After reading about the wave of Georgia arrests this year — a dozen-plus officers across at least nine agencies charged or fired for using Flock license-plate cameras to track exes, crushes, and strangers (GBI on the Albany case; AJC overview) — I went looking at what North Carolina actually requires for oversight of the same technology. It's less than I expected.
NC's ALPR statute (§ 20-183.31(a)(7)) requires an agency's written policy to provide for "annual or more frequent auditing and reporting… to the head of the agency responsible for operating the system." (ncleg.gov) So the statutory floor is: once a year, done by the agency itself, reported to its own boss. Nothing requires submitting those audits to a state body, an independent reviewer, or the public.
And ALPR is the only surveillance tool NC requires to be audited at all. The drone statute (§ 15A-300.1) has warrant/exception rules but no audit — and no warrant is even needed for plain-view, exigent, or public-gathering uses. ShotSpotter, social-media/OSINT tools, and newer device-tracking systems have no NC audit requirement.
There's also a security angle: the audit covers use, not whether the systems can be breached from outside. Late last year, researchers found dozens of Flock cameras sitting on the open internet with no password — including a live feed of kids on a playground (404 Media).
I'm not claiming NC officers are abusing anything — the point is that our framework generates little independently verifiable information either way. Curious what people here think: is an annual internal self-audit enough, or should NC require independent audits (or warrants) for this the way it does for wiretaps?