Part 7 of the Bend Surveillance Oversight series.
In the last post, I wrote about why ALPR scans are location records.
A license plate reader does not just capture a plate number.
It creates a record that a specific vehicle was seen at a specific place at a specific time.
But there is a second question that matters just as much:
Once a city collects surveillance data, does that data stay local?
That question applies to ALPRs, body cameras, fleet cameras, drone video, real-time information platforms, traffic cameras, evidence systems, and other police technology.
The concern is not only what Bend collects.
The concern is who else can access it.
Local data can become outside-agency data
A resident may feel differently about local police using a tool for a specific local purpose than they do about that same data becoming available to state agencies, federal agencies, out-of-state agencies, fusion centers, private vendors, or other third parties.
Public consent for one local use should not be treated as consent for every future use.
That is why data-sharing rules should be explicit before technology expands.
Local data should not become outside-agency data by default.
The policy should be explicit
Data-sharing rules should not be vague.
A policy that says information may be shared “for law enforcement purposes” may sound reasonable, but it can be extremely broad.
A stronger policy should say exactly:
- who may access the data,
- for what purpose,
- under what legal authority,
- with whose approval,
- with what documentation,
- for how long,
- whether access is logged,
- whether the public will receive aggregate reporting, and
- whether the request can be denied.
If the policy does not clearly prohibit broad sharing, residents cannot know where local surveillance data may eventually go.
That uncertainty is the problem.
Federal access requires special caution
Federal access deserves special attention because federal priorities can change quickly.
Local residents may support local public safety uses while objecting to unrelated federal uses, especially if those uses involve immigration enforcement, political activity, protests, reproductive health travel, religious activity, or other sensitive areas.
A strong policy would say:
Bend surveillance data may not be shared with federal agencies unless there is case-specific legal process, written City authorization, a documented local purpose, and an auditable record.
That rule would not prevent lawful cooperation in a serious case.
It would prevent broad, informal, or routine access.
Vendor access is also third-party access
Third-party sharing is not only about government agencies.
Vendors are third parties too.
If a private company hosts police data, maintains the software, provides analytics, troubleshoots systems, stores video, processes license plate reads, or manages user access, that company may have some level of technical access to the system.
That access should be limited, logged, and auditable.
Vendor access should never be a black box.
Contracts should clearly define when a vendor can access data, what the vendor can do with it, whether subcontractors are involved, whether data can be used for product development or AI training, and how the City verifies compliance.
Outside sharing can create long-term consequences
Once data leaves a local system, it may be harder to control.
It may be copied, retained, searched again, combined with other databases, or used for purposes residents never debated locally.
That is why sharing limits need to be set before sharing occurs.
The point is not to block legitimate, case-specific cooperation.
The point is to prevent broad access, informal access, bulk sharing, or secondary uses that bypass local democratic oversight.
What a stronger local rule could require
A stronger Bend policy would require:
- case-specific legal process for outside-agency access,
- written City authorization before sharing,
- a documented purpose for every request,
- a case number or incident number when applicable,
- logs showing what was shared and with whom,
- limits on vendor access and subcontractor access,
- prohibitions on bulk or informal sharing,
- clear retention limits after data is shared, and
- annual public reporting in aggregate form.
These safeguards would not prevent legitimate public safety work.
They would make sure powerful data-sharing systems answer to public rules.
The basic principle
Local surveillance data should not become outside-agency data by default.
If Bend collects police technology data, the City should clearly define who can access it, when it can be shared, how sharing is approved, how access is logged, and how the public can verify that the rules are being followed.
The solution is not complicated:
No broad sharing. No informal access. No vendor black boxes. No federal access without case-specific process. Public reporting every year.
That is how local control becomes real.
Further reading
- ACLU: Community Control Over Police Surveillance
- ACLU: Community Control Over Police Surveillance Model Bill
- EFF: Street-Level Surveillance
- Bend Surveillance Oversight Source Library