Public Comment — May 27 Agenda Item #6, Contract No. 2026-0327

Written by

Jonathan

in

Dear Chair Chang, Vice Chair DeBone, and Commissioner Adair:

I am writing on behalf of Bend Privacy Alliance regarding Action Item #6 on the May 27, 2026 Board agenda: authorization of Contract No. 2026-0327, a five-year, $2,412,669 agreement with Axon for body-worn cameras, Tasers, and fleet cameras for the Deschutes County Sheriff’s Office.

I understand that body-worn cameras and fleet cameras can serve legitimate public-safety, evidence, and accountability purposes. My concern is not with cameras in the abstract.

My concern is that this procurement is not simply an equipment replacement. It is a five-year commitment to a digital-evidence and cloud technology platform that may include, enable, or allow later activation of ALPR, AI tools, analytics, data-sharing functions, and vendor-controlled system settings.

The Board should not be asked to approve that kind of system without a clear public record of what is included, what is excluded, and what cannot be enabled later without separate public approval.

The December 2025 audit should be treated as a prerequisite document

The December 2025 Deschutes County Internal Audit should be treated as a prerequisite document for this vote.

The audit found that DCSO’s existing body-worn and in-car camera program had a solid foundation, but needed improved oversight and reporting. It found that camera reporting was not published, replicable, or evaluative; supervisors were not consistently reviewing footage according to policy; public-records tracking was incomplete; and information-security controls fell short.

Most importantly, auditors could not independently verify whether deputies consistently recorded and categorized footage because DCSO did not provide access to footage for audit review.

The County should not approve a more complex Axon cloud ecosystem unless the contract and implementation plan directly address those audit findings.

The ALPR question should be answered before approval

The most urgent issue is ALPR.

DCSO spokesperson Jason Carr recently told The Source Weekly that the Sheriff’s Office does not currently use ALPR. However, the staff report refers generally to “fleet cameras” and does not identify the specific Axon fleet-camera model, software modules, or activation rights included in the contract.

Axon’s Fleet 3 system is publicly described as having ALPR capability, and Axon states that Fleet 3 ALPR can be activated as a subscription through Axon Evidence without additional equipment.

That matters because SB 1516 took effect in Oregon on March 31, 2026.

If this contract includes ALPR-capable hardware, ALPR software, or the ability to enable ALPR later, the County should demonstrate before approval how the contract complies with SB 1516’s requirements for captured license plate data, vendor restrictions, retention, sharing limits, audits, public reporting, and end-to-end encryption.

Encryption and vendor access need clarification

This is not theoretical.

Oregon’s Chief Information Security Officer testified that under Axon’s cloud architecture, “each law enforcement agency service subscriber does not retain encryption keys to their own data.”

SB 1516 requires ALPR data to be encrypted using, at minimum, end-to-end encryption, but the practical meaning of that requirement is still developing.

Before entering a new five-year Axon agreement with any ALPR capability or activation rights, the County should clarify who controls encryption keys, who can decrypt ALPR data, and whether Axon or any subcontractor retains technical access.

Other jurisdictions show why technical compliance should not be assumed

Other jurisdictions have already faced this problem.

In March 2026, the Pierce County, Washington Sheriff’s Office reportedly deactivated approximately 200 Axon Fleet 3 ALPR cameras after concluding that its system could not be operated in compliance with Washington’s new ALPR privacy law.

Oregon’s law is different, but the lesson is directly relevant: technical compliance with ALPR privacy laws should not be assumed. It should be demonstrated before approval or activation.

Recent Oregon examples show why defaults and sharing settings matter

Recent events in Oregon also show why this matters.

Federal immigration authorities reportedly queried Bend PD’s Flock Safety ALPR database 279 times in three weeks after a vendor default setting was not disabled.

The Rural Organizing Project has also filed litigation alleging that federal immigration authorities were able to query Oregon State Police systems through LEDS/NLETS; OSP denies the allegations, and the litigation is pending.

These examples show why vendor defaults, interagency access, and data-sharing settings need to be addressed before surveillance technology is deployed.

Existing policies do not appear to answer the ALPR question

DCSO’s existing policies are helpful, but they do not appear to answer the ALPR question.

  • Policy 8.21 governs body-worn and in-vehicle incident recording, not bulk license plate scanning of uninvolved drivers.
  • Policy 4.30 governs LEDS, NCIC, and CCH access, but does not appear to govern automated plate scans or hotlist matching.
  • Policy 4.35 governs generative AI, but does not appear to govern ALPR, vehicle classification, or computer-vision analytics.
  • Policy 4.15 governs digital media as evidence, but does not appear designed for continuous or bulk vehicle-location collection.

Questions the Board should require answers to before voting

Before voting, I respectfully ask the Board to require clear answers to five questions:

  1. What specific Axon products, fleet-camera model, software modules, cloud services, and activation rights are included in Contract No. 2026-0327?
  2. Does the contract include ALPR-capable hardware, ALPR software, hotlist matching, vehicle analytics, searchable vehicle-location data, or any ability to activate those functions later?
  3. If ALPR capability is included or can be enabled later, how does the contract comply with SB 1516, including encryption, retention, search logs, vendor restrictions, audits, public reporting, and data-sharing limits?
  4. Are any Axon AI tools included, licensed, enabled, or available through this contract, including Draft One, Policy Chat, AI transcription, AI redaction, summarization, report writing, predictive analytics, or any tool that analyzes body-camera, fleet-camera, audio, video, report, or evidence data?
  5. What limits will apply to interagency sharing, federal access, out-of-state access, vendor access, subcontractor access, and default settings that could allow data to be shared beyond DCSO?

Requested Board action

I respectfully ask the Board to take one of three actions:

First

Defer authorization until these questions are answered, any ALPR-specific policy is developed if ALPR is included or available, and the internal audit referenced in the staff report is made available or publicly summarized.

Second

Sever the fleet-camera portion from the body-worn camera and Taser portions and authorize only the latter two while the County resolves the ALPR, AI, SB 1516, and sharing questions.

Third

At minimum, condition approval with clear motion language stating that:

  • No ALPR, license-plate recognition, hotlist matching, vehicle analytics, or searchable vehicle-location data may be enabled without separate public notice, policy review, SB 1516 compliance analysis, and Board approval.
  • No Axon AI, AI-assisted report writing, AI transcription, predictive analytics, biometric analytics, facial recognition, or new cloud analytics module may be enabled without separate public notice, policy review, and Board approval.
  • All access, searches, exports, downloads, sharing, retention changes, deletion activity, and vendor-support access must be logged and auditable.
  • Vendor default settings allowing federal, out-of-state, or third-party sharing must be disabled at the contract or administrator level unless separately approved by the Board.
  • The County must publish a plain-language privacy impact summary before deployment and provide annual public reporting on system use, access audits, sharing activity, retention/deletion compliance, complaints, policy violations, and any AI, ALPR, or analytics tools enabled.

Conclusion

Body-worn and fleet cameras may improve accountability, but only if the surrounding data system is governed by clear limits, public transparency, enforceable retention rules, strong audit logs, and meaningful restrictions on secondary use.

The Board should not authorize privacy-sensitive capabilities that have not been clearly disclosed, governed by policy, and shown to comply with Oregon law.

Thank you for your consideration. I plan to attend the May 27 meeting and am available to discuss any of the above at the Board’s convenience.

Respectfully,

Jonathan

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

More posts