Part 4 of the Bend Surveillance Oversight series.
When people talk about police cameras, the conversation often focuses on the camera itself.
But the camera is only the beginning.
The more important question is what happens after data is collected.
- Where does the video go?
- Who stores it?
- How long is it kept?
- Who can search it?
- Can it be shared?
- Can vendors access it?
- Can outside agencies access it?
- Are searches logged?
- Can the data be used later for a different purpose?
These are the questions that turn a camera discussion into a public oversight discussion.
Collection is only step one
A body camera, vehicle camera, drone, traffic camera, or license plate reader may collect video, audio, images, license plate data, metadata, location information, timestamps, or other records.
But collection is only the first step.
After that, data may be uploaded to cloud storage, attached to case files, searched by officers, shared with prosecutors, retained for years, reviewed by supervisors, exported for court, or combined with other systems.
A technology policy that says “we use cameras” is not enough.
The real policy should explain what data is collected, where it is stored, how long it is retained, who can access it, when it can be searched, whether searches require a case number, whether searches are audited, whether vendors can access it, whether outside agencies can access it, whether data can be used for AI training or analytics, and whether new uses require public approval.
Cloud storage changes the oversight question
Many modern police technology systems rely on cloud storage and vendor-managed software.
That can be useful.
Cloud systems can make evidence easier to organize, share, redact, and preserve.
But cloud storage also changes the oversight question.
If public safety data is stored in a vendor-controlled system, residents should know what contractual rules apply.
They should know whether the City owns the data, whether the vendor can access it, whether subcontractors are involved, whether data is encrypted, and whether the City can independently verify how the system is configured.
This is why public policy should not rely only on verbal assurances.
The City should publish the actual rules.
Retention matters
Retention is one of the most important privacy questions.
A camera that records something and deletes it quickly is very different from a system that keeps searchable records for months or years.
The longer data is kept, the more it can be searched later, shared later, misused later, breached later, or repurposed later.
For Bend, a reasonable policy would be:
Delete non-evidence data by default after a short period unless it is flagged for a specific, documented case.
For ALPR data, I would support a default deletion period as short as 72 hours unless the scan is tied to a legitimate case, hit, warrant, stolen vehicle, or documented investigation.
Search logs should be mandatory
If a police technology system can be searched, the search should leave a record.
That record should show who searched, when they searched, what they searched, why they searched, the case number or incident number, whether the search produced a result, and whether the result was shared.
Without search logs, the public has to trust that the system is only being used properly.
With search logs, the City can verify whether the system is being used properly.
This protects the public.
It also protects officers who are using the system appropriately.
Sharing rules should be explicit
Data-sharing rules should not be vague.
A policy that says data may be shared “for law enforcement purposes” may sound reasonable, but it can be very broad.
A stronger policy would say that surveillance data may not be shared with federal agencies, out-of-state agencies, private companies, or other third parties unless there is a specific legal basis, a documented case number, written authorization, and an auditable record.
The point is not to prevent legitimate case-specific cooperation.
The point is to prevent broad, informal, or automatic access to local surveillance data without clear public rules.
Vendor access should not be a black box
Vendor access is also a form of third-party access.
If a private company hosts police data, manages software, provides analytics, troubleshoots systems, stores video, or controls user permissions, the public should know what limits apply.
Vendor access should be limited, logged, and auditable.
Contracts should make clear that vendors cannot use local public safety data for unrelated purposes, product development, AI training, or secondary analysis without explicit public approval.
Public reports build trust
The City should publish annual transparency reports for police surveillance systems.
Those reports should include:
- what systems were used,
- how many searches were conducted,
- how many times data was shared,
- how many outside-agency requests were received,
- how many requests were approved or denied,
- how many audits were conducted,
- whether any misuse was found,
- whether any new features were activated, and
- whether any policies changed.
These reports do not need to expose sensitive case details.
They should provide enough aggregate information for residents and elected officials to understand whether the rules are working.
The basic principle
The goal is not to prevent every use of technology.
The goal is to make sure powerful tools answer to public rules.
A camera policy should not stop at collection.
It should follow the data.
Where it goes, how long it stays, who can search it, who can share it, and how the public can verify the rules are being followed.
Further reading
- EFF: Street-Level Surveillance
- ACLU: Community Control Over Police Surveillance
- ACLU: Community Control Over Police Surveillance Model Bill
- Bend Surveillance Oversight Source Library