Category: Blog

Commentary and analysis on current privacy, surveillance, cybersecurity, civil liberties, and related public-interest technology issues.

  • What Two Weeks of Advocacy Accomplished — And What Comes Next

    What Two Weeks of Advocacy Accomplished — And What Comes Next. Bend Privacy Alliance, June 2026. Infographic summarizing campaign growth, June 3 Deschutes County BOCC outcome, and June 3 Bend City Council outcome.

    Two weeks ago, the Bend Privacy Alliance didn’t have a Facebook group, a public petition, or a community showing up to two government meetings on the same day. Today we do. Here’s what happened, what it produced, and where we go from here.

    How it started

    In mid-May, Deschutes County quietly scheduled a vote on Contract No. 2026-0327 — a five-year, $2,412,669 agreement with Axon Enterprise for body-worn cameras, Tasers, and fleet cameras for the Deschutes County Sheriff’s Office. The contract included the Axon Fleet 3, a camera with integrated license plate reader capability, along with Auto-Tagging and Auto-Transcribe software licenses. The two-page staff report said nothing about whether the ALPR capability would be activated or what policy would govern it.

    We submitted written comment. The Board deferred the item. A second meeting was scheduled for June 3.

    In the two weeks between those dates, the campaign grew beyond one person with a laptop.

    The numbers

    Combined views across Reddit and jonathanwestmoreland.com reached approximately 100,000 over the two-week period — roughly 70 percent from Reddit, 30 percent from the website. A Facebook group dedicated to the campaign reached 71 members in about a week. Someone independently built a website on the topic, unconnected to this organization — a sign the issue had taken on a life of its own.

    None of those numbers include shares from other groups, organic Facebook reach, or the petition signatures. We can’t fully measure what we started.

    June 3 — the county

    Seven people spoke at the Deschutes County BOCC meeting — four in person, three online. Written comment submitted before the meeting addressed six specific asks grounded in Oregon law and the contract itself:

    • Confirmation of whether ALPR capability would be activated
    • A published SB 1516-compliant ALPR policy before deployment
    • Board-level authorization required for ALPR activation
    • A written SB 1587 attestation from Axon
    • Production of the missing Data Processing Agreement
    • A status report on all seven recommendations from the December 2025 Internal Audit

    Of those six asks, four were addressed. The Board adopted a meaningful condition: the Fleet 3’s integrated ALPR capability may not be activated unless DCSO returns to the Board for a separate authorization vote. That condition did not exist before this campaign raised the issue.

    On SB 1587, Axon’s attorneys stated through DCSO that Axon does not meet Oregon’s definition of "data broker" — meaning the law’s attestation requirement, in their view, does not apply. That is Axon’s legal position, not a judicial or agency determination. It will be revisited.

    The audit status report was not addressed.

    The contract passed unanimously.

    One more detail worth noting: the Data Processing Agreement — the governing document for how Axon handles all footage and metadata under the contract — was not in the Board’s original packet. It was transmitted to BOCC staff at 8:07 AM the morning of the vote and handed to attendees as a printed paper document before the meeting began. The Board voted on a $2.4 million contract without having seen that document during their review period. That procedural gap is now on the record.

    June 3 — the city

    Eight people spoke in person at Bend City Council that evening, with two online. Speakers raised surveillance technology oversight broadly, called for policy before deployment, and named a surveillance ordinance as a goal. The Council committed on the record that any stationary ALPR expansion will come before them for a vote and public comment.

    The petition filed under Bend Code 1.30.005(C) requesting Council review of Police Department Policy 428 — the department’s ALPR policy — was submitted the same day and confirmed received by the City Recorder.

    Policy 428 governs ALPR use by Bend PD, which has deployed the Axon Fleet 3 in more than 70 patrol vehicles since July 2023. The petition asks the Council to review whether the policy meets the requirements of SB 1516, which took effect March 31, 2026.

    What the contract review found

    A full review of the contract packet produced findings the staff report never disclosed.

    The Axon Service Level Agreement gives Axon authority to push firmware updates to all devices — body cameras, fleet cameras, Tasers — without DCSO authorization. The same SLA defines "Axon Cloud Services" to include Fusus, Axon’s real-time crime center platform. The staff report mentioned neither.

    The privacy notice attached to the contract designates Axon as the independent Data Controller — not DCSO — for all operational metadata generated under the contract. Oregon’s own State Chief Information Security Officer confirmed in writing that Axon holds the encryption keys to all data stored on its platform, not the agency. At the meeting, DCSO cited Axon’s SOC 2 Type II certification in response. SOC 2 audits whether a vendor’s controls work as the vendor describes them — it does not require end-to-end encryption and does not address who controls access to data under a federal legal process. The CISO’s finding stands unrebutted.

    Primary source documents from this proceeding — the BOCC meeting packet, the December 2025 Internal Audit, and the Oregon State CISO letter — are in the source library at jonathanwestmoreland.com/source-library-bend-surveillance-oversight.

    What comes next

    The city fight is the longer one. Bend PD’s ALPR system has been operating in more than 70 patrol vehicles for nearly three years. The Council’s commitment to a public vote before any stationary ALPR expansion is an important line. Holding it requires the governance framework to be in place before the next technology decision arrives.

    The next steps are: understanding the full inventory of surveillance technology Bend PD currently operates, completing the surveillance ordinance and procurement framework, and bringing both before the Council.

    That work is underway.

    More to come.

  • What Bend Residents Should Know Before Police Surveillance Expands

    What Bend Residents Should Know Before Police Surveillance Expands

    The complete 10-part Bend Surveillance Oversight Series is now available as a standalone page.

    Read the full series index.

  • ALPR Oversight Is a Democracy Issue

    Signals & Safeguards — A standalone civic-oversight post on license plate readers, public consent, federal access, and the safeguards local governments should require before surveillance networks become hard to unwind.

    ALPR oversight is becoming a democracy issue

    The strongest surveillance story this week is not one camera system by itself. It is the fight over who gets to approve, search, share, and shut down a network once it is already in place.

    Automatic license plate readers, often called ALPRs, are usually introduced as practical public-safety tools. Police agencies point to stolen-vehicle recovery, suspect identification, Amber Alerts, and serious investigations. Those uses can be real. But the democratic problem begins when a system that looks like a set of cameras turns into a searchable movement database shared across agencies, jurisdictions, vendors, and sometimes federal systems.

    That is why the key question is no longer simply, “Do these cameras help police?” The better question is: who controls the system once it exists?

    When public consent breaks down

    In Troy, New York, a dispute over Flock license plate readers escalated after residents objected to cameras installed without meaningful public input, the City Council voted to end the program, and the mayor declared a state of emergency to keep the cameras operating. The fight became larger than Flock: it became a dispute over emergency authority, public consent, and whether elected bodies can still control surveillance systems once public-safety claims are used to preserve them.

    That should concern any community considering ALPRs or similar systems. If ordinary approval channels can be bypassed, delayed, or overridden after cameras are installed, then the public debate happens too late. The technology gains institutional momentum before the rules are settled.

    The democracy issue: surveillance systems should not go live first and receive public rules later.

    Once a camera network is installed, agencies, vendors, and outside partners may develop expectations around continued access. That makes it politically and operationally harder for elected officials to narrow, pause, or end the system.

    The pattern is spreading

    The pattern is appearing elsewhere. In Cleveland and nearby communities, residents and advocates are challenging Flock deployments over privacy, immigration-enforcement access, and uncertainty about who can search the system. In Bend, The Source Weekly reported that federal immigration officials made 279 queries into Bend’s Flock Safety data in the first three weeks after the cameras went live, and Bend Police reportedly did not authorize those searches.

    That Bend example matters because it shows how quickly the debate can move from “Should we install cameras?” to “Who searched the data, why, under what authority, and what did they see?” A local system may be approved for local purposes, but the practical risk is that local vehicle-location data becomes useful to agencies far beyond the community that generated it.

    The federal layer changes the stakes

    The federal layer makes the issue sharper. Reporting from 404 Media says the FBI wants to buy nationwide access to license plate reader data. If local and private cameras can become part of a national movement-search network, then approving a few cameras is not only a local equipment decision. It is a decision about whether local vehicle-location data can become searchable far beyond the community that generated it.

    That does not mean every ALPR deployment is the same, or that every agency intends to misuse the system. It means the rules must be written for the system’s real capabilities, not only for its best-case sales pitch.

    Public safety and public oversight are not opposites

    The public-safety case should not be dismissed. ALPRs can help find stolen vehicles, locate suspects, and respond to serious threats. But that is exactly why governance has to come first. A system useful enough to solve crimes is also useful enough to misuse, over-share, or repurpose.

    Good oversight does not require pretending the technology has no value. It requires acknowledging that useful tools can still create serious risks when access is broad, retention is long, audit logs are weak, vendor permissions are unclear, or outside-agency sharing is treated as a default instead of an exception.

    Why it matters for Bend

    Why it matters for Bend: Bend has already seen how quickly the question can move from “Should we install cameras?” to “Who searched the data, why, and what did they see?” Bend and Redmond are also working through automated traffic-enforcement systems, which are not the same as ALPRs but raise overlapping questions about vendors, retention, access, audit logs, public notice, error correction, and repurposing.

    Traffic cameras, retail ALPRs, police ALPRs, and connected-vehicle data are not identical systems. But they all point toward the same local-governance challenge: ordinary movement is becoming easier to capture, store, search, and share. Communities need clear rules before those records become too convenient to give up.

    “The liberty of every man is at the mercy of every petty officer.”— James Otis, arguing against writs of assistance (1761)

    Safeguards local officials should require

    Before approving, renewing, expanding, or continuing an ALPR program, public officials should require written rules that answer the basic governance questions up front:

    • Purpose limits: define exactly what the system may and may not be used for.
    • Access limits: identify who can search the system and whether outside agencies can access it.
    • Federal-access rules: state whether federal or immigration-enforcement searches are allowed, blocked, or require a specific legal process.
    • Short retention: automatically delete plate data quickly unless it is tied to a documented investigation.
    • Search documentation: require a case number, purpose, user identity, and timestamp for every search.
    • Exportable audit logs: make logs available for independent review, public reporting, and investigation of misuse.
    • Vendor restrictions: define vendor access, support access, data use, training use, subcontractors, and breach obligations.
    • Public reporting: publish regular transparency reports showing searches, outside-agency access, hits, false positives, retention, and policy violations.
    • Democratic review: require council approval before expansion, new integrations, new sharing relationships, or emergency continuation.

    Bottom line: ALPR oversight is becoming a democracy issue because the most important decision is not only whether cameras exist. It is whether the public, through elected officials and enforceable rules, still controls how movement data is searched, shared, retained, audited, and shut down.

  • Police-Tech Vendors Are Becoming Public-Safety Platforms

    Why platform contracts require ongoing oversight

    Body cameras, TASERs, evidence storage, drones, AI tools, analytics, and report-writing software are increasingly being bundled into long-term public-safety platforms. That changes what local oversight has to look like.

    Core issue: Public agencies are no longer just buying individual police tools. They are often entering long-term platform relationships where today’s contract can shape tomorrow’s data access, AI features, evidence workflows, analytics, storage, integrations, and switching costs.

    Axon is no longer just a TASER and body-camera vendor. Its own Q1 2026 financials show a public-safety platform business built around hardware, software, cloud evidence storage, AI tools, analytics, subscriptions, drones, real-time operations, and long-term agency relationships. Axon reported Q1 2026 revenue of $807 million, up 34% year over year.

    That platform model is showing up in public contracts. Baltimore approved a $153 million Axon agreement for body-worn cameras, TASERs, and other public-safety tools, while some city leaders questioned whether the agreement was the best deal for taxpayers. Savannah approved a 10-year, $27 million Axon agreement. Connecticut State Police rolled out upgraded TASERs, body-worn cameras, AI translation capabilities, VR training, drones, and evidence-management tools as part of a broader modernization package.

    Those examples matter because they show how police technology is becoming a bundle: hardware, cloud storage, evidence systems, report workflows, analytics, AI features, training tools, subscriptions, and future upgrades. The public may hear “body cameras” or “TASERs,” but the contract can also shape data access, retention, search tools, audit logs, and the agency’s ability to leave later.

    Investors have noticed the same shift. Business Insider reported that an Axon pitch at the Sohn conference emphasized AI tools such as automated police-report drafting from body-camera footage. That is a market signal: public-safety data, AI workflows, and subscription platforms are becoming part of the growth story.

    Why the platform model changes oversight

    When a city buys a single device, oversight can focus on that device: what it does, who uses it, and how it is maintained. But a platform is different. A platform can expand over time. New features can be added. Workflows can change. Data can be connected across systems. A contract that starts as a body-camera or TASER purchase can become a broader operational environment for evidence management, report writing, analytics, training, records, drones, and real-time response.

    That does not make every feature harmful. Some tools may improve officer safety, evidence handling, language access, disclosure, or administrative efficiency. But the public needs to understand the tradeoff: each added feature can create new questions about data collection, access permissions, audit logs, retention, vendor access, system dependencies, and whether elected officials will be asked to approve meaningful changes before they happen.

    The safeguard question is not simply “Should the agency buy the tool?” It is also: what future capabilities does this platform make possible, who can enable them, and what public process is required before they are used?

    What local officials should ask before approving or renewing a police-tech platform

    • Feature scope: Which tools are included now, which are disabled, and which can be enabled later without a new public vote?
    • AI and analytics: Are report-writing, transcription, translation, facial recognition, object recognition, predictive analytics, or other AI-assisted tools included or available as add-ons?
    • Data storage: What data enters the vendor’s cloud systems, where is it stored, and how long is it retained?
    • Access controls: Who has administrator access, who can search records, and can access be limited by role, case type, unit, or investigation status?
    • Audit logs: Are searches, views, exports, deletions, administrator changes, and vendor-support access logged in a way the agency can export and review?
    • Vendor access: Can vendor employees access agency data for support, product development, testing, demos, analytics, or AI model improvement?
    • Data sharing: Can outside agencies, task forces, prosecutors, federal agencies, or private partners access the platform or receive exports?
    • Exit rights: If the city leaves the platform, can it export complete evidence records, metadata, audit logs, retention schedules, and chain-of-custody information in a usable format?

    Why it matters for Bend

    Axon-style contracts should be reviewed as evolving governance systems, not static equipment purchases. Council and staff should know which features are enabled, who has administrator access, what data moves into vendor cloud systems, and whether new AI or analytics tools can be added without a fresh public discussion.

    That review should not stop at the purchase vote. A police-tech platform can change through software releases, configuration changes, integrations, add-on modules, and new agency workflows. For major public-safety platforms, the better oversight model is continuing review: regular reporting on enabled features, access settings, audit-log exports, retention changes, vendor access, and any new AI or analytics tools.

    Practical safeguard: Require a quarterly platform change log for major police-tech systems. The log should identify major software releases, enabled or deferred features, AI or analytics tools, search changes, evidence-workflow changes, access-control changes, administrator roles, vendor access, audit-log export capability, retention changes, and new sharing relationships.

    Bottom line

    For public officials, procurement is no longer simply “buying a tool.” It can mean entering a long-term platform relationship where today’s contract shapes tomorrow’s data access, integrations, AI features, analytics, storage, and switching costs. That does not mean cities should reject every new public-safety technology. It means the public rules need to be as durable and adaptable as the technology itself.

    Police technology should be judged not only by what it promises on day one, but by what it allows on day 500: who can search, who can share, who can change the settings, who can audit the system, and who can prove whether the public’s limits were actually followed.

    “No man is allowed to be a judge in his own cause, because his interest would certainly bias his judgment, and, not improbably, corrupt his integrity.”— James Madison, Federalist No. 10 (1787)

  • What Happens Next: Stopping the Boxminer Data Center Deal

    Advocate Road Map · La Pine, Oregon · Issued May 14, 2026

    The process that must occur before any sale is final, the community’s intervention points, and actions to take this week.

    ⚠ Important: The May 13, 2026 public comments were not a legal public hearing. Oregon law requires a formal public hearing before this sale can close.

    Nearly three hours of public opposition were delivered at the May 13, 2026 La Pine City Council meeting. That is significant — but the fight is far from over, and the community has more legal leverage than it may realize.

    Oregon law mandates a formal public hearing before any city-owned land can be sold. That has not happened yet. Every step below must occur before Boxminer can legally take ownership of this property. Each one is an intervention point.

    The Foundational Law: ORS 221.725

    Oregon law is unambiguous: before a city council can sell city-owned real property, it must publish advance notice of the proposed sale in a newspaper of general circulation and hold a formal public hearing prior to the sale.

    At that hearing, the full nature and terms of the sale — including an independent appraisal or other evidence of market value — must be fully disclosed. Any city resident has the right to submit written or oral testimony.

    The May 13 public comment period does not satisfy this requirement. The March 25 vote to begin the purchase-and-sale process does not satisfy this requirement.

    The ORS 221.725 public hearing has not been held. The sale cannot legally close until it is.

    Part One: The Process Map — What Must Happen Before the Sale Can Close

    1. ORS 221.725 Public Hearing — Legally Required, Has Not Occurred

    Legal basis: Oregon Revised Statutes § 221.725 · City of La Pine

    Primary intervention point · Legally mandatory

    The city must publish a formal notice of the proposed sale in the Bend Bulletin, the newspaper of general circulation for La Pine. The notice must state the time and place of the hearing, a full description of the property, the proposed uses, and the reasons for the sale.

    Not earlier than five days after that publication, the council must hold the public hearing. At the hearing, the full sale terms — including an independent appraisal or other evidence of market value — must be publicly disclosed. Any city resident must be given the opportunity to submit written or oral testimony.

    What advocates can do: Demand in writing that the city confirm it will comply with ORS 221.725 and provide the date of the required publication. This is not a request — it is a statement that the community knows its rights.

    2. Full Contract Disclosure at Public Hearing

    Legal basis: Oregon Revised Statutes § 221.725 · Appraisal requirement

    Intervention point · Legally mandatory

    At the ORS 221.725 hearing, the city is legally required to fully disclose the nature and terms of the proposed sale, including an independent appraisal or equivalent evidence of market value. This means the full purchase and sale agreement — including any growth or expansion provisions — must be on the public record before the council votes.

    What advocates can do: File a Public Records Request now, before the hearing, for the full PSA text, all communications between city staff or council members and Boxminer, any appraisal commissioned, and any MidState Electric correspondence. The city has five business days to respond or provide a timeline under ORS 192.311.

    3. City Council Vote to Approve the Purchase and Sale Agreement

    Public body: La Pine City Council · Public agenda item

    Intervention point

    This is a separate vote from the March 25 vote to begin the process. The council must vote to formally approve the finalized PSA. This vote must appear on a public agenda with advance notice, giving advocates another opportunity to submit written testimony and speak during public comment.

    What advocates can do: Monitor the city’s meetings page at lapineoregon.gov/meetings for agenda postings. The next regular meeting is May 27, 2026. Any PSA approval vote must be listed as a new business item with supporting documents in the packet. If it appears without prior public notice of the ORS 221.725 hearing, challenge it immediately in writing.

    4. Deschutes County Deed Transfer — County Publication Required

    Legal basis: Oregon Revised Statutes § 275.120 · Deschutes County Board of Commissioners

    County action required · Intervention point

    The land is currently owned by Deschutes County. Before the county can transfer title, Oregon law requires the county sheriff to publish a notice of the sale in a local newspaper of general circulation once per week for four consecutive weeks prior to the sale. This is a parallel, independent publication requirement that creates another four-week public notice window.

    What advocates can do: Contact the Deschutes County Board of Commissioners now and put them on record. As the current titleholder, the county is a party to this transaction. Submit written testimony to the BOCC and request that the county independently verify the city has completed its ORS 221.725 obligations before proceeding.

    5. Formal Land Use Application and Site Plan Review — Planning Commission

    Legal basis: La Pine Development Code · City Planning Commission · ORS 227.178

    Second major intervention point

    Even after the land sells, Boxminer cannot break ground without submitting a formal land use application for site plan review. This triggers La Pine’s Planning Commission process, which has its own public notice, comment period, and hearing requirements completely independent of the land sale process.

    This is where the zoning question must be formally resolved in writing by city staff: La Pine Development Code Sec. 15.24.300 states that in the Light Industrial zone, “Energy and power generation uses are prohibited.” City staff must publish a written legal determination explaining how a 20MW Bitcoin mining facility is classified under that code before any permit can issue.

    What advocates can do: Central Oregon LandWatch can formally intervene in the land use process when the application is filed and can refer legal counsel to challenge the zoning classification if needed. File a written request with city Community Development now asking staff to confirm in writing the zoning classification that would apply to this use before an application is filed.

    6. Building Permits Issued — Final Gate

    Public bodies: La Pine Building Services · Deschutes County Community Development

    Final gate

    Building permits cannot be issued until after land use approval. Each permit is a public record. If the zoning determination or site plan review is contested, a Land Use Board of Appeals appeal can be filed, which can put a hold on permit issuance while the appeal is heard.

    The Oregon Department of Land Conservation and Development also has oversight authority over local land use decisions that conflict with acknowledged comprehensive plans.

    Part Two: What Advocates Should Do This Week

    🔥 Send a Written ORS 221.725 Demand Letter to City Hall

    Timing: Do within 48 hours.

    Write to City Manager Geoff Wullschlager and the City Recorder demanding:

    • Written confirmation that the city will comply with ORS 221.725 before finalizing any sale.
    • The anticipated date of the required newspaper publication.
    • Confirmation that the ORS 221.725 public hearing will be separately noticed and held before any PSA vote.

    Send by email and certified mail. Keep a copy. This letter creates a paper trail that the city received formal notice of its obligations.

    City Manager: Geoff Wullschlager
    Email: info@lapineoregon.gov
    Phone: (541) 536-1432
    Address: 16345 Sixth Street, La Pine, OR 97739

    🔥 File a Public Records Request for the Full Contract and All Communications

    Timing: Do within 48 hours.

    Under ORS 192.311, the city has five business days to provide the records or give a timeline. Request:

    • The full text of any purchase and sale agreement, letter of intent, or MOU with Boxminer Co. or any related entity.
    • All written communications between city staff or council members and Boxminer Co., Frontier Mining, or Jeff Keller from January 2025 to present.
    • Any appraisal of the subject property.
    • Any MidState Electric correspondence regarding power supply.
    • Any legal opinion on the Light Industrial zoning classification of this use.

    File online: La Pine Public Records Request Form

    🔥 Call Central Oregon LandWatch

    Timing: Do within 48 hours.

    Rory Isbell at Central Oregon LandWatch was previously unaware of this proposal. He now is, but he needs to hear that nearly three hours of public opposition materialized at the May 13 council meeting and that the ORS 221.725 hearing has not been scheduled.

    Share this key fact from the March 11 minutes: Jeff Keller told the council he had been working with MidState Electric and SLED Director Patricia Lucas since 2022 — three years of negotiations before the public heard a word. That timeline is material to any legal challenge about adequate public process.

    LandWatch can provide or refer an attorney to formally intervene at both the public hearing and the Planning Commission site plan review stage.

    Contact: Rory Isbell, Staff Attorney and Rural Lands Program Director
    Email: rory@colw.org
    Phone: (541) 647-2930 x804

    📋 Document the May 13 Comments While They Are Fresh

    Timing: Do within 72 hours.

    The nearly three hours of public comments are part of the official record, but advocates should independently document them. Track the names and addresses of speakers, the specific concerns raised, and any commitments or statements made by council members or city staff in response.

    This record will be essential at the ORS 221.725 formal hearing and any future LUBA appeal. If anyone recorded the meeting, secure those recordings now. The city should also produce audio or video if it exists; request it via public records if needed.

    📋 Write to the Deschutes County Board of Commissioners

    Timing: Do this week.

    The county is the current landowner and must execute the deed transfer. The city itself has publicly confirmed that Deschutes County must sign off on the final land sale and that a county building review is also required before construction.

    This means the BOCC has real authority here — not just a rubber stamp role. Write to the BOCC formally:

    • Notify them that significant organized community opposition exists.
    • Request that the county independently confirm the city has completed its ORS 221.725 obligations before proceeding with any transfer.
    • Ask the BOCC to place the matter on a public agenda for discussion.

    Deschutes County Board of Commissioners:
    deschutes.org
    1300 NW Wall Street, Bend, OR 97703

    🔥 Request a Speaking Slot at the May 29 Oregon Data Center Advisory Committee Meeting</h3

  • Surveillance • Privacy • Local Oversight

    Bend’s Flock Data Shows Why Surveillance Oversight Must Be Built Into the System

    Recent reporting about Bend’s Flock Safety cameras and Oregon’s sanctuary-law lawsuit point to the same lesson: privacy rules only work when the databases enforce them.

    The most important surveillance story in Bend this week is not hypothetical. According to The Source Weekly, federal immigration officials made 279 queries into Bend’s Flock Safety data in the first three weeks after the cameras went live. Bend Police reportedly did not authorize those searches, and it remained unclear what, if any, data may have been retrieved.

    That should concern anyone who cares about local control, public accountability, or civil liberties.

    The issue is not simply whether a particular search was improper. The larger problem is governance. When a surveillance system is installed for one stated purpose, it can quickly become useful to other agencies, vendors, or outside users who were not central to the original public debate.

    If city officials cannot later answer basic questions — who searched the system, why they searched it, what they saw, whether the search was tied to a case number or documented purpose, and whether any result was shared — then the public is being asked to trust a system that cannot be independently verified.

    That is not meaningful oversight. That is a blind spot.

    Audit logs are not a technical detail. They are the oversight system.

    Surveillance oversight often gets discussed as if it is mainly a policy question: Should the city approve the tool? What is the stated purpose? What does the vendor promise? What does the agency say it intends to do?

    Those questions matter, but they are not enough.

    Once a system is live, the real questions become operational:

    • Who can access the system?
    • Can outside agencies search it?
    • Can federal agencies search it?
    • Can vendors access camera feeds, search tools, dashboards, support logs, or stored data?
    • Does every search leave a usable record?
    • Can elected officials or independent reviewers verify how the system was used?
    • Are searches tied to a case number, warrant, emergency, or documented purpose?
    • Are improper searches detectable?

    Without those controls, the public has no practical way to know whether the system is being used as promised.

    This does not require assuming bad faith by local officials. In fact, it shows why good-faith intentions are not enough. A system can be approved by people with narrow intentions and later become available to people with very different priorities. That is why access controls, audit logs, outside-agency limits, vendor-access limits, and public reporting must exist before a system goes live.

    “You must first enable the government to control the governed; and in the next place oblige it to control itself.”
    — James Madison, The Federalist No. 51 (1788)

    Oregon’s sanctuary-law lawsuit is also about database access

    The Bend Flock story now sits inside a larger Oregon data-sharing dispute.

    OPB reported that a lawsuit filed in Multnomah County Circuit Court alleges Oregon State Police allowed federal immigration authorities to access Oregonians’ data through shared law-enforcement databases for years, despite Oregon’s sanctuary laws. Oregon State Police denies wrongdoing.

    The Source Weekly also reported that the complaint alleges federal immigration authorities queried state-run data about Oregonians 1.4 million times between February 2025 and February 2026, an average of 3,835 queries each day.

    The practical lesson is straightforward: a sanctuary policy is only as strong as the database permissions behind it.

    If an agency is legally barred from using data for immigration enforcement, the system should not rely on informal restraint. It should include technical controls that prevent improper access, audit logs that expose improper use, and consequences when policy and practice diverge.

    A privacy rule that lives only on paper is fragile. A privacy rule built into permissions, logging, retention limits, and reporting is much harder to ignore.

    Why this matters for Bend

    Bend residents’ information may pass through city, county, state, vendor, and law-enforcement systems. That information can include license plate scans, police records, driver information, public records, utility records, permits, emergency-service data, and other civic information collected for ordinary public purposes.

    The danger is that data collected for one purpose can become useful for another.

    A license plate reader approved for local public-safety purposes can become searchable by outside agencies. A state database can become an immigration-enforcement tool. A vendor platform can create access points that city officials did not fully understand when the contract was approved. A policy promise can fail if the technology underneath it does not actually enforce the rule.

    That is why surveillance oversight cannot stop at approval. Local officials need to know who can search local systems, what outside agencies can access, what vendors can see, how long data is retained, and whether every search leaves a record that can be reviewed.

    The safeguard standard should be simple

    Before Bend approves, renews, or expands any surveillance or sensitive data system, the city should be able to answer:

    • Who can access the data?
    • Who can search the system?
    • Can outside agencies access it?
    • Can federal agencies access it?
    • Can vendors access it?
    • Is every search logged?
    • Are searches tied to a documented purpose?
    • How long is data retained?
    • Can improper access be detected?
    • Can elected officials and the public receive meaningful reports about system use?

    If those questions cannot be answered clearly, the system is not ready.

    This is not about being anti-technology. It is about making sure public technology remains accountable to the public. Tools that collect sensitive information should not depend on trust alone. They should be designed so that misuse is difficult, detectable, and provable.

    Bottom line

    The Bend Flock story and the Oregon sanctuary-law lawsuit point to the same conclusion: access is the story.

    Who can search the data? Who can receive it? Who can share it? Who can buy it? Who can combine it with other systems? Who can turn an ordinary resident’s movement, record, or routine interaction with government into an investigative lead?

    Privacy safeguards fail when access is undefined, unlogged, or routed through systems the public cannot see.

    The best safeguards are practical and boring by design: collect less data, connect fewer systems, limit outside access, require documented purposes, log every search, review the logs, shorten retention, make vendor access visible, and make misuse provable.

    Surveillance oversight works best when restraint is built into the system before the data becomes too useful to give up.

    Related reading:

  • Is Your Phone Broadcasting More Than You Realize?

    A recent article from De Jure Media caught my attention because it speaks to a broader concern many privacy advocates already share: our phones and other connected devices may be participating in systems of tracking and data collection that most people neither understand nor meaningfully consent to.

    The article, Your Phone Is Watching You Right Now — Here’s How to Prove It, makes serious claims about smartphone-based surveillance, hidden Bluetooth activity, and the possibility that ordinary people can observe part of this phenomenon for themselves using a BLE scanner app. Whether every conclusion in the piece ultimately holds up or not, it raises important questions about transparency, consent, and how much invisible infrastructure now surrounds daily life.

    What the article argues

    De Jure Media presents the story as an investigation that began with a whistleblower and expanded into a broader examination of unusual Bluetooth Low Energy activity. The article argues that readers may be able to detect suspicious nearby devices by scanning their surroundings and looking for long alphanumeric names, unknown manufacturers, and persistent signals that are difficult to identify physically.

    The piece also connects those observations to larger concerns about pandemic-era exposure notification systems, location tracking, overlapping corporate and government surveillance capabilities, and the long-term risk of normalizing infrastructure that can monitor movement and association at scale.

    Why this matters even beyond one article

    Even setting aside the article’s most dramatic conclusions, the underlying privacy concern is real. Modern phones constantly interact with wireless systems, identifiers, sensors, apps, platforms, and data ecosystems that are largely invisible to the public. That creates opportunities for passive tracking, behavioral profiling, and surveillance far beyond what most people realize.

    For me, the value of this article is not just in its strongest claims. It is that it encourages readers to look more closely at the everyday technology around them and ask better questions. What is being broadcast? What is being collected? Who has access to that information? How long is it retained? And what meaningful consent, if any, did users ever provide?

    A note of caution

    Articles like this are worth reading carefully, but also critically. Extraordinary claims deserve verification. It is possible to take the broader privacy issues seriously without treating every inference as proven fact. That is often the right balance in surveillance reporting: remain open to evidence, but do not let uncertainty become an excuse to ignore genuine risks.

    What readers can do

    • Review your phone’s Bluetooth, location, and app permission settings.
    • Learn what Bluetooth Low Energy scanning tools actually show and what their limits are.
    • Be cautious about drawing conclusions from a single scan or unfamiliar device name.
    • Use reporting like this as a prompt to ask for stronger transparency, consent, and privacy safeguards.
    • Read the original article and evaluate the claims for yourself.

    Read the original

    You can read the original De Jure Media article here:

    Your Phone Is Watching You Right Now — Here’s How to Prove It

    Whether you agree with all of its conclusions or not, it is the kind of piece that pushes an important public conversation forward: how much invisible surveillance infrastructure has already been built into the technology we carry every day, and what it would take to bring that infrastructure into the light.

  • Welcome to the blog

    This blog will be used to share updates, commentary, and analysis on current developments in privacy, security, surveillance, cybersecurity, civil liberties, and related public-interest technology issues.

    Some posts will respond to news or policy developments. Others will highlight longer-term trends, practical concerns, and the safeguards that public institutions should keep in view when adopting new technologies or expanding data collection.

    Over time, this space will complement the Signals & Safeguards newsletter by providing a place for shorter updates, reflections, and posts on topics that deserve closer attention.

    Thanks for visiting.