Sacramento Bee Insinuates That CalPERS and Its Vendor Diligent Boards Maintain Grossly Deficient Security in Drawing near near Hit Fraction In opposition to Board Member Margaret Brown
Tech

Sacramento Bee Insinuates That CalPERS and Its Vendor Diligent Boards Maintain Grossly Deficient Security in Drawing near near Hit Fraction In opposition to Board Member Margaret Brown

The Sacramento Bee and the author of its Disclose Worker column, Wes Venteicher, are a tragic case look in what’s going down to soi-far away journalists within the US.

As soon as upon a time, the Bee’s most on the total read column, the Disclose Worker, showed noteworthy independence. When Jon Ortiz penned that characteristic, he would on an routine foundation name out questionable behavior at CalPERS.

However under his successors Adam Ashton and the present columnist Wes Venteicher, the Disclose Worker characteristic has devolved into propaganda for CalPERS. Later this week, we’ll focus on about how Venteicher blew the story on CalPERS divestment from private prisons, a switch has fundamental implications lost on Venteicher on account of his obvious lack of inquisitiveness.

However on to extra urgent issues, which is the most modern instance of how CalPERS on the Sacramento Bee are conniving to embarrass themselves and in passing, throwing CalPERS vendor Diligent Boards under the bus.

Venteicher is working on what looks worship the oxymoron of a pathetic hit portion on CalPERS’ professional-transparency board member Margaret Brown. It’s pathetic because Venteicher’s line of inquiry reveals he’s got nuthin, but he’s acted as if he basically believes Something Severe is afoot.

To reduce to the poke, the dual carriageway of attack is that CalPERS issued digital gadgets worship cellphones and tablets to board contributors and newly-created CalPERS documents show camouflage that Brown lost some of them. In actual fact, Brown has already returned all these gadgets attach one iPad to CalPERS, and as we’ll show camouflage almost as we train, Brown peaceable has the iPad and it turned into as soon as now not in any appreciate in trouble of being picked up by any individual else. She mistakenly reported it as lacking when it had fallen within the help of a immense cupboard in her dwelling while being charged.

On top of that, lost gadgets are a fact of life. Both CalPERS and its board portal provider, Diligent Boards, every own safety protections to forestall gather entry to to data. Yet this non-tournament is being trumped up as some kind of safety possibility.

One of these ingredient wouldn’t produce the crime blotter in a 500 person town. The incontrovertible fact that Venteicher is devoting what ought to be precious reportorial time on a nothingburger illustrates how over-willing he is to defend CalPERS’ water. One of these portion would gather him laughed at in a metropolis worship Fresh York where newshounds are qualified of finding and reporting on bona fide data. If Venteicher desires to guarantee that he now not in any appreciate will get out of provincial backwaters worship Sacramento, that is handsome the means to quit it.

If the story hews to Venteicher’s line of inquiry, it’s based on two unfaithful premises: first, that Brown lost (barely than temporarily misplaced) gadgets and 2nd, that had they truly been lost, that CalPERS and Diligent Boards’ safety procedures we so lax that CalPERS’ secrets and ways might per chance presumably well conceivably own gotten out within the wild.

As we’ll show camouflage, this story turned into as soon as almost with out a doubt fed to Venteicher by CalPERS. His wrongheaded insinuations note the CalPERS pattern of smearing dissident board contributors while failing to publicize immense lapses within the very comparable vein by the staff-captured board contributors and senior executives.

Mind you, no longer most attention-grabbing were all Brown’s gadgets “found” however it’s arguably a matter of nomenclature whether to own deemed them to were lost. Let’s deliver, memoir of the plight of the iPad that Brown is listed as no longer having returned is incorrect. Brown found the positioning of her iPad after she returned dwelling from Sacramento and rapid a CalPERS staffer. Yet CalPERS created documents that it gave to Venteicher that showed the reverse. Became this incompetence on CalPERS share, or a deliberate effort to deceive?

Brown sent this image to show camouflage she has the supposedly lacking iPad that is the level of hobby of this tempest in a teapot in her possession:

On top of that, within the topsy-turvy World According to CalPERS, Brown is responsible of being scrupulous. As she acknowledged,

As any individual who has managed immense projects with budgets of many of of thousands and thousands of greenbacks, I’ve constantly been relentless in accounting for funds and resources so I might per chance presumably well defend the other folks spherical me to the comparable usual. If I’m succesful of’t assign my fingers on a bank card, even supposing I am very certain that it’s within the pocket of a jacket I left in my locked automobile, I’ll waste it as a substitute of scurry the possibility that I’m succesful of also be unsuitable.

The incontrovertible fact that CalPERS additionally unwittingly makes certain its records are shot tubby of holes one by one tells you how severely CalPERS takes asset-tracking.

Genesis of the Probable Brown Hit Fraction

The Sacramento Bee sent a Public Recordsdata Act demand of to CalPERS asking for

…records of all digital gadgets, including telephones, tablets and any diverse gadgets, equipped to CalPERS board contributors within the final 5 years.

Whilst you happen to imagine any individual on the Bee all on his diminutive own dreamed up that of the total that potentialities are you’ll presumably well presumably also imagine things they also can request CalPERS about, the matter the plight of CalPERS tech toys merited a Public Recordsdata Act demand of, I own a bridge I’d have interaction to promote you.

Further evidence of the dearth of independence of this PRA that CalPERS created documents handsome for the Bee, no longer handsome as soon as however twice.

The spreadsheet that CalPERS before every little thing sent to the Bee turned into as soon as created on September 30, 2019 by Larry Hughes and modified on October four. Public Recordsdata Act requests require the production, no longer the appearance, of documents. CalPERS did no longer present the Bee with any records as required by the Public Recordsdata Act.

Yet CEO Marcie Frost represented to the board that this turned into as soon as the sum total of the records equipped to the Bee. On October 9, she sent a duplicate of the spreadsheet and most attention-grabbing the spreadsheet to the board, stating: “Hooked up for your data are the records equipped to the Bee.”

The principal spreadsheet turned into as soon as clearly incomplete, since it has no data about gadgets issued to extinct board contributors Ron Lind, Richard Gillihan, JJ Jelincic, Michael Bilbrey, and George Diehr and present board contributors Jason Perez, Lisa Middleton and Eriana Ortega.

Somebody on the receiving quit will must were alert sufficient to leer and level the gaps out to CalPERS. The very subsequent day, Frost sent out a 2nd version of the spreadsheet with extra board contributors added to the pinnacle of doc, noting” “Hooked up is the remainder of the responsive records to the Sacramento Bee’s Public Recordsdata Act demand of.” The 2nd spreadsheet looks to be an edited version of the usual, since it turned into as soon as created September 30, 2019 by Larry Hughes and final modified on October 10, the comparable date as Frost’s 2nd electronic mail to the board.

Now we own got embedded the later version as easiest we are succesful of on the pinnacle of this put up; we are succesful of most attention-grabbing present a PDF. We are succesful of electronic mail both spreadsheets to any individual who requests them. Endure in mind that the 2nd version is peaceable incomplete; it has no data about extinct board member George Diehr or present member Eriana Ortega. Both variations additionally haven’t any data in anyway about the “designees” of the Treasurer, Controller, and the Director of CalHR, who additionally own CalPERS-issued iPads. Let’s deliver, there is just not any longer this kind of thing as a data about present designees, who’re on an routine foundation known in CalPERS transcripts as “Acting Board Member,” akin to Disclose Treasurer Fiona Ma’s designees, Frank Rufino and Matt Sahaor and Betty Yee’s designees, Karen Inexperienced Ross and Lynn Paquin or earlier designees, such Grant Boyken, who turned into as soon as indisputably one of extinct Treasurer John Chiang’s designees.

With so many gaps, this spreadsheet on its face can’t be considered as announcing a lot, attach confirming that CalPERS does a gloomy job of asset-tracking or that CalPERS couldn’t be to conform with this PRA even for a pet reporter.

The spreadsheet reveals, among diverse things, that CalPERS assigns board contributors Apple gadgets, including the iPhone 6, 6s, and seven, as wisely as iPad Air and iPad Air. Board contributors own additionally as soon as in some time cracked their monitors or had disagreeable batteries. Quelle shock!

It additionally reveals board contributors that lost an iPad: Margaret Brown, Priya Mathur, Ramon Rubalcava, and Theresa Taylor. Point out that Brown has lost doubtlessly the most gadgets however is the finest board member to own rapid CalPERS they were found them later, per her deliver of vigilance.1 By disagreement, the spreadsheet reveals Theresa Taylor additionally lost an iPhone 7 and didn’t leer or didn’t bother reporting it; she has one listed as found however now not in any appreciate reported as lost. Or are these records incorrect as wisely as incomplete?

Now, I applaud all of you for having read to this level, since this all appears worship a heap of nothing, pleasant? We indirectly gather to the fun share, the electronic mail from Venteicher to Brown the day prior to this, October 21, at 5:Forty three PM PDT:

Ms. Brown,


I’m the convey employee reporter on the Sac Bee. I filed a Public Recordsdata Act demand of with CalPERS on all digital gadgets disbursed to board contributors over the final 5 years, and within the facts seen that you simply own lost an iPad and two telephones, and that the telephones were recovered. Has the iPad been recovered?

My belief is iPads, at least, is also comparable outdated to collect entry to both closed session and originate session board materials. The closed session gather entry to would seem to produce the inability of indisputably this kind of iPads a security possibility for the organization. Please give me a name at 916-321-1410 the following day to narrate about this. I’m having a behold to narrate by 5pm (Tuesday) for a story. Thanks.




Wes Venteicher


The Sacramento Bee


wventeicher@sacbee.com


(916) 321-1410

We’ve collapsed one of the predominant columns that weren’t germane to show camouflage you Brown’s tool rap sheet:

And listed below are the cells that show camouflage the asset designate for her iPad, so that potentialities are you’ll presumably well presumably also hit upon that the amount within the photograph above is the comparable because the one CalPERS assigned to her, 62073:

:

One has to shock if Venteicher is additionally making inquiries of the board contributors who lost iPads and never in any appreciate recovered them. One additionally wonders if Venteicher knows that Diligent Boards can even be accessed by desktop, pc or clean cell phone.

Venteicher’s Ludicrous Security Insinuations

In what looks worship an strive and indict Brown, Venteicher takes an unwitting and immense pot shot at CalPERS’ safety practices as wisely as these of the vendor CalPERS uses to operate its “board portal,” Diligent Boards. In layperson terms, that means Diligent Boards hosts CalPERS closed session documents and public board assembly documents for board member gather entry to. For Venteicher’s considerations to be suited, both CalPERS and Diligent Boards would own to be grossly remiss.

As an apart, it’s par for the route that Venteicher treats being in a convey to collect entry to originate session records as a convey. Is he so clueless that he would now not bear in mind that any individual with an Web connection and a search engine can procure them on CalPERS’ put and/or YouTube?

JJ Jelincic experiences that when he turned into as soon as on the board, CalPERS would produce a manufacturing facility reset on iPhones and iPads reported as lost. That might per chance presumably well produce it no longer capacity for any individual to examine anything if the tool had been reported promptly as lacking. Has CalPERS downgraded its safety by forsaking this pratice?

As far because the iPads are keen, Venteicher also can peaceable know or own to procure out that they own got an Auto-Lock characteristic which locks the tool after a interval of disuse, requiring a password or finger scan to re-originate. The default time is short. If CalPERS were competent, it would self-discipline gadgets with a short trigger on the Auto-Lock and if that potentialities are you’ll presumably well presumably also imagine, forestall customers from changing that atmosphere.

Presumably Venteicher has additionally forgotten that Apple gadgets are famously exhausting to crack.

Presumably by in a while the present time, Venteicher would additionally own worked out that in voice to collect entry to closed session records, any individual who had gotten their fingers on a board iPad would no longer most attention-grabbing own to present a username and password for the tool, however additionally a 2nd username and password to collect entry to the Diligent Boards portal where copies of CalPERS’ closed session records sit.

Even supposing I am in no convey to defend in mind Diligent Boards’ claims, its 3500 customers clearly regard safety as of paramount importance. Accordingly, it is top of the list of considerations for capacity customers:

Security is the #1 trouble of boards adopting a sleek technology, and with appropriate motive. Hackers work 24/7 attempting to interrupt digital safety and develop gather entry to to a firm’s systems to seem, have interaction, or extort. Usually, hackers are in a convey to quit this with out a firm even inviting its safety has been compromised. Whilst you happen to would worship a steady solution, you wish convey-of-the-artwork safety methodologies and encryption – no longer handsome one more file administration blueprint for your board. Portal software enables a industrial to basically feel steady in inviting their confidential and financial data is steady – or at least it also can peaceable. Be obvious any capacity vendor makes you cosy with their safety practices for your data. On the other hand, do now not forget that even doubtlessly the most steady route must additionally be doubtlessly the most user-suited or board contributors also can strive and procure a (less-steady) workaround.

An MIT pc science graduate and trustee tells me that companies worship Diligent Boards typically provide better than one stage of safety protection. Let’s deliver, they would presumably allow customers to acquire between a straightforward user ID and password versus two-ingredient identification. So if CalPERS were keen with safety, it might per chance presumably well doubtlessly proceed for extra stringent safeguards. Diligent Boards did no longer answer to questions.

Could per chance the Planned Account Maintain a Varied Necessary Angle?

It’s totally that potentialities are you’ll presumably well presumably also imagine that the Venteicher’s obvious intent to depict Brown as a possibility to CalPERS’ vaunted safety is merely a thread in an even bigger portion. In spite of every little thing, from CalPERS’ standpoint, if it will get a smear into print, it’s a gift that retains giving. They’ll defend repeating it no matter how unfaithful or trivial it is in actual fact.

CalPERS is pursuing the half-baked belief of bringing the board software blueprint in dwelling, allegedly because the no longer-too-brilliant-bulbs within the Board Companies Unit own taken to using Diligent Boards as a scapegoat for being gradual in uploading documents for the board to peek sooner than board conferences. Point out that workers had no such venture with timeliness under extinct CEO Ann Stausboll.

If 3500 companies, most of which own extra workers, extra complex operations, and hence extra ground for the board to camouflage, can navigate Diligent Boards, the venture appears to be workers no longer doing the work to turned into acquainted and/or no longer seeking attend.

As well, if it basically is correct that Diligent Boards has turned into extra cumbersome, there are competing companies akin to BoardAdvantage and Director Point. There is just not any longer this kind of thing as a evidence that CalPERS has assessed picks as a substitute of embarking on a costly exercise in reinventing the wheel.

On top of that, CalPERS is most continuously in a convey to produce a stink about safety threats, no longer to deliver flatter itself it might per chance presumably well make and scurry a sufficiently steady blueprint given its IT lapses, akin to:

1. A CalPERS employee hacking into CalPERS’ personnel records and altering them, then presenting the falsified documents to contributors of the convey legislature (the Nancy Michaels case).

2. CalPERS issuing sequential passwords in a shared format to board contributors and senior executives, making it straightforward for any individual who knew the protocol to collect entry to the blueprint.2

three. CalPERS failing to present protection to beneficiary records by letting a firm with which it had no contract own gather entry to to its member database

four. A CalPERS employee left comments on our put that printed mid-stage community deficiencies

In diverse phrases, there don’t appear to be any appropriate reasons for CalPERS to designate its own, certain to be costly-to-make in dwelling board portal. That means there are most attention-grabbing disagreeable ones. The presumably is that workers will look on whether particular board contributors own checked out particular documents. Industrial board portals intentionally quit no longer own that functionality to present protection to board contributors from workers snooping and a lot extra crucial, to present protection to folk and the establishment from licensed responsibility (the failure to behold at documents is also comparable outdated in court to point out negligence).

Even supposing that is a sorry diminutive memoir, as Lambert acknowledged, it reveals CalPERS is fractal. No matter what factor you behold at, the comparable patterns seem repeatedly: the reflexive dishonesty, the incompetence, the realization that every person who issues is PR, the vicious attacks on other folks which are attempting to collect CalPERS to form up. CalPERS is worship an addict that desires to hit bottom and behold at his dissolute life and the injury he’s done to others in voice to own a hope of getting on the dual carriageway to restoration. However with all these billions to burn, it’s going to be a costly slither.

____

1 Brown indicates, and I turned into as soon as no longer in a convey to independently in a convey to examine as of e-newsletter time, that the explanation for the as soon as in some time prolonged hole between when a tool turned into as soon as reported as lost versus found is that CalPERS appears to were inconsistent in logging her gadgets as found. Ceaselessly it appears to be based on her verbal report as to having them in her hand; diverse instances, it appears no longer to were logged as found unless sighted by or returned to CalPERS.

2 This obvious deficiency makes Venteicher’s line of questioning less routine….whenever you happen to have interaction the person who got their fingers on the board tool turned into as soon as a CalPERS staffer within the know.

00 CalPERS Second BOA Cell Machine list – With Names

Print Salubrious, PDF & Email

Read More

November 9, 2019

Leave a Reply

Twitter
Flickr
ABOUT

Paper Post brings the top and important news from the top news media of the world. You can send us any local news & we will verify and publish it. We believe that our earth is for everyone & if you want to make it better  for everyone then write & help us.

support@paperpost.org