Year-End Update

Happy holidays, merry Xmas, etc fellow Cedar Rapidians. Hopefully you are enjoying some time off with family. We have been fairly quiet for a while as life marches on, but we have been watching. Watching council meetings. Watching the cameras. Watching the watchers.

A lot has happened this year, and this week put everything we have been warning about into plain view. When surveillance infrastructure expands faster than public oversight, it fails. And when it fails, we all pay the price.

The Breach

On December 22, 404 Media reported that Flock Safety left at least 60 Condor pan-tilt-zoom (PTZ) cameras exposed to the open internet, with no password or login required. The report describes exposed livestreams and administrator panels, noting that outsiders could download 30 days of archived footage, change settings, view logs, and run diagnostics.

It is important to understand that the Condor is not "just a license plate reader." These cameras are designed to record and track people, not just vehicles. 404 Media describes these PTZ cameras as capable of automatically zooming in on faces or being manually controlled. They are more than powerful enough to perform facial recognition with a simple software update. These cameras are on the skywalks and were put in to deal with the issues happening downtown at the time.

The exposure was first discovered using Shodan, according to 404 Media, and was initially surfaced by technologist and YouTuber Benn Jordan.

On December 23, the City of Cedar Rapids published a statement confirming that CRPD was made aware by Flock of a "configuration error" that allowed internet access to one or more of the City's five downtown Condor cameras. The City states that Flock communicated the issue to CRPD on Monday, December 22, 2025.

The City's Spin vs. The Reality

In its statement, the City quotes Flock's explanation, claiming a "debug interface" was temporarily accessible but did not allow manipulation of the camera or access to Flock's cloud. The City further attempted to minimize the breach by stating that downtown camera video captures public spaces and is "not considered sensitive."

Here is the problem: The national reporting described exposed feeds and administrator panels with broad access, while the local statement frames this as a minor glitch. Residents are being asked to accept the vendor's version as the final word.

If the City is going to claim this footage is "not considered sensitive," we are going to take that claim seriously and test it. We will be requesting video from the downtown cameras in the coming weeks to see exactly what the city considers "public."

The Scale of the Surveillance State

This leak did not happen in a vacuum. It happened against the backdrop of a massive, quiet expansion of surveillance in our neighborhoods. Thanks to a new investigation by the ACLU of Iowa, we now have the hard numbers to prove just how deep this network goes. I encourage all leaders or anyone interested in the rise of the surveillance state to read this excellent report.

According to the ACLU report released late this year, Cedar Rapids is now the surveillance capital of Iowa. We operate 76 stationary cameras…more than West Des Moines (64), Council Bluffs (37), or Dubuque (22). We're #1!

While the City claims this data is just for "alerts," the numbers tell a different story:

• Massive Volume: In just one 30-day period (Oct. 21 – Nov. 20, 2025), Cedar Rapids cameras logged 413,104 vehicle detections. That is nearly half a million data points on resident movements collected in a single month.
• Officers aren't just waiting for "hotlist" hits. In that same month, the ACLU found that officers performed over 1,000 manual searches of the database. This is active investigation and backtracking of residents, not passive monitoring.

From "Secure" to "Wide Open"

The evolution of this technology in Cedar Rapids reveals a disturbing erosion of standards.

• Then (2015): CRPD ALPR use dates back to 2015 with mobile readers on squad cars. These were Motorola units, and because they accessed federal data, they were required by law to be installed in a "NCIC secure" location.
• Now (2025): We have moved from secure, mobile units to a $499,250 contract for a dragnet of stationary cameras that sit on telephone poles, exposed to the elements and the internet.

Unlike the strict federal requirements of 2015, the ACLU found that Cedar Rapids operates this massive network with no local ordinance limiting how long data is kept or requiring a warrant to search it. We are relying entirely on internal policy and vendor promises…promises that were broken this week and most likely will be broken again. Keep in mind these cameras have been used to monitor No Kings Protests and used by ICE. Both in direct violation of Cedar Rapids' ALPR policies.

The Bottom Line

We are paying an average of more than $20,000 per month to be the test case for mass surveillance in Iowa. We have the most cameras, the highest costs, and the most to lose.

We lost and Council had and continues to remain silent on the issues.

Sources

• City of Cedar Rapids: CRPD Addresses Security Concerns of Third-Party Public Safety Cameras (Dec 23, 2025)
• 404 Media: Flock Exposed Its AI-Powered Cameras to the Internet. We Tracked Ourselves (Dec 22, 2025)
• Benn Jordan (YouTube): This Flock Camera Leak is like Netflix For Stalkers
• The Gazette: Cedar Rapids Police Department using 70 new license plate reader cameras (Mar 17, 2025)
• City of Cedar Rapids: Flock camera systems page (background on when stationary ALPRs began, 30-day retention, and history since 2015)
• ACLU of Iowa: Automatic License Plate Reader Report Raises Concerns About Expansion of Government Surveillance in Iowa
• ACLU of Iowa: Stop Surveillance Campaign