Really Right

I went on the Internet and did a quick check. The data breach is actually worse than first reported.

This is what I found from the General Services Administration, a Federal Agency

Here are their definitions:
Personally Identifiable Information (PII) – information about a person that contains some unique identifier, including but not limited to name or Social Security Number, from which the identity of the person can be determined. OMB Memorandum M-10-23 (June 25, 2010), updated the term “PII”: “The definition of PII is not anchored to any single category of information or technology. Rather, it requires a case-by-case assessment of the specific risk that an individual can be identified. In performing this assessment, it is important for an agency to recognize that non-PII can become PII whenever additional information is made publicly available — in any medium and from any source — that, when combined with other available information, could be used to identify an individual.”

Data Breach – Includes the loss of control, compromise, unauthorized disclosure, unauthorized acquisition, unauthorized access, or any similar term referring to situations where persons other than authorized users with an authorized purpose have access or potential access to Personally Identifiable Information, whether physical or electronic. In the case of this policy, the term “breach” and “incident” mean the same.

The following list contains examples of information that may be considered PII.
• Name, such as full name, maiden name, mother‘s maiden name, or alias
• Personal identification number, such as social security number (SSN), passport number, driver‘s license number, taxpayer identification number, patient identification number, and financial account or credit card number
• Address information, such as street address or email address
• Asset information, such as Internet Protocol (IP) or Media Access Control (MAC) address or other host-specific persistent static identifier that consistently links to a particular person or small, well-defined group of people
• Telephone numbers, including mobile, business, and personal numbers
• Personal characteristics, including photographic image (especially of face or other distinguishing characteristic), x-rays, fingerprints, or other biometric image or template data (e.g., retina scan, voice signature, facial geometry)
• Information identifying personally owned property, such as vehicle registration number or title number and related information
• Information about an individual that is linked or linkable to one of the above (e.g., date of birth, place of birth, race, religion, weight, activities, geographical indicators, employment information, medical information, education information, financial information).
Guide to Protection the Confidentiality of PII

Organizations should develop an incident response plan to handle breaches involving PII.
Breaches involving PII are hazardous to both individuals and organizations. Harm to individuals and organizations can be contained and minimized through the development of effective incident response plans for breaches involving PII. Organizations should develop plans that include elements such as determining when and how individuals should be notified, how a breach should be reported, and whether to provide remedial services, such as credit monitoring, to affected individuals.
Guide to Protection the Confidentiality of PII

PII is in two types

Linked
Linked information is information about or related to an individual that is logically associated with other information about the individual.

Linkable
Linkable information is information about or related to an individual for which there is a possibility of logical association with other information about the individual.

For example, if two databases contain different PII elements, then someone with access to both databases may be able to link the information from the two databases and identify individuals, as well as access additional information about or relating to the individuals. If the secondary information source is present on the same system or a closely-related system and does not have security controls that effectively segregate the information sources, then the data is considered linked. If the secondary information source is maintained more remotely, such as in an unrelated system within the organization, available in public records, or otherwise readily obtainable (e.g., internet search engine), then the data is considered linkable.
Guide to Protection the Confidentiality of PII

The same document quoted above goes on to state, “Federal agencies are required to report all known or suspected breaches involving PII, in any format, to US-CERT within one hour. To meet this obligation, organizations should proactively plan their breach notification response. A breach involving PII may require notification to persons external to the organization, such as law enforcement, financial institutions, affected individuals, the media, and the public.”

CRA on the other hand thinks it is exempt from reporting any release of PII.

The PII article on Wikipedia.org is interesting; especially footnote #19. ”In 2011, the California State Supreme Court ruled that a person’s ZIP code is PII”
Wikipedia Personally Identifiable Information

Under this ruling, not only was the disclosure of bank routing and account numbers a disclosure of PII but also all the member spreadsheets and membership forms that were scanned and posted on the Internet.

Based on the above, the Park brothers appear to have a serious problem.

Last night as folks were turning in for the night and David Letterman was wrapping up his evening program, an email was dispatched to George and Aaron Park with the first batch of charges to be made against them at the CRA Board meeting to be held May 30th. The initial email was sent to a small group and later today might be sent to the whole Board. I do know that more complaints are in the “pipeline” and will be forthcoming.

From what I know PII (Personally Identifiable Information) is looking like the thing that will hang them on a gallows of their own creation. The irony is that this wasn’t even on the radar when the May 30 meeting was called.

It will be interesting to see if the Parks regard this procedure as a crock and boycott the meeting or stand and fight. Perhaps they will just pick-up their toys and go home. In thirty days or less we will know.

Aaron Park circulated a series of campaign tracts to members of the CRA Board and then posted them on his blog on April 17th. This begins my analysis of Aaron Park’s political tracts.

CRA Coup Attempt Exposed – Part One
http://www.rightondaily.com/2015/04/cra-coup-attempt-exposed-part-one/

Why the push for a May 30th Board Meeting to Oust George and Aaron?

The push for the May 30th meeting was begun by John Briscoe. He backed down and seven of the CRA VPs and some others felt that the meeting was overdue. The meeting after the CRA Convention was not valid—no quorum was established—and the necessary appointments needed to fill Committees created by the Bylaws were left vacant. The Parks were not invited to this conference call because their fate was part of the discussion.

Prior to resigning, Briscoe had asked the Parks to resign several times.

I go thru all this to say that Aaron does have reason to feel that the May 30 meeting is to oust him and his brother. They can still resign from the Board, that way they might stay in CRA but be confined to Placer County. Some say they have burned that bridge too and they just need to go.

And this brings us to the main topic of this tract, the alleged fraud of Santa Clarita RA. Aaron proclaims:

Massive Fraud in Santa Clarita RA!

It is simple. Alice Khosravy, Wendy Albright, David Gauny, Dana Schlumpberger and John Rogers from the Santa Clarita Valley RA are hiding something huge. They along with Mark Gardner, Tim Thiesen and Carl Brickey want George and Aaron Park out of CRA badly:

Why, because – “over 10% of the SCVRA’s Membership is fraudulent.”

Ok, let’s define terms and then see if Aaron’s claim holds up.

Fraudulent: The description of a willful act commenced with the Specific Intent to deceive or cheat, in order to cause some financial detriment to another and to engender personal financial gain.
http://legal-dictionary.thefreedictionary.com/fraudulent

The same website also defines Specific Intent: The term specific intent is commonly used in criminal and Tort Law to designate a special state of mind that is required, along with a physical act, to constitute certain crimes or torts. Specific intent is usually interpreted to mean intentionally or knowingly.

So, if we combine the two then fraud is: The description of a willful act commenced with the state of mind to intentionally or knowingly deceive or cheat, in order to cause some financial detriment to another and to engender personal financial gain.

I will stipulate that “financial” is not the type of gain that Park is alleging here so what can it be?

I don’t think bragging rights to who has the largest CRA chapter is the issue so I can only conclude that the fraud that Park is alleging is related to Convention delegates.

The important question, is Park’s allegation true?

Look at the CRA Bylaws:

Section 11.06. Representation and Quorum. Each chartered Republican Assembly in good standing shall be entitled to select Delegates to each CRA Convention as follows: three Delegates for the first fifteen members and one Delegate for each ten additional members. Representation shall be determined by the records maintained by the Membership Secretary, as of thirty days prior to the Convention.

So for each ten members, Santa Clarita Valley is entitled to another Convention delegate. Assuming Aaron it correct that twenty odd folks should not be on the Santa Clarita rolls, then The Santa Clarita could send an extra two delegates to the convention.

So at this point I think it is fair to ask, did Santa Clarita send delegates to the Convention that they were not entitled to send?

Membership Secretary George Park determined that Santa Clarita could send sixteen delegates to the convention. So if fraud is the motivation for the inflated membership numbers that Park alleges then a reasonable person would expect that Santa Clarita would have maxed-out on their Convention delegates to take advantage of the fraud they are perpetrating, right?

Unfortunately for Park, Santa Clarita could only muster twelve delegates. Therefore, Park would have to rule out all other possible errors in the membership records and then disqualify fifty members before the delegate count might qualify as fraudulent. Plus he would still have to prove knowingly deceiving or cheating.

Now please remember that the Credentials Committee was not allowed access to the membership records to verify any delegate counts because George Park did not want the privacy of member records to be breached and for any membership information to become public.

Or was it just to keep the Placer RA records from scrutiny? You see this issue cuts both ways. Credentials had reports that Placer was the group cooking the books and when folks expressed interest in their records that’s when Park pulled the plug on any access.

The other issue that may be at play here is that George invoiced clubs all over the state for membership dues in 2015. These dues were based on old membership lists and his only instructions to the chapters was to add new members and pay the balance. He did not asked that people that had not paid dues be deleted or the list of members be verified before submission.

My chapter was invoiced for 35 members but only 24 had renewed their membership. Thus George’s membership roster contained a 31 percent error from 2014 to 2015. The membership difference in Santa Clarita seems to be within this margin of error.

But again, George was OK with the Santa Clarita delegate number 30 days prior to the Convention and had there been a problem it should have been given to the Credential Committee and not to his brother 30 plus days after the convention.

Now that CRA has adopted the Investigative Committee as a delay tactic and bought some individuals some time they don’t deserve to re-group, let’s do something that hasn’t been done yet, let’s go thru Aaron’s five posts from April 17th.

First, what is the purpose of the five posts and what type of evidence is actually presented?

Well, the first thing that you notice is that all five posts have a common theme and conclusion.
The theme is that there is rampant fraud in CRA, these guys therefore are bad (Alice Khosravy, Wendy Albright, Tim Thiesen, Mark Gardner, and Carl Brickey) and out to get Aaron and George Park.
Aaron & George are they only ones that can protect CRA from this evil. In other words, this is a campaign tract.

The five political tracks are nothing but a series of hit-pieces designed to evoke an emotional response so that Board members would vote YES to the proposed July 25th meeting.

I have had extensive email exchanges with a devout Park supporter that actually thinks Aaron deserves a Pulitzer for the journalistic expose’ that he has presented. Amazing. Furthermore, this individual thinks this whole thing is my fault because my blog post of the previous day goes after the Park brothers and John Briscoe. I have no power, I’m just a guy with a keyboard.

Park’s logical fallacies are too numerous to dissect, his leaps in logic and guilt by association are laughable.

Aaron’s overall theme is erecting the straw man of fraud and the wrapper is vote Yes.

Here are the variations of the conclusions from the five tracts. Each repeats the same lie. A vote YES will move the Board meeting from May 3o in Santa Barbara to Fresno on July 25th. No, it actually would create a second Board meeting at Harris Ranch which is nowhere near Fresno.

#1
Want to stop the Fraud and the Lynching? Vote Yes and support John Briscoe and give the Parks a fighting chance to defend themselves versus the Alice Khosravy / Wendy Albright / Tim Thiesen / Mark Gardner / Carl Brickey Kangaroo Court – move the board meeting to July 25th in Fresno.

#2
If you believe in Fairness, if you want to see the fraud dealt with – then vote Yes on the motion to move the board meeting from Santa Barbara to Fresno. If you support the fraud and you are interested in the lynching of the Park Brothers then join Alice Khosravy, Wendy Albright and their crew and vote no.

#3
If you believe in Fairness, if you want to see the fraud dealt with – then vote Yes on the motion to move the board meeting from Santa Barbara to Fresno. If you support the fraud and you are interested in the lynching of the Park Brothers then join Alice Khosravy, Wendy Albright and their crew and vote no.

#4
If you believe in Fairness, if you want to see the fraud dealt with – then vote Yes on the motion to move the board meeting from Santa Barbara to Fresno. If you support the fraud and you are interested in the lynching of the Park Brothers then join Alice Khosravy, Wendy Albright and their crew and vote no.

#5
If you believe in Fairness, if you want to see the fraud dealt with – then vote Yes on the motion to move the board meeting from Santa Barbara to Fresno. If you support the fraud and you are interested in the lynching of the Park Brothers then join Alice Khosravy, Wendy Albright and their crew and vote no.

I plan to go thru the five tracks only because they are now the starting point of the mandate for the Investigative Committee. Please note that blogging is my hobby not my source of income as it sometimes is for Mr. Park so I may not get to them all in the next week.

I was minding my own business today and decided to read my email. Typically, Sunday is a slow day for news but wow! What my friend sent me was a bombshell. After reading it, all I could think of was the line from Forest Gump, “Stupid is as stupid does.”

What the email contained was just as ridiculous as the idea of giving 7th century barbarians supersonic jets and nuclear weapons; …but enough about Obama’s foreign policy.

It was the vote totals for the online vote to approve the Briscoe/Park delay and witch hunt committee. Depending on how you count it, the vote result is somewhere between 28 to 32 Yes votes and 28 No. The variance is due to four folks voting and then resigning from the Board before the voting period closed. A question has been raised if votes by people no longer on the Board should be counted.

The vote totals were announced by Tom Hudson as 32 Yes, 28 No. Hudson, who is not even president yet (Briscoe’s resignation date has not happened yet), has decreed it to be so.

The practical effect of this vote is that CRA will not inform authorities or the five Ventura folks that their data was posted on the Internet because this has now been classified as an email rumor that needs investigation and verification.

The Investigative Committee’s Mandate

I am asking for your Yes vote to approve a committee which will have full authority to investigate any and all allegations in email/blogs published/sent Friday, April 17.

Serious allegations have been raised both regarding the content and proprietary information used in the emails by the authors. This committee’s work will not be limited to Friday’s allegations but wherever else their investigation may lead from the allegations.

The committee will be charged to report to the entire CRA board at the next board meeting the results of their investigation to date. By passing this, the board directs all CRA units, board members and others associated with CRA to provide whatever records or documents that are requested by the committee in a timely manner. This committee is not intended to circumvent any other pending board action.

The following board members shall be appointed:

Chair, Vice President Dale Tyler

37th Senate District Director Jay Peterson

Recording Secretary Greg Powers

This committee is designed to remove the data breach as an issue between now and the May meeting.

The other day a Board member told me that the Board can’t act between meetings only the President. Well I think they found a way. As a result of this vote, not just individuals can be held liable for what happened but now the entire Board has put themselves on the hook for this release of private information.

Concerning this committee, Tom Hudson wrote on April 22, 2015:

The facts are in dispute and John Briscoe is in the process of appointing a committee to investigate the facts and report back to the CRA Board.

John Briscoe has not refused to comply with California law—and at this point, we do not have the facts to support the assertion that any laws have been broken.  We’ll see.

The good news is that everyone is taking this very seriously and I think we will get to the bottom of it fairly soon.

Misters Park, Park, Briscoe, Hudson, et al., The fact is that personal information of five members of Ventura Republican Assembly were posted on the Internet for just over seven days; From April 17 to April 24, 2015. It is the FACT that the information was released not why that is the issue.

CRA released private and personal information of members simply because they paid their dues to Ventura RA. They had an expectation of privacy when they paid their dues. Their private information was released. Such a violation is not limited to release on the Internet. For whatever reason, CRA lost control of the information, it was compromised. This triggers the statute. This is a fact.

Mister A. Park, got the information from G. Park—who happens to be the statewide Membership Secretary of CRA and the brother of A. Park. This is a fact.

Furthermore, said act of releasing personal information has been reported to the FBI, Attorney General of the State of California, and local law enforcement. Some media outlets are also aware of this situation. This too is a fact and one that CRA does not take seriously.

One of my sources-that also was going to report this incident to law enforcement—says that per statute, CRA is facing $5,000 per day fines until the release of information is reported to authorities. At that rate, ya’ll will be approaching a quarter million dollar fine by the May 30th Board meeting. I hear the Treasurer is good but you might need a good attorney by then.