Tag: surveillance

  • ALPRs: License Plate Scans Are Location Records

    ALPRs: License Plate Scans Are Location Records

    Part 6 of the Bend Surveillance Oversight series.

    An automated license plate reader does not just capture a plate number.

    It creates a time-and-place record.

    And when many scans are collected over time, those records can reveal patterns about where a vehicle has been, when it was there, and how often it appeared in certain places.

    That is why ALPR data should be treated as location data.

    It is not “just a plate.”

    It is a record of movement.

    What an ALPR scan actually records

    An ALPR system typically captures:

    • the license plate number,
    • the date and time of the scan,
    • the location of the camera,
    • an image of the plate or vehicle, and sometimes
    • additional metadata about the scan.

    One scan by itself may not say much.

    But multiple scans over time can create a much richer picture.

    If a vehicle is scanned near a home, workplace, school, clinic, place of worship, political event, protest, or support meeting, the scans may reveal sensitive patterns about a person’s life.

    That is why ALPR data deserves careful limits.

    Patterns matter more than single scans

    The privacy issue is not only the plate number.

    The privacy issue is the pattern.

    A series of scans can show where a vehicle travels, how often it visits certain places, what route it takes, when it leaves, when it returns, and whether those movements change over time.

    That is a form of location tracking.

    Even if each individual scan appears routine, the system as a whole can become highly revealing.

    That is why retention periods, search rules, and sharing rules matter so much.

    This post does not claim Bend currently uses fixed ALPR technology

    This post does not claim that Bend currently uses fixed automated license plate reader technology.

    The point is broader: if Bend adopts fixed ALPRs in the future, or if related systems create similar location records, the City should have clear rules in place before deployment.

    Oversight should come first, not later.

    Short retention should be the default

    If ALPR data is retained for long periods, it becomes easier to reconstruct a person’s travel history.

    The longer the data is kept, the more it can be searched, shared, or misused later.

    A reasonable rule would be:

    Delete ALPR scans quickly unless they are tied to a legitimate, documented case.

    I would support a default retention period as short as 72 hours unless the scan is associated with a specific investigative need such as a stolen vehicle, warrant hit, active case, or clearly documented law enforcement purpose.

    That kind of rule allows legitimate use while reducing unnecessary long-term accumulation.

    Every search should be logged

    If ALPR data can be searched, every search should leave a record.

    That record should show:

    • who conducted the search,
    • when it was conducted,
    • what plate or data was searched,
    • the case number or incident number,
    • the reason for the search, and
    • whether the results were shared.

    Without logs, the public has to trust that the system is being used properly.

    With logs, the City can verify that the rules are being followed.

    Sharing should be limited and documented

    ALPR data should not flow freely to outside agencies, vendors, private companies, or federal systems without clear public rules.

    A strong policy would require:

    • a specific legal basis for sharing,
    • a documented case-related purpose,
    • written authorization,
    • an auditable record of what was shared and with whom, and
    • clear limits on bulk or informal access.

    The issue is not whether legitimate case-specific sharing can occur.

    The issue is whether local location data becomes broadly accessible by default.

    Public reports build trust

    If Bend ever uses ALPRs, the City should publish annual public reports showing:

    • how many cameras or systems were used,
    • how many scans were collected,
    • how long data was retained,
    • how many searches were conducted,
    • how many shares occurred,
    • how many outside-agency requests were received,
    • how many requests were granted or denied, and
    • whether any misuse or policy violations were found.

    These reports do not need to expose sensitive investigative details.

    They should provide enough information for residents and elected officials to understand how the system is working.

    The basic principle

    An ALPR scan is not just a plate number.

    It is a location record.

    And location records deserve strong safeguards.

    Short retention. Logged searches. Clear sharing limits. Public oversight.

    Those are not extreme demands.

    They are basic rules for a powerful system.

    Further reading

    Series links

  • What Happens to the Data?

    What Happens to the Data?

    Part 4 of the Bend Surveillance Oversight series.

    When people talk about police cameras, the conversation often focuses on the camera itself.

    But the camera is only the beginning.

    The more important question is what happens after data is collected.

    • Where does the video go?
    • Who stores it?
    • How long is it kept?
    • Who can search it?
    • Can it be shared?
    • Can vendors access it?
    • Can outside agencies access it?
    • Are searches logged?
    • Can the data be used later for a different purpose?

    These are the questions that turn a camera discussion into a public oversight discussion.

    Collection is only step one

    A body camera, vehicle camera, drone, traffic camera, or license plate reader may collect video, audio, images, license plate data, metadata, location information, timestamps, or other records.

    But collection is only the first step.

    After that, data may be uploaded to cloud storage, attached to case files, searched by officers, shared with prosecutors, retained for years, reviewed by supervisors, exported for court, or combined with other systems.

    A technology policy that says “we use cameras” is not enough.

    The real policy should explain what data is collected, where it is stored, how long it is retained, who can access it, when it can be searched, whether searches require a case number, whether searches are audited, whether vendors can access it, whether outside agencies can access it, whether data can be used for AI training or analytics, and whether new uses require public approval.

    Cloud storage changes the oversight question

    Many modern police technology systems rely on cloud storage and vendor-managed software.

    That can be useful.

    Cloud systems can make evidence easier to organize, share, redact, and preserve.

    But cloud storage also changes the oversight question.

    If public safety data is stored in a vendor-controlled system, residents should know what contractual rules apply.

    They should know whether the City owns the data, whether the vendor can access it, whether subcontractors are involved, whether data is encrypted, and whether the City can independently verify how the system is configured.

    This is why public policy should not rely only on verbal assurances.

    The City should publish the actual rules.

    Retention matters

    Retention is one of the most important privacy questions.

    A camera that records something and deletes it quickly is very different from a system that keeps searchable records for months or years.

    The longer data is kept, the more it can be searched later, shared later, misused later, breached later, or repurposed later.

    For Bend, a reasonable policy would be:

    Delete non-evidence data by default after a short period unless it is flagged for a specific, documented case.

    For ALPR data, I would support a default deletion period as short as 72 hours unless the scan is tied to a legitimate case, hit, warrant, stolen vehicle, or documented investigation.

    Search logs should be mandatory

    If a police technology system can be searched, the search should leave a record.

    That record should show who searched, when they searched, what they searched, why they searched, the case number or incident number, whether the search produced a result, and whether the result was shared.

    Without search logs, the public has to trust that the system is only being used properly.

    With search logs, the City can verify whether the system is being used properly.

    This protects the public.

    It also protects officers who are using the system appropriately.

    Sharing rules should be explicit

    Data-sharing rules should not be vague.

    A policy that says data may be shared “for law enforcement purposes” may sound reasonable, but it can be very broad.

    A stronger policy would say that surveillance data may not be shared with federal agencies, out-of-state agencies, private companies, or other third parties unless there is a specific legal basis, a documented case number, written authorization, and an auditable record.

    The point is not to prevent legitimate case-specific cooperation.

    The point is to prevent broad, informal, or automatic access to local surveillance data without clear public rules.

    Vendor access should not be a black box

    Vendor access is also a form of third-party access.

    If a private company hosts police data, manages software, provides analytics, troubleshoots systems, stores video, or controls user permissions, the public should know what limits apply.

    Vendor access should be limited, logged, and auditable.

    Contracts should make clear that vendors cannot use local public safety data for unrelated purposes, product development, AI training, or secondary analysis without explicit public approval.

    Public reports build trust

    The City should publish annual transparency reports for police surveillance systems.

    Those reports should include:

    • what systems were used,
    • how many searches were conducted,
    • how many times data was shared,
    • how many outside-agency requests were received,
    • how many requests were approved or denied,
    • how many audits were conducted,
    • whether any misuse was found,
    • whether any new features were activated, and
    • whether any policies changed.

    These reports do not need to expose sensitive case details.

    They should provide enough aggregate information for residents and elected officials to understand whether the rules are working.

    The basic principle

    The goal is not to prevent every use of technology.

    The goal is to make sure powerful tools answer to public rules.

    A camera policy should not stop at collection.

    It should follow the data.

    Where it goes, how long it stays, who can search it, who can share it, and how the public can verify the rules are being followed.

    Further reading

    Series links

  • Why Vendor Lock-In Matters in Police Technology Contracts

    Why Vendor Lock-In Matters in Police Technology Contracts

    Part 3 of the Bend Surveillance Oversight series.

    In the last post, we looked at the range of police technology Bend has already considered, approved, or discussed: body-worn cameras, fleet cameras, digital evidence storage, Fusus real-time information software, Axon Air drone software, third-party video playback, investigation software, VR training, and automated traffic enforcement cameras.

    Looked at one at a time, each purchase can sound narrow.

    But when the same vendor ecosystem provides the cameras, storage, software, subscriptions, hardware refreshes, training tools, review tools, and add-on features, the City may gradually become dependent on one platform.

    That is called vendor lock-in.

    Vendor lock-in does not necessarily mean anyone did anything wrong.

    It means a city’s systems, data, workflows, training, contracts, and budgets become so tied to one vendor that switching later becomes expensive, disruptive, or politically difficult.

    That matters for public oversight.

    How lock-in happens

    A city might begin with a legitimate need: body cameras.

    Then it needs a place to store the video, so it adds cloud evidence storage.

    Then prosecutors need access, so the system becomes part of the criminal justice workflow.

    Then patrol vehicles need cameras, so fleet cameras are added.

    Then drone video needs to be managed, so drone software is added.

    Then the department wants video review tools, third-party video playback, investigation software, AI tools, or real-time information platforms.

    Over time, what began as a camera contract can become a broad public safety software ecosystem.

    The Electronic Frontier Foundation has warned about this pattern in its article “Beware the Bundle”, which describes how police technology companies can use bundled offerings to become a department’s default provider for more and more tools.

    Again, the issue is not whether any single tool is useful.

    The issue is whether the public understands how the tools fit together before the City becomes deeply dependent on the platform.

    Why bundled contracts are harder to oversee

    Bundled contracts can make public oversight harder for several reasons.

    First, bundles can obscure what is actually being purchased.

    Second, bundles can make costs harder to compare.

    Third, bundles can reduce practical competition.

    Fourth, bundles can normalize expansion through amendments.

    That is how surveillance systems can grow without residents ever seeing a single clear moment where the full policy question is debated.

    Vendor assurances are not the same as public policy

    Cities often rely on vendor statements about what a system does or does not do.

    That is not enough.

    • Vendors can change product features.
    • Software capabilities can be added later.
    • Terms can change.
    • Subprocessors can be involved.
    • Data can be stored in complex cloud systems.
    • Departments can expand use over time.
    • Future renewals can make earlier decisions harder to revisit.

    That is why public rules should not depend only on vendor assurances or internal department practices.

    Public policy should be clear enough that residents can understand the limits before the next expansion happens.

    Why this matters in Bend

    Bend has already considered or approved multiple related technology systems over time.

    That does not prove a problem by itself.

    But it does show why residents should ask how all of these systems connect, whether alternatives were seriously evaluated, and what would happen if the City later wanted different pricing, stronger privacy protections, or more independent technical control.

    Vendor lock-in is not only a procurement question.

    It is also a transparency and governance question.

    What better contract oversight would look like

    If Bend wants useful technology without becoming overly dependent on one vendor ecosystem, contracts should protect the public interest.

    That can include:

    • clear exit clauses,
    • data portability requirements,
    • limits on automatic renewals,
    • public review before major expansions,
    • independent audits of enabled features and system settings, and
    • Council approval before materially new capabilities are activated.

    Those are not anti-technology ideas.

    They are basic governance safeguards.

    The real question

    The question is not whether Bend should use one vendor or another.

    The question is whether Bend has enough public oversight before the technology ecosystem becomes too large, too expensive, and too embedded to easily change.

    Vendor lock-in is not just a budget issue.

    It is a democracy issue.

    When public safety technology becomes hard to leave, hard to audit, and hard for residents to understand, public oversight becomes weaker.

    That is why Bend should address vendor lock-in now, before future expansions become automatic.

    Further reading

    Series links

  • What Police Technology Has Bend Already Considered or Purchased?

    What Police Technology Has Bend Already Considered or Purchased?

    Part 2 of the Bend Surveillance Oversight series.

    Before Bend residents can have a useful conversation about police surveillance oversight, we need to understand what technology the City has already approved, discussed, or bundled into larger contracts.

    This is not about assuming bad intent.

    It is about making the public record easier to understand.

    Over the past several years, Bend has moved from body-worn cameras into a broader police technology ecosystem involving vehicle cameras, cloud evidence storage, drone software, real-time information tools, third-party video playback, investigation software, and bundled Axon subscriptions.

    That is why this conversation should not be reduced to a simple question like, “Should police have cameras?”

    The better question is:

    What systems has Bend adopted, and what public rules govern the data those systems create?

    Body-worn cameras and Evidence.com

    In April 2021, Bend City Council considered a five-year agreement with Axon for body-worn cameras, associated hardware, analytical software, training, and digital evidence storage, with a contract amount not to exceed $1,038,996.

    The City’s issue summary said full implementation would mean every officer would be equipped with a body-worn camera during their shift, video recordings would be stored, and the Deschutes County District Attorney’s Office would have the ability to receive the information.

    That matters because body cameras are not only recording devices. They also create records that must be stored, accessed, shared, retained, and governed.

    Fleet cameras in police vehicles

    In July 2022, Bend City Council approved a five-year, $679,500 contract with Axon for fleet cameras in Bend Police vehicles.

    The City described the contract as covering purchase and installation of cameras, software, and video storage.

    This is important because fleet cameras can be more than dashboard video. Depending on the hardware, software, and enabled features, vehicle camera systems can interact with evidence storage, metadata, automated review tools, and potentially other software capabilities.

    That is exactly why public policy should focus on capabilities, retention, access, and auditing — not just the word “camera.”

    Fusus real-time information software

    In March 2023, Bend City Council considered a three-year agreement with Fusus Inc. for software and associated hardware to view public and community video sources for incident situational awareness and investigations, with a contract amount not to exceed $230,000.

    The City’s issue summary described Fusus as a real-time crime center platform designed to consolidate video and other information sources.

    It said Fusus could bring together public and private video systems, community tips, community text notifications, Computer Aided Dispatch, unmanned aircraft video, Live 911 information, body-worn cameras, in-car cameras, a community camera registry, a CJIS-compliant video evidence vault, and video live links for 911 callers.

    That is a much broader system than a single camera.

    It is a platform for gathering, viewing, and coordinating multiple information sources in one place.

    Axon Air and drone software

    In February 2024, Bend considered additional Axon Air software licenses for its drone program.

    The issue summary said Bend Police had been using Axon Air software since 2022 for drone support and remote viewing capabilities, and that the department wanted additional pilot and drone licenses.

    It also stated that Bend Police had been using Axon services since 2021 as a unified platform to better track deployment, usage, and results of police actions.

    That phrase — unified platform — is important.

    It shows the direction of travel: not isolated tools, but integration of multiple police technologies into one vendor ecosystem.

    2024 Axon bundled contract

    In October 2024, Bend City Council considered a five-year Axon Officer Safety Plan 10 Premium subscription.

    The meeting minutes state that Council authorized a five-year contract with Axon for Taser hardware, virtual reality hardware and software, digital video recorder playback support, and investigation support software, for a total amount not to exceed $2,555,786.51.

    The minutes also identify the new bundled products and services as Investigate Pro, Third-Party Video Playback, and Virtual Reality training.

    This is the clearest example of why residents need a public inventory.

    Once products are bundled together, it becomes harder for the public to understand which tools are active, which are planned, which are optional, and which could be expanded later.

    Automated traffic enforcement cameras

    Separate from the Axon materials, Bend has also moved forward with automated traffic enforcement.

    The City says the program uses cameras to detect red-light running and speeding at various intersections.

    This is a different type of camera program, but it belongs in the same public conversation because it raises the same basic governance questions:

    • What data is collected?
    • Who operates the system?
    • How long is the data retained?
    • Who can access it?
    • What rules prevent secondary use?

    Why this matters

    Looked at separately, each item may sound narrow:

    • A body camera contract.
    • A fleet camera contract.
    • A drone software license.
    • A real-time information platform.
    • A video playback tool.
    • An investigation software tool.
    • A traffic enforcement camera program.

    But viewed together, they show a larger pattern: Bend is building a police technology environment made of cameras, cloud storage, software subscriptions, vendor platforms, and integrated data systems.

    That does not mean the City should abandon useful tools.

    It does mean residents deserve a clear, public inventory.

    The first step toward meaningful oversight is simple:

    Tell residents what systems exist.

    Selected source documents

    Series links

  • This Is Not Just About Cameras

    This Is Not Just About Cameras

    Part 1 of the Bend Surveillance Oversight series.

    Most people hear “police cameras” and imagine a simple device: a body camera on an officer, a camera in a patrol car, or a license plate reader mounted near a road.

    Cameras are a tool of modern policing, but modern policing was never just about cameras.

    They are often part of a much larger technology ecosystem involving cloud storage, evidence management software, artificial intelligence tools, automated license plate readers, vehicle cameras, drones, real-time crime center platforms, third-party vendors, and future software features that may be added after the original purchase.

    That distinction matters.

    A camera records what happens in front of it. A connected surveillance system can collect data, store it, search it, analyze it, share it, and combine it with other systems. Once that happens, the public policy question changes.

    The question is no longer only:

    Should police have cameras?

    The better question is:

    What rules govern the data those cameras create?

    For example:

    • Where is the data stored?
    • How long is it kept?
    • Who can search it?
    • Are searches logged?
    • Can outside agencies access it?
    • Can vendors access it?
    • Can new AI or biometric features be activated later?
    • Does the City Council have to approve expansions?
    • Are residents told when capabilities change?

    These are not anti-police questions.

    They are basic public oversight questions.

    Body cameras, patrol vehicle cameras, and evidence systems can serve legitimate public safety and accountability purposes. But when those systems are connected to vendor-controlled cloud platforms, AI tools, automated license plate readers, and broader data-sharing networks, the public deserves clear rules before the technology expands.

    This is especially important because cities often start with one tool and later add more tools from the same vendor.

    A city may begin with body cameras, then add fleet cameras, then cloud evidence storage, then license plate readers, then drones, then AI report-writing tools, then real-time crime center software.

    Each step may be presented as a small upgrade.

    But together, those upgrades can create a powerful surveillance infrastructure.

    That is why the issue is not just the camera.

    It is the ecosystem.

    Bend residents should not have to dig through dense procurement packets, legal agreements, and technical appendices to understand what surveillance tools are being used or considered.

    The City should provide a plain-language public inventory of police technology systems, including hardware, software, cloud storage, AI tools, third-party vendors, data retention rules, data-sharing rules, audit procedures, and any future capabilities that can be activated through software.

    This does not require the City to abandon useful technology.

    It simply requires public oversight to keep pace with the technology being purchased.

    Before Bend expands police surveillance systems, residents should be able to answer a simple question:

    Are these tools governed by clear public rules, or are we relying mostly on vendor assurances and internal department policies?

    That is the conversation Bend should have now, before the system becomes larger, more expensive, and harder to change.

    Further reading

    Series links

  • FISA Section 702: A Hide & Speak Livestream

    A featured Hide & Speak livestream exploring privacy, surveillance, civil liberties, and the public accountability questions that increasingly shape modern civic life.

    This featured Hide & Speak livestream brings together a timely conversation on privacy, surveillance, civil liberties, and public accountability. As these issues continue to move from abstract policy debates into everyday life, discussions like this one help make the stakes clearer and more accessible.

    Originally streamed last Saturday, this conversation is now archived here for anyone who was unable to join live or who wants to revisit it.

    Watch the full video below:

    Watch on YouTube: Hide & Speak: A Conversation on Privacy, Surveillance, and Public Accountability