Date: 6/26/2014

This list is compiled and maintained by DAC committee chairperson Jesper "JJ" Jurcenoks, Entries are listed in their original order and language, JJ# reflect the
order in which the requests came in and helps highlight which requests have been outstanding the longest, the list clearly shows which requests have been fully
answered and which have only been partially answered. For Requests made and fullfilled before this list was created negative JJ# have been assigned
Joe DeVries has a made a shorter slightly different list grouping the requests by subject, clarifying and rewording some of the requests, the Joe DeVries numbering
is in the column JD#.
JJ# JD # Fullfilled Requests
Request Requestor Requestee
Date Initially
Requested Response Date Response
-7 Sample of DHS Non-disclosure Brian Hofer Joe DeVries 5/1/2014 5/5/2014 see Attachment DHS-NDA-Blank
-6
Sample of Protected Critical Infrastructure Information handling
rules Brian Hofer Joe DeVries 5/1/2014 5/5/2014 See Attachment PCII_Cover_sheet
-5
Representatives of The Port, Fire Department and Police
Department to each make a list of DAC objectives in prioritized
order. Jesper Jurcenok
Deputy Police Chief Eric Breshear
Head of Security for the Port of Oa
OFD Battalion Chief Darren White 5/5/2014 5/8/2014
Verbally at May 8 committee meeting and recorded in the
minutes
-4 30/31
Legal Data retention requirements for Data in the DAC that is
Copies where the Original is :
1) Under City control
2) Under control of a partner with whom the city has a data
sharing agreement.
3) Data is otherwise publicly available - Like weather reports Jesper Jurcenok Oakland City Attorney Amadis B. S 5/19/2014 5/27/2014 See Attachment: Data Retention for Copies of City Data.
-3 List of Data Sources for the DAC: Current Jesper Jurcenok Ahsan Baig 5/26/2014 5/31/2014 See Attachment: DAC Current Data Sources
-2
Is it technically possible that the 'bookmark' is linked to/goes to/is
tagged to the original source data, and does NOT remain in the
DAC at all? (sorry for my clumsy non-tech question). e.g. The
Port comes to the City and says it needs video from 5/25 at 9am
from Camera XYZ. Can the bookmark only point towards the
originating camera storage that the video came from without any
DAC storage being involved? Or is PSIM/VidSys only capable of
bookmarking DAC stored data?
Brian Hofer Ahsan Baig 5/26/2014 5/31/2014
2. No it is not possible, because the end-user interaction with
the data is through the DAC PSIM application, and that is the
whole purpose of integration. As far as your inquiry regarding
the video footage; remember, DAC will not be recording the
Port Video. If the video footage is needed, you need to go back
to the originating source. Unless, there is an incident on 5/25 at
9am involving Camera XYZ, and DAC Incident was initiated.
Does it help?
Ahsan Baig, ITD
City of Oakland
-1
Can we meet the definition of "routine video monitoring" in Gov
Code Sec 34090.6(c)? If not full-blown city-wide scope, which is
not allowed under Brooks, can we at least meet this definition
with the allowed Port perimeter cameras? In (c), "building security
recording system" seems similar to the Port perimeter cameras,
and appears routine. Brian Hofer Amadis Sotelo 5/26/2014 5/28/2014 See Attachment: Definition Routine Video Monitoring
12 15 Request Copy of the agreement with DHS for funding of the DAC Aestetix Joe DeVries 5/31/2014 6/9/2014 See Attachment: Port Grant Document
16 9
3. Will the DAC ever stand down, or is it meant to be always
on? Brian Hofer Joe DeVries 5/30/2014 6/9/2014 It is meant to always be on.
17 25
4. Please provide any privacy and data retention policy or
guidelines governing the EOC. Brian Hofer Joe DeVries 5/30/2014 6/9/2014
There is no local Privacy or Data Retention Policy that governs
the EOC. If there was a State Declared Emergency where the
EOC was activated to manage the event we would follow the
State Guidelines for data/document retention which is until the
Disaster is officially closed out. If it was a Federally
declared disaster, we would retain data/document retention
based upon Federal guidelines which is until the Disaster file is
official closed out.
34 When is the EOC activated? Matt Cagle/Linca Joe DeVries 5/30/2014 6/9/2014
During a major emergency, City of Oakland Agency Directors
and/or their designees in the Emergency Operations Center
(EOC) and outside governmental agencies and non-
governmental agencies staff assisting with the major
emergency or disaster (such as the Red Cross) that would
report to EOC. may have access to the DAC computers and
displays. Such access will only be provided on a need to know,
right to know basis and if there was a direct correlation between
the major emergency or disaster and DAC operations.
Date: 6/26/2014
This list is compiled and maintained by DAC committee chairperson Jesper "JJ" Jurcenoks, Entries are listed in their original order and language, JJ# reflect the
order in which the requests came in and helps highlight which requests have been outstanding the longest, the list clearly shows which requests have been fully
answered and which have only been partially answered. For Requests made and fullfilled before this list was created negative JJ# have been assigned
Joe DeVries has a made a shorter slightly different list grouping the requests by subject, clarifying and rewording some of the requests, the Joe DeVries numbering
is in the column JD#.
JJ# JD # Fullfilled Requests
Request Requestor Requestee
Date Initially
Requested Response Date Response
38 13
What software is used by DAC systems to analyze and
organize data inputs? Who developed the software? What are
the functionalities of that software? Matt Cagle/Linca Joe DeVries 5/30/2014 6/20/2014
Answer: The core software in DAC is called Physical Security
Management System (PSIM), developed by VidSYS. The
software functions and feature details can be found on the
companys website by visiting http://www.vidsys.com/
For the Ports IDS, the Sightlogix cameras have video analytics
capability at the edge (built into each camera) that is then
processed through a Genetec server at the Port and the alerts
are then sent to Vidsys. This is the simple response and Im not
sure I would get into a more technical answer that would
potentially reveal system vulnerabilities.
1
At least one existing Data sharing agreement between OPD an
another Law-enforcement entity Brian Hofer Deputy Police Chief Eric Breshear 5/1/2014 6/20/2014
See Attachment
- CCTV policy for City of London, Ontario, Canada.pdf
- City and County of SFs Community Safety Camera
Ordinance.pdf
3 28
Get Privacy policies (plural) from other municipalities for
inspiration Robert Harris Joe DeVries 5/19/2014 6/20/2014
6/9/2014:Privacy policies are general in scope as they are often
having underlying laws or regulations that dictate more granular
requirements. Examples would be HIPAA which drives
particular requirements in departments such as Personnel and
Human Resources; where PCI compliance crosses any
department that accepts credit cards, monitoring and
enforcement is done by PCI Security Standards Council.
However, this link http://gsa.gov/portal/content/104256 will lead
one to the GSAs privacy policy guideline on PII (personally
identifiable information).
Also, more policies are being collected by staff and will follow.
6/20/2014: The City Clerk reached out to nine different cities in
California and was unsuccessful in receiving back any privacy
policies. Also, the City Attorney conducted research for any
relevant examples of policies for systems in other jurisdictions
similar to DAC and was able to find a couple of policies for
general City Closed Circuit TV surveillance camera systems as
well as other related materials that the ad hoc committee may
be interest in reviewing Below are web links for policies that
were found:
1. CCTV policy for City of London (Canada)
http://www.london.ca/city-hall/mfippa/Documents/Code-
CCTV.pdf (Attached)
2. City and County of SFs Community Safety Camera
Ordinance
This ordinance has important policy directives in terms of
limitation of the camera use as well as protocols for oversight
and access. It is a more broad system than the DAC, but may
still be helpful.
https://law.resource.org/pub/us/code/city/ca/SanFrancisco/Admi
nistrative%20Code/chapter19.pdf (Attached)
3. DHS publication: CCTV Developing Privacy Best
Practices
http://www.dhs.gov/xlibrary/assets/privacy/privacy_rpt_cctv_20
07.pdf (Attached)
Date: 6/26/2014
This list is compiled and maintained by DAC committee chairperson Jesper "JJ" Jurcenoks, Entries are listed in their original order and language, JJ# reflect the
order in which the requests came in and helps highlight which requests have been outstanding the longest, the list clearly shows which requests have been fully
answered and which have only been partially answered. For Requests made and fullfilled before this list was created negative JJ# have been assigned
Joe DeVries has a made a shorter slightly different list grouping the requests by subject, clarifying and rewording some of the requests, the Joe DeVries numbering
is in the column JD#.
JJ# JD # Fullfilled Requests
Request Requestor Requestee
Date Initially
Requested Response Date Response
10
16 Provide copies of any formal written agreements between the
City, OPD, Alameda County Sheriff, Port and any other entities
connected to the DAC, including the SF Fusion Center, FBI, CIA,
NSA, and any other Homeland Security Agency, regarding the
sharing of information of any kind.
Allan Brill Joe DeVries 5/30/2014 6/20/2014
See Attachments:
- CJIS Security Awareness Training.pdf
- OPD - LEAP Mou - Datasharing agreement.pdf
- US Marchals Service - Pacific Southwest Regional Fugitive
Task force - Datasharing agreement.pdf
6/9/2014:Oakland Fire, EMSD on behalf of the EOC does not
have any formal written agreements other than the agreements
that are State agreements for Mutual Aid responses.
The Port doesnt have any formal written agreements to share
information with other agencies at this point.
22 26
7. Please provide any privacy and data retention policy,
guidelines, contractual terms or audits re relationship with
ShotSpotter transmission of data (e.g. data is first sent to
ShotSpotters servers in Newark before transmission back to
OPD) Brian Hofer Joe DeVries 5/30/2014 6/20/2014
Shotspotter is developing their own privacy and data retention
policy, with an estimated completion by the end of June 2014.
However, their policy is for their own risk management. OPD
does not have a policy regarding privacy and data retention as
it relates to Shotspotter.
23 29
8. Is any OPD, OFD, EOC, EOS, Port data that will feed DAC
currently kept or intended in the future to be kept in the cloud? Brian Hofer Joe DeVries 5/30/2014 6/20/2014 There are none currently or planned for the future.
24 29 a. If so, with whom? Brian Hofer Joe DeVries 5/30/2014 6/20/2014 There are none currently or planned for the future.
25 29
b. Please provide any privacy and data retention policy or
guidelines governing storage or transmission of the data. Brian Hofer Joe DeVries 5/30/2014 6/20/2014 There are none currently or planned for the future.
28 1
What are the current informational inputs to the Domain
Awareness Center (DAC)? Matt Cagle/Linca Joe DeVries 5/30/2014 6/20/2014
The current inputs (data sources) are listed below:
City GIS (Phase 1)
Port Security Cameras (Phase 1)
Intrusion Detection System (IDS) System (Phase 1)
Port GIS (Phase 2)
Port Vessel Tracking (Phase 2)
Port Truck Management (Phase 2)
Police and Fire CAD (Phase 2)
WebEOC Notifications (Phase 2)
Tsunami Alerts (Phase 2)
Fire Automatic Vehicle Location (Phase 2)
NOAA Weather Alerts (Phase 2)
30 3
What informational inputs is the DAC capable of receiving,
even if it is not now receiving those inputs? Matt Cagle/Linca Joe DeVries 5/30/2014 6/20/2014
Answer: The core software, VidSYS, in DAC is the Open
Standards based Physical Security Information Management
System (PSIM) Platform. DAC is capable of receiving any
informational inputs, as long as the network connectivity is
there with the source system, and the Source system is
connected with the PSIM software and the Application
Integration is provisioned between the two systems.
33 7 When is the DAC activated? Matt Cagle/Linca Joe DeVries 5/30/2014 6/20/2014 The DAC is anticipated to be on 24/7.
35 33
What is the current or proposed storage capacity of the DAC?
What is that storage capacity contemplated to be used for? Matt Cagle/Linca Joe DeVries 5/30/2014 6/20/2014
Answer: The current storage capacity is approximately 300TB,
primarily sized at a higher-end to fully utilize the funding, and it
was contemplated for five years with no additional storage
upgrades. We were expecting 100% growth in the video data.
39 24
Which companies have been contacted by the City of Oakland,
or contacted the city of Oakland, regarding the sale of software
for use with the DAC? Matt Cagle/Linca Joe DeVries 5/30/2014 6/20/2014
These companies have been contacted by the City for the DAC
Phase 2 build out - Motorola, SAIC, G4S, GTSI, and Schneider
Electric
Date: 6/26/2014
This list is compiled and maintained by DAC committee chairperson Jesper "JJ" Jurcenoks, Entries are listed in their original order and language, JJ# reflect the
order in which the requests came in and helps highlight which requests have been outstanding the longest, the list clearly shows which requests have been fully
answered and which have only been partially answered. For Requests made and fullfilled before this list was created negative JJ# have been assigned
Joe DeVries has a made a shorter slightly different list grouping the requests by subject, clarifying and rewording some of the requests, the Joe DeVries numbering
is in the column JD#.
JJ# JD # Fullfilled Requests
Request Requestor Requestee
Date Initially
Requested Response Date Response
Outstanding Request
# Request Requestor Requestee Date Initially Age Note
2
Written Procedure for deciding when to escalated an incident to
the Oakland Emergency Operations Center Brian Hofer Joe DeVries 5/8/2014 49
4
Request for Presentations given by Department heads at May 1
meeting Robert Grey Joe DeVries 5/22/2014 35
5 14 Unclassified photo from inside the current Oakland DAC Aestetix Joe DeVries 5/26/2014 31
6/20/2014 Photos from inside the DAC will be provided shortly
in a subsequent email.
6/26/2014 Paper copies provided at meeting, pending
electronic copies
6
List of Data Sources for the DAC: Disabled, Planned and
imagined Jesper Jurcenok Ahsan Baig 5/26/2014 31
7
Is there any incoming data being fed to the DAC that is not
coming from its own separate originating system? Brian Hofer Ahsan Baig 5/26/2014 31
8 32
I am under the impression that your office was asked to find a
way around the 2yr retention period under Gov Code Sec 34090.
If not, can you look into it? If you did already, can you disclose
the work product? Here where all the parties are in agreement on
a noncontroversial issue, it seems like you could waive any
privilege, if applicable to a memo. Brian Hofer Amadis Sotelo 5/26/2014 31
6/20/2014 Although this is still being reviewed, below is a link to
CA Government Code 34090 for the committees review:
http://www.leginfo.ca.gov/cgi-
bin/displaycode?section=gov&group=34001-35000&file=34090-
34095 (Attacked)
Also, here are the CA Secretary of State Records Management
Guidelines: (Attached)
9
Please see the attached proposed resolution and ordinance of
Menlo City re ALPR data retention period (6 months).
Unfortunately there are no citations to law, nor real legal
justifications, so I am unsure of how they reached their legal
conclusion. The City Attorney approved it going forward, so how
did they do it? Do either of you have a colleague you can reach
out to at Menlo City? I don't mind calling, but the weight of your
respective offices will open more doors. Brian Hofer Amadis Sotelo 5/26/2014 31
10a 17
Please provide a summary of any Informal information sharing
agreements of the same nature as above. Allan Brill Joe DeVries 5/30/2014 27
6/20/2014 Staff at OPD is not aware of any informal
informational sharing agreements with outside entities.
11 27
privacy/transparency policies of the other approximately 17 local
DAC-type entities, and 19 current fusion centers across the
country. Allan Brill Joe DeVries 5/30/2014 27
Date: 6/26/2014
This list is compiled and maintained by DAC committee chairperson Jesper "JJ" Jurcenoks, Entries are listed in their original order and language, JJ# reflect the
order in which the requests came in and helps highlight which requests have been outstanding the longest, the list clearly shows which requests have been fully
answered and which have only been partially answered. For Requests made and fullfilled before this list was created negative JJ# have been assigned
Joe DeVries has a made a shorter slightly different list grouping the requests by subject, clarifying and rewording some of the requests, the Joe DeVries numbering
is in the column JD#.
JJ# JD # Fullfilled Requests
Request Requestor Requestee
Date Initially
Requested Response Date Response
13 8
Committee still needs list of priorities (scenarios of use) from
OPD, OFD, Port, EOC, Brian Hofer Joe DeVries 5/30/2014 27
6/9/2014:Port Response (more to follow): There is a list of 30
scenarios that are important to the Port and for which we are
developing action plans and work flows for the DAC. For the
purposes of this data call Id prefer not to prioritize them
necessarily, but just provide the list. City EMSD staff have that
list. The other City departments have response priorities that
include additional scenarios that could be included down the
road.
6/20/2014 Here is a list from OPD:
Acts of violence (localized or widespread)
Child abductions
Active Shooter scenario
Mass Casualty events
Hostage scenarios
Barricaded suspects
Transit hijacking (train, aircraft, bus, etc)
CBRNE events
Weapons of Mass Destruction
Bomb threats and/or explosions
Civil Unrest or Disorder
Aircraft crash
Natural Disasters (fire, tsunami, earthquake, etc.)
Hazardous material release
Serious pandemic disease
14
1. EOS to help determine purpose specification and data
minimization. Brian Hofer Joe DeVries 5/30/2014 27
15 10
2. Will all data be fed to the DAC continuously unless intentionally
shut off? Brian Hofer Joe DeVries 5/30/2014 27
6/9/2014:It will either be fed continuously or accessible when
needed for operations support or investigative support
18 23
5. What are the criteria for OPD, OFD, EOC, EOS, Port sending
data to or sharing data with NCRIC (e.g. showing needed,
probable cause, reasonable suspicion, simple request/partner
sharing agreements) Brian Hofer Joe DeVries 5/30/2014 27
6/20/2014 As mentioned above, OPD does not regularly send
information to NCRIC. The only instance where information
would be shared is when there are public/officer safety
concerns, reasonable suspicion and/or probable cause within
the region or City pursuant to a criminal investigation.
19 22
a. Does the City typically initiate the transmission of data to
NCRIC, or NCRIC is the requestor? Brian Hofer Joe DeVries 5/30/2014 27
6/20/2014 OPD does not regularly transmit data to NCRIC.
NCRIC will provide data/information to OPD upon request or if
public/officer safety information germane to the region/City of
Oakland is discovered.
20 18
6. What types of data does OPD, OFD, EOC, EOS, OFD, Port
send to NCRIC (including but not limited to camera feed, ALPR,
ShotSpotter, CAD, RMS)? Brian Hofer Joe DeVries 5/30/2014 27
6/9/2014:The Port doesnt send any data or camera feeds to
the NCRIC. The NCRIC takes reports of security breaches and
suspicious activity and will put out what they call Partner
Update Briefs (PUBs) on a weekly basis which include pertinent
threats or illegal activity trends in the area that the law
enforcement and security community should be aware of. Refer
to the ncric.org website for comprehensive info on NCRIC
program.
6/20/2014 OPD does not regularly send information to NCRIC.
In general, NCRIC provides regional information to OPD as it
relates to public safety concerns in the City of Oakland. If OPD
uses the NCRIC, it would be to assist on an active criminal
investigation. I do not think the LPR system is tied into NCRIC.
21
a. Please provide any privacy and data retention policy or
guidelines re a above. Brian Hofer Joe DeVries 5/30/2014 27
Date: 6/26/2014
This list is compiled and maintained by DAC committee chairperson Jesper "JJ" Jurcenoks, Entries are listed in their original order and language, JJ# reflect the
order in which the requests came in and helps highlight which requests have been outstanding the longest, the list clearly shows which requests have been fully
answered and which have only been partially answered. For Requests made and fullfilled before this list was created negative JJ# have been assigned
Joe DeVries has a made a shorter slightly different list grouping the requests by subject, clarifying and rewording some of the requests, the Joe DeVries numbering
is in the column JD#.
JJ# JD # Fullfilled Requests
Request Requestor Requestee
Date Initially
Requested Response Date Response
26 19
9. Is any OPD, OFD, EOC, EOS, Port data shared with any
private entity or individual? If so, please explain in detail. Brian Hofer Joe DeVries 5/30/2014 27
6/9/2014: Port response: If there was a security breach at one
of the Ports marine terminals and there was a video or still
image available that showed the suspicious person, that
information would be shared with persons with security duties
at adjacent (private) marine terminals for situation awareness
and to be on the lookout for similar illegal activity in the area.
On a case by case basis the Port may respond to a trucking
company or an equipment leasing company and provide
information from the Truck Management System to help resolve
issues associated with a truckers improper use of another
Licensed Motor Carriers identity.
27 21
a. Will any data proposed to be fed to the DAC be shared with
any private entity or individual? If so, please explain in detail. Brian Hofer Joe DeVries 5/30/2014 27
6/20/2014 No. OPD will follow policies, procedures, and
agreements regarding data sharing with private entities and
individuals. In sum, OPD will follow the right to know/need to
know concept.
29 2
What are the current informational inputs to the Emergency
Operations Center (EOC)? Matt Cagle/Linca Joe DeVries 5/30/2014 27
31 5
What data is exchanged between the DAC and the EOC and
how is it transferred (e.g., via live video feeds, emails, shared
storage space)? Matt Cagle/Linca Joe DeVries 5/30/2014 27
32 4 What is the relationship between the DAC and the EOC? Matt Cagle/Linca Joe DeVries 5/30/2014 27
36 11 Can the DAC facilitate retention by other systems? Matt Cagle/Linca Joe DeVries 5/30/2014 27
6/9/2014:Port Response: the DAC will not be able to direct the
retention of data on Port systems.
36a 12
. What capabilities does the DAC have to direct or command that
data be retained by other City systems (e.g., the EOC, CCTV
cameras)? Similarly, what capabilities does the DAC have to
retain any bookmark, flag, or other memory of location of any
data collected by other City systems? Matt Cagle/Linca Joe DeVries 5/30/2014 27
6/9/2014:Port Response: the DAC will be able to bookmark an
event on the Ports Intrusion Detection System. The actual
recording can be made to the desktop of the DAC workstation
for file inclusion or sharing with other agencies as allowed by
policy or specific information sharing agreement.
37 20
What agencies have been approached/contacted with regard to
planning and/or information sharing for the DAC project? Matt Cagle/Linca Joe DeVries 5/30/2014 27
6/9/2014: The Port has discussed information sharing with
BART and the USCG in relation to the DAC project. We have
also collaborated with CHP and DHS investigators to review
specific video from the IDS related to container thefts in the
Port area that were occurring approximately two years ago.
6/20/2014 OPD has not approached any agencies.
40
Invitation to Present for DAC Comittee: Elizabeth Joh, a
professor at UC Davis School of Law Matt Cagle/Linca Joe DeVries 5/30/2014 27
41
Invitation to Present for DAC Comittee: Joanne McNabb,
Director of Privacy Education and Policy with the California
Attorney General. Matt Cagle/Linca Joe DeVries 5/30/2014 27
42
Please request details on which data that is recorded in the
Vidsys application when an event is triggered. Jesper Jurcenok Ahsan Baig 6/2/2014 24
43
Any Privacy Impact Assessment made for this project in
preparation to comply with Article V of the Grant Agreement
Articles of the Grant Requirements. Jesper Jurcenok Joe DeVries 6/9/2014 17
44
Existing policies for granting access to the EOC, for contractors,
City staff and Council Members Nadia Kayyali Vice director of the EOC 6/12/2014 14
6/26/2014 Paper copies distributed during meeting - pending
electronic copies
45 Tour of the DAC and EOC for the Privacy Committee Members Aestetix, Phill Wo Joe DeVries 6/12/2014 14
6/26/2014 Renee Domingo, Director of emergency services,
You can get an escorted tours after:
1) Extensive Background check
2) signing an NDA
3) Completing Traniing