Part 9 of the Bend Surveillance Oversight series.
This does not have to be a yes-or-no fight over police technology.
Bend can support legitimate public safety tools while still requiring strong public oversight.
The real question is not whether technology should ever be used.
The real question is whether powerful systems are governed by clear public rules before they expand.
Body cameras, fleet cameras, ALPRs, drones, traffic enforcement cameras, digital evidence systems, AI tools, and real-time information platforms all raise different questions.
But they also share a common issue:
They collect, store, search, analyze, or share public data.
That means Bend should have a citywide surveillance technology policy.
Not a vague promise.
Not vendor assurances.
Not scattered contract language.
Not internal rules that residents cannot easily find.
A clear public framework.
1. Public inventory of surveillance technologies
Bend should publish a plain-language inventory of all police surveillance technologies.
That inventory should identify:
- the technology name,
- the vendor,
- the department using it,
- the purpose of the system,
- what data it collects,
- where the data is stored,
- how long the data is retained,
- who can access it,
- whether outside agencies can access it,
- whether vendors or subcontractors can access it, and
- whether any AI, biometric, analytics, or automated decision features are enabled or available.
Residents should not need to search scattered agendas, contracts, staff reports, and vendor documents to understand what systems exist.
2. Council approval before acquisition or expansion
Bend should require Council approval before any department acquires, renews, expands, or materially changes surveillance technology.
That should include new tools, new vendors, major software modules, AI features, biometric capabilities, data-sharing expansions, and contract amendments that materially change what a system can do.
Public approval should happen before deployment, not after the system is already operating.
3. Public use policy before deployment
Every surveillance technology should have a public use policy before it is deployed.
That policy should explain:
- the approved purpose,
- allowed uses,
- prohibited uses,
- data collection rules,
- retention rules,
- access rules,
- sharing rules,
- audit procedures,
- disciplinary consequences for misuse, and
- how residents can find annual reports.
The public should be able to read the rules before the technology is used.
4. Short retention for non-evidence data
Data retention should be limited.
For non-evidence data, the default should be deletion after a short period unless the data is tied to a specific, documented case.
For ALPR data, I would support a default rule like this:
Non-hit ALPR data should automatically delete within 72 hours unless it is tied to a documented case, warrant, stolen vehicle, active investigation, or legally valid evidentiary need.
Short retention allows legitimate use while reducing the risk that ordinary residents’ movements become long-term searchable records.
5. Logged searches with case numbers
If a system can be searched, every search should be logged.
The log should identify:
- who searched,
- when they searched,
- what they searched,
- why they searched,
- the case number or incident number,
- whether the search produced a result, and
- whether the result was shared.
Search logs protect the public from misuse.
They also protect officers who use the system properly.
6. Limits on federal, out-of-state, private, and vendor access
Local surveillance data should not become outside-agency data by default.
Bend should limit access by federal agencies, out-of-state agencies, private companies, vendors, subcontractors, fusion centers, and other third parties.
Access should require a documented purpose, legal authority, written authorization, and an auditable record.
Broad sharing, informal access, and bulk access should be prohibited unless explicitly approved through a public process and consistent with law.
7. No facial recognition or biometric identification without explicit approval
Bend should prohibit facial recognition, biometric identification, biometric analytics, or similar identity-matching tools unless Council explicitly approves them after public notice, public debate, legal review, and technical assessment.
If a system is technically capable of biometric analysis but the City says the feature is disabled, that should be independently verified.
Disabled features should not become active through a quiet software update or vendor configuration change.
8. AI report-writing rules
If Bend ever uses AI to help draft police reports, the City should require strict auditability.
The basic rule is simple:
No AI-generated police report without an audit trail.
That means preserving original AI drafts, officer edits, source transcripts, timestamps, final reports, supervisor edits, and disclosure that AI was used.
Prosecutors and defense attorneys should be able to obtain relevant records through normal legal processes.
9. Independent technical audits
Bend should not rely only on vendor assurances.
The City should require independent technical audits of surveillance systems.
Audits should verify:
- enabled features,
- disabled features,
- retention settings,
- sharing settings,
- access controls,
- security controls,
- vendor access,
- subprocessor access, and
- compliance with City policy.
Trust is strongest when systems can be independently checked.
10. Annual public transparency reports
Bend should publish annual surveillance transparency reports.
Those reports should include:
- what systems were used,
- what new systems were acquired,
- how many searches occurred,
- how many outside requests were received,
- how many requests were approved or denied,
- how many audits were performed,
- whether misuse was found,
- whether any new features were activated,
- whether policies changed, and
- what the total annual costs were.
Transparency reports do not need to reveal sensitive case details.
They should provide enough aggregate information for residents and elected officials to know whether the rules are working.
11. Contract terms that match public policy
Contracts should not undermine policy.
If Bend adopts public rules, vendor contracts should match those rules.
Contracts should prohibit vendors from changing settings, enabling features, expanding sharing, using data for product development, or using local public safety data for AI training unless the City explicitly approves it through the required public process.
Good policy should be backed by enforceable contract language.
12. Public review before renewal
Surveillance technology should not renew automatically without public review.
Before renewal, the City should publish a report explaining how the system was used, whether it met its stated purpose, what it cost, whether misuse occurred, whether audits were completed, and whether stronger safeguards are needed.
Renewal should be a public decision, not an automatic default.
The basic framework
A reasonable Bend surveillance policy could be summarized like this:
- Tell the public what systems exist.
- Require approval before expansion.
- Limit retention.
- Log searches.
- Restrict sharing.
- Control vendor access.
- Ban biometric use without explicit approval.
- Audit AI tools.
- Verify systems independently.
- Report to the public every year.
That is not anti-police.
That is responsible governance.
Powerful public safety tools should answer to public rules.
Further reading
- ACLU: Community Control Over Police Surveillance
- ACLU: Community Control Over Police Surveillance Model Bill
- EFF: Street-Level Surveillance
- Bend Surveillance Oversight Source Library
Leave a Reply