down the data access after learning it was being used for immigration purposes.

We start this week with Emanuel and Joseph’s coverage of ‘⁠FuckLAPD.com⁠’, a website that uses facial recognition to instantly reveal a LAPD officer’s name and salary. The creator has relaunched their similar tool for identifying ICE employees too. After the break, Jason tells us about a massive AI ruling that opens the way for AI companies to scrape everyone’s art. In the subscribers-only section, our regular contributor Matthew describes all the AI slop in the Iran and Israel conflict, and why it matters.

Listen to the weekly podcast on Apple Podcasts, Spotify, or YouTube. Become a paid subscriber for access to this episode's bonus content and to power our journalism. If you become a paid subscriber, check your inbox for an email from our podcast host Transistor for a link to the subscribers-only version! You can also add that subscribers feed to your podcast app of choice and never miss an episode that way. The email should also contain the subscribers-only unlisted YouTube link for the extended video version too. It will also be in the show notes in your podcast player.

• ⁠‘⁠⁠FuckLAPD.com⁠⁠’ Lets Anyone Use Facial Recognition to Instantly Identify Cops⁠
• ⁠Judge Rules Training AI on Authors' Books Is Legal But Pirating Them Is Not⁠
• ⁠The AI Slop Fight Between Iran and Israel⁠

The FOIA Forum is a livestreamed event for paying subscribers where we talk about how to file public records requests and answer questions. If you're not already signed up, please consider doing so here. 

Recently we had a FOIA Forum where we focused on our article This ‘College Protester’ Isn’t Real. It’s an AI-Powered Undercover Bot for Cops.

This is Behind the Blog, where we share our behind-the-scenes thoughts about how a few of our top stories of the week came together. This week, we discuss Deadheads and doxxing sites.

SAM: Anyone reading the site closely this week likely noticed a new name entering the chat. We’re thrilled to welcome Rosie Thomas to the gang for the summer as an editorial intern! 

Rosie was previously a software engineer in the personal finance space. Currently halfway through her master’s degree in journalism, Rosie is interested in social movements, how people change their behaviors in the face of new technologies, and “the infinite factors that influence sentiment and opinions,” in her words. In her program, she’s expanding her skills in investigations, audio production, and field recording. She published her first blog with us on day two, a really interesting (and in 404 style, informatively disturbing) breakdown of a new report that found tens of thousands of camera feeds exposed to the dark web. We’re so excited to see what she does with us this summer! 

This week we start with Joseph’s article about the U.S’s major airlines selling customers’ flight information to Customs and Border Protection and then telling the agency to not reveal where the data came from. After the break, Emanuel tells us how AI scraping bots are breaking open libraries, archives, and museums. In the subscribers-only section, Jason explains the casual surveillance relationship between ICE and local cops, according to emails he got.

Listen to the weekly podcast on Apple Podcasts, Spotify, or YouTube. Become a paid subscriber for access to this episode's bonus content and to power our journalism. If you become a paid subscriber, check your inbox for an email from our podcast host Transistor for a link to the subscribers-only version! You can also add that subscribers feed to your podcast app of choice and never miss an episode that way. The email should also contain the subscribers-only unlisted YouTube link for the extended video version too. It will also be in the show notes in your podcast player.

• Airlines Don't Want You to Know They Sold Your Flight Data to DHS
• AI Scraping Bots Are Breaking Open Libraries, Archives, and Museums
• Emails Reveal the Casual Surveillance Alliance Between ICE and Local Police

A California police department searched AI-enabled, automatic license plate reader (ALPR) cameras in relation to an “immigration protest,” according to internal police data obtained by 404 Media. The data also shows that police departments and sheriff offices around the country have repeatedly tapped into the cameras inside California, made by a company called Flock, on behalf of Immigration and Customs Enforcement (ICE), digitally reaching into the sanctuary state in a data sharing practice that experts say is illegal. 

Flock allows participating agencies to search not only cameras in their jurisdiction or state, but nationwide, meaning that local police that may work directly with ICE on immigration enforcement are able to search cameras inside California or other states. But this data sharing is only possible because California agencies have opted-in to sharing it with agencies in other states, making them legally responsible for the data sharing. 

The news raises questions about whether California agencies are enforcing the law on their own data sharing practices, threatens to undermine the state’s perception as a sanctuary state, and highlights the sort of surveillance or investigative tools law enforcement may deploy at immigration related protests. Over the weekend, millions of people attended No Kings protests across the U.S. 404 Media’s findings come after we revealed police were searching cameras in Illinois on behalf of ICE, and then Cal Matters found local law enforcement agencies in California were searching cameras for ICE too.

On Monday, federal and state authorities charged Vance Boelter with the murders of Minnesota Rep. Melissa Hortman and her husband. An affidavit written by an FBI Special Agent, published here by MSNBC, includes photos of a notepad found in Boelter’s SUV which included a long list of people search sites, some of which make it very easy for essentially anyone to find the address and other personal information of someone else in the U.S. The SUV contained other notebooks and some pages included the names of more than 45 Minnesota state and federal public officials, including Hortman, the affidavit says. Hortman’s home address was listed next to her name, it adds.

People search sites can present a risk to citizen’s privacy, and, depending on the context, physical safety. They aggregate data from property records, social media, marriage licenses, and other places and make it accessible to even those with no tech savvy. Some are free, some are paid, and some require a user to tick a box confirming they’re only using the data for certain permitted use cases. 

Congress has known about the risk of data for decades. In 1994 lawmakers created the Driver’s Privacy Protection Act (DPPA) after a stalker hired a private investigator who then obtained the address of actress Rebecca Schaeffer from a DMV. The stalker then murdered Schaeffer. With people search sites, though, lawmakers have been largely motionless, despite them existing for years, on the open web, accessible by a Google search and sometimes even promoted with Google advertisements.

Senator Ron Wyden said in a statement “The accused Minneapolis assassin allegedly used data brokers as a key part of his plot to track down and murder Democratic lawmakers. Congress doesn't need any more proof that people are being killed based on data for sale to anyone with a credit card. Every single American's safety is at risk until Congress cracks down on this sleazy industry.”

This notepad does not necessarily mean that Boelter used these specific sites to find Hortman’s or other officials’ addresses. As the New York Times noted, Hortman’s address was on her campaign website, and Minnesota State Senator John Hoffman, who Boelter allegedly shot along with Hoffman’s wife, listed his address on his official legislative webpage.

The sites’ inclusion shows they are of high interest to a person who allegedly murdered and targeted multiple officials and their families in an act of political violence. Next to some of the people search site names, Boelter appears to have put a star or tick.

Those people search sites are:

• Intelius [this entry has a tick next to it]
• BeenVerified.com
• Ownerly.com [the note “address needed” is added next to this site on the list]
• USSearch.com [this entry has a tick next to it]
• NeighborWho [the note “address needed” is added next to this site on the list]
• PeopleFinders.com [this entry has a star next to it]
• PeopleLooker [this entry has a tick next to it]
• Spokeo [this entry has a tick next to it; another entry notes “not free”]
• TruePeopleSearch.com
• TruthFinder.com
• Information.com
• Pipl [a note says “not free” next to this entry]
• Addresses.com
• Yellowpages.com

A spokesperson for Atlas, a company that is suing a variety of people search sites, said “Tragedies like this might be prevented if data brokers simply complied with state and federal privacy laws. Our company has been in court for more than 15 months litigating against each of the eleven data brokers identified in the alleged shooter’s writings, seeking to hold them accountable for refusing to comply with New Jersey’s Daniel’s Law which seeks to protect the home addresses of judges, prosecutors, law enforcement and their families. This industry’s purposeful refusal to comply with privacy laws has and continues to endanger thousands of public servants and their families.” 

404 Media has repeatedly reported on how data can be weaponized against people. We found violent criminals and hackers were able to dox nearly anyone in the U.S. for $15, using bots that were based on data people had given as part of opening credit cards. In 2023 Verizon gave sensitive information, including an address on file, of one of its customers to her stalker, who then drove to the address armed with a knife.

404 Media was able to contact most of the people search sites for comment. None responded.

Update: this piece has been updated to include a statement from Atlas. An earlier version of this piece accidentally published a version with a different structure; this correct version includes more information about the DPPA.

On Monday the Trump Organization announced its own mobile service plan and the “​​T1 Phone,” a customized all-gold mobile phone that its creators say will be made in America. 

I tried to pre-order the phone and pay the $100 downpayment, hoping to test the phone to see what apps come pre-installed, how secure it really is, and what components it includes when it comes out. The website failed, went to an error page, and then charged my credit card the wrong amount of $64.70. I received a confirmation email saying I’ll receive a confirmation when my order has been shipped, but I haven’t provided a shipping address or paid the full $499 price tag. It is the worst experience I’ve ever faced buying a consumer electronic product and I have no idea whether or how I’ll receive the phone.

“Trump Mobile is going to change the game, we’re building on the movement to put America first, and we will deliver the highest levels of quality and service. Our company is based right here in the United States because we know it’s what our customers want and deserve,” Donald Trump Jr., EVP of the Trump Organization, and obviously one of President Trump’s sons, said in a press release announcing Trump Mobile. 

This is Behind the Blog, where we share our behind-the-scenes thoughts about how a few of our top stories of the week came together. This week, we discuss advertising, protests, and aircraft.

EMANUEL: On Thursday Meta announced that it has filed a lawsuit in Hong Kong against Joy Timeline HK Limited, the company that operates a popular nudify app called Crush that we have covered previously. 

Meta’s position is that it hasn’t been able to prevent Crush from advertising its nudify app on its platform despite it violating its policies because Crush is “highly adversarial” and “constantly evolving their tactics to avoid enforcement.” We’ve seen Crush and other nudify apps create hundreds of Meta advertising accounts and different domain names that all link back to the same service in order to avoid detection. If Meta bans an advertising account or URL, Crush simply creates another. In theory, Meta always has ways of detecting if an ad contains nudity, but nudify apps can easily circumvent those measures as well. As I say in my post about the lawsuit, Meta still hasn’t explained why it appears to have different standards for content in ads versus regular posts on its platform, but there’s no doubt that it does take action against nudify ads when it’s easy for it do so, and that these nudify ads are actively trying to avoid Meta’s moderation when it does attempt to get rid of them. 

Customs and Border Protection (CBP) has confirmed it is flying Predator drones above the Los Angeles protests, and specifically in support of Immigration and Customs Enforcement (ICE), according to a CBP statement sent to 404 Media. The statement follows 404 Media’s reporting that the Department of Homeland Security (DHS) has flown two Predator drones above Los Angeles, according to flight data and air traffic control (ATC) audio.

The statement is the first time CBP has acknowledged the existence of these drone flights, which over the weekend were done without a callsign, making it more difficult, but not impossible, to determine what model of aircraft was used and by which agency. It is also the first time CBP has said it is using the drones to help ICE during the protests.

It’s that time again! We’re planning our latest FOIA Forum, a live, hour-long or more interactive session where Joseph and Jason (and this time Emanuel too maybe) will teach you how to pry records from government agencies through public records requests. We’re planning this for Wednesday, 18th at 1 PM Eastern. That's in just one week today! Add it to your calendar! 

So, what’s the FOIA Forum? We'll share our screen and show you specifically how we file FOIA requests. We take questions from the chat and incorporate those into our FOIAs in real-time. We’ll also check on some requests we filed last time. This time we're particularly focused on Jason's and Emanuel's article about Massive Blue, a company that helps cops deploy AI-powered fake personas. The article, called This ‘College Protester’ Isn’t Real. It’s an AI-Powered Undercover Bot for Cops, is here. This was heavily based on public records requests. We'll show you how we did them!

If this will be your first FOIA Forum, don’t worry, we will do a quick primer on how to file requests (although if you do want to watch our previous FOIA Forums, the video archive is here). We really love talking directly to our community about something we are obsessed with (getting documents from governments) and showing other people how to do it too.

Paid subscribers can already find the link to join the livestream below. We'll also send out a reminder a day or so before. Not a subscriber yet? Sign up now here in time to join.

We've got a bunch of FOIAs that we need to file and are keen to hear from you all on what you want to see more of. Most of all, we want to teach you how to make your own too. Please consider coming along!

Much of this episode is about the ongoing anti-ICE protests in Los Angeles. We start with Joseph explaining how he monitored surveillance aircraft flying over the protests, including what turned out to be a Predator drone. After the break, Jason tells us about the burning Waymos. In the subscribers-only section, we talk about the owner of Girls Do Porn, a sex trafficking ring on Pornhub, pleading guilty.

Listen to the weekly podcast on Apple Podcasts, Spotify, or YouTube. Become a paid subscriber for access to this episode's bonus content and to power our journalism. If you become a paid subscriber, check your inbox for an email from our podcast host Transistor for a link to the subscribers-only version! You can also add that subscribers feed to your podcast app of choice and never miss an episode that way. The email should also contain the subscribers-only unlisted YouTube link for the extended video version too. It will also be in the show notes in your podcast player.

• DHS Black Hawks and Military Aircraft Surveil the LA Protests
• DHS Flew Predator Drones Over LA Protests, Audio Shows
• Waymo Pauses Service in Downtown LA Neighborhood Where They're Getting Lit on Fire
• Girls Do Porn Ringleader Pleads Guilty, Faces Life In Prison

The Department of Homeland Security (DHS) flew two high-powered Predator surveillance drones above the anti-ICE protests in Los Angeles over the weekend, according to air traffic control (ATC) audio unearthed by an aviation tracking enthusiast then reviewed by 404 Media and cross-referenced with flight data.

The use of Predator drones highlights the extraordinary resources government agencies are putting behind surveilling and responding to the Los Angeles protests, which started after ICE agents raided a Home Depot on Friday. President Trump has since called up 4,000 members of the National Guard, and on Monday ordered more than 700 active duty Marines to the city too.

“TROY703, traffic 12 o'clock, 8 miles, opposite direction, another 'TROY' Q-9 at FL230,” one part of the ATC audio says. The official name of these types of Predator B drones, made by a company called General Atomics, is the MQ-9 Reaper.

On Monday 404 Media reported that all sorts of agencies, from local, to state, to DHS, to the military flew aircraft over the Los Angeles protests. That included a DHS Black Hawk, a California Highway Patrol small aircraft, and two aircraft that took off from nearby March Air Reserve Base.

ATC Audio Mentioning TROY and Q-9s

0:00

/21.577142857142857

1×

This article was produced with support from WIRED.

A data broker owned by the country’s major airlines, including Delta, American Airlines, and United, collected U.S. travellers’ domestic flight records, sold access to them to Customs and Border Protection (CBP), and then as part of the contract told CBP to not reveal where the data came from, according to internal CBP documents obtained by 404 Media. The data includes passenger names, their full flight itineraries, and financial details. 

CBP, a part of the Department of Homeland Security (DHS), says it needs this data to support state and local police to track people of interest’s air travel across the country, in a purchase that has alarmed civil liberties experts.

The documents reveal for the first time in detail why at least one part of DHS purchased such information, and comes after Immigration and Customs Enforcement (ICE) detailed its own purchase of the data. The documents also show for the first time that the data broker, called the Airlines Reporting Corporation (ARC), tells government agencies not to mention where it sourced the flight data from.

This article was produced with support from WIRED.

A cybersecurity researcher was able to figure out the phone number linked to any Google account, information that is usually not public and is often sensitive, according to the researcher, Google, and 404 Media’s own tests.

The issue has since been fixed but at the time presented a privacy issue in which even hackers with relatively few resources could have brute forced their way to peoples’ personal information.

“I think this exploit is pretty bad since it's basically a gold mine for SIM swappers,” the independent security researcher who found the issue, who goes by the handle brutecat, wrote in an email. SIM swappers are hackers who take over a target's phone number in order to receive their calls and texts, which in turn can let them break into all manner of accounts.

In mid-April, we provided brutecat with one of our personal Gmail addresses in order to test the vulnerability. About six hours later, brutecat replied with the correct and full phone number linked to that account.

“Essentially, it's bruting the number,” brutecat said of their process. Brute forcing is when a hacker rapidly tries different combinations of digits or characters until finding the ones they’re after. Typically that’s in the context of finding someone’s password, but here brutecat is doing something similar to determine a Google user’s phone number. 

Over the weekend in Los Angeles, as National Guard troops deployed into the city, cops shot a journalist with less-lethal rounds, and Waymo cars burned, the skies were bustling with activity. The Department of Homeland Security (DHS) flew Black Hawk helicopters; multiple aircraft from a nearby military air base circled repeatedly overhead; and one aircraft flew at an altitude and in a particular pattern consistent with a high-powered surveillance drone, according to public flight data reviewed by 404 Media.

The data shows that essentially every sort of agency, from local police, to state authorities, to federal agencies, to the military, had some sort of presence in the skies above the ongoing anti-Immigration Customs and Enforcement (ICE) protests in Los Angeles. The protests started on Friday in response to an ICE raid at a Home Depot; those tensions flared when President Trump ordered the National Guard to deploy into the city.

This is Behind the Blog, where we share our behind-the-scenes thoughts about how a few of our top stories of the week came together. This week, we discuss the phrase "activist reporter," waiting in line for a Switch 2, and teledildonics.

JOSEPH: Recently our work on Flock, the automatic license plate reader (ALPR) company, produced some concrete impact. In mid-May I revealed that Flock was building a massive people search tool that would supplement its ALPR data with other information in order to “jump from LPR to person.” That is, identify the people associated with a vehicle and those associated with them. Flock planned to do this with public records like marriage licenses, and, most controversially, hacked data. This was according to leaked Slack chats, presentation slides, and audio we obtained. The leak specifically mentioned a hack of the Park Mobile app as the sort of breached data Flock might use.

After internal pressure in the company and our reporting, Flock ultimately decided to not use hacked data in Nova. We covered the news last week here. We also got audio of the meeting discussing this change. Flock published its own disingenuous blog post entitled Correcting the Record: Flock Nova Will Not Supply Dark Web Data, which attempted to discredit our reporting but didn’t actually find any factual inaccuracies at all. It was a PR move, and the article and its impact obviously stand.

Apple provided governments around the world with data related to thousands of push notifications sent to its devices, which can identify a target’s specific device or in some cases include unencrypted content like the actual text displayed in the notification, according to data published by Apple. In one case, that Apple did not ultimately provide data for, Israel demanded data related to nearly 700 push notifications as part of a single request.

The data for the first time puts a concrete figure on how many requests governments around the world are making, and sometimes receiving, for push notification data from Apple. 

The practice first came to light in 2023 when Senator Ron Wyden sent a letter to the U.S. Department of Justice revealing the practice, which also applied to Google. As the letter said, “the data these two companies receive includes metadata, detailing which app received a notification and when, as well as the phone and associated Apple or Google account to which that notification was intended to be delivered. In certain instances, they also might also receive unencrypted content, which could range from backend directives for the app to the actual text displayed to a user in an app notification.” 

We start this week with Sam's dive into a looming piece of anti-porn legislation, prudish algorithms, and eggs. After the break, Matthew tells us about the open source software that powered Ukraine's drone attack against Russia. In the subscribers-only section, Emanuel explains how even pro-AI subreddits are dealing with people having AI delusions.

Listen to the weekly podcast on Apple Podcasts, Spotify, or YouTube. Become a paid subscriber for access to this episode's bonus content and to power our journalism. If you become a paid subscriber, check your inbox for an email from our podcast host Transistor for a link to the subscribers-only version! You can also add that subscribers feed to your podcast app of choice and never miss an episode that way. The email should also contain the subscribers-only unlisted YouTube link for the extended video version too. It will also be in the show notes in your podcast player.

• The Egg Yolk Principle: Human Sexuality Will Always Outsmart Prudish Algorithms and Hateful Politicians
• Ukraine's Massive Drone Attack Was Powered by Open Source Software
• Pro-AI Subreddit Bans 'Uptick' of Users Who Suffer from AI Delusions 

The surveillance company Flock told employees at an all-hands meeting Friday that its new people search product, Nova, will not include hacked data from the dark web. The announcement comes a little over a week after 404 Media broke the news about internal tension at the company about plans to use breached data, including from a 2021 Park Mobile data break.

Immediately following the all-hands meeting, Flock published details of its decision in a public blog post it says is designed to "correct the record on what Flock Nova actually does and does not do." The company said that following a "lengthy, intentional process" about what data sources it would use and how the product would work, it has decided not to supply customers with dark web data.

"The policy decision was also made that Flock will not supply dark web data," the company wrote. "This means that Nova will not supply any data purchased from known data breaches or stolen data."

Flock Nova is a new people search tool in which police will be able to connect license plate data from Flock’s automated license plate readers with other data sources in order to in some cases more easily determine who a car may belong to and people they might associate with.

404 Media previously reported on internal meetings, presentation slides, discussions, and Slack messages in which the company discussed how Nova would work. Part of those discussions centered on the data sources that could be used in the product. “You're going to be able to access data and jump from LPR to person and understand what that context is, link to other people that are related to that person [...] marriage or through gang affiliation, et cetera,” a Flock employee said during an internal company meeting, according to an audio recording. “There’s very powerful linking.”

In meeting audio obtained by 404 Media, an employee discussed the potential use of the hacked Park Mobile data, which became controversial within the company

“I was pretty horrified to hear we use stolen data in our system. In addition to being attained illegally, it seems like that could create really perverse incentives for more data to be leaked and stolen,” one employee wrote on Slack in a message seen by 404 Media. “What if data was stolen from Flock? Should that then become standard data in everyone else’s system?”

In Friday’s all-hands meeting with employees, a Flock executive said that it was previously “talking about capabilities that were possible to use with Nova, not that we were necessarily going to implement when we use Nova. And in particular one of those issues was about dark web data. Would Flock be able to supply that to our law enforcement customers to solve some really heinous crimes like internet crimes against children? Child pornography, human trafficking, some really horrible parts of society.”

“We took this concept of using dark web data in Nova and explored it because investigators told us they wanted to do it,” the Flock executive said in audio reviewed by 404 Media. “Then we ran it through our policy review process, which by the way this is what we do for all our new products and services. We ran this concept through the policy review process, we vetted it with product leaders, with our executive team, and we made the decision to not supply dark web data through the Nova platform to law enforcement at all.”

Flock said in its Friday blog that the company will supply customers with "public records information, Open-Source intelligence, and license plate reader data." The company said its customers can also connect their own data into the program, including their own records management systems, computer-aided dispatch, and jail records "as well as all of the above from other agencies who agree to share that data." 

As 404 Media has repeatedly reported, the fact that Flock allows its customers to share data with a huge network of police is what differentiates Flock as a surveillance tool. Its automated license plate readers collect data, which can then be shared as part of either a searchable statewide or nationwide network of ALPR data. 

This is Behind the Blog, where we share our behind-the-scenes thoughts about how a few of our top stories of the week came together. This week, we discuss an exciting revamp of The Abstract, tech betrayals, and the "it's for cops" defense.

EMANUEL: Most of you already know this but we are expanding The Abstract, our Saturday science newsletter by the amazing Becky Ferreira. The response to The Abstract since we launched it last year has been very positive. People have been writing in to let us know how much they appreciate the newsletter as a nice change of pace from our usual coverage areas and that they look forward to it all week, etc. 

First, as you probably already noticed, The Abstract is now its own separate newsletter that you can choose to get in your inbox every Saturday. This is separate from our daily newsletter and the weekend roundup you’re reading right now. If you don’t want to get The Abstract newsletter, you can unsubscribe from it like you would from all our other newsletters. For detailed instructions on how to do that, please read the top of this edition of The Abstract. 

Earlier this month authorities in Texas performed a nationwide search of more than 83,000 automatic license plate reader (ALPR) cameras while looking for a woman who they said had a self-administered abortion, including cameras in states where abortion is legal such as Washington and Illinois, according to multiple datasets obtained by 404 Media.

The news shows in stark terms how police in one state are able to take the ALPR technology, made by a company called Flock and usually marketed to individual communities to stop carjackings or find missing people, and turn it into a tool for finding people who have had abortions. In this case, the sheriff told 404 Media the family was worried for the woman’s safety and so authorities used Flock in an attempt to locate her. But health surveillance experts said they still had issues with the nationwide search. 

“You have this extraterritorial reach into other states, and Flock has decided to create a technology that breaks through the barriers, where police in one state can investigate what is a human right in another state because it is a crime in another,” Kate Bertash of the Digital Defense Fund, who researches both ALPR systems and abortion surveillance, told 404 Media.