Hon. Desley Brooks (
dbrooks [at] oaklandnet.com)
Hon. Noel Gallo (
ngallo [at] oaklandnet.com)
Hon. Rebecca Kaplan (
atlarge [at] oaklandnet.com)
Hon. Pat Kernighan (
Pkernighan [at] oaklandnet.com)
Hon. Lynette McElhaney (
lmcelhaney [at] oaklandnet.com)
Hon. Dan Kalb (
dkalb [at] oaklandnet.com)
Hon. Larry Reid (
lreid [at] oaklandnet.com)
Hon. Libby Schaaf (
lschaaf [at] oaklandnet.com)
Oakland City Council
1 Frank H. Ogawa Plaza
Oakland, CA 94612
Re: Domain Awareness Center, Phase 2 Contract Award
Dear Oakland City Council,
The Electronic Frontier Foundation writes regarding Item 14 on the agenda for the March 4, 2014
meeting of the Oakland City Council. The item again asks the City Council to allow the City
Administrator to enter into a contract for the construction of Phase II of the Domain Awareness Center
(DAC). EFF urges the City Council to deny approval for the DAC, and to commit to addressing the
issues around Phase 1 of the DAC.
A no vote today is not the last step. The Council must then take responsibility for addressing Phase 1 of
the DAC. EFF warns the Council that it must seriously consider how exactly a port-only DAC will
work, taking into account the serious technical and legal concerns that accompany the DAC even as it
currently exists. EFF again reminds the Council that any financial consequences of limiting the DAC
are no reason to pursue a course of action that will seriously endanger civil liberties in Oakland. EFF
urges the Council to consider the egregious lack of information and transparency that has surrounded
this project and to vote against any expansion of the DAC.
* * *
Current status of DAC and Background Information1
At the meeting on February 18th, 2014, the Council was asked to vote on the same resolution at issue
for this meeting. That resolution would give the City Administrator authority to negotiate a contract to
build the DAC with Schneider Electric or another contractor without coming back to the Council. The
Council asked a number of questions regarding the DAC. In particular, the Council seemed unclear on
what DAC capabilities were already active. Phase 1, which was completed on Jun 30, 2013, includes
Port Security Cameras, an intrusion detection system, ShotSpotter, 40 City Traffic cameras, and City
GIS. 2 The Council asked whether it was possible to “turn off” anything that is currently active, as well
—————————————————————————
1 For further reference, see EFF’s February letter, available at:
https://www.eff.org/document/oakland-domainawareness-
center-phase-2-letter-eff
2 See Staff supplemental report, July 23, 2013 available at
https://oakland.legistar.com/calendar.aspx.
—————————————————————————
as whether it was possible to stop the expansion of the DAC.
To be clear, there is no reason that the DAC must move forward at this time. The Council can vote no
on Phase II approval. Furthermore, while the Council’s authority regarding the DAC as it stands may
be limited due to the governance structure of the Port, the Council can certainly limit the intrusion of
the Port DAC on the City of Oakland. That may include removing city camera input from the DAC, not
providing city staff to the DAC, and taking steps to ensure the use of DAC information is limited to the
Port.
I. SUPPLEMENTAL STAFF REPORT AND TRANSPARENCY ISSUES
A. Supplemental Report
Staff issued a supplemental report on February 25, 2014.3 This report adds some additional information
for the Council’s approval, but it does not address the concerns that have been raised by advocates and
the community. Furthermore, it makes the level of opacity around the DAC exceedingly obvious.
This report continues to punt key issues around the DAC to the future, regardless of the fact that many
members of the Council prudently expressed concern about approving the project without a full
delineation of what is being approved. These questions include, among others, what types of cameras
and other data sources will be included, what relationships and information sharing agreements exist
between the City and federal agencies, how DAC analytics will work, how exactly public engagement
will occur, when the privacy policy advisory committee will meet and who will be on that committee.
B. Transparency and process issues
One key point the Council must consider is that staff has had months to respond to the concerns voiced
by community members. It is only in the last month that any public outreach has happened, and it has
been minimal at best. There has been one meeting regarding the privacy policy framework, at which
staff did not address most of the concerns brought up by those in attendance.4 Furthermore, while the
supplemental report and the privacy policy framework have answered few of the Council and public’s
questions, the DAC project has continued to move forward. Staff is asking for the trust of the Council
and the public in ensuring that DAC capabilities are not used for violating civil liberties, but has
demonstrated that transparency and engagement with the public are low on their list of priorities and
capabilities.
Transparency must also include responsiveness to PRAs. Some of the records obtained by advocates
indicate that staff strategized on public record requests. One email stated, “We were able to dodge an
Urban Shield request completely because the requestor actually didn't want anything from the Fire
Dept. even though we got the request (it was forwarded from the city clerk with no previous
discussion). We didn't know that until Chief Hoffmann called her. In future, let's strategize a bit more
upfront.” 5 In fact, PRAs continue to be denied by staff with little explanation of why.
—————————————————————————
3 See Staff supplemental report, February 25, 2014 available at
https://oakland.legistar.com/calendar.aspx.
4 Privacy Policy Framework available at
http://www2.oaklandnet.com/w/OAK045549 5 Oakland DAC Emails 2014-2, page 72 available at
http://publicintelligence.net/oakland-dac-emails/.
—————————————————————————
II. INFORMATION SHARING AND PARTNERSHIPS
A. Existing information and resource sharing agreements between Oakland and federal partners
At the February 18, 2014 meeting, city staff asserted that the City currently has no data-sharing
agreements with NSA, FBI, or CIA. However, implying that there is any sort of firewall between DAC
information and the federal government is disingenuous at best. As has been pointed out to the Council,
Oakland already shares information with the FBI through its participation in a Joint Terrorism Task
Force. 6 Similarly, the Oakland Police Department participates in the Bay Area Urban Area Security
Initiative (UASI), a Department of Homeland Security program. In fact, Renee Domingo is part of the
“Approval Authority” for UASI. The Approval authority “provides policy direction and is responsible
for final decisions regarding projects and funding,” to UASI. 7
Implying that the DAC has no relationship to fusion centers is also disingenuous. UASI is one of the
primary funders for the Northern California Regional Intelligence Center (NCRIC), the regional Bay
Area fusion center. 8 Furthermore, the DAC itself has been “featured” regarding information sharing in
relationship to NCRIC and other federal agencies; in a 2013 port security workshop that included
Department of Homeland Security, NCRIC and Port of Oakland officials and brought in other federal
agencies, law enforcement, and private interests, the DAC and NCRIC were used as models for
information sharing relationships. 9 In fact, pursuant to City Council resolutions, the Oakland Police
Department and Fire Department staffed the Northern California Regional Intelligence Center in 2011
and 2012.10
B. Information sharing and the DAC
The most recent staff report states: “Information sharing agreements have not been thoroughly
discussed or contemplated by City staff at this time. City staff will return to City Council and provide a
list of potential agencies that staff would want to enter into information sharing agreements and provide
why and what the benefits of sharing information would be. Any information sharing agreements for
the DAC information that is collected and stored would have to be approved by City Council.”
Presentations made by staff to the City Council at various meetings indicate that the DAC will partner
with a variety of organizations, including NCRIC. Staff has also noted that funding for fusion centers
might be available for the DAC.11 It is unclear whether this was ever pursued, but even the interest in
such funding is concerning, considering the assertions made by staff regarding partnerships with
federal law enforcement. Putting these issues off until later is simply unacceptable.
—————————————————————————
6 Ali Winston, Oakland Police Tight-lipped on Role in Joint Terrorism Task Force, KALW INFORMANT (May
18, 2011)
http://araborganizing.org/oakland-police-tight-lipped-on-role-in-joint-terrorism-task-force/ 7 “Approval Authority Members,” BAY AREA URBAN SECURITY INITIATIVE (Accessed March 3, 2014),
http://www.bayareauasi.org/about-uasi/authority-members 8 For an overview of fusion centers and the risks they pose, see Michael Price, National Security and Local
Police, Brennan Center for Justice (2013) available at
http://www.brennancenter.org/sites/default/files/publications/NationalSecurity_LocalPolice_web.pdf.
9 Lyla Englehorn et. al, Multimodal Information Sharing Team, Oakland Seaport, CA, (2013) available at
http://www.sfmx.org/support/amsc/webdocs/Multimodal%20Information%20Sharing%20Team%20Port%20o f%20Oakland%202013.pdf
10 Oakland City Council Resolution no. 82778, passed May 13, 2010 and Oakland City Council Resolution no.
84005, passed July 11, 2012 available at
https://oakland.legistar.com/Legislation.aspx 11 Oakland DAC Emails, supra note 5. (The specific emails regarding fusion center funding are at pages 795-796
of the document entitled “Folders 1-3.”
—————————————————————————
C. Outstanding questions regarding partnerships and information
1. How do the institutional partnerships displayed in the various city staff slides work? Are there
Memoranda of Understanding between the city and these agencies? If not, are these verbal
agreements? Is there any documentation of the agreements at all? Do the partnerships have to
do with funding? Information sharing? Access to shared databases? Shared staff? Shared
spaces?
2. In particular, what sort of relationship would the DAC have with the Oakland JTTF? The FBI
field office? The Northern California Regional Intelligence Center?
3. Is OPD part of the National Suspicious Activity reporting initiative? 12
4. Does OPD have Terrorism Liason Officers? What exactly is the function of Oakland’s
“Terrorism Advisor” designation? 13 Are those TLOs? What would the relationship be between
TLOs or Terrorism Advisors and the DAC?
5. Has funding for the DAC to be converted into a fusion center been pursued at all?
III. TECHNICAL SPECIFICATIONS
The City Council meeting on February 18, 2014, made it clear that there are significant questions
regarding what the DAC system is, what it will be connected to, and how it will operate. These
questions are not answered by the most recent staff report.
A. Data sources for the DAC
Materials provided to the city council by Staff have discussed several data sources that are intended to
be part of Phase II of the DAC, including computer aided dispatch (CAD) system, police and fire
records management system (RMS), and “news feeds and alerts.” CAD and RMS could potentially
facilitate the sharing of enormous amounts of information, but the way in which they will be integrated
is unclear. Furthermore, the most recent report states that “news feeds and alerts” would not be
considered a full integration, meaning that social media such as Twitter or Facebook could potentially
be included, regardless of any limiting language in the Privacy Framework.
The report also states: “The various types of video cameras that would be used by the DAC staff and
how they will be used and for what purpose will be delineated in the DAC Privacy and Data Retention
Policy.” Knowing the types of cameras included in the DAC is essential to understanding the privacy
impacts. At various times, Staff have stated that there will be CCTV from schools, traffic cameras that
have no recording capabilities, other city-owned cameras, and potentially transit cameras.
Currently, City resolution 84593 and the privacy policy framework state: “Port Video and Intrusion
Detection Cameras, Port of Oakland Vessel Tracking System, City of Oakland traffic cameras, City of
Oakland-owned cameras operated by the City in non-residential areas, City of Oakland Shot Spotter
Audio Sensor System, and License Plate Recognition systems.” 14 (Emphasis added). Regardless of
what Staff have stated in various reports and slideshows, the bottom line is that this is the language
—————————————————————————
12 See Price, supra note 8.
13 Memorandum of Understanding between City of Oakland and the Oakland Police Officers Association, (July
1, 2006-June 30, 2015) available at
http://www2.oaklandnet.com/oakca1/groups/hrm/documents/agenda/oak030399.pdf 14 Oakland City Council Resolution no. 84593, passed July 30, 2013 available at
https://oakland.legistar.com/Legislation.aspx —————————————————————————
passed by the Council, and it includes more cameras than the Staff have discussed, as well as license
plate recognition systems. These systems represent a major intrusion on the privacy of Oakland
residents.
B. Physical Security Information Management software
“Physical Security Information Management (PSIM)” software is at the core of the DAC. Staff reports
have not fully addressed the functionality of PSIM. While Schneider Electric does not explain what
PSIM is on its website, CNL Software, a company that creates PSIM software and has partnered with
Schneider in the past, has this explanation: “PSIM software combines various information feeds into a
single user interface” collecting and correlating events from existing disparate security devices and
information systems such as CCTV video, access control, sensors, analytics, networks and building
systems….. A complete PSIM software system has six key capabilities: Collection, Analysis,
Verification, Resolution, Reporting and Audit trail.”15 The CNL system can display multiple cameras
on one screen, provide information based on types of incidents, and aggregate data. This explanation is
in line with the minimal description provided by staff.16 PSIM software creates exactly the kind of
comprehensive surveillance the community and advocates have warned of.
C. Outstanding questions regarding technical capabilities of the DAC
1. Would CAD and RMS be available in real time?
2. Would CAD and RMS data be fed into any PSIM data analytics?
3. Would DAC be connected to any other databases?
4. Would there be an integrated process for accessing any databases the DAC would be connected
to? Would that process be part of the PSIM user interface?
5. How does PSIM analyze data? What feeds go into that analysis?
6. Staffing of the DAC does not seem to be clearly assigned, based on the MOU between the City
and the Port. Are there any specifications beyond the grant MOU regarding staffing?
7. What recording and retention capabilities will the DAC have?
8. What kind of security measures would be in place for the data gathered by the DAC? Will
encryption be used for any information sent over networks?
9. Are there any plans for a barrier between the federal databases OPD has access to through the
Joint Terrorism Task Force or any other partnerships and the DAC?
IV. COST ISSUES
While cost is not EFF’s primary concern, the obfuscation by city staff around the actual cost of the
DAC is a symptom of the lack of transparency around this project since its inception.
1. What exactly are the shared responsibilities of OPD and Port re: the DAC?
2. Has there been any thorough financial analysis of what the cost will be to Oakland outside of
the federal grant?
—————————————————————————
15 “What is PSIM?,” CNL SOFTWARE (Accessed March 3, 2014),
http://www.cnlsoftware.com/ipscIntroduction.php 16 See Staff supplemental report, February 7, 2014 available at
https://oakland.legistar.com/calendar.aspx.
—————————————————————————
3. How did the Staff calculate costs of removing DAC components?
V. PRIVACY POLICY
As EFF expressed in its last letter to the council and in statements to the council on February 18, while
we understand the document that has been made public is not a final policy, it is seriously flawed.
A. Outstanding questions regarding the privacy policy
1. Who created the framework for the privacy policy?
2. Why doesn’t the privacy policy include a system of enforcement?
3. If the Council votes to keep the DAC port-only, will there be a privacy policy created to address
isolating the port DAC from the city?
VI. NEXT STEPS
A. Port Only DAC
Some city council members expressed an interest in a “port-only” DAC. Since there are already non-
Port systems in place, if this option were pursued, it would raise several issues:
1. What would a “port-only” DAC look like? Would the City Council commit to removing city
traffic cameras and other non-port data sources from the DAC, or would the DAC continue to
incorporate all Phase I systems?
2. Would a port-only DAC come with clear informational/technical firewalls between the port and
police?
3. Resolution 84593 recommends the creation of a privacy policy during Phase II. Would the City
continue to develop a privacy policy even if it does not approve Phase II, considering that Phase
I is already in place?
B. Funding
1. If grant funding expires, will city council seek or authorize staff to seek further grant funding?
* * *
CONCLUSION
EFF applauds the Council’s responsiveness to the significant privacy concerns raised by community
members and advocates at its last meeting. A vote to allow the DAC to move forward today would
negate that. There are far too many unanswered questions. There is no complete privacy policy. There
is every indication that neither the council nor the public has a full picture of the technology involved
and the staff’s intentions.
Sincerely,
Nadia Kayyali
Activist, Electronic Frontier Foundation