Flock Audit Logs and Retention - Arkansas Surveillance Wiki

# Flock Audit Logs and Retention The Flock platform's **search-event recording and data-retention** layer. Audit logs record every plate lookup performed by every authorized user (including federal-LE counterparties) against the Conway PD dataset, with metadata fields including searching officer, agency, search-reason free text, search time, license plate queried, filters used, networks/devices searched. The retention layer separately governs how long raw plate-read data remains queryable. ## How it appears in the corpus **Internal-officer audit logs** ([[Conway PD Audit Logs Series]]): 13 monthly CSVs across April 2025 – April 2026, totaling ~10,391 Conway-officer search events. Pre-cutover schema 14 cols (`Text Prompt, Moderation` included); post-cutover schema (effective 2025-12-17) drops one column. **Federal-officer audit logs** ([[Federal Searches CSV]]): A single export covering March 1 2026 – April 21 2026, 5,929 federal-officer searches that touched Conway data. **Retention rules:** - **Flock platform default (per [[Flock Safety Order Form and Contract]]):** 30-day retention for raw plate reads. - **CPD Policy 800-32:** 150-day retention ceiling, "in accordance with State Law," then automatic purge. Hit data used in investigations may be retained until "no longer needed." - **Audit log retention:** Not specified in the corpus. The 13 monthly files extending back to April 2025 suggest at least 13-month retention, but the corpus does not surface Flock's official audit-log retention policy. ## Stakeholders - **Flock** — platform operator; sets the retention defaults and generates the audit-log exports. - **Agency administrators** — configure retention within the platform-supported range; per CPD Policy 800-32 are responsible for "automatic purge" verification. - **Auditing/oversight bodies** — Conway PD's "LPR supervisor" (per Policy 800-32) reviews semi-annual statistical reports; the public has access on request. - **FOIA requesters** — depend on audit-log retention to surface evidence of historical activity. ## Key takeaways - **Schema cutover at 2025-12-17.** The Conway audit log series shifts from 14 to 13 columns on this date. The `Important Update to Flock Audit Logs to Protect Officer Safety Active Investigations.msg` (in `raw/`, not yet documented as a source page) is the platform-change announcement; reviewing it will confirm which column was dropped and the stated rationale. - **Officer-name redaction is inconsistent.** Some pre-cutover files marked "Redacted" still contain visible officer names (e.g., "Phillip Boyd" in 8/2025 file). Plates are never redacted. The post-cutover files (March 2026, April 2026 partial) carry no "- Redacted" suffix but still contain identical PII patterns. AGENTS.md surveillance-PII handling requires the wiki to not republish either category. - **The Reason field is officer-supplied free text.** It is the primary check on policy-compliant use (per CPD Policy 800-32's "evidence of an offense is indicated" sharing standard), but it is not validated at search time. An open analytic question is the distribution of Reason values across all 10,391 internal searches. - **Audit-log generation is platform-mediated.** Conway PD does not own the audit logs in any controllable sense; Flock owns the generation pipeline. The exports are deliverables the agency requests of Flock, then forwards to FOIA requesters. The agency could in principle ask Flock for an unredacted, fuller export — and Flock could in principle modify what fields are included. (Cf. the schema cutover.) - **Retention vs. evidentiary preservation tension.** A 30-day default platform retention puts most plate reads beyond retrospective FOIA reach within a month. The 150-day policy ceiling and the "until no longer needed" hit-retention rule mitigate but do not eliminate this. Public-records investigations of LPR systems must be tightly time-coupled to recent activity.