The AWS analogy breaks down because AWS doesn't encourage customers to pool their S3 buckets into a nationwide searchable index.

Flock operates a federated network. If you drive past an unmarked camera, you have absolutely no way of knowing which specific HOA or town leased it so how are you realistically supposed to know who the "data controller" is to send your ccpa or deletion request to?

I don’t care. I don’t care who owns the data. If I can’t easily get private information like my movements removed from a database like this, the legislation does not sufficiently protect me.

It should absolutely be Flock’s responsibility to remove my data and we should absolutely require it by law. Full stop.

This is also true according to their contracts (we were one of the first munis in the country to ostentatiously cancel our Flock contract, and the lead up to that was a bunch of progressive legal experts poring over that contract looking for holes.)

Except that Flock very clearly benefits financially from having direct access to this data: owning (and in their own documentation, they very clearly do own it) a network of 80,000 surveillance devices across the country, and owning every single transit point for the data they collect, is what gets them to a $7.5 billion valuation from investors.

The fact of the matter is that Flock is playing two-step with the concept of "ownership" of data. They disclaim ownership as a way to leave local agencies holding the bag for liabilities, but they fight tenaciously to retain complete and unfettered access to that data.

(After organizing a community group that won Flock contract cancellations in multiple jurisdictions in Oregon, I went on to coauthor state legislation regulating ALPRs. I am very well familiar with all the dirty ball they play.)

Also, Flock's cameras collect more data than is provided to police agencies. Who owns that data, I wonder?

> But the data collected is property of the government

I thought this was the get-out clause from the constitutional problems with Flock? That because Flock is a non-government organisation it isn't restricted by the constitution (i.e. the constitution only restricts what the government can do).

They can't have it both ways - if Flock are collecting the data then they are subject to the privacy laws. If it's the government collecting the data via Flock as just a service, then they are subject to constitutional restrictions.

This is worth validating independently, but to be clear:

Are you saying Flock itself does not have access to any of the data, and that the data they store on behalf of local governments is not fed into any central datalake? That every organization's data is completely, unalterably separate from everyone else's?

If so, that makes the panopticon slightly less powerful.

That’s a pretty compelling argument, but what if I went round to AWS’ house, peeked into their kitchen, and saw a crate of photos on their table with me in them?

I’d absolutely say:

“Hey, that’s me! Give me those right now!”

I’d also be pretty angry if they told me:

“Sorry we’re storing those for Corp Inc. Go ask them.”

To refute my own point though, this only sounds annoying because the data processor is being irritating by manually referring me to the data controller. In practice, it would be trivial for them to automatically forward communications between me and the controller.

That’s what feels is amiss with the top level article.

If I lease out a property to a tenant (apartment, retail, industrial use, whatever) and that tenant is committing an illegal activity on the property. Would the landlord be liable for knowing it? Or not?

"Sorry FBI, the tenant renting my warehouse out to manufacturing cocaine is not my responsibility. I won't do anything about it. You deal with them."

Nope, that's a failure of a duty to act and aiding and abetting a criminal activity if you hace constructive knowledge.

I assume they are building "meta-data" profiles of people based on the data they say they can't use directly. That seems like an easy work-around that satisfies the lip-service they've given to the issue.