Tag Archives: Flock Safety

What Benicia’S Own Records Reveal About Its Flock Safety Surveillance Deal

By Gregg Horton, via email, July 12, 2026

A review of 200+ pages of emails released by the City of Benicia under the California Public Records Act, documenting the Benicia Police Department’s deployment of Flock Safety automated license-plate-reader (ALPR) cameras from 2021 to 2025.

THE SHORT VERSION

Benicia, California contracted with Flock Safety to install a network of automated license-plate-reader cameras. Public records the city released show, in the vendor’s and the city’s own words:

  1. Flock wrote the city’s “sole source” justification for skipping competitive bidding, and even supplied other cities’ staff reports as templates.
  2. The city was billed for a camera that was never installed, because the state (Caltrans) had denied its installation.
  3. The public “transparency” audit page displayed a “system down” message that Flock says the city itself was able to post and remove.
  4. Public search-auditing is a switch the vendor flips on and off at the department’s request.
  5. A state right-of-way permit for the cameras went unresolved for years, with at least one outright denial, while billing ran and cameras operated.
  6. ALPR data is shared with outside agencies through signed letters, with “no formal MOU.”
  7. Flock coached city staff on how to downplay a security exposure and a resident’s vulnerability report to the City Council.

Everything below is quoted from the released records, with dates and senders.

BACKGROUND

These documents come from Benicia’s responses to public-records requests (tracked as PR-2025-159 and PR-2026-7), released February and July 2026. They are almost entirely email between Benicia Police Department staff and Flock Safety employees, spanning August 2021 through December 2025. Quotations below are transcribed from the released PDFs; minor spacing artifacts from scanned/redacted pages have been cleaned for readability, wording is unchanged.

Key people

– Benicia PD: Chief Michael Greene; Lt. Mark Menesini; Jeremy Karagan (IT Analyst II); Wendy Stratton-Monahan (Management Analyst II / PIO); Edward Criado.

– Flock Safety: John Anderson and Kyle Egkan (Territory Managers); Graham Carter (Customer Success Manager); Hailey Spessard; Lily Ho; Chris Colwell (SVP, Customer Experience).

  1. FLOCK WROTE THE CITY’S NO-BID JUSTIFICATION

Public agencies normally must competitively bid large purchases. A “sole source” letter is how an agency justifies skipping that. In this case, the vendor supplied the letter itself, plus other cities’ staff reports to use as templates.

From John Anderson, Territory Manager, Northern California, Flock Safety, February 22, 2021 (to Chief Michael Greene and Lt. Mark Menesini):

“Chief and Lt., here is the Sole Source Letter. I’ve also included a copy of the agreement so we can start on the legal process, and a couple of examples for staff reports.”

Attachments: “Sole Source Letter – Benicia Police Department.pdf,” “Covina Staff Report – 2020.pdf,” “Azusa – Staff Report – 2020-9.pdf”

Two months later he sent an updated one. From John Anderson, April 29, 2021:

“See attached for an updated agreement along with our most current Sole Source letter for good measure.”

Why it matters: The document used to justify NOT shopping around was authored by the company that stood to win the contract, using boilerplate recycled across cities.

Source: Flock Safety Sole Source Letter.txt; Updated Flock Agreement.txt (PR-2025-159).

  1. THE CITY WAS BILLED FOR A CAMERA THE STATE REFUSED TO ALLOW

One camera (the “51st”) required a Caltrans encroachment permit to sit in state right-of-way. Caltrans denied it, but the billing had already started.

From Wendy Stratton-Monahan, Benicia PD, September 26, 2024 (to Flock):

“I received our annual bill for FLOCK cameras, and am wondering why we are being charged for service for the camera that has yet to be installed?”

Flock’s explanation was that billing is triggered by the first camera, not each camera. From Graham Carter, Flock Safety, September 26, 2024:

“The contract is actually set up for the first camera to be validated and was a 5 year Co-term merging all the contracts together. This means once the first camera goes in the ground, the billing starts.”

The city pushed back, citing the state’s denial. From Wendy Stratton-Monahan, September 26, 2024:

“This camera has been in permitting for quite some time. The permitting was via CalTrans, and at last notice, they had denied installation, so we continue to be without the 51st camera in operation… perhaps we can adjust the current (and past) billing for this camera to reflect as a credit, and then not charge until it is operational. I think otherwise, it is going to be difficult to calculate the ‘free time’ we are due.”

Why it matters: A “5-year co-term merging all the contracts” means the city pays for the full camera count from day one, including hardware the state has refused to permit, and must affirmatively fight to claw back credit for equipment it never received.

Source: Re_ FW_ Permit Application 0424-NSV-0053… (20)-Redacted.txt (PR-2025-159).

  1. THE PUBLIC “TRANSPARENCY” PAGE SHOWED “SYSTEM DOWN,” AND THE CITY COULD EDIT IT

Flock markets a public “Transparency Portal” where residents can audit how police use the system. In early 2024 that portal’s audit area displayed a “system down” message. When the city asked Flock about it, the answer was revealing.

From Flock Safety Support (“Rhianna”), March 4, 2024 (to Jeremy Karagan, IT Analyst II, Benicia PD):

“I have heard from our engineers! This area of the portal is editable by your organization, so our team suspects that someone from your organization put up this message. You should be able to remove it without issue.”

Why it matters: The public-facing accountability page is agency-editable, and, by Flock’s own account, a “system down” notice sitting on the audit page appears to have been posted from within the city. How long the public saw “system down” instead of real audit data, and who posted it, are open questions.

Caveat: this is Flock support’s stated suspicion, not a confirmed finding of who posted it.

Source: Re_ Transparency Portal Audit System Down (1).txt and related (PR-2025-159).

  1. PUBLIC SEARCH-AUDITING IS A SWITCH THE VENDOR FLIPS

When the department first set up its cameras in 2021, the police chief had to ASK for the public to be able to audit searches, and the vendor toggled it like any other setting.

From Chief Michael Greene, Benicia PD, August 26, 2021:

“I don’t see the area where the public can audit our searches? I’d like that part [on].”

From Graham Carter, Flock Safety, August 26, 2021:

“Yes I can turn back on the auditing. And turn off the other parts!”

Why it matters: Public auditing isn’t a fixed guarantee, it’s a vendor-controlled toggle that can be turned “back on” or “off” at the department’s request.

Source: Re_ ALPR policy(3).txt (PR-2025-159).

  1. A YEARS-LONG STATE-PERMIT FIGHT THE PUBLIC NEVER SAW

The single largest thread in the records is Caltrans encroachment permit 0424-NSV-0053, the approval needed to place Flock poles in state right-of-way. It runs from 2024 into December 2025 and was never cleanly resolved; Caltrans denied at least one installation (see #2) and repeatedly sent the permit back for “structural” review. Flock rotated multiple project managers across the account during the delay.

Why it matters: For an extended period the deployment sat in regulatory limbo, cameras billed and, per the “Cameras In Service / Cameras pending permit” tallies in the records, some operating, while the state permitting question stayed unresolved. Whether any camera operated in state right-of-way without an approved permit is worth a direct question to the city.

Source: numerous “…Permit Application 0424-NSV-0053…” files (PR-2025-159, PR-2026-7).

  1. DATA SHARED WITH OUTSIDE AGENCIES BY LETTER, “NO FORMAL MOU”

Benicia’s own ALPR policy (section 470.9) governs who else can get its plate data. Notably, the policy explicitly prohibits sharing for federal immigration enforcement, a point in the city’s favor. But the mechanism for sharing is light-touch.

From Mark Menesini, Benicia PD, September 13, 2022:

“Agencies who are requesting to share Flock data must sign the form and agree to adhere to our policy… We don’t have a formal MOU agreement per se. Participating agencies must be approved by our Admin and sign the acknowledgment form.”

And the policy text itself:

“470.9 RELEASING ALPR DATA. The ALPR data may be shared only with other law enforcement or prosecutorial agencies for official law enforcement purposes… The Benicia Police Department does not permit the sharing of ALPR data… for purpose of federal immigration enforcement, these federal immigration agencies include Immigration and Customs Enforcement (ICE) and Customs and Border Protection (CBP). The signed letter is retained on file.”

Why it matters: The written policy is relatively protective (an explicit ICE/CBP carve-out), but outside agencies get access via a signed one-page acknowledgment approved by an internal admin, “no formal MOU.” The records contain the policy, not an audit proving each real-world share complied with it. That gap is the thing to request next.

Source: Re_ ALPR Acknowledgment Letter(1).txt (PR-2025-159).

  1. WHEN SCRUTINY ARRIVED, FLOCK COACHED STAFF ON THE MESSAGING

In late 2025, Flock’s cameras drew public attention: a resident submitted a security whitepaper documenting device vulnerabilities, a third-party website began aggregating ALPR search logs released through public-records requests, and Flock disclosed that some of its “Condor” video devices had a debug interface exposed on the open internet without password protection. Flock’s emails to Benicia staff repeatedly supplied talking points and urged staff to reassure the Council.

From Lily Ho, Flock Safety, November 17, 2025 (responding to a resident’s vulnerability whitepaper forwarded by the city):

“These are not material vulnerabilities, and both severity and likelihood to be exploited are low… This device in this whitepaper was not connected to the cloud and to the best of our knowledge not customer installed.”

From Chris Colwell, SVP Customer Experience, Flock Safety, December 9, 2025 (“What you Need to Know About Recent Online Disclosures”):

“To be clear: Flock has not been breached or compromised. We are CJIS compliant… We also encourage you to forward this information to others in your department or to councilmembers so they can be prepared for any potential questions.”

From Chris Colwell, December 23, 2025 (“Update on Limited Condor Misconfiguration”):

“The debug interface on a small number of Condor units was temporarily accessible on the internet without password protection… A website and a sensationalized YouTube channel inaccurately portrayed the extent of this access.”

Why it matters: The vendor’s own messaging shows a pattern of pre-empting oversight, supplying elected officials’ talking points and characterizing an internet-exposed, unauthenticated debug interface as immaterial.

Source: Re_ FW_ Benicia Must Reconsider…-Redacted.txt; What you Need to Know About Recent Online Disclosures.txt; Update on Limited Condor Misconfiguration.txt (PR-2026-7).

WHAT’S SOLID VS. WHAT NEEDS MORE DIGGING

Documented in the records, in the parties’ own words:

– Flock supplied the sole-source letter and template staff reports (#1).
– The city was billed for a camera Caltrans denied; billing starts at “first camera” under a 5-year co-term (#2).
– Public auditing is a vendor-controlled toggle (#4).
– ALPR data shared via signed letter with “no formal MOU” (#6).
– Flck supplied Council-facing talking points during the 2025 scrutiny (#7).

Leads that need corroboration:

– Who posted the “system down” message on the transparency page, and for how long (#3); the record only has Flock support’s suspicion.
– Whether any camera operated in Caltrans right-of-way without an approved permit (#5).
– Whether real-world data shares actually complied with section 470.9 (#6); the policy is in the record, an audit of shares is not.

HOW TO VERIFY

Every quote above is from PDFs Benicia released under the CPRA. Anyone can request the same records from the City of Benicia (reference request numbers PR-2025-159 and PR-2026-7) and read the originals. Filenames cited are the produced document names.

QUESTIONS WORTH PUTTING TO THE CITY / COUNCIL
  1. Who authored the sole-source justification, and did the Council know it came from the vendor?
  2. How much has the city paid for cameras that were never installed or permitted, and was credit issued?
  3. Who posted “system down” on the public audit page, and how long was public auditing unavailable?
  4. Is public search-auditing currently on? Has it ever been turned off?
  5. Did any camera operate in state right-of-way before Caltrans approval?
  6. Which outside agencies have received Benicia ALPR data, and has compliance with section 470.9 been audited?

Gregg Horton