The Institute for Justice's analysis, published in late April and the subject of a 263-point Hacker News thread on May 1, identifies fourteen documented cases of US police officers using automated license-plate-reader networks to track romantic interests, ex-partners, or strangers they had personally fixed on. The bulk of the cases occurred since 2024. Most of the officers named in the analysis were criminally charged. Most lost their jobs by either resigning or being fired.
The IJ analysis is careful about its own scope. "The 14 cases listed below are almost certainly an undercount," the report notes, listing reasons: not all police misconduct gets detected; some cases get resolved quietly; "Officers frequently cite vague or inaccurate reasons for their searches in ALPR systems, sometimes to evade detection of misconduct." Most of the cases that did surface, the IJ analysis observes, surfaced "only after victims reported the officers' behavior to the police, typically in the context of a broader stalking allegation."
What follows is what is publicly known. The list is short; the structural facts behind it are what the rest of this article is about.
Four names
The IJ analysis names individual officers, departments, dates, and outcomes. The four cases below are representative of the fourteen, and each has been independently corroborated through the cited reporting.
| Officer / Department | Year | Charges | Outcome | What was used |
|---|---|---|---|---|
| Officer Michael McSherry, Westmoreland County PD (Pennsylvania) | 2021 | Stalking | Pleaded guilty | License-plate-reader queries against estranged wife and other family members |
| Lieutenant Victor Heiar, Kechi PD (Kansas) | 2023 | Computer crime + stalking | Pleaded guilty | Flock cameras to track estranged wife |
| Officer Robert Josett, Costa Mesa PD (California) | 2023 | Multiple criminal charges (filed April 2026) | Pleaded guilty | Flock camera system to track mistress and her other romantic interests |
| Deputy Lamar Eliseo Roman, Monroe County Sheriff's Office (Florida) | February 2026 | Alleged stalking; charges pending | Under investigation | ALPR hotlist after meeting target on a TV-set security detail |
The other ten cases follow similar shapes. Most involve a current or former intimate partner of the officer. A smaller number, of which the Roman case is the most recent, involve a stranger the officer had become fixated on and acquired access to track. Outcomes range across criminal conviction, administrative discipline, and, on the IJ analysis's own framing, officer resignation as the resolution mechanism — with the well-documented broader pattern that resignation in policing does not always end a law-enforcement career.
The four cases above are the ones whose paperwork has reached its final disposition. The most useful detail in the table is the column the structural argument hinges on. In every case the offending officer used a system that recorded the searches at the moment they happened. In every case the records existed for years before the case opened. The audit logs were written when the queries ran. They were read when, and only when, an investigation arrived to read them.
How these fourteen surfaced
The cases the IJ analysis was able to document mostly came to light through one channel: the victim filed a complaint, an investigation opened a stalking allegation, and the LPR queries the officer had run against the victim's plate became evidence in that investigation. "Only a few of the 14 analyzed cases were initially discovered through internal investigations," the report observes. The audit logs that recorded the suspicious queries existed in every case. They were generally not what triggered the investigation. They were what the investigation later relied on.
This gap between audit-log existence and audit-log review has a structural explanation that surfaced in the HN thread on the IJ piece. Several commenters with relevant procurement experience pointed out that Flock-style ALPR systems are typically not licensed by seat, do not require single sign-on, and are routinely accessed via shared departmental accounts. Per-officer query patterns are technically reconstructable from the underlying logs, but operationally they are not aggregated against patterns of misuse. One court-watcher in the same thread, who has volunteered for years observing domestic-violence court proceedings, reported that "Cases where a state surveillance tool or database was used to stalk or harass the victim are completely routine." The IJ list is what shows up after a victim, an investigation, and a court proceeding have all happened in sequence. The rate at which any prior step fails is not a number the public sees.
The auditing surface is closing
In the same six-month window the IJ list was being compiled, two simultaneous structural moves narrowed the public-disclosure surface that produced it.
The first was Flock's own December 2025 audit-log change, reported on the HN thread by a public-records requester who had been routinely filing for the audit logs in their town. Until December 2025, the audit logs were listed "by USERID", allowing an outside reviewer to correlate query volume against individual officers and identify outlier behaviour. As the requester observed, "This same methodology has been used to catch police stalking in at least one other city." After the December 2025 update, the same logs were "completely serialized, anonymized", removing the per-userid correlation entirely. The change came after 2025 had surfaced several cases of police stalking using Flock data. The reporting cause and the system change occurred in the same calendar year.
The second was Washington State's SB 6002, the Driver Privacy Act, signed by Governor Bob Ferguson on March 30, 2026 and effective immediately. The bill's substantive privacy provisions are real: it imposes a 21-day data-retention limit (the original draft had set 72 hours, amended in committee), bans federal immigration access, and prohibits ALPR cameras near food banks, schools, courts, or places of worship. It also, in Section 5, exempts ALPR data from disclosure under the state public-records act:
Automated license plate reader data is not subject to disclosure under the public records act, chapter 42.56 RCW, except such data may be used for bona fide research as defined in RCW 42.48.010 and does not include individually identifiable information.
The exemption is narrow on its face. The category of "bona fide research" the carve-out preserves is the category formal academic and policy researchers operate under. The category it excludes is the one the IJ analysis itself depended on: working journalists, civil-liberties organisations, and individual public-records requesters who file because they noticed an audit-log irregularity in their town. The cases that surfaced this list surfaced on the back of exactly this kind of grass-roots filing. The mechanism is now shut, in Washington at least, except for the research carve-out — which does not produce the kind of identification the IJ list contains.
A second failure mode, same architecture
The fourteen-officer list is not the only public surface where the Flock query log has produced public-record findings this year. The previously-published Demo Partner Program covered the parallel disclosure that Flock's own employees had been seen accessing private-business camera feeds — a children's gymnastics studio, a community pool — in audit-log entries that named accounts including the company's Director of Growth and VP of Strategic Relations. Two failure modes, same architecture: a system whose query surface is wider than its accountability surface, and which produces evidence of misuse only when an outside party files for the logs and reads them. In both cases, the disclosure was traceable to per-account identification in the audit data. In both cases, the structural answer being deployed is to remove the per-account identification from the audit data.
The answer is consistent across vendor and state. The visible category of failures has not been the official trigger for either response. The official triggers, where they have been articulated, are privacy (in the case of the WA law) and security (in the case of the Flock log update). The public-records-requester category — the only category that produced any of these lists — is not one of the protected categories on either side.
Coda
Fourteen names is a list, not a thesis. It is also not, by anyone's reckoning, the count. It is the count of cases in which a victim filed a complaint, an investigation opened, the LPR query trail entered evidence, the case became reportable, and a public-interest organisation found and aggregated the reporting. The category of cases that fail any one of those steps is not on the list, by design.
The next round of names will be harder to find. The audit-log format that surfaced the present round was changed in December 2025; the public-records mechanism that produced the IJ aggregation is, in Washington, closed as of March 2026. The closing is not a coincidence; it is the predictable response of an operating system to the disclosure of its failure modes. Fourteen will not be the figure when this is next reported. Fewer than fourteen will be the figure, because the visibility surface is narrower. The next round of officers will not be a smaller cohort. They will only be a less-counted one.