Flock of cameras and the costs of sharing data

Danny Brugmann

6 min read
Share
Flock of cameras and the costs of sharing data

Five Cyber Stories - May 3, 2026 - Issue 007

Hi! Thanks for tuning in to this week's Five Cyber Stories where I share five stories that showcase how cybersecurity affects everyone's non-digital lives (yes, even luddites). In this issue, I'm sharing stories about Flock camera surveillance, Section 702 of the Foreign Intelligence Surveillance Act (yes, this again), and much more in this week's newsletter.

Was this newsletter shared with you? Say no more; here's a quick link to subscribe.

That said, LET'S GO!

1. We need to talk about Flock ($)

Reporting by 404 Media's Jason Koebler

Surveillance city: 404 Media recently reported ($) that Flock Safety has been utilizing cameras in Dunnywood, Georgia to surveil "...a children’s gymnastics room, a playground, a school, a Jewish community center, and a pool." This story stems from concerned community member, Jason Hunyar, writing a Substack post about the surveillance titled, "Why Are Flock Employees Watching Our Children?" 404 Media reports ($) that the CEO of Flock Safety apologized for "...poor judgement." but also characterized at least some of the accusations as "misinformation."

In a blog responding to the controversy, Flock Safety's Josh Thomas writes,

Accusing someone of spying on children is not a policy disagreement; it is a life-altering allegation. Claims of inappropriate conduct by our employees are false. The employees being named online are well-intentioned employees who accessed a camera network with the city's explicit permission, as part of their job. They are now being called predators for it.

What could go wrong? There is obviously a lot going on with this story, but for the sake of this newsletter, I want to focus just on the data security aspects. Even if we might assume that all of the authorized users with access to the cameras in Dunnywood, Georgia were acting appropriately as Flock contends, we could certainly argue there would still be potential privacy risks. A hypothetical cybersecurity breach could give access of those cameras to a bad actor.

Flock's CEO clearly sees the cameras as means of "protecting" the Jewish community center. Yet, surveillance is never so simple. I would argue that there are costs to "protection" of this kind. But ultimately, I'm concerned less with either of these arguments. I'm more concerned that the public-debate seems non-existent prior to activating cameras in communities. After all, Flock Safety already has "...over 12,000 public safety customers including cities, towns, counties, and business partners." Flock contends that "Safety is a fundamental right for every community." I contend that privacy is also the right of every community.

But, you know, totally unrelated and not at all with what tech leaders actually think about privacy, this seems as good a time as any to remind everyone that Mark Zuckerberg, the powerful, tech-savvy billionaire, covers his laptop's webcam.

2. Beware of stalkerware ($)

Reporting from Wired's Matt Burgess and Lily Hay Newman

Life hacked: A security researcher revealed this week that they discovered a publicly accessible trove of data from an unnamed European celebrity that was likely stolen via stalkerware or spyware. Wired reports ($) that Jeremiah Fowler, a researcher with Black Hills Information Security, alerted the appropriate authorities. Fowler ultimately chose to leave the celebrity un-named saying, "...even public people deserve privacy." The celebrity's stolen information was highly sensitive including financial and other personal data such as nude images.

Spyware-R-Us: Another security researcher featured in Wired's reporting ($), Vangelis Stykas, noted that, "Having access to someone’s phone means you have unobstructed access to all of his or her life." It's tempting to believe these types of hacks are limited to the rich, famous, and powerful. Unfortunately, Wired reported ($) earlier this month that these types of malware tools are being purchased by everyday men to harass women. This trend shows the ways that breakdowns in cybersecurity affect all of us, but can particularly affect people more likely to experience harassment and abuse in the physical world.

3. Kicking the Can

Reporting from The Verge's Gaby Del Valle

Decision delayed: This week Congress renewed the Foreign Intelligence Surveillance Act, commonly called F.I.S.A., including Section 702, for 45 days. The Verge reported Senate Majority John Thune saying that the short-term renewal was passed to allow "...enough time to negotiate a reform bill." Section 702 of said bill allows for U.S. intelligence agencies to scoop up Americans' data that travels outside U.S. borders all without a warrant. There is bipartisan support to reform the law. As it stands, F.I.S.A. allows U.S. intelligence agencies to look at any of your data (messages, online purchases, photos, emails, etc.) that leaves the country, again, all without a warrant.

On the calendar: This is the second short-term extension of the law in less than a month, and it's also the second time I've written about it. The last extension was for only 10-days, and Congress has now punted it again to seemingly push through more negotiations. My worry is that the pace of the news cycle will distract voters from the important Fourth Amendment implications amid these continual delays. So, in less than 45 days, I'll likely be featuring another item on F.I.S.A. and Section 702 as a reminder of what's at stake.

4. Data at the Dentist

Reporting from TechCrunch's Zack Whittaker

Poor data hygiene: Patient management software developed by the software company Practice by Numbers was recently revealed to have a "flaw" resulting in access to patient medical records by users other than the patient themselves. Zack Whittaker reports, "One patient, Joseph Cox, reported the bug to TechCrunch after he encountered the issue while looking at his own dental records on the portal." Cox could not only see his own records, but other patient records as well. Cox's attempts to contact Practice by Numbers to alert them of the issue were unsuccessful, and he eventually reached out to TechCrunch "as a last resort". The bug was (finally) fixed after TechCrunch managed to reach the company.

The filling: Even if we are not affected by any specific data breach, the ubiquity of these systems and their potential vulnerabilities affect everyone. Software (in some ways) truly has eaten the world. It's hard to go anywhere without interacting, directly or indirectly, with some sort of software. It's fair to say it makes aspects of most of our lives easier, but I think it's also fair to say few of us consider the costs and risks. When we share our email for "10% off," allow a vendor to save our payment info, or use a healthcare provider's online portal, do we ask if our data is safe? Maybe it's time we should start.

5. Anonymous it ain't

Reporting from Cyberscoop's Tim Starks

Open Questions: A bipartisan pair of senators has questions for Navigate360. The data management company does business with "...more than 30,000 schools and 5,000 public safety agencies..." According to Cyberscoop Navigate360's P3 Global Intel tip line was allegedly compromised via a cyberattack. In their letter to the company, U.S. Sen. Margaret Hassan (D-NH) and Sen. Jim Banks (R-IN) write, "Your company markets its product as an anonymous tip line. However, the personally identifiable information recently released by the hackers suggests otherwise." The letter also includes that students "use this [tip line] to report abuse and thoughts of self-harm."

Survey Says: Whether at work or elsewhere, it's fair to say most of us have been presented with a survey labeled as anonymous. We should all be highly skeptical of any tip line, survey, or other info funnel. The senators' letter says, "Education and school safety experts have expressed concerns that, without guaranteed anonymity, students will choose not to report safety concerns." Sometimes data breaches occur entirely via negligence ($) rather than bad intent, but there is an entire industry of data brokers incentivized to sell your personal info. This was true before AI made data even more of a hot commodity.

Wrap up

That's all from me this week. I know I missed some great stories about Linux exploits, DDoS attacks, and more, and hopefully, I'll have more links next time.

Until then!
Danny

Read more