Domain Awareness Center

Ad Hoc Advisory Committee on Privacy and Data Retention

June 12
th
, 2014
Hearing Room 4
1 Frank H. Ogawa Plaza, 2
nd
Floor
6:00 PM

Meeting Notes-There was no Quorum so these notes are purely for review purposes.
1. 6:00pm Call to Order and determination of quorum
There was no quorum, attendees included: Jesper Jurcenoks (chair), Rick Johnson, Matt Cagle,
Aestetix, Phil Wolff, and Nadia Kayyali.
2. 6:03pm Approval of amended Minutes from May 1 and May 8 Meetings.
May 8
th
minutes included discussion on Brown Act. Those changes are not showing up on the
minutes.
3. 6:05pm Approval of Minutes from May 22 Meeting.
May 22
nd
minutes: item 3, the ACLU letter was not attached, Item 5: EFF issues, the motion was
by Linda, not Brian.
4. 6:15pm Comments on Narrative for 'Purpose of the DAC'
Purpose of the DAC: the statement written by Jon Wactor was reviewed.
- Phil says that the purposes listed are really broad
- Look at the color coded document under #3 to come up with the draft that Jon came up
with
- Phil says there is language here that doesnt add value or isnt in compliance with law.
- Jesper says that the original intent of the city was to ride on the coat tails of the port for
more than the scope approved
- They mean data when they say information
- When does the EOC get activated?
- It doesnt mention the core values in there
- Other police agencies is a point of concern
- Look at the Purpose on each of the PPT presentations given by city staff for some
guidance. They are on the wiki
- Seems like a law enforcement purpose, not a privacy group purpose
- Everyone only wants 24 hours in the DAC according to Fire, Police and the Port
- Broaden the mission statement: allow them to trigger response and then also protect
constitutional rights and other constraints
5. 6:25pm Status on outstanding Data Requests by Joe DeVries
Joe DeVries indicated a lot of information came in that day and/or was on its way. He would try
to compile all of it and send out as soon as possible with a goal of three business days after the
meeting (similar to the minutes). He also noted he will be asking Joanne McNabb from the
Attorney Generals Office to come to speak soon. No other speakers lined up yet.
6. 6:35pm Review submitted input to Policy Strategies and suggest further strategies.
(Updated Policy Draft Attached)
Jesper noted some colors have changed since the last meeting.
DAC isnt a department; it is just part of existing departments and the EOC. The EOC is not 24
hours while DAC is.
Data sharing is an important area to cover thoroughly
EOC rep: Kathy Eide: Activation is an incident in which multiple agencies, etc. work together.
EOC is simply about resource coordination. There are no 911 calls coming in there. It is a central
hub for people to provide resource requests. If the city cant handle it, then it is sent to another
resource area. EOC is all about resources and mutual aide.

The EOC could contain up to 100 people at the maximum point of activation. It often may take
time to get staff there since, during an emergency, people are coming from all over the Bay
Area.
Kathy Eide will send us a presentation of the EOC. She encourages folks to check out FEMA
resources as well.

Several Members asked if they can they get a tour of the EOC? Kathy Eide indicated that no one
is allowed in the center without the proper clearances. The members asked where are the EOC
security policies coming from especially related to background checks.
It was noted that access is granted by EOC director. Level 3 security clearance is important.
Is there a process they can go through to be provided clearance to the EOC, the committee
members would like the policy on this and they would also like to get clearance as well.
The members also want a glossary of all commonly used City acronyms.

7. 7:00pm Prioritization and selection of subjects for sub-committees:
Citywide privacy policy outside of the DAC [can they do that?]
Do other cities have all encompassing privacy policies?
Nadia stated that Berkeley has some but not all encompassing. There might not be any cities that
have general privacy policies They often are interested in law enforcement only.
Subcommittee tasks would be done by: Prioritization: will do later including adding another
committee: map of the territory and organizing all the data; construct a clear description of
what is the DAC and how it operates especially as it relates to public info and info about people.
Phil and Nadia will likely be on that committee [not officially made yet because there is no
quorum]
Data sharing: they want info that is still outstanding, Nadia noted she wants her PRA info faster
and will ask Joe to help with that. They want to see the mutual aide and data sharing agreements
but Jesper said that he doesnt need to see that in order to write this into the DAC
o Draft Answer to the Privacy Officer Tasks as defined May 8:
Recommendation for a City Privacy officer.
What does a privacy officer do in Silicon Valley companies?
What would the functions of a Privacy officer be in a setting like the City of
Oakland?
Are those functions covered today by other functions in the City of Oakland?
What would be the benefits to consolidate these functions in a single person?
Would such benefits outweigh the added cost.
Additional Question to be answered: Can the Privacy Officer function be
addressed by a Standing Privacy committee?
Who would be on such a committee and how would it be assembled?
o Citywide Privacy policy
Should the City have a Privacy policy for other areas than the DAC?
If Yes - can the entire city be covered by a single policy or do we need a
different structure? (Privacy policy framework?)
o Draft Adaption of Electronic Frontier Foundations 6 Principles to a Municipal
Setting
o Draft Wording on Prevention of Abuse
o Draft Wording on Data Minimization
o Draft Wording on Data Sharing Agreements
o Draft Wording on Metrics
o Draft Wording on Transparency
8. 7:30pm Pick Top 3 Subjects for sub-committees and appointment of members, and set
deliverables for next meeting.

Data sharing: there are differing opinions on whether or not the city wants to share the data.
They are interested in reporting of who data was shared with. Nadia does not want to be part of
the group that helps put the data into city language. She will focus on the language discussing
data cleaning up.
Jesper will update the list of things that Joe is supposed to update.
Asethetix went to a conference in DC which was mostly focused on DC and federal government
and he saw that the government was really broken out east. He was proud of Oakland and our
progress on this. Take our ad hoc group as a point of pride that we are doing the right thing.

Jesper says that Oakland is a good place to make an example. Nadia doesnt think that is
possible but is excited to try.

Legal technical question: is there an email on server question and length of keeping it?
Is there a different requirement for video? 6 months is the requirement if there is no incident. It
is a state requirement.

Law generally says that records held by the city must be kept for 2 years. Attorney will look at
other regulations that say that some things can be kept for less time than that.
Phil will follow up.

9. 7:55pm open Forum

There were no speakers.

10. 8:00pm Meeting Adjourned