For Office Use Only Study Confidential Information Form Id: Fill & Download for Free

Original question:What is the goal of Trump's voter fraud task force?The presidential election integrity commission was established by executive order in May to investigate Trump’s claims of rampant voter fraud. As this item starts to occupy more and more headlines - I find it all very confusing, what is the goal and are they going about it the right way?The main goals, based on the past and present behavior and actions of Trump, seem to be:Voter intimidation.Voter suppression & voter restriction.Disenfranchising Voters.To ice his bruised ego (he lost the popular vote).Examples that back up the above goals I listed:Intimidation:Trump asked his base to be “election observers”: [1]Go down to certain areas and watch and study and make sure other people don’t come in and vote five times……The only way they can beat it in my opinion, and I mean this 100 percent, is if in certain sections of the state they cheat, okay? So I hope you people can sort of not just vote on the 8th — go around and look and watch other polling places and make sure that it’s 100 percent fine.Trump’s campaign website also added a “sign up” page for “election observers”:Appeal to motive in the below tweet:Numerous states are refusing to give information to the very distinguished VOTER FRAUD PANEL. What are they trying to hide?— Donald J. Trump (@realDonaldTrump) July 1, 2017Voter Suppression & Restriction: [2]Voter purges:The letter doesn’t ask whether states are complying with the parts of the law that expand opportunities to register. Instead it focuses on the sections related to maintaining the lists. That’s a prelude to voter purging.Usually the Justice Department would ask only a single state for data if it had evidence the state wasn’t complying with Motor-Voter. But a blanket request to every state covered under that law is virtually unprecedented...These parallel efforts show us exactly how the Trump administration will undertake its enormous voter suppression campaign: through voter purges. The voter rolls are the key. Registration is one of the main gateways to political participation. It is the difference between a small base of voters pursuing a narrow agenda and an electorate that looks like America.Will affect minority voters disproportionately:Here’s how the government will use voters’ data. It will create a national database to try to find things like double-voters. But the commission won’t be able to tell two people with the same name and birthday apart. Such errors will hit communities of color the hardest. Census data shows that minorities are overrepresented in 85 of the 100 most common last names.Purging voters is part of a larger malicious pattern that states have employed across the country. Georgia and Ohio are being sued for carrying out early versions of what we can expect from the Trump administration.Disenfranchising Voters: [3]The Voter Commission’s data request resulted in some people withdrawing their voter registration:Three thousand, three hundred and ninety-four Coloradans have withdrawn their voter registrations as of July 13, following the Trump administration’s request for voter data as part of the Commission on Election Integrity. An additional 182 citizens in the state have filed as confidential voters.Several other states have reported a similar uptick in citizens moving to keep their information out of the federal government’s hands.Bruised Ego:Trump cannot accept that he lost the popular vote:In addition to winning the Electoral College in a landslide, I won the popular vote if you deduct the millions of people who voted illegally— Donald J. Trump (@realDonaldTrump) November 27, 2016Quick look at “voter fraud” claims: [4]The 1960 presidential election:…reports of deceased and other unregistered voters in largely African American districts in Illinois or cases of malfeasance throughout Texas were believed to have rigged John F. Kennedy’s victory over Richard Nixon.Former Attorney General John Ashcroft:Formed the “Ballot Access and Voting Integrity Initiative” under George W. Bush’s presidencyDespite his coordination of the U.S. attorney offices with local election officials, only 24 people were convicted of improper or illegal voting and 14 non-citizens were found to be illegally voting in federal elections between 2002 and 2005.Claims of Voter Fraud in New Jersey:There were reports in 2004 that 4,755 deceased voters cast ballots in New Jersey. After careful comparison between voter rolls and death records, there were no official accounts of voter fraud.Claims of voter fraud in New York:In New York in both 2002 and 2004, 2,600 deceased voters allegedly voted, only to be removed from the register after an investigation revealed clerical errors and not malfeasance.Paranoia over “voter fraud” leads to voter suppression.North Carolina:Supreme Court rejected an appeal to reinstate North Carolina’s stringent voter identification laws that were found to discriminate against African Americans “with almost surgical precision.”Within days following this ruling, the court also found that two of North Carolina’s congressional redistricting maps resulted from unconstitutional racial gerrymandering. The decision—even supported by the more conservative Justice Clarence Thomas—found that African Americans were unfairly packed in two concentrated black districts, thereby minimizing their political influence in major elections.Wisconsin:Wisconsin’s efforts mirrored those in North Carolina where advocates purported that nearly 300,000 people lacked the proper ID to participate in the 2016 presidential election, even after parts of the state’s law were deemed unconstitutional upon appeal.Florida:In Florida, 1.5 million people were disenfranchised by a law that disqualifies ex-felons from voting, resulting in one in every four African American residents unable to vote in 2016.The 10 members in Trump’s “Commission on Election Integrity”:The above chart is based on information from a Washington Post article. [5]Mike Pence said that the “Commission on Election Integrity” will: [6]…Initiate a full evaluation of voting rolls in the country and the overall integrity of our voting system in the wake of this past election.Closer look into Kris Kobach:On November 9th, 2016, Kobach emailed a Trump transition team member about amending the National Voter Registration Act (NVRA): [7] [8]Kobach wants to amend the National Voter Registration Act (NVRA). Passed in 1993, the NVRA aims to increase voter registration: Its provisions include requiring that motor vehicle and public assistance agencies provide voter registration opportunities, and allows for registration by mail.“Interstate Crosscheck System”: [9]The “Interstate Crosscheck System” is faulty at stopping voter fraud and is conducted by Kansas election authorities:States participating in the program, known as the Interstate Crosscheck System, send their voter registration files to Kansas…Each participating state receives back a list of their voter registrations that match the first name, last name and date of birth of a voter in another state. Crosscheck provides some guidelines for purging voter registrations from the rolls.The “Interstate Crosscheck Program” is inherently flawed:In theory, the program is supposed to detect possible cases of people voting in multiple locations. But academics and states that use the program have found that its results are overrun with false positives, creating a high risk of disenfranchising legal voters…For every one illegitimate vote, “Interstate Crosscheck Program” would eliminate 200 legitimate votes:A statistical analysis of the program published earlier this year by researchers at Stanford, Harvard, University of Pennsylvania and Microsoft, for instance, found that Crosscheck “would eliminate about 200 registrations used to cast legitimate votes for every one registration used to cast a double vote.”Why the “Interstate Crosscheck Program” gets it so wrong:Factors for “matches” - birthdays and names:Crosscheck bases its “matches” primarily on just two factors: people's first and last names and their birth date. But in a country of 139 million voters, you're guaranteed to have tens of thousands of individuals who share both names and birthdays.For instance, in a 2007 paper, elections experts Michael McDonald and Justin Levitt examined voter files from New Jersey's 2014 elections. In those elections, the most common names — William Smith, Maria Rodriguez, etc. — showed up hundreds of times, reflecting their prevalence in the general population.Shared birthdays are even more common — statistically speaking if you have a group of just 23 people, there's a greater than 50 percent chance that at least two of them will share the same birthday.At 180 people, according to McDonald and Levitt, there's a 50 percent chance that two of them will share the same birth date — month, day and year.So if you have 282 William Smiths, as in New Jersey's voter rolls in 2004, you'd expect four of them to share the exact same birthday. Those four William Smiths would be flagged as potentially fraudulent voters by Kobach's Crosscheck system.Disorganized Voter files:…Voter files are notoriously messy and often incomplete. Among the 3.6 million New Jersey voters McDonnell and Levitt analyzed, for instance, nearly 1 million were missing a birth date completely. Ten thousand were listed with a birth date of Jan. 1, 1753, and another 20,000 listed as Jan. 1, 1800 — likely placeholder values that were never updated.Multiply those figures up to the national level, and you can see how a system that naively matches names and birth dates is going to return a lot of noise — and very, very little in the way of people actually trying to game the voting system.There's no question that incomplete voter data is a problem. But comparing incomplete data sets against each other isn't likely to solve that problem.Data on someone registering and voting in two states:Boiling it all down, out of the 240,000 paired registrations that Crosscheck sent to Iowa, there were only six cases where it appeared that the same person registered and voted in two different states.In other words, well over 99 percent of the 'matches' sent to Iowa were unlikely to have anything to do with even attempted voter fraud.Incidentally, that's in line with Kobach's prosecution record on Crosscheck cases: a grand total of nine successful convictions so far, “mostly older Republican males,” according to local media reports.Crosscheck’s “User Guide”:…Crosscheck's user guide recommends purging older voter registrations when the name and partial Social Security number match the name and SSN of a more recent registration.…Harvard, Stanford, University of Pennsylvania and Microsoft team estimate that following this guideline would result in 200 deletions of legitimate voter registrations for each real-world case of double voting it prevented.Kobach loves the “Interstate Crosscheck Program” and wants to take it to a national level - that’s concerning:Kobach's championing of Crosscheck is one reason many voting rights advocates are concerned that President Trump's voter fraud commission may be a vehicle for recommending mass voter purges……In his opening remarks before the election commission he said the Crosscheck program “illustrates how a successful multi-state effort can be in enhancing the integrity of our elections and in keeping our voter rolls accurate. I'm confident that this commission will be equally successful on the national level.”…If the system is primarily a vehicle for false positives, why bother using it at all?…the naming of Kobach to President Trump's voter fraud commission ensures that Crosscheck will continue to have a role in the spotlight this year. And if the Republican Party has its way, Crosscheck will expand — the 2016 GOP party platform called for “every state to join the Interstate Voter Registration Crosscheck Program to keep voter rolls accurate and to prevent people from voting in more than one state in the same election.”Kris Kobach sent a letter to all 50 states (June 28th, 2016), requesting information on voters: [10]This letter asked for: [11]The information requested includes the names, addresses, birthdates, political party (if recorded), last four digits of the voter's Social Security Number and which elections the voter has participated in since 2006, for every registered voter in the country.It would seem that Kobach desires to use “Interstate Crosscheck System” on all the information sent in regarding the information he requested.The ACLU said this about the request from Kobach:As a part of Donald Trump’s Election Integrity Commission, Kris Kobach sent letters across the country, asking state representatives for details on every registered voter in the country. This is an unprecedented government request for information on American voters, including names, addresses, birthdates, political affiliation, last four digits of Social Security numbers, and voting history.Here is a chart from the ACLU regarding where each state stands on these requests:After Kobach’s letter, there are currently seven federal lawsuits that have been filed in July (2017) against Trump’s “Commission on Election Integrity”: [12]The NAACP Legal Defense Fund filed a lawsuit on July 18th, 2017. The lawsuit alleged that the “Commission on Election Integrity”: [13]“was formed with the intent to discriminate against voters of color in violation of the Constitution…to reaffirm President Trump’s false allegations of millions of ‘illegal’ votesto provide a basis for actions that will target African-American and Latino voters…rather than objectively analyze an issue of national significance.”It went on further, saying:“Statements by President Trump, his spokespersons and surrogates…as well as the work of the Commission as described by its co-chairs, are grounded on the false premise that Black and Latino voters are more likely to perpetrate voter fraud…”The suit points to the below evidence:Trump’s repeated lies that “millions of illegals” voted in the electionPence repeating Trump’s claim/defending it [14]Kobach repeating Trump’s claim: [15]“I think the president-elect is absolutely correct when he says the number of illegal votes cast exceeds the popular vote margin between him and Hillary Clinton at this point.”Hans von Spakovsky’s ties to the “Public Interest Legal Foundation”The Electronic Privacy Information Center (EPIC) filed a lawsuit against the Commission on July 3, 2017, alleging that: [16]“the Commission’s demand for detailed voter histories also violates millions of Americans’ constitutional right to privacy.”The “Commission on Election Integrity” asked states to stop sending voter information until this lawsuit was resolved [17]The American Civil Liberties Union (ACLU) filed a lawsuit on July 10th, 2017, alleging that the Commission was not following proper transparency laws: [18]The lawsuit charges the commission with failing to comply with the Federal Advisory Committee Act, which is designed to ensure public accountability of all advisory committees.The ACLU said that the Commission was not making any of the topics discussed available to the publicThree days later, the White House had a page added to its website which contained some documents regarding the meetings [19]The Lawyers’ Committee for Civil Rights Under Law filed a lawsuit similar to the ACLU’s on July 10th, 2017, citing the Commission’s failure to comply with transparency laws [20]The Lawyers’ Committee for Civil Rights Under Law also filed a Hatch Act Complaint against Kobach, saying that he improperly used his role on the Commission to promote his upcoming run for Governor in Kansas [21]The Florida ACLU filed a lawsuit on July 10th, 2017 (separate from the other ACLU lawsuit) against the Commission, alleging that the collection efforts were: [22]“…an unjustified invasion of privacy not authorized under the Constitution and laws of the United States or the individual states.”Public Citizen filed a lawsuit on July 10, 2017, similar to the lawsuit from ACLU Florida, alleging that the Commission: [23]“collection and dissemination of [voter] information violates the Privacy Act, which prohibits the collection, use, maintenance or distribution of any ‘record describing how any individual exercises rights guaranteed by the First Amendment.’ ”Public Citizen is requesting a temporary restraining order on the Commission’s request regarding voter informationCommon Cause also filed a lawsuit regarding Privacy Act violations on July 14, 2017, against the Commission: [24]“Common Cause asks the U.S. District Court for the District of Columbia to order the commission, [the Department of Homeland Security], and [the Social Security Administration] to stop seeking and using the voter history and party affiliation of voters, and return any such data it has already obtained from any state.”How Kobach’s request could be unconstitutional: [25]Kobach’s goal seems to be collecting personal information on people to put in a national voter file [26]The files would collect information not limited to:NameAddressPolitical party affiliationVoting HistorySome states include even more information: [27]Date of birthTelephone numbersEmail addressesInformation about minors (some states “pre-register” minors so that they can automatically vote when they turn 18)“Publicly Available” is not a cut and dry definition: [28]In some states, voter files are widely accessible, but not to everyoneSome states restrict “why” one can have access to voter filesFor example, Texas prohibits access to voter information used for commercial profitsVoter information is sometimes limited to: [29]Political partiesCandidatesNonprofitsAny state that have these types of restrictions are automatically breaking their own laws by sending information to back to KobachNo one knows what the Commission’s security protocols will be (or if they even have any)Asking for this information via email is suspectMakes it appear that the Commission has no security protocolsAnd/or doesn’t care about securityNo one knows exactly what the Commission will do with the infoWhat laws could this data request be breaking? Here are some of them: [30]The Privacy Act:We’ve long had privacy and security concerns about government recordkeeping in this country. Back in 1974, Congress passed the Privacy Act, regulating how federal government entities keep records. There are a number of substantive requirements for a body like the Kobach commission. Those actually include specific limits on data that Kobach has asked for, like voting history and party affiliation.The Paperwork Reduction Law:The Paperwork Reduction Act, a law with a longstanding pedigree (if an uninspiring name), governs agencies that want to issue potentially burdensome information requests. The statute covers requests that are mandatory or voluntary, aimed at individuals or organizations. The guiding idea behind the PRA is simple: before the federal government enlists individuals, companies, organizations, or state governments into potentially burdensome fact-finding, it should have a good justification and a well thought out plan.Procedural requirements found within the PRA:PRA requires federal agencies to satisfy procedural requirements designed to ensure a deliberative approach informed by the people who will feel the effects of federal action. Much of it is basic stuff. Before sending out an information request to more than ten people, a federal agency must articulate a justification for doing so. It must weigh any potential benefits to the government against the burdens that its requests will impose on recipients. It must have a plan for conducting the request and managing the information it receives. Perhaps most importantly, it must engage the public through two rounds of detailed public notification, coupled with opportunities for the public to weigh in. Only then may the agency seek final approval from the White House’s budget office, which oversees compliance with the PRA, to go forward.The election commission didn’t do any of those things. It simply ignored the statute’s requirements. In other words, its request to every Secretary of State in the country violated federal law.…In other words, the Commission’s failure to adhere to the PRA isn’t a matter of mere technical non-compliance; it flouted a legal framework whose provisions would have offered a safeguard against a misguided, and potentially quite harmful, national fishing expedition for voter data.…For state officials on the fence about whether to provide the data, the PRA should weigh significantly in their decisions. The Kobach letter was, after all, an unlawful request. State officials should pause long and hard before turning over such sensitive data – data that is foundational to the democratic process…And on top of all of that, the letter from Kobach also creates a major target for hackers: [31]Digital security experts say the commission’s request would centralize and lay bare a valuable cache of information that cyber criminals could use for identity theft scams — or that foreign spies could leverage for disinformation schemes.Quick facts on voter fraud:Justin Levitt, Loyola Law School professor, found: [32]2000 - 2014 = 35 cases of voter impersonation out of ~800 million ballots that were cast in primary, municipal, special, and other elections.News21 journalism looked into voter impersonation as well as people voting twice, vote buying, absentee fraud, etc from 2000 - 2012. [33]For voter impersonation: 10For other alleged fraud cases: 2,068~50% of those votes ended with acquittals or charges being droppedThe State Board of Elections in North Carolina found: [34]1 case of voter fraud out of 4.8 million votes in the 2016 General ElectionThere were 500 ineligible votesAlmost all of those 500 were people voting who genuinely thought they couldIn 2007, the NYT found that there were: [35]86 convictions of voter fraud from 2002–2007Quick background on voter ID laws (hint, its voter suppression): [36]Voter ID laws disproportionately affect minorities:These laws have a disproportionate effect on minorities, which is exactly what you would expect given that members of racial and ethnic minorities are less apt to have valid photo ID.States that do have strict voter ID laws tend to vote more conservative:Because minority voters tend to be Democrats, strict voter ID laws tilt the primary electorate dramatically.All else equal, when strict ID laws are instituted, the turnout gap between Republicans and Democrats in primary contests more than doubles from 4.3 points to 9.8 points.Likewise, the turnout gap between conservative and liberal voters more than doubles from 7.7 to 20.4 points.States that pass strict Voter ID laws tend to have GOP legislatures:By instituting strict voter ID laws, states can alter the electorate and shift outcomes toward those on the right:Where these laws are enacted, the influence of Democrats and liberals wanes and the power of Republicans grows.Strict ID laws are passed almost exclusively by Republican legislatures.Quick look at what States have Voter ID laws: [37]Some states seem energized by Trump’s voter fraud conspiracies, many pushing for more Voter ID laws in 2017:At least 99 bills to restrict access to the polls have been introduced (or have been carried over from previous sessions) in 31 states this year; that's already more than double the number last year, according to data compiled by the Brennan Center.Voter ID — requiring voters to prove who they are with identifying documents — is the most common requirement, but changes to the voter registration process, such as asking people to prove their U.S. citizenship, are a close second.Why obtaining a government issued ID tends to be more challenging for minority demographics, collectively as well as some of the reasons that these laws are discriminatory: [38]Cost:Obtaining ID Costs Money.Even if ID is offered for free, voters must incur numerous costs (such as paying for birth certificates) to apply for a government-issued ID.Underlying documents required to obtain ID cost money, a significant expense for lower-income Americans. The combined cost of document fees, travel expenses and waiting time are estimated to range from $75 to $175.Travel:The travel required is often a major burden on people with disabilities, the elderly, or those in rural areas without access to a car or public transportation.In Texas, some people in rural areas must travel approximately 170 miles to reach the nearest ID office.Voter ID laws are discriminatory:Minority voters disproportionately lack ID.Nationally, up to 25% of African-American citizens of voting age lack government-issued photo ID, compared to only 8% of whites.Some Voter ID laws exclude forms of ID in a discriminatory way:Texas:allows concealed weapons permits for voting, but does not accept student ID cards.North Carolina:Until its voter ID law was struck down, North Carolina prohibited public assistance IDs and state employee ID cards, which are disproportionately held by Black voters.Wisconsin:Until recently, Wisconsin permitted active duty military ID cards, but prohibited Veterans Affairs ID cards for voting.Enforcement of Voter ID laws shows a trend of discriminatory behavior:A Caltech/MIT study found that minority voters are more frequently questioned about ID than are white voters.Voter ID laws reduces the turnout of minority voters:Several studies, including a 2014 GAO study, have found that photo ID laws have a particularly depressive effect on turnout among racial minorities and other vulnerable groups, worsening the participation gap between voters of color and whites.The American Legislative Exchange Council (ALEC) is a right wing group that is funded by corporations like Exxon Mobile and the Koch brothers, is the culprit behind most of the voter ID laws: [39]Lawmakers proposed 62 photo ID bills in 37 states in the 2011 and 2012 sessions, with multiple bills introduced in some states.Ten states have passed strict photo ID laws since 2008, though several may not be in effect in November because of legal challenges.…More than half of the 62 bills were sponsored by members or conference attendees of the American Legislative Exchange Council (ALEC), a Washington, D.C.-based, tax-exempt organization.At ALEC’s annual conferences, legislators, nonprofits and corporations work together without direct public input to develop bills that promote smaller government…The group’s Public Safety and Elections Task Force at the 2009 Atlanta meeting approved the “Voter ID Act,” a photo ID bill modeled on Indiana and Georgia laws.…Arkansas state Rep. Dan Greenberg, Arizona state Sen. Russell Pearce and Indiana state Rep. Bill Ruppel (three Republicans now out of office) led drafting and discussion of the Voter ID Act.Critics of photo voter ID laws…say voters without a driver’s license or the means (a birth certificate or Social Security card) to obtain free ID cards at a state motor vehicles office could be disenfranchised.They claim that ALEC pushed for photo ID laws because poor Americans without ID are likely to vote against conservative interestsThe White House asked for feedback on the “Election Integrity Commission” on the White House website, which didn’t go so well. For example: [40]There was a lot of swearing:People called out Kobach and Pence specifically:Others questioned the integrity of the Commission:There were comparisons to Big Brother:Others demanded that the commissioners explain themselves:And my personal favorite:So, in conclusion, Trump’s “Commission on Election Integrity” is a waste of taxpayer money. The goal of the Commission is to create a “solution” that is looking for problems that don’t exist as well as creating problems.Are they going about it the right way? No.The premise of this Commission is based on lies.How the Commission is going about collecting the information based on a false premise is wrong.The data the Commission is wanting is likely a violation of privacy laws.Footnotes[1] Trump Asks Supporters to Prevent ‘Rigged’ Election by Becoming ‘Observers’[2] Opinion | The Voter Purges Are Coming[3] Some voters unregistering after Trump administration's data requests[4] Trump’s election integrity commission needs to redress voter suppression, not fraud[5] Analysis | Here are the first 10 members of Trump’s voting commission[6] Trump's election commission meets as critics condemn president's 'biggest lie'[7] Kris Kobach Email [8] This Trump administration official wants to make it more difficult to vote[9] https://www.washingtonpost.com/news/wonk/wp/2017/07/20/this-anti-voter-fraud-program-gets-it-wrong-over-99-of-the-time-the-gop-wants-to-take-it-nationwide/?utm_term=.b08bbbc38661[10] https://assets.documentcloud.org/documents/3881818/SOS-Letter.pdf[11] Election Integrity Commission - State Responses[12] Trump’s voter commission is now facing at least 7 federal lawsuits[13] http://www.naacpldf.org/files/about-us/EIC%20Complaint.pdf[14] Watch Mike Pence try to defend Trump’s false claim that ‘millions’ voted illegally[15] Kris Kobach agrees with Donald Trump that ‘millions’ voted illegally but offers no evidence[16] EPIC v. Presidential Election Commission[17] https://epic.org/privacy/litigation/voter/epic-v-commission/EPIC-v-Commission-government-filing-on-DOD-database.pdf[18] American Civil Liberties Union v. Donald Trump[19] Presidential Advisory Commission on Election Integrity[20] Lawyers’ Committee for Civil Rights Under Law Files Lawsuit To Halt Commission Hearing for Failure to Comply With Federal Law | Lawyers' Committee for Civil Rights Under Law[21] Lawyers’ Committee for Civil Rights Under Law Files Hatch Act Complaint Against Kris Kobach | Lawyers' Committee for Civil Rights Under Law[22] https://www.aclufl.org/2017/07/10/coalition-of-voting-rights-leaders-and-florida-voters-sue-presidential-commission-over-request-for-voter-information/[23] https://www.citizen.org/media/press-releases/public-citizen-sues-trump-administration-prevent-government’s-collection-voter[24] http://www.commoncause.org/press/press-releases/PenceKobachLawsuit.html?referrer=https://www.washingtonpost.com/news/wonk/wp/2017/07/18/trumps-voter-fraud-commission-is-now-facing-at-least-7-federal-lawsuits/?utm_term=.696f889ac706?referrer=http://www.denverpost.com/2017/07/18/trumps-voter-commission-facing-several-federal-lawsuits/[25] All Your Voter Data Are Belong To Us | Take Care[26] http://www.ncsl.org/Documents/Elections/The_Canvass_February_2016_66.pdf[27] Full List Facts and Info - Voter List Information[28] States - Voter List Information[29] ELECTION CODE CHAPTER 18. PROCEDURES FOR IDENTIFYING REGISTERED VOTERS[30] President Trump’s Election Commission Has Already Violated Federal Law | Take Care[31] Trump voter-fraud panel’s data request a gold mine for hackers, experts warn[32] Voter Turnout Data - United States Elections Project[33] A News21 2012 National Project[34] https://s3.amazonaws.com/dl.ncsbe.gov/sboe/Post-Election%20Audit%20Report_2016%20General%20Election/Post-Election_Audit_Report.pdf[35] In 5-Year Effort, Scant Evidence of Voter Fraud[36] Analysis | Do voter identification laws suppress minority voting? Yes. We did the research.[37] States push new voter requirements, fueled by Trump[38] Oppose Voter ID Legislation - Fact Sheet[39] Oppose Voter ID Legislation - Fact Sheet[40] https://www.whitehouse.gov/sites/whitehouse.gov/files/docs/comments-received-june-29-through-july-11-2017.pdf

Okay , I read this great article on conspiracy theories in India and wanted to share with you all . It is one of the mind blowing articles , I have ever read.10. Rajiv Gandhi Survived His Assassinationhttp://www.boydom.com/wp-content/uploads/2013/02/RajivGandhiSurvivedHisAssassinationBoydom.com_.jpgJust for the sake of conspiracy theorists, this had to be included because every time I ask someone of a popular Indian conspiracy theory, this is their first response. Since his assassination there have been theories floating around that Rajiv survived his assassination. Just to burst the bubble, how really is someone supposed to survive a blast of such close proximity that killed at least 14 other bystanders?9. Sanjay Gandhi’s Deathhttp://www.boydom.com/wp-content/uploads/2013/02/SanjayGandhisDeathBoydom.com_.jpgIn the 1970s Sanjay was one of the most important political figure, around whom most of the power was concentrated and dispensed. Many believed Sanjay wielded more power than Indira Gandhi herself and that he had a lot of indifferences with his mother. He died flying a new aircraft that lost control and crashed near Safdarjung Airport in New Delhi. It is just suffice to say that the single-member enquiry commission headed by Mr. M. L. Jain, which was formed to study the circumstances that lead to the plane crash, has never submitted any report whatsoever to the government in three decades. There have been different theories of CIA/Russian Intelligence/Opus Dei/Indian Intelligence having a hand in his death, but to what extent, it remains unclear. After his death, his widow, Maneka Gandhi and his son were sidelined and thrown out of Prime Minister’s residence.8. India’s Ancient Nuclear Warfarehttp://boydom.com/wp-content/uploads/2012/10/clip_image00231.jpgThis is an interesting one. As per the theory, a heavy layer of radioactive ash covering 3 square miles was found 10 km west of the city of Johdpur, Rajasthan and on further investigation, scientists unearthed an ancient city. It further goes to relating this with Mahabharata’s verses from Drona Parva of K.M. Ganguly’s translation, “The passage tells of combat where explosions of final weapons decimate entire armies, causing crowds of warriors with steeds and elephants and weapons to be carried away as if they were dry leaves of trees.” Myself being a native of Jodhpur, personally, I have never heard of any such ancient city excavated. On digging further on this topic, the quotes related to this theory from Mahabharata were actually referenced from 1963 English translation of the book, Morning of the Magicians, and later references from later writers copied that book without checking the source. According to the authors, the passages record the blinding explosion, fallout from the blast, the ensuing radiation burns, loss of hair and fingernail. This books turns out to be a case of bad translation. The verses from the original English translation of the Mahabharata that comes even close to the quotes from the book are, “When the next day came, Camva actually brought forth an iron bolt through which all the individuals in the race of the Vrishnis and the Andhakas became consumed into ashes. Indeed, for the destruction of the Vrishnis and the Andhakas, Camva brought forth, through that curse, a fierce iron bolt that looked like a gigantic messenger of death. The fact was duly reported to the king. In great distress of mind, the king (Ugrasena) caused that iron bolt to be reduced into fine powder. (Mausala Parva, sec. 1).” As you can understand from the passage that the bomb was actually a bolt (scepter) that the king destroyed before it could be used. With my part of the research, I would call this theory busted.7. Agni V Missile’s Rangehttp://boydom.com/wp-content/uploads/2012/10/clip_image00251.jpgAgni V is a solid-fuelled intercontinental ballistic missile developed by DRDO. It is fifth in the line of Agni series of missile developed by India. It was successfully test launched on April 19, 2012. There have been doubts raised about the actual range of Agni V. According to initial comments by DRDO’s chief, the exact range of the missile was confidential, but later he reported it to be in the range of 5500-5800 Km. It was developed with a targeted range of 5000-8000 km. It does raise some doubts because Agni IV had a weight of 17000 kg with an operation range of 4000 and Agni V has a weight of 50000 kg with official range of 5800 km. Chinese experts felt that the missile has the potential range of 8000 km and that it was deliberately downplayed by Indian officials.6. The Nine Unknown Menhttp://boydom.com/wp-content/uploads/2012/10/clip_image00112.jpgThis theory alleges that a secret society was founded by the Mauryan Emperor Ashoka around 270 BC to protect and develop knowledge that if falls into the wrong hands would be dangerous for the humanity and that nine unknown men were entrusted with protecting the nine books of secret knowledge. The nine books entrusted to these nine men is said to contain information on topics ranging from psychological warfare, physiology, microbiology, alchemy, communication including communication with extraterrestrials, gravity and antigravity devices, cosmology including hyperspace and time travel, light and sociology.5. Taj Mahal or Tejo Mahalayahttp://boydom.com/wp-content/uploads/2012/10/clip_image0017.jpgAccording to this famous conspiracy theory, Taj Mahal was originally an ancient Shiva Temple, Tejo Mahalaya, which the Moghul Emperor Shahjahan took by force from the then Maharaja of Jaipur. There is even a book published titled “Taj Mahal: The True Story” by P.K. Oak on this theory. In his book, he points out a number inconsistencies based on historical facts and Taj Mahal’s architecture to expound on his views. In 2000 Supreme Court of India dismissed Oak’s petition to declare that a Hindu king had built it and in 2005 similar petition was dismissed by the Allahabad High Court.4. Lal Bahadur Shastri’s Deathhttp://boydom.com/wp-content/uploads/2012/10/clip_image0027.jpgLal Bahadur Shastri was a prominent Indian freedom fighter and the second Prime Minister of India. Shastri died in Tashkent, Russia a day after signing the Tashkent Declaration possibly due to heart attack. He was later cremated in Vijay Ghat memorial established in his memory. His sudden death led to conspiracy theories that he was poisoned. This theory is strengthened by the fact that no postmortem took place to identify exact reason behind his death, both in Russia or by the Government of India. All his belongings came back to India except for his thermos flask from which he had his last drink of water. In 2009, Anuj Dhar, a popular author asked Prime Minister’s Office under the RTI plea to release the documents related to Shastri’s death, but PMO refused to declassify the documents citing that this would lead to harming of foreign relations, cause disruption of country’s peace and breach of parliamentary privileges.3. Homi Bhabha’s Deathhttp://boydom.com/wp-content/uploads/2012/10/clip_image00291.jpgHomi Jehangir Bhabha was an Indian nuclear physicist and most famously is known as “Father of Indian Nuclear Programme.” He is credited with formulating the country’s strategy in the field of nuclear power to focus on extracting power from the country’s vast thorium reserves. He died when Air India Flight 101 crashed near Mont Blanc on January 24, 1966. One conspiracy theory is that CIA was involved with the crash possibly to cripple India’s nuclear programme. In 2012 a jute bag labelled “diplomatic bag” and “ministry of external affairs” recovered near the crash site in French Alps belonging to Homi Bhabha was handed over to India.2. Death of Subhas Chandra Bosehttp://boydom.com/wp-content/uploads/2012/10/clip_image002111.jpgSubhas Chandra Bose was a prominent Indian freedom fighter, who attempted to liberate India from British rule. Bose was alleged to have died in a plane crash in Taiwan on 1945 while en route to Tokyo. He was badly burned and died in a local hospital hours later. His body was later cremated in a Buddhist Temple in Taiwan. This version of events is supported by testimonies of Captain, Yoshida Taneyoshi, and a British spy. Absence of his body in the temple has led to rise in many theories concerning his possible survival. Various committees have been set up by government of India over the years to investigate in this matter. This conspiracy theory has become a popular topic of discussion in various newsrooms and book titles. It is alleged by Dr. Purabi Roy, a Russian scholar in his book, “The Search for Netaji: New Findings” that Bose was captured by USSR during Second World War as Axis powers viewed him as a war criminal due to his close relationship with Japan and he later died in Siberia under soviet captivity. Another version of the theory goes by that an Indian monk named Bhagwanji or Gumnami Baba, who lived in Faizabad, Ayodhya had a very close resemblance to Subhas Chandra Bose and that he was Netaji living incognito to hide his real identity. Bhagwanji died on September 16, 1985.1. Indian UFO Basehttp://boydom.com/wp-content/uploads/2012/10/clip_image002131.jpgKongka La pass in the Himalayas is in the disputed Indo-Chinese border of Aksai Chin. The Chinese held part is known as Aksai Chin and the part under Indian occupation is Ladakh. This is one of the least accessed areas in the world and by agreement both countries do not patrol this border. Locals on both sides of the border believe there is an underground UFO base in this region with the knowledge of both countries. Locals have seen UFOs coming out of the ground. Tourists have witnessed strange triangular lighted silent crafts rising from the ground and moving vertically up. Local guides say this is not something new and it is a very common sight in Kongka La pass. Tourists are denied entry to this area in spite of permits to travel between the two countries. This theory is given credence by the fact that in June of 2006, satellite imagery on Google Earthrevealed a 1:500 scale detailed terrain model of the area in question on the Chinese side of the border. This model was surrounded by buildings resembling a military facility. Aksai Chin is a region where Eurasian and Indian plates have created convergent plate boundaries where one plate dives under the other and thus it is one of the few areas in the world where the depth of crust is twice as much as in the other places.Some other Connspiracy theories:Kasab Succumbed to His Illness?http://www.boydom.com/wp-content/uploads/2013/02/KasabSuccumbedtoHisIllnessBoydom.com_.jpgOn the morning of November 21, 2012, Home Ministry brought forth the news of the execution of Ajmal Kasab before Indian media. No one in jail premises except jail superintendent knew, who he was until the time of execution. Due to the secretive nature of his execution, several conspiracy theories were hinted. One among them is that his execution came barely a month ahead of Gujarat elections. Was this a deliberate attempt to revive the dwindling popularity of Indian government to woo Indian voters? Another more interesting one is that Kasab succumbed to dengue that he contracted while in jail. So did Indian government take advantage of his death to play vote bank politics? Also another unrelated yet interesting conspiracy theory about Kasab is that his accent resembled that of a Delhiite. So perhaps either he received good training or he was an Indian.Aaadhaar Card Conspiracyhttp://www.boydom.com/wp-content/uploads/2013/02/AadharCardConspiracyBoydom.com_.jpgAADHAAR program was launched by Government of India in 2010 with the primary goal of providing a form of identity to every Indian. UID is a 12-digit number unique to each Indian that will be linked to his/her demographic and biometric information. Now this does sound beneficial for a developing country like India, but can this have negative implication? First and foremost with a centralized database (managed by government GOI itself), it is going to be hell of a task to defend it from cyberpunks. This data will be priceless at the hands of multinationals entering India as this will provide them with statistics on regional and national demographics like no other. So the threat to such database will be all time high. China recently hacked into Google and FBI servers, so only time will tell how well our databases will fare against hackers (websites of Indian government are frequently hacked by Chinese). Aadhar Card lacks the appreciation for the role of privacy in India and amongst Indians. Aadhaar cards have already faced problems with fake ids and stolen databases. There are theories ranging from multinationals forcing the hand of GOI to impose this project, to this project being just another scandal for politicos to embezzle money. The only country other than India that has similar kind of a program in place is Chile. Now UID should not be confused with Social Security Number used in USA. Unlike UID, SSN is not a centralized database of authentication information and therefore does not pose a significant risk.Opus Dei’s Influence on India’s Current Political Scenariohttp://www.boydom.com/wp-content/uploads/2013/02/OpusDeisInfluenceonIndiasCurrentPoliticalScenarioBoydom.com_.jpgLong story short, Opus Dei is an organization of the Catholic Church with its headquarters based in Rome, Italy. Opus Dei has long been associated with allegations of secretiveness and portrayed in popular culture as a sinister secret organization. But what has that got to do with Indian political system? According to a blog “purportedly” written by an ex-intelligence analyst of an Indian Intelligence Agency, he was part of a 5 member analyst team that investigated assassination of Rajiv Gandhi. He discusses in detail how four scenarios perfectly lined up in the timeline of Sonia Gandhi’s life that guided her to become the most powerful person in India. To begin with, he talks about Sonia Gandhi’s mysterious uncle who worked for Opus Dei and that this uncle funded Sonia Gandhi’s education in Cambridge in the 1960’s. Furthermore, Rajiv-Sonia hookup at Cambridge Uni was not entirely a chance event. The characters that brought them together later were absorbed by the Vatican’s intelligence wing. Moving forward, he discusses in detail how the death of Sanjay Gandhi, Indira Gandhi and Rajiv Gandhi was in a major way linked to Opus Dei. You can read his very detailed post here. It is rather peculiar to note that the author of the blog promised to follow up with more info on Rajiv Gandhi’s assassination, but the blog has been dead for a better part of the year now.References:Page on BoydomPage on Boydom

As computers and other digital devices have become essential to business and commerce, they have also increasingly become a target for attacks. In order for a company or an individual to use a computing device with confidence, they must first be assured that the device is not compromised in any way and that all communications will be secure.The security triadThe Information Security Triad: Confidentiality, Integrity, Availability (CIA)ConfidentialityWhen protecting information, we want to be able to restrict access to those who are allowed to see it; everyone else should be disallowed from learning anything about its contents. This is the essence of confidentiality. For example, federal law requires that universities restrict access to private student information. The university must be sure that only those who are authorized have access to view the grade records.IntegrityIntegrity is the assurance that the information being accessed has not been altered and truly represents what is intended. Just as a person with integrity means what he or she says and can be trusted to consistently represent the truth, information integrity means information truly represents its intended meaning. Information can lose its integrity through malicious intent, such as when someone who is not authorized makes a change to intentionally misrepresent something. An example of this would be when a hacker is hired to go into the university’s system and change a grade.Integrity can also be lost unintentionally, such as when a computer power surge corrupts a file or someone authorized to make a change accidentally deletes a file or enters incorrect information.AvailabilityInformation availability is the third part of the CIA triad. Availability means that information can be accessed and modified by anyone authorized to do so in an appropriate timeframe. Depending on the type of information, appropriate timeframe can mean different things. For example, a stock trader needs information to be available immediately, while a sales person may be happy to get sales numbers for the day in a report the next morning. Companies will require their servers to be available twenty-four hours a day, seven days a week. Other companies may not suffer if their web servers are down for a few minutes once in a while.Tools for Information SecurityIn order to ensure the confidentiality, integrity, and availability of information, organizations can choose from a variety of tools. Each of these tools can be utilized as part of an overall information-security policy, which will be discussed in the next section.AuthenticationThe most common way to identify someone is through their physical appearance, but how do we identify someone sitting behind a computer screen or at the ATM? Tools for authentication are used to ensure that the person accessing the information is, indeed, who they present themselves to be.Authentication can be accomplished by identifying someone through one or more of three factors: something they know, something they have, or something they are. For example, the most common form of authentication today is the user ID and password. In this case, the authentication is done by confirming something that the user knows (their ID and password). But this form of authentication is easy to compromise (see sidebar) and stronger forms of authentication are sometimes needed. Identifying someone only by something they have, such as a key or a card, can also be problematic. When that identifying token is lost or stolen, the identity can be easily stolen. The final factor, something you are, is much harder to compromise. This factor identifies a user through the use of a physical characteristic, such as an eye-scan or fingerprint. Identifying someone through their physical characteristics is called biometrics.A more secure way to authenticate a user is to do multi-factor authentication. By combining two or more of the factors listed above, it becomes much more difficult for someone to misrepresent themselves. An example of this would be the use of an RSA securid token. The RSA device is something you have, and will generate a new access code every sixty seconds. To log in to an information resource using the RSA device, you combine something you know, a four-digit PIN, with the code generated by the device. The only way to properly authenticate is by both knowing the code and having the RSA device.Access ControlOnce a user has been authenticated, the next step is to ensure that they can only access the information resources that are appropriate. This is done through the use of access control. Access control determines which users are authorized to read, modify, add, and/or delete information. Several different access control models exist. Here we will discuss two: the access control list (ACL) and role-based access control (RBAC).For each information resource that an organization wishes to manage, a list of users who have the ability to take specific actions can be created. This is an access control list, or ACL. For each user, specific capabilities are assigned, such as read, write, delete, or add. Only users with those capabilities are allowed to perform those functions. If a user is not on the list, they have no ability to even know that the information resource exists.ACLs are simple to understand and maintain. However, they have several drawbacks. The primary drawback is that each information resource is managed separately, so if a security administrator wanted to add or remove a user to a large set of information resources, it would be quite difficult. And as the number of users and resources increase, ACLs become harder to maintain. This has led to an improved method of access control, called role-based access control, or RBAC. With RBAC, instead of giving specific users access rights to an information resource, users are assigned to roles and then those roles are assigned the access. This allows the administrators to manage users and roles separately, simplifying administration and, by extension, improving security.Comparison of ACL and RBAC (click to enlarge)EncryptionMany times, an organization needs to transmit information over the Internet or transfer it on external media such as a CD or flash drive. In these cases, even with proper authentication and access control, it is possible for an unauthorized person to get access to the data. Encryption is a process of encoding data upon its transmission or storage so that only authorized individuals can read it. This encoding is accomplished by a computer program, which encodes the plain text that needs to be transmitted; then the recipient receives the cipher text and decodes it (decryption). In order for this to work, the sender and receiver need to agree on the method of encoding so that both parties can communicate properly. Both parties share the encryption key, enabling them to encode and decode each other’s messages. This is called symmetric key encryption. This type of encryption is problematic because the key is available in two different places.An alternative to symmetric key encryption is public key encryption. In public key encryption, two keys are used: a public key and a private key. To send an encrypted message, you obtain the public key, encode the message, and send it. The recipient then uses the private key to decode it. The public key can be given to anyone who wishes to send the recipient a message. Each user simply needs one private key and one public key in order to secure messages. The private key is necessary in order to decrypt something sent with the public key.Public key encryptionSidebar: Password SecuritySo why is using just a simple user ID/password not considered a secure method of authentication? It turns out that this single-factor authentication is extremely easy to compromise. Good password policies must be put in place in order to ensure that passwords cannot be compromised. Below are some of the more common policies that organizations should put in place.Require complex passwords. One reason passwords are compromised is that they can be easily guessed. A recent study found that the top three passwords people used in 2012 were password, 123456 and 12345678.[1] A password should not be simple, or a word that can be found in a dictionary. One of the first things a hacker will do is try to crack a password by testing every term in the dictionary! Instead, a good password policy is one that requires the use of a minimum of eight characters, and at least one upper-case letter, one special character, and one number.Change passwords regularly. It is essential that users change their passwords on a regular basis. Users should change their passwords every sixty to ninety days, ensuring that any passwords that might have been stolen or guessed will not be able to be used against the company.Train employees not to give away passwords. One of the primary methods that is used to steal passwords is to simply figure them out by asking the users or administrators. Pretexting occurs when an attacker calls a helpdesk or security administrator and pretends to be a particular authorized user having trouble logging in. Then, by providing some personal information about the authorized user, the attacker convinces the security person to reset the password and tell him what it is. Another way that employees may be tricked into giving away passwords is through e-mail phishing. Phishing occurs when a user receives an e-mail that looks as if it is from a trusted source, such as their bank, or their employer. In the e-mail, the user is asked to click a link and log in to a website that mimics the genuine website and enter their ID and password, which are then captured by the attacker.BackupsAnother essential tool for information security is a comprehensive backup plan for the entire organization. Not only should the data on the corporate servers be backed up, but individual computers used throughout the organization should also be backed up. A good backup plan should consist of several components.A full understanding of the organizational information resources. What information does the organization actually have? Where is it stored? Some data may be stored on the organization’s servers, other data on users’ hard drives, some in the cloud, and some on third-party sites. An organization should make a full inventory of all of the information that needs to be backed up and determine the best way back it up.Regular backups of all data. The frequency of backups should be based on how important the data is to the company, combined with the ability of the company to replace any data that is lost. Critical data should be backed up daily, while less critical data could be backed up weekly.Offsite storage of backup data sets. If all of the backup data is being stored in the same facility as the original copies of the data, then a single event, such as an earthquake, fire, or tornado, would take out both the original data and the backup! It is essential that part of the backup plan is to store the data in an offsite location.Test of data restoration. On a regular basis, the backups should be put to the test by having some of the data restored. This will ensure that the process is working and will give the organization confidence in the backup plan.Besides these considerations, organizations should also examine their operations to determine what effect downtime would have on their business. If their information technology were to be unavailable for any sustained period of time, how would it impact the business?Additional concepts related to backup include the following:Universal Power Supply (UPS). A UPS is a device that provides battery backup to critical components of the system, allowing them to stay online longer and/or allowing the IT staff to shut them down using proper procedures in order to prevent the data loss that might occur from a power failure.Alternate, or “hot” sites. Some organizations choose to have an alternate site where an exact replica of their critical data is always kept up to date. When the primary site goes down, the alternate site is immediately brought online so that little or no downtime is experienced.As information has become a strategic asset, a whole industry has sprung up around the technologies necessary for implementing a proper backup strategy. A company can contract with a service provider to back up all of their data or they can purchase large amounts of online storage space and do it themselves. Technologies such as storage area networks and archival systems are now used by most large businesses.FirewallsNetwork configuration with firewalls, IDS, and a DMZ. Click to enlarge.Another method that an organization should use to increase security on its network is a firewall. A firewall can exist as hardware or software (or both). A hardware firewall is a device that is connected to the network and filters the packets based on a set of rules. A software firewall runs on the operating system and intercepts packets as they arrive to a computer. A firewall protects all company servers and computers by stopping packets from outside the organization’s network that do not meet a strict set of criteria. A firewall may also be configured to restrict the flow of packets leaving the organization. This may be done to eliminate the possibility of employees watching YouTube videos or using Facebook from a company computer.Some organizations may choose to implement multiple firewalls as part of their network security configuration, creating one or more sections of their network that are partially secured. This segment of the network is referred to as a DMZ, borrowing the term demilitarized zone from the military, and it is where an organization may place resources that need broader access but still need to be secured.Intrusion Detection SystemsAnother device that can be placed on the network for security purposes is an intrusion detection system, or IDS. An IDS does not add any additional security; instead, it provides the functionality to identify if the network is being attacked. An IDS can be configured to watch for specific types of activities and then alert security personnel if that activity occurs. An IDS also can log various types of traffic on the network for analysis later. An IDS is an essential part of any good security setup.Sidebar: Virtual Private NetworksUsing firewalls and other security technologies, organizations can effectively protect many of their information resources by making them invisible to the outside world. But what if an employee working from home requires access to some of these resources? What if a consultant is hired who needs to do work on the internal corporate network from a remote location? In these cases, a virtual private network (VPN) is called for.A VPN allows a user who is outside of a corporate network to take a detour around the firewall and access the internal network from the outside. Through a combination of software and security measures, this lets an organization allow limited access to its networks while at the same time ensuring overall security.Physical SecurityAn organization can implement the best authentication scheme in the world, develop the best access control, and install firewalls and intrusion prevention, but its security cannot be complete without implementation of physical security. Physical security is the protection of the actual hardware and networking components that store and transmit information resources. To implement physical security, an organization must identify all of the vulnerable resources and take measures to ensure that these resources cannot be physically tampered with or stolen. These measures include the following.Locked doors: It may seem obvious, but all the security in the world is useless if an intruder can simply walk in and physically remove a computing device. High-value information assets should be secured in a location with limited access.Physical intrusion detection: High-value information assets should be monitored through the use of security cameras and other means to detect unauthorized access to the physical locations where they exist.Secured equipment: Devices should be locked down to prevent them from being stolen. One employee’s hard drive could contain all of your customer information, so it is essential that it be secured.Environmental monitoring: An organization’s servers and other high-value equipment should always be kept in a room that is monitored for temperature, humidity, and airflow. The risk of a server failure rises when these factors go out of a specified range.Employee training: One of the most common ways thieves steal corporate information is to steal employee laptops while employees are traveling. Employees should be trained to secure their equipment whenever they are away from the office.Security PoliciesBesides the technical controls listed above, organizations also need to implement security policies as a form of administrative control. In fact, these policies should really be a starting point in developing an overall security plan. A good information-security policy lays out the guidelines for employee use of the information resources of the company and provides the company recourse in the case that an employee violates a policy.According to the SANS Institute, a good policy is “a formal, brief, and high-level statement or plan that embraces an organization’s general beliefs, goals, objectives, and acceptable procedures for a specified subject area.” Policies require compliance; failure to comply with a policy will result in disciplinary action. A policy does not lay out the specific technical details, instead it focuses on the desired results. A security policy should be based on the guiding principles of confidentiality, integrity, and availability.[2]A good example of a security policy that many will be familiar with is a web use policy. A web use policy lays out the responsibilities of company employees as they use company resources to access the Internet. A good example of a web use policy is included in Harvard University’s “Computer Rules and Responsibilities” policy, which can be found here.A security policy should also address any governmental or industry regulations that apply to the organization. For example, if the organization is a university, it must be aware of the Family Educational Rights and Privacy Act (FERPA), which restricts who has access to student information. Health care organizations are obligated to follow several regulations, such as the Health Insurance Portability and Accountability Act (HIPAA).Sidebar: Mobile SecurityAs the use of mobile devices such as smartphones and tablets proliferates, organizations must be ready to address the unique security concerns that the use of these devices bring. One of the first questions an organization must consider is whether to allow mobile devices in the workplace at all. Many employees already have these devices, so the question becomes: Should we allow employees to bring their own devices and use them as part of their employment activities? Or should we provide the devices to our employees? Creating a BYOD (“Bring Your Own Device”) policy allows employees to integrate themselves more fully into their job and can bring higher employee satisfaction and productivity. In many cases, it may be virtually impossible to prevent employees from having their own smartphones or iPads in the workplace. If the organization provides the devices to its employees, it gains more control over use of the devices, but it also exposes itself to the possibility of an administrative (and costly) mess.Mobile devices can pose many unique security challenges to an organization. Probably one of the biggest concerns is theft of intellectual property. For an employee with malicious intent, it would be a very simple process to connect a mobile device either to a computer via the USB port, or wirelessly to the corporate network, and download confidential data. It would also be easy to secretly take a high-quality picture using a built-in camera.When an employee does have permission to access and save company data on his or her device, a different security threat emerges: that device now becomes a target for thieves. Theft of mobile devices (in this case, including laptops) is one of the primary methods that data thieves use.So what can be done to secure mobile devices? It will start with a good policy regarding their use. According to a 2013 SANS study, organizations should consider developing a mobile device policy that addresses the following issues: use of the camera, use of voice recording, application purchases, encryption at rest, Wi-Fi autoconnect settings, bluetooth settings, VPN use, password settings, lost or stolen device reporting, and backup. [3]Besides policies, there are several different tools that an organization can use to mitigate some of these risks. For example, if a device is stolen or lost, geolocation software can help the organization find it. In some cases, it may even make sense to install remote data-removal software, which will remove data from a device if it becomes a security risk.UsabilityWhen looking to secure information resources, organizations must balance the need for security with users’ need to effectively access and use these resources. If a system’s security measures make it difficult to use, then users will find ways around the security, which may make the system more vulnerable than it would have been without the security measures! Take, for example, password policies. If the organization requires an extremely long password with several special characters, an employee may resort to writing it down and putting it in a drawer since it will be impossible to memorize.