Wyden, Krishnamoorthi Urge FTC to Investigate Surveillance Tech Company on Negligently Handling Americans’ Personal Data
Congressional investigation reveals 35 accounts of Flock customers were stolen
Washington, D.C. — U.S. Senator Ron Wyden, D-Ore. and Representative Raja Krishnamoorthi, D-Ill., today called for a federal investigation into surveillance technology company Flock Safety, for failing to implement cybersecurity protections and needlessly exposing Americans’ personal data to theft by hackers, foreign spies, and criminals.
Flock does not require its law enforcement customers to use multi-factor authentication (MFA), a cybersecurity best practice. The methods of MFA that Flock supports can be circumvented by hackers. In addition, Flock does not natively support phishing-resistant MFA, which is recognized by the federal government as the gold-standard of cyberprotection, and is required of federal agencies.
The letter notes that passwords for at least 35 Flock customer accounts have reportedly been stolen by hackers, according to a public website operated by the cybersecurity company Hudson Rock. Phishing-resistant MFA can protect accounts from hackers, even when user passwords have been stolen or phished.
“Flock has received vast sums of taxpayer money to build a national surveillance network,” Wyden and Krishnamoorthi wrote in their letter to FTC Chair Andrew Ferguson. “But Flock’s cavalier attitude towards cybersecurity needlessly exposes Americans to the threat of hackers and foreign spies tapping this data. Accordingly, we urge the FTC to hold Flock accountable for its negligent cybersecurity practices.”
Flock’s failure to provide real privacy protections poses a serious threat that could result in bad actors gaining unauthorized access to law-enforcement-only parts of Flock’s website and harvest billions of Americans’ license plates collected by taxpayer-funded cameras nationwide. There have been at least four cases, including against Uber, Cheff, Drizly, and Blackbaud, where the FTC reached settlements with companies for failing to require MFA, which the FTC argued violated federal law.
Flock is the largest surveillance camera operator in the United States, providing services to 5,000 police departments, 1,000 businesses, and numerous homeowners associations across 49 states. The company’s surveillance cameras capture personal data which can reveal the movements of Americans, including trips to doctors and therapists, support group meetings for alcohol or drug addiction, and places of worship and protests.
Last week, Wyden slammed Flock for its ineffective protections for Oregonians against abuses by federal agencies and out-of-state law enforcement.
The text of the letter is here.
###
Next Article Previous Article
