Joe DeVries from the City Administrator’s office and Brian Hofer of the Ad Hoc Advisory DAC Privacy and Data Retention Committee briefed Oakland’s Public Ethics Commission Monday night and took questions. This is my recap of the PEC’s concerns and my answers where I have them.
The Commissioners raised four issues.
Not really. Let’s do some simple math.
- Fewer employees to get in trouble. The PEC addresses complaints generated by the behavior of the 4000+ City employees. Fewer than five, likely only two or three, will be involved in using the DAC software. That’s 0.1% of the existing workload.
- Few hours of activity. As originally scoped, the DAC would be staffed all day and night year round. Plans changed, funding was cut and now it will be an on-demand service. Oakland Police knew of 98 protests in 2014 and activated the Emergency Operations Center (where the DAC lives) for 14 of them, about 15% of the time. So let’s say they turn on the DAC for a two-hour look-see 85 times a year and for two shifts 15 times. That’s 410 hours of use a year, or 4.7% of the originally planned 8760 hours/year.
- Small geography being watched. Oakland has 806 miles of streets. There fewer than 4 miles of street bordering the Port of Oakland. And it’s not a pedestrian hot spot. So the exposure to people who might have privacy, speech, or assembly concerns is vanishingly small. Less than 0.5% of the DAC’s original beat.
0.1% * 4.7% * 0.5% * 33% is a vanishingly small impact. The DAC’s use and application would have to change radically for enough people to be affected by the DAC to create a material risk to the PEC’s whistleblower pipeline.
New expertise needed. Privacy competence is not required now. PEC staff must master the laws, regulations, and practices for each area where they administer justice. This requires time and training. How could the PEC rapidly become sufficiently knowledgeable and skilled to do a good job without extra headcount and specialized experts?
Assuming even one privacy matter comes before the PEC, this is a fair concern.
Uneven justice for whistleblowers. The new policy calls for three different organizations provide privacy oversight, whistleblower investigations, and public ombudsman services. Today, the PEC and Auditor have different protocols and standards for administering whistleblower investigations. For instance the Auditor’s investigations may be public and optional while the PEC’s investigations are private and mandatory. Their abilities to order operational changes or to punish are different. Could we see different outcomes for the same issue depending on who the whistleblower calls?
Good question. The Policy doesn’t address this. Suggestions?
Duplication of effort. Do we really want to build the oversight, ombudsman, and whistleblower capacity three times?
It’s their duty. Government abuse of the federal and state constitutions or of the City’s charter is within scope for the PEC, City Auditor, and the new privacy committee/commission.
Variety works. City staff and the public perceive real differences between the PEC, Auditor, and the privacy group. The Auditor’s office is known for public crackdowns on waste and poor management. The PEC is known for adeptly resolving conflicts of interest and employee relations investigations. And the privacy group may be known for a focus on civil liberties. Each brand will appeal to different employees in different situations. So they are more likely, as a whole, to report abuse to someone.
Those are my answers and explanations so far. And they’re rough and incomplete, perhaps outright wrong. Are there better answers? Better questions? Or better ways of framing the problems? Chime in.