Tag Archives: religious

[ISN] No, You Really Can’t

https://blogs.oracle.com/maryanndavidson/entry/no_you_really_can_t Mary Ann Davidson Blog By User701213-Oracle Aug 10, 2015 I have been doing a lot of writing recently. Some of my writing has been with my sister, with whom I write murder mysteries using the nom-de-plume Maddi Davidson. Recently, we’ve been working on short stories, developing a lot of fun new ideas for dispatching people (literarily speaking, though I think about practical applications occasionally when someone tailgates me). Writing mysteries is a lot more fun than the other type of writing I’ve been doing. Recently, I have seen a large-ish uptick in customers reverse engineering our code to attempt to find security vulnerabilities in it. This is why I’ve been writing a lot of letters to customers that start with “hi, howzit, aloha” but end with “please comply with your license agreement and stop reverse engineering our code, already.” I can understand that in a world where it seems almost every day someone else had a data breach and lost umpteen gazillion records to unnamed intruders who may have been working at the behest of a hostile nation-state, people want to go the extra mile to secure their systems. That said, you would think that before gearing up to run that extra mile, customers would already have ensured they’ve identified their critical systems, encrypted sensitive data, applied all relevant patches, be on a supported product release, use tools to ensure configurations are locked down – in short, the usual security hygiene – before they attempt to find zero day vulnerabilities in the products they are using. And in fact, there are a lot of data breaches that would be prevented by doing all that stuff, as unsexy as it is, instead of hyperventilating that the Big Bad Advanced Persistent Threat using a zero-day is out to get me! Whether you are running your own IT show or a cloud provider is running it for you, there are a host of good security practices that are well worth doing. Even if you want to have reasonable certainty that suppliers take reasonable care in how they build their products – and there is so much more to assurance than running a scanning tool – there are a lot of things a customer can do like, gosh, actually talking to suppliers about their assurance programs or checking certifications for products for which there are Good Housekeeping seals for (or “good code” seals) like Common Criteria certifications or FIPS-140 certifications. Most vendors – at least, most of the large-ish ones I know – have fairly robust assurance programs now (we know this because we all compare notes at conferences). That’s all well and good, is appropriate customer due diligence and stops well short of “hey, I think I will do the vendor’s job for him/her/it and look for problems in source code myself,” even though: A customer can’t analyze the code to see whether there is a control that prevents the attack the scanning tool is screaming about (which is most likely a false positive) A customer can’t produce a patch for the problem – only the vendor can do that A customer is almost certainly violating the license agreement by using a tool that does static analysis (which operates against source code) I should state at the outset that in some cases I think the customers doing reverse engineering are not always aware of what is happening because the actual work is being done by a consultant, who runs a tool that reverse engineers the code, gets a big fat printout, drops it on the customer, who then sends it to us. Now, I should note that we don’t just accept scan reports as “proof that there is a there, there,” in part because whether you are talking static or dynamic analysis, a scan report is not proof of an actual vulnerability. Often, they are not much more than a pile of steaming … FUD. (That is what I planned on saying all along: FUD.) This is why we require customers to log a service request for each alleged issue (not just hand us a report) and provide a proof of concept (which some tools can generate). If we determine as part of our analysis that scan results could only have come from reverse engineering (in at least one case, because the report said, cleverly enough, “static analysis of Oracle XXXXXX”), we send a letter to the sinning customer, and a different letter to the sinning consultant-acting-on-customer’s behalf – reminding them of the terms of the Oracle license agreement that preclude reverse engineering, So Please Stop It Already. (In legalese, of course. The Oracle license agreement has a provision such as: “Customer may not reverse engineer, disassemble, decompile, or otherwise attempt to derive the source code of the Programs…” which we quote in our missive to the customer.) Oh, and we require customers/consultants to destroy the results of such reverse engineering and confirm they have done so. Why am I bringing this up? The main reason is that, when I see a spike in X, I try to get ahead of it. I don’t want more rounds of “you broke the license agreement,” “no, we didn’t,” yes, you did,” “no, we didn’t.” I’d rather spend my time, and my team’s time, working on helping development improve our code than argue with people about where the license agreement lines are. Now is a good time to reiterate that I’m not beating people up over this merely because of the license agreement. More like, “I do not need you to analyze the code since we already do that, it’s our job to do that, we are pretty good at it, we can – unlike a third party or a tool – actually analyze the code to determine what’s happening and at any rate most of these tools have a close to 100% false positive rate so please do not waste our time on reporting little green men in our code.” I am not running away from our responsibilities to customers, merely trying to avoid a painful, annoying, and mutually-time wasting exercise. For this reason, I want to explain what Oracle’s purpose is in enforcing our license agreement (as it pertains to reverse engineering) and, in a reasonably precise yet hand-wavy way, explain “where the line is you can’t cross or you will get a strongly-worded letter from us.” Caveat: I am not a lawyer, even if I can use words like stare decisis in random conversations. (Except with my dog, because he only understands Hawaiian, not Latin.) Ergo, when in doubt, refer to your Oracle license agreement, which trumps anything I say herein! With that in mind, a few FAQ-ish explanations: Q. What is reverse engineering? A. Generally, our code is shipped in compiled (executable) form (yes, I know that some code is interpreted). Customers get code that runs, not the code “as written.” That is for multiple reasons such as users generally only need to run code, not understand how it all gets put together, and the fact that our source code is highly valuable intellectual property (which is why we have a lot of restrictions on who accesses it and protections around it). The Oracle license agreement limits what you can do with the as-shipped code and that limitation includes the fact that you aren’t allowed to de-compile, dis-assemble, de-obfuscate or otherwise try to get source code back from executable code. There are a few caveats around that prohibition but there isn’t an “out” for “unless you are looking for security vulnerabilities in which case, no problem-o, mon!” If you are trying to get the code in a different form from the way we shipped it to you – as in, the way we wrote it before we did something to it to get it in the form you are executing, you are probably reverse engineering. Don’t. Just – don’t. Q. What is Oracle’s policy in regards to the submission of security vulnerabilities (found by tools or not)? A. We require customers to open a service request (one per vulnerability) and provide a test case to verify that the alleged vulnerability is exploitable. The purpose of this policy is to try to weed out the very large number of inaccurate findings by security tools (false positives). Q. Why are you going after consultants the customer hired? The consultant didn’t sign the license agreement! A. The customer signed the Oracle license agreement, and the consultant hired by the customer is thus bound by the customer’s signed license agreement. Otherwise everyone would hire a consultant to say (legal terms follow) “Nanny, nanny boo boo, big bad consultant can do X even if the customer can’t!” Q. What does Oracle do if there is an actual security vulnerability? A. I almost hate to answer this question because I want to reiterate that customers Should Not and Must Not reverse engineer our code. However, if there is an actual security vulnerability, we will fix it. We may not like how it was found but we aren’t going to ignore a real problem – that would be a disservice to our customers. We will, however, fix it to protect all our customers, meaning everybody will get the fix at the same time. However, we will not give a customer reporting such an issue (that they found through reverse engineering) a special (one-off) patch for the problem. We will also not provide credit in any advisories we might issue. You can’t really expect us to say “thank you for breaking the license agreement.” Q. But the tools that decompile products are getting better and easier to use, so reverse engineering will be OK in the future, right? A. Ah, no. The point of our prohibition against reverse engineering is intellectual property protection, not “how can we cleverly prevent customers from finding security vulnerabilities – bwahahahaha – so we never have to fix them – bwahahahaha.” Customers are welcome to use tools that operate on executable code but that do not reverse engineer code. To that point, customers using a third party tool or service offering would be well-served by asking questions of the tool (or tool service) provider as to a) how their tool works and b) whether they perform reverse engineering to “do what they do.” An ounce of discussion is worth a pound of “no we didn’t,” “yes you did,” “didn’t,” “did” arguments. * Q. “But I hired a really cool code consultant/third party code scanner/whatever. Why won’t mean old Oracle accept my scan results and analyze all 400 pages of the scan report?” A. Hoo-boy. I think I have repeated this so much it should be a song chorus in a really annoying hip hop piece but here goes: Oracle runs static analysis tools ourselves (heck, we make them), many of these goldurn tools are ridiculously inaccurate (sometimes the false positive rate is 100% or close to it), running a tool is nothing, the ability to analyze results is everything, and so on and so forth. We put the burden on customers or their consultants to prove there is a There, There because otherwise, we waste a boatload of time analyzing – nothing** – when we could be spending those resources, say, fixing actual security vulnerabilities. Q. But one of the issues I found was an actual security vulnerability so that justifies reverse engineering, right? A. Sigh. At the risk of being repetitive, no, it doesn’t, just like you can’t break into a house because someone left a window or door unlocked. I’d like to tell you that we run every tool ever developed against every line of code we ever wrote, but that’s not true. We do require development teams (on premises, cloud and internal development organizations) to use security vulnerability-finding tools, we’ve had a significant uptick in tools usage over the last few years (our metrics show this) and we do track tools usage as part of Oracle Software Security Assurance program. We beat up – I mean, “require” – development teams to use tools because it is very much in our interests (and customers’ interests) to find and fix problems earlier rather than later. That said, no tool finds everything. No two tools find everything. We don’t claim to find everything. That fact still doesn’t justify a customer reverse engineering our code to attempt to find vulnerabilities, especially when the key to whether a suspected vulnerability is an actual vulnerability is the capability to analyze the actual source code, which – frankly – hardly any third party will be able to do, another reason not to accept random scan reports that resulted from reverse engineering at face value, as if we needed one. Q. Hey, I’ve got an idea, why not do a bug bounty? Pay third parties to find this stuff! A. Bug bounties are the new boy band (nicely alliterative, no?) Many companies are screaming, fainting, and throwing underwear at security researchers**** to find problems in their code and insisting that This Is The Way, Walk In It: if you are not doing bug bounties, your code isn’t secure. Ah, well, we find 87% of security vulnerabilities ourselves, security researchers find about 3% and the rest are found by customers. (Small digression: I was busting my buttons today when I found out that a well-known security researcher in a particular area of technology reported a bunch of alleged security issues to us except – we had already found all of them and we were already working on or had fixes. Woo hoo!) I am not dissing bug bounties, just noting that on a strictly economic basis, why would I throw a lot of money at 3% of the problem (and without learning lessons from what you find, it really is “whack a code mole”) when I could spend that money on better prevention like, oh, hiring another employee to do ethical hacking, who could develop a really good tool we use to automate finding certain types of issues, and so on. This is one of those “full immersion baptism” or “sprinkle water over the forehead” issues – we will allow for different religious traditions and do it OUR way – and others can do it THEIR way. Pax vobiscum. Q. If you don’t let customers reverse engineer code, they won’t buy anything else from you. A. I actually heard this from a customer. It was ironic because in order for them to buy more products from us (or use a cloud service offering), they’d have to sign – a license agreement! With the same terms that the customer had already admitted violating. “Honey, if you won’t let me cheat on you again, our marriage is through.” “Ah, er, you already violated the ‘forsaking all others’ part of the marriage vow so I think the marriage is already over.” The better discussion to have with a customer —and I always offer this — is for us to explain what we do to build assurance into our products, including how we use vulnerability finding tools. I want customers to have confidence in our products and services, not just drop a letter on them. Q. Surely the bad guys and some nations do reverse engineer Oracle’s code and don’t care about your licensing agreement, so why would you try to restrict the behavior of customers with good motives? A. Oracle’s license agreement exists to protect our intellectual property. “Good motives” – and given the errata of third party attempts to scan code the quotation marks are quite apropos – are not an acceptable excuse for violating an agreement willingly entered into. Any more than “but everybody else is cheating on his or her spouse” is an acceptable excuse for violating “forsaking all others” if you said it in front of witnesses. At this point, I think I am beating a dead – or should I say, decompiled – horse. We ask that customers not reverse engineer our code to find suspected security issues: we have source code, we run tools against the source code (as well as against executable code), it’s actually our job to do that, we don’t need or want a customer or random third party to reverse engineer our code to find security vulnerabilities. And last, but really first, the Oracle license agreement prohibits it. Please don’t go there. * I suspect at least part of the anger of customers in these back-and-forth discussions is because the customer had already paid a security consultant to do the work. They are angry with us for having been sold a bill of goods by their consultant (where the consultant broke the license agreement). ** The only analogy I can come up with is – my bookshelf. Someone convinced that I had a prurient interest in pornography could look at the titles on my bookshelf, conclude they are salacious, and demand an explanation from me as to why I have a collection of steamy books. For example (these are all real titles on my shelf): Thunder Below! (“whoo boy, must be hot stuff!”) Naked Economics (“nude Keynesians!”)*** Inferno (“even hotter stuff!”) At Dawn We Slept (“you must be exhausted from your, ah, nighttime activities…”) My response is that I don’t have to explain my book tastes or respond to baseless FUD. (If anybody is interested, the actual book subjects are, in order, 1) the exploits of WWII submarine skipper and Congressional Medal of Honor recipient CAPT Eugene Fluckey, USN 2) a book on economics 3) a book about the European theater in WWII and 4) the definitive work concerning the attack on Pearl Harbor. ) *** Absolutely not, I loathe Keynes. There are more extant dodos than actual Keynesian multipliers. Although “dodos” and “true believers in Keynesian multipliers” are interchangeable terms as far as I am concerned. **** I might be exaggerating here. But maybe not.




Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] FBI Warns of Fake Govt Sites, ISIS Defacements

http://krebsonsecurity.com/2015/04/fbi-warns-of-fake-govt-sites-isis-defacements/ By Brian Krebs Krebs on Security April 7, 2015 The Federal Bureau of Investigation (FBI) is warning that individuals sympathetic to the Islamic State of Iraq and al-Shams (ISIS) are mass-defacing Websites using known vulnerabilities in WordPress. The FBI also issued an alert advising that criminals are hosting fraudulent government Web sites in a bid to collect personal and financial information from unwitting Web searchers. According to the FBI, ISIS sympathizers are targeting WordPress Web sites and the communication platforms of news organizations, commercial entities, religious institutions, federal/state/local governments, foreign governments, and a variety of other domestic and international sites. The agency said the attackers are mainly exploiting known flaws in WordPress plug-ins for which security updates are already available. The public service announcement (PSA) coincides with a less public alert that the FBI released to its InfraGard members, a partnership between the FBI and private industry partners. That alert noted that several extremist hacking groups indicated they would participate in an operation dubbed #OpIsrael, which will target Israeli and Jewish Web sites to coincide with Holocaust Remembrance Day (Apr .15-16). “The FBI assesses members of at least two extremist hacking groups are currently recruiting participants for the second anniversary of the operation, which started on 7 April 2013, and coincides with Holocaust Remembrance Day,” the InfraGard alert notes. “These groups, typically located in the Middle East and North Africa, routinely conduct pro-extremist, anti-Israeli, and anti-Western cyber operations.” […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

Politically Correct way to say “Merry Christmas” (2015 Edition)

Please accept with no obligation, implied or implicit, my best wishes for an environmentally conscious, socially responsible, low-stress, non-addictive, gender-neutral celebration of the winter or in some locations summer solstice holiday, practiced within the most enjoyable traditions of the religious persuasion of your choice, or secular practices of your choice, with respect for the religious/secular persuasion and/or traditions of others, or their choice not to practice religious or secular traditions at all. I also wish you a fiscally successful, personally fulfilling and medically uncomplicated recognition of the onset of the generally accepted calendar year 2015, but not without due respect for the calendars of choice of other cultures whose contributions to society have helped make America great. Not to imply that America is necessarily greater than any other country nor the only America in the Western Hemisphere. Also, this wish is made without regard to the race, creed, color, age, physical ability, religious faith or sexual preference of the wishee.


Facebooktwittergoogle_plusredditpinterestlinkedinmail

Politically Correct Way to Say Merry Christmas (2014)

Please accept with no obligation, implied or implicit, my best wishes for an environmentally conscious, socially responsible, low-stress, non-addictive, gender-neutral celebration of the winter solstice holiday, practiced within the most enjoyable traditions of the religious persuasion of your choice, or secular practices of your choice, with respect for the religious/secular persuasion and/or traditions of others, or their choice not to practice religious or secular traditions at all. I also wish you a fiscally successful, personally fulfilling and medically uncomplicated recognition of the onset of the generally accepted calendar year 2014, but not without due respect for the calendars of choice of other cultures whose contributions to society have helped make America great. Not to imply that America is necessarily greater than any other country nor the only America in the Western Hemisphere. Also, this wish is made without regard to the race, creed, color, age, physical ability, religious faith or sexual preference of the wishee.


Facebooktwittergoogle_plusredditpinterestlinkedinmail

A Reminder of California’s Constitution – Spend 10 minutes to read it, its very eye opening.

Source: http://www.leginfo.ca.gov/.const/.article_1

CALIFORNIA CONSTITUTION
ARTICLE 1 DECLARATION OF RIGHTS

SECTION 1. All people are by nature free and independent and have
inalienable rights. Among these are enjoying and defending life and
liberty, acquiring, possessing, and protecting property, and pursuing
and obtaining safety, happiness, and privacy.

CALIFORNIA CONSTITUTION
ARTICLE 1 DECLARATION OF RIGHTS

SEC. 2. (a) Every person may freely speak, write and publish his or
her sentiments on all subjects, being responsible for the abuse of
this right. A law may not restrain or abridge liberty of speech or
press.
(b) A publisher, editor, reporter, or other person connected with
or employed upon a newspaper, magazine, or other periodical
publication, or by a press association or wire service, or any person
who has been so connected or employed, shall not be adjudged in
contempt by a judicial, legislative, or administrative body, or any
other body having the power to issue subpoenas, for refusing to
disclose the source of any information procured while so connected or
employed for publication in a newspaper, magazine or other
periodical publication, or for refusing to disclose any unpublished
information obtained or prepared in gathering, receiving or
processing of information for communication to the public.
Nor shall a radio or television news reporter or other person
connected with or employed by a radio or television station, or any
person who has been so connected or employed, be so adjudged in
contempt for refusing to disclose the source of any information
procured while so connected or employed for news or news commentary
purposes on radio or television, or for refusing to disclose any
unpublished information obtained or prepared in gathering, receiving
or processing of information for communication to the public.
As used in this subdivision, “unpublished information” includes
information not disseminated to the public by the person from whom
disclosure is sought, whether or not related information has been
disseminated and includes, but is not limited to, all notes,
outtakes, photographs, tapes or other data of whatever sort not
itself disseminated to the public through a medium of communication,
whether or not published information based upon or related to such
material has been disseminated.

CALIFORNIA CONSTITUTION
ARTICLE 1 DECLARATION OF RIGHTS

SEC. 3. (a) The people have the right to instruct their
representatives, petition government for redress of grievances, and
assemble freely to consult for the common good.
(b) (1) The people have the right of access to information
concerning the conduct of the people’s business, and, therefore, the
meetings of public bodies and the writings of public officials and
agencies shall be open to public scrutiny.
(2) A statute, court rule, or other authority, including those in
effect on the effective date of this subdivision, shall be broadly
construed if it furthers the people’s right of access, and narrowly
construed if it limits the right of access. A statute, court rule,
or other authority adopted after the effective date of this
subdivision that limits the right of access shall be adopted with
findings demonstrating the interest protected by the limitation and
the need for protecting that interest.
(3) Nothing in this subdivision supersedes or modifies the right
of privacy guaranteed by Section 1 or affects the construction of any
statute, court rule, or other authority to the extent that it
protects that right to privacy, including any statutory procedures
governing discovery or disclosure of information concerning the
official performance or professional qualifications of a peace
officer.
(4) Nothing in this subdivision supersedes or modifies any
provision of this Constitution, including the guarantees that a
person may not be deprived of life, liberty, or property without due
process of law, or denied equal protection of the laws, as provided
in Section 7.
(5) This subdivision does not repeal or nullify, expressly or by
implication, any constitutional or statutory exception to the right
of access to public records or meetings of public bodies that is in
effect on the effective date of this subdivision, including, but not
limited to, any statute protecting the confidentiality of law
enforcement and prosecution records.
(6) Nothing in this subdivision repeals, nullifies, supersedes, or
modifies protections for the confidentiality of proceedings and
records of the Legislature, the Members of the Legislature, and its
employees, committees, and caucuses provided by Section 7 of Article
IV, state law, or legislative rules adopted in furtherance of those
provisions; nor does it affect the scope of permitted discovery in
judicial or administrative proceedings regarding deliberations of the
Legislature, the Members of the Legislature, and its employees,
committees, and caucuses.

CALIFORNIA CONSTITUTION
ARTICLE 1 DECLARATION OF RIGHTS

SEC. 4. Free exercise and enjoyment of religion without
discrimination or preference are guaranteed. This liberty of
conscience does not excuse acts that are licentious or inconsistent
with the peace or safety of the State. The Legislature shall make no
law respecting an establishment of religion.
A person is not incompetent to be a witness or juror because of
his or her opinions on religious beliefs.

CALIFORNIA CONSTITUTION
ARTICLE 1 DECLARATION OF RIGHTS

SEC. 5. The military is subordinate to civil power. A standing
army may not be maintained in peacetime. Soldiers may not be
quartered in any house in wartime except as prescribed by law, or in
peacetime without the owner’s consent.

CALIFORNIA CONSTITUTION
ARTICLE 1 DECLARATION OF RIGHTS

SEC. 6. Slavery is prohibited. Involuntary servitude is prohibited
except to punish crime.

CALIFORNIA CONSTITUTION
ARTICLE 1 DECLARATION OF RIGHTS

SEC. 7. (a) A person may not be deprived of life, liberty, or
property without due process of law or denied equal protection of the
laws; provided, that nothing contained herein or elsewhere in this
Constitution imposes upon the State of California or any public
entity, board, or official any obligations or responsibilities which
exceed those imposed by the Equal Protection Clause of the 14th
Amendment to the United States Constitution with respect to the use
of pupil school assignment or pupil transportation. In enforcing
this subdivision or any other provision of this Constitution, no
court of this State may impose upon the State of California or any
public entity, board, or official any obligation or responsibility
with respect to the use of pupil school assignment or pupil
transportation, (1) except to remedy a specific violation by such
party that would also constitute a violation of the Equal Protection
Clause of the 14th Amendment to the United States Constitution, and
(2) unless a federal court would be permitted under federal
decisional law to impose that obligation or responsibility upon such
party to remedy the specific violation of the Equal Protection Clause
of the 14th Amendment of the United States Constitution.
Except as may be precluded by the Constitution of the United
States, every existing judgment, decree, writ, or other order of a
court of this State, whenever rendered, which includes provisions
regarding pupil school assignment or pupil transportation, or which
requires a plan including any such provisions shall, upon application
to a court having jurisdiction by any interested person, be modified
to conform to the provisions of this subdivision as amended, as
applied to the facts which exist at the time of such modification.
In all actions or proceedings arising under or seeking application
of the amendments to this subdivision proposed by the Legislature at
its 1979-80 Regular Session, all courts, wherein such actions or
proceedings are or may hereafter be pending, shall give such actions
or proceedings first precedence over all other civil actions therein.

Nothing herein shall prohibit the governing board of a school
district from voluntarily continuing or commencing a school
integration plan after the effective date of this subdivision as
amended.
In amending this subdivision, the Legislature and people of the
State of California find and declare that this amendment is necessary
to serve compelling public interests, including those of making the
most effective use of the limited financial resources now and
prospectively available to support public education, maximizing the
educational opportunities and protecting the health and safety of all
public school pupils, enhancing the ability of parents to
participate in the educational process, preserving harmony and
tranquility in this State and its public schools, preventing the
waste of scarce fuel resources, and protecting the environment.
(b) A citizen or class of citizens may not be granted privileges
or immunities not granted on the same terms to all citizens.
Privileges or immunities granted by the Legislature may be altered or
revoked.

CALIFORNIA CONSTITUTION
ARTICLE 1 DECLARATION OF RIGHTS

SEC. 7.5. Only marriage between a man and a woman is valid or
recognized in California.

CALIFORNIA CONSTITUTION
ARTICLE 1 DECLARATION OF RIGHTS

SEC. 8. A person may not be disqualified from entering or pursuing
a business, profession, vocation, or employment because of sex, race,
creed, color, or national or ethnic origin.

CALIFORNIA CONSTITUTION
ARTICLE 1 DECLARATION OF RIGHTS

SEC. 9. A bill of attainder, ex post facto law, or law impairing
the obligation of contracts may not be passed.

CALIFORNIA CONSTITUTION
ARTICLE 1 DECLARATION OF RIGHTS

SEC. 10. Witnesses may not be unreasonably detained. A person may
not be imprisoned in a civil action for debt or tort, or in peacetime
for a militia fine.

CALIFORNIA CONSTITUTION
ARTICLE 1 DECLARATION OF RIGHTS

SEC. 11. Habeas corpus may not be suspended unless required by
public safety in cases of rebellion or invasion.

CALIFORNIA CONSTITUTION
ARTICLE 1 DECLARATION OF RIGHTS

SEC. 12. A person shall be released on bail by sufficient sureties,
except for:
(a) Capital crimes when the facts are evident or the presumption
great;
(b) Felony offenses involving acts of violence on another person,
or felony sexual assault offenses on another person, when the facts
are evident or the presumption great and the court finds based upon
clear and convincing evidence that there is a substantial likelihood
the person’s release would result in great bodily harm to others; or
(c) Felony offenses when the facts are evident or the presumption
great and the court finds based on clear and convincing evidence that
the person has threatened another with great bodily harm and that
there is a substantial likelihood that the person would carry out the
threat if released.
Excessive bail may not be required. In fixing the amount of bail,
the court shall take into consideration the seriousness of the
offense charged, the previous criminal record of the defendant, and
the probability of his or her appearing at the trial or hearing of
the case.
A person may be released on his or her own recognizance in the
court’s discretion.

CALIFORNIA CONSTITUTION
ARTICLE 1 DECLARATION OF RIGHTS

SEC. 13. The right of the people to be secure in their persons,
houses, papers, and effects against unreasonable seizures and
searches may not be violated; and a warrant may not issue except on
probable cause, supported by oath or affirmation, particularly
describing the place to be searched and the persons and things to be
seized.

CALIFORNIA CONSTITUTION
ARTICLE 1 DECLARATION OF RIGHTS

SEC. 14. Felonies shall be prosecuted as provided by law, either by
indictment or, after examination and commitment by a magistrate, by
information.
A person charged with a felony by complaint subscribed under
penalty of perjury and on file in a court in the county where the
felony is triable shall be taken without unnecessary delay before a
magistrate of that court. The magistrate shall immediately give the
defendant a copy of the complaint, inform the defendant of the
defendant’s right to counsel, allow the defendant a reasonable time
to send for counsel, and on the defendant’s request read the
complaint to the defendant. On the defendant’s request the
magistrate shall require a peace officer to transmit within the
county where the court is located a message to counsel named by
defendant.
A person unable to understand English who is charged with a crime
has a right to an interpreter throughout the proceedings.

CALIFORNIA CONSTITUTION
ARTICLE 1 DECLARATION OF RIGHTS

SEC. 14.1. If a felony is prosecuted by indictment, there shall be
no postindictment preliminary hearing.

CALIFORNIA CONSTITUTION
ARTICLE 1 DECLARATION OF RIGHTS

SEC. 15. The defendant in a criminal cause has the right to a
speedy public trial, to compel attendance of witnesses in the
defendant’s behalf, to have the assistance of counsel for the
defendant’s defense, to be personally present with counsel, and to be
confronted with the witnesses against the defendant. The
Legislature may provide for the deposition of a witness in the
presence of the defendant and the defendant’s counsel.
Persons may not twice be put in jeopardy for the same offense, be
compelled in a criminal cause to be a witness against themselves, or
be deprived of life, liberty, or property without due process of law.

CALIFORNIA CONSTITUTION
ARTICLE 1 DECLARATION OF RIGHTS

SEC. 16. Trial by jury is an inviolate right and shall be secured
to all, but in a civil cause three-fourths of the jury may render a
verdict. A jury may be waived in a criminal cause by the consent of
both parties expressed in open court by the defendant and the
defendant’s counsel. In a civil cause a jury may be waived by the
consent of the parties expressed as prescribed by statute.
In civil causes the jury shall consist of 12 persons or a lesser
number agreed on by the parties in open court. In civil causes other
than causes within the appellate jurisdiction of the court of appeal
the Legislature may provide that the jury shall consist of eight
persons or a lesser number agreed on by the parties in open court.
In criminal actions in which a felony is charged, the jury shall
consist of 12 persons. In criminal actions in which a misdemeanor is
charged, the jury shall consist of 12 persons or a lesser number
agreed on by the parties in open court.

CALIFORNIA CONSTITUTION
ARTICLE 1 DECLARATION OF RIGHTS

SEC. 17. Cruel or unusual punishment may not be inflicted or
excessive fines imposed.

CALIFORNIA CONSTITUTION
ARTICLE 1 DECLARATION OF RIGHTS

SEC. 18. Treason against the State consists only in levying war
against it, adhering to its enemies, or giving them aid and comfort.
A person may not be convicted of treason except on the evidence of
two witnesses to the same overt act or by confession in open court.

CALIFORNIA CONSTITUTION
ARTICLE 1 DECLARATION OF RIGHTS

SEC. 19. (a) Private property may be taken or damaged for a public
use and only when just compensation, ascertained by a jury unless
waived, has first been paid to, or into court for, the owner. The
Legislature may provide for possession by the condemnor following
commencement of eminent domain proceedings upon deposit in court and
prompt release to the owner of money determined by the court to be
the probable amount of just compensation.
(b) The State and local governments are prohibited from acquiring
by eminent domain an owner-occupied residence for the purpose of
conveying it to a private person.
(c) Subdivision (b) of this section does not apply when State or
local government exercises the power of eminent domain for the
purpose of protecting public health and safety; preventing serious,
repeated criminal activity; responding to an emergency; or remedying
environmental contamination that poses a threat to public health and
safety.
(d) Subdivision (b) of this section does not apply when State or
local government exercises the power of eminent domain for the
purpose of acquiring private property for a public work or
improvement.
(e) For the purpose of this section:
1. “Conveyance” means a transfer of real property whether by sale,
lease, gift, franchise, or otherwise.
2. “Local government” means any city, including a charter city,
county, city and county, school district, special district,
authority, regional entity, redevelopment agency, or any other
political subdivision within the State.
3. “Owner-occupied residence” means real property that is improved
with a single-family residence such as a detached home, condominium,
or townhouse and that is the owner or owners’ principal place of
residence for at least one year prior to the State or local
government’s initial written offer to purchase the property.
Owner-occupied residence also includes a residential dwelling unit
attached to or detached from such a single-family residence which
provides complete independent living facilities for one or more
persons.
4. “Person” means any individual or association, or any business
entity, including, but not limited to, a partnership, corporation, or
limited liability company.
5. “Public work or improvement” means facilities or infrastructure
for the delivery of public services such as education, police, fire
protection, parks, recreation, emergency medical, public health,
libraries, flood protection, streets or highways, public transit,
railroad, airports and seaports; utility, common carrier or other
similar projects such as energy-related, communication-related,
water-related and wastewater-related facilities or infrastructure;
projects identified by a State or local government for recovery from
natural disasters; and private uses incidental to, or necessary for,
the public work or improvement.
6. “State” means the State of California and any of its agencies
or departments.

CALIFORNIA CONSTITUTION
ARTICLE 1 DECLARATION OF RIGHTS

SEC. 20. Noncitizens have the same property rights as citizens.

CALIFORNIA CONSTITUTION
ARTICLE 1 DECLARATION OF RIGHTS

SEC. 21. Property owned before marriage or acquired during marriage
by gift, will, or inheritance is separate property.

CALIFORNIA CONSTITUTION
ARTICLE 1 DECLARATION OF RIGHTS

SEC. 22. The right to vote or hold office may not be conditioned by
a property qualification.

CALIFORNIA CONSTITUTION
ARTICLE 1 DECLARATION OF RIGHTS

SEC. 23. One or more grand juries shall be drawn and summoned at
least once a year in each county.

CALIFORNIA CONSTITUTION
ARTICLE 1 DECLARATION OF RIGHTS

SEC. 24. Rights guaranteed by this Constitution are not dependent
on those guaranteed by the United States Constitution.
In criminal cases the rights of a defendant to equal protection of
the laws, to due process of law, to the assistance of counsel, to be
personally present with counsel, to a speedy and public trial, to
compel the attendance of witnesses, to confront the witnesses against
him or her, to be free from unreasonable searches and seizures, to
privacy, to not be compelled to be a witness against himself or
herself, to not be placed twice in jeopardy for the same offense, and
to not suffer the imposition of cruel or unusual punishment, shall
be construed by the courts of this State in a manner consistent with
the Constitution of the United States. This Constitution shall not
be construed by the courts to afford greater rights to criminal
defendants than those afforded by the Constitution of the United
States, nor shall it be construed to afford greater rights to minors
in juvenile proceedings on criminal causes than those afforded by the
Constitution of the United States.
This declaration of rights may not be construed to impair or deny
others retained by the people.

CALIFORNIA CONSTITUTION
ARTICLE 1 DECLARATION OF RIGHTS

Section 25. The people shall have the right to fish upon and from
the public lands of the State and in the waters thereof, excepting
upon lands set aside for fish hatcheries, and no land owned by the
State shall ever be sold or transferred without reserving in the
people the absolute right to fish thereupon; and no law shall ever be
passed making it a crime for the people to enter upon the public
lands within this State for the purpose of fishing in any water
containing fish that have been planted therein by the State;
provided, that the legislature may by statute, provide for the season
when and the conditions under which the different species of fish
may be taken.

CALIFORNIA CONSTITUTION
ARTICLE 1 DECLARATION OF RIGHTS

SEC. 26. The provisions of this Constitution are mandatory and
prohibitory, unless by express words they are declared to be
otherwise.

CALIFORNIA CONSTITUTION
ARTICLE 1 DECLARATION OF RIGHTS

SEC. 27. All statutes of this State in effect on February 17, 1972,
requiring, authorizing, imposing, or relating to the death penalty
are in full force and effect, subject to legislative amendment or
repeal by statute, initiative, or referendum.
The death penalty provided for under those statutes shall not be
deemed to be, or to constitute, the infliction of cruel or unusual
punishments within the meaning of Article 1, Section 6 nor shall such
punishment for such offenses be deemed to contravene any other
provision of this constitution.

CALIFORNIA CONSTITUTION
ARTICLE 1 DECLARATION OF RIGHTS

SEC. 28. (a) The People of the State of California find and declare
all of the following:
(1) Criminal activity has a serious impact on the citizens of
California. The rights of victims of crime and their families in
criminal prosecutions are a subject of grave statewide concern.
(2) Victims of crime are entitled to have the criminal justice
system view criminal acts as serious threats to the safety and
welfare of the people of California. The enactment of comprehensive
provisions and laws ensuring a bill of rights for victims of crime,
including safeguards in the criminal justice system fully protecting
those rights and ensuring that crime victims are treated with respect
and dignity, is a matter of high public importance. California’s
victims of crime are largely dependent upon the proper functioning of
government, upon the criminal justice system and upon the
expeditious enforcement of the rights of victims of crime described
herein, in order to protect the public safety and to secure justice
when the public safety has been compromised by criminal activity.
(3) The rights of victims pervade the criminal justice system.
These rights include personally held and enforceable rights described
in paragraphs (1) through (17) of subdivision (b).
(4) The rights of victims also include broader shared collective
rights that are held in common with all of the People of the State of
California and that are enforceable through the enactment of laws
and through good-faith efforts and actions of California’s elected,
appointed, and publicly employed officials. These rights encompass
the expectation shared with all of the people of California that
persons who commit felonious acts causing injury to innocent victims
will be appropriately and thoroughly investigated, appropriately
detained in custody, brought before the courts of California even if
arrested outside the State, tried by the courts in a timely manner,
sentenced, and sufficiently punished so that the public safety is
protected and encouraged as a goal of highest importance.
(5) Victims of crime have a collectively shared right to expect
that persons convicted of committing criminal acts are sufficiently
punished in both the manner and the length of the sentences imposed
by the courts of the State of California. This right includes the
right to expect that the punitive and deterrent effect of custodial
sentences imposed by the courts will not be undercut or diminished by
the granting of rights and privileges to prisoners that are not
required by any provision of the United States Constitution or by the
laws of this State to be granted to any person incarcerated in a
penal or other custodial facility in this State as a punishment or
correction for the commission of a crime.
(6) Victims of crime are entitled to finality in their criminal
cases. Lengthy appeals and other post-judgment proceedings that
challenge criminal convictions, frequent and difficult parole
hearings that threaten to release criminal offenders, and the ongoing
threat that the sentences of criminal wrongdoers will be reduced,
prolong the suffering of crime victims for many years after the
crimes themselves have been perpetrated. This prolonged suffering of
crime victims and their families must come to an end.
(7) Finally, the People find and declare that the right to public
safety extends to public and private primary, elementary, junior
high, and senior high school, and community college, California State
University, University of California, and private college and
university campuses, where students and staff have the right to be
safe and secure in their persons.
(8) To accomplish the goals it is necessary that the laws of
California relating to the criminal justice process be amended in
order to protect the legitimate rights of victims of crime.
(b) In order to preserve and protect a victim’s rights to justice
and due process, a victim shall be entitled to the following rights:

(1) To be treated with fairness and respect for his or her privacy
and dignity, and to be free from intimidation, harassment, and
abuse, throughout the criminal or juvenile justice process.
(2) To be reasonably protected from the defendant and persons
acting on behalf of the defendant.
(3) To have the safety of the victim and the victim’s family
considered in fixing the amount of bail and release conditions for
the defendant.
(4) To prevent the disclosure of confidential information or
records to the defendant, the defendant’s attorney, or any other
person acting on behalf of the defendant, which could be used to
locate or harass the victim or the victim’s family or which disclose
confidential communications made in the course of medical or
counseling treatment, or which are otherwise privileged or
confidential by law.
(5) To refuse an interview, deposition, or discovery request by
the defendant, the defendant’s attorney, or any other person acting
on behalf of the defendant, and to set reasonable conditions on the
conduct of any such interview to which the victim consents.
(6) To reasonable notice of and to reasonably confer with the
prosecuting agency, upon request, regarding, the arrest of the
defendant if known by the prosecutor, the charges filed, the
determination whether to extradite the defendant, and, upon request,
to be notified of and informed before any pretrial disposition of the
case.
(7) To reasonable notice of all public proceedings, including
delinquency proceedings, upon request, at which the defendant and the
prosecutor are entitled to be present and of all parole or other
post-conviction release proceedings, and to be present at all such
proceedings.
(8) To be heard, upon request, at any proceeding, including any
delinquency proceeding, involving a post-arrest release decision,
plea, sentencing, post-conviction release decision, or any proceeding
in which a right of the victim is at issue.
(9) To a speedy trial and a prompt and final conclusion of the
case and any related post-judgment proceedings.
(10) To provide information to a probation department official
conducting a pre-sentence investigation concerning the impact of the
offense on the victim and the victim’s family and any sentencing
recommendations before the sentencing of the defendant.
(11) To receive, upon request, the pre-sentence report when
available to the defendant, except for those portions made
confidential by law.
(12) To be informed, upon request, of the conviction, sentence,
place and time of incarceration, or other disposition of the
defendant, the scheduled release date of the defendant, and the
release of or the escape by the defendant from custody.
(13) To restitution.
(A) It is the unequivocal intention of the People of the State of
California that all persons who suffer losses as a result of criminal
activity shall have the right to seek and secure restitution from
the persons convicted of the crimes causing the losses they suffer.
(B) Restitution shall be ordered from the convicted wrongdoer in
every case, regardless of the sentence or disposition imposed, in
which a crime victim suffers a loss.
(C) All monetary payments, monies, and property collected from any
person who has been ordered to make restitution shall be first
applied to pay the amounts ordered as restitution to the victim.
(14) To the prompt return of property when no longer needed as
evidence.
(15) To be informed of all parole procedures, to participate in
the parole process, to provide information to the parole authority to
be considered before the parole of the offender, and to be notified,
upon request, of the parole or other release of the offender.
(16) To have the safety of the victim, the victim’s family, and
the general public considered before any parole or other
post-judgment release decision is made.
(17) To be informed of the rights enumerated in paragraphs (1)
through (16).
(c) (1) A victim, the retained attorney of a victim, a lawful
representative of the victim, or the prosecuting attorney upon
request of the victim, may enforce the rights enumerated in
subdivision (b) in any trial or appellate court with jurisdiction
over the case as a matter of right. The court shall act promptly on
such a request.
(2) This section does not create any cause of action for
compensation or damages against the State, any political subdivision
of the State, any officer, employee, or agent of the State or of any
of its political subdivisions, or any officer or employee of the
court.
(d) The granting of these rights to victims shall not be construed
to deny or disparage other rights possessed by victims. The court in
its discretion may extend the right to be heard at sentencing to any
person harmed by the defendant. The parole authority shall extend
the right to be heard at a parole hearing to any person harmed by the
offender.
(e) As used in this section, a “victim” is a person who suffers
direct or threatened physical, psychological, or financial harm as a
result of the commission or attempted commission of a crime or
delinquent act. The term “victim” also includes the person’s spouse,
parents, children, siblings, or guardian, and includes a lawful
representative of a crime victim who is deceased, a minor, or
physically or psychologically incapacitated. The term “victim” does
not include a person in custody for an offense, the accused, or a
person whom the court finds would not act in the best interests of a
minor victim.
(f) In addition to the enumerated rights provided in subdivision
(b) that are personally enforceable by victims as provided in
subdivision (c), victims of crime have additional rights that are
shared with all of the People of the State of California. These
collectively held rights include, but are not limited to, the
following:
(1) Right to Safe Schools. All students and staff of public
primary, elementary, junior high, and senior high schools, and
community colleges, colleges, and universities have the inalienable
right to attend campuses which are safe, secure and peaceful.
(2) Right to Truth-in-Evidence. Except as provided by statute
hereafter enacted by a two-thirds vote of the membership in each
house of the Legislature, relevant evidence shall not be excluded in
any criminal proceeding, including pretrial and postconviction
motions and hearings, or in any trial or hearing of a juvenile for a
criminal offense, whether heard in juvenile or adult court. Nothing
in this section shall affect any existing statutory rule of evidence
relating to privilege or hearsay, or Evidence Code Sections 352, 782
or 1103. Nothing in this section shall affect any existing statutory
or constitutional right of the press.
(3) Public Safety Bail. A person may be released on bail by
sufficient sureties, except for capital crimes when the facts are
evident or the presumption great. Excessive bail may not be required.
In setting, reducing or denying bail, the judge or magistrate shall
take into consideration the protection of the public, the safety of
the victim, the seriousness of the offense charged, the previous
criminal record of the defendant, and the probability of his or her
appearing at the trial or hearing of the case. Public safety and the
safety of the victim shall be the primary considerations.
A person may be released on his or her own recognizance in the
court’s discretion, subject to the same factors considered in setting
bail.
Before any person arrested for a serious felony may be released on
bail, a hearing may be held before the magistrate or judge, and the
prosecuting attorney and the victim shall be given notice and
reasonable opportunity to be heard on the matter.
When a judge or magistrate grants or denies bail or release on a
person’s own recognizance, the reasons for that decision shall be
stated in the record and included in the court’s minutes.
(4) Use of Prior Convictions. Any prior felony conviction of any
person in any criminal proceeding, whether adult or juvenile, shall
subsequently be used without limitation for purposes of impeachment
or enhancement of sentence in any criminal proceeding. When a prior
felony conviction is an element of any felony offense, it shall be
proven to the trier of fact in open court.
(5) Truth in Sentencing. Sentences that are individually imposed
upon convicted criminal wrongdoers based upon the facts and
circumstances surrounding their cases shall be carried out in
compliance with the courts’ sentencing orders, and shall not be
substantially diminished by early release policies intended to
alleviate overcrowding in custodial facilities. The legislative
branch shall ensure sufficient funding to adequately house inmates
for the full terms of their sentences, except for statutorily
authorized credits which reduce those sentences.
(6) Reform of the parole process. The current process for parole
hearings is excessive, especially in cases in which the defendant has
been convicted of murder. The parole hearing process must be
reformed for the benefit of crime victims.
(g) As used in this article, the term “serious felony” is any
crime defined in subdivision (c) of Section 1192.7 of the Penal Code,
or any successor statute.

CALIFORNIA CONSTITUTION
ARTICLE 1 DECLARATION OF RIGHTS

SEC. 29. In a criminal case, the people of the State of California
have the right to due process of law and to a speedy and public
trial.

CALIFORNIA CONSTITUTION
ARTICLE 1 DECLARATION OF RIGHTS

SEC. 30. (a) This Constitution shall not be construed by the courts
to prohibit the joining of criminal cases as prescribed by the
Legislature or by the people through the initiative process.
(b) In order to protect victims and witnesses in criminal cases,
hearsay evidence shall be admissible at preliminary hearings, as
prescribed by the Legislature or by the people through the initiative
process.
(c) In order to provide for fair and speedy trials, discovery in
criminal cases shall be reciprocal in nature, as prescribed by the
Legislature or by the people through the initiative process.

CALIFORNIA CONSTITUTION
ARTICLE 1 DECLARATION OF RIGHTS

SEC. 31. (a) The State shall not discriminate against, or grant
preferential treatment to, any individual or group on the basis of
race, sex, color, ethnicity, or national origin in the operation of
public employment, public education, or public contracting.
(b) This section shall apply only to action taken after the
section’s effective date.
(c) Nothing in this section shall be interpreted as prohibiting
bona fide qualifications based on sex which are reasonably necessary
to the normal operation of public employment, public education, or
public contracting.
(d) Nothing in this section shall be interpreted as invalidating
any court order or consent decree which is in force as of the
effective date of this section.
(e) Nothing in this section shall be interpreted as prohibiting
action which must be taken to establish or maintain eligibility for
any federal program, where ineligibility would result in a loss of
federal funds to the State.
(f) For the purposes of this section, “State” shall include, but
not necessarily be limited to, the State itself, any city, county,
city and county, public university system, including the University
of California, community college district, school district, special
district, or any other political subdivision or governmental
instrumentality of or within the State.
(g) The remedies available for violations of this section shall be
the same, regardless of the injured party’s race, sex, color,
ethnicity, or national origin, as are otherwise available for
violations of then-existing California antidiscrimination law.
(h) This section shall be self-executing. If any part or parts of
this section are found to be in conflict with federal law or the
United States Constitution, the section shall be implemented to the
maximum extent that federal law and the United States Constitution
permit. Any provision held invalid shall be severable from the
remaining portions of this section.

-=-=-= End

And that’s just Article I of California’s Constitution.


Facebooktwittergoogle_plusredditpinterestlinkedinmail

Politically Correct Way to Say Merry Christmas: 2012

Please accept with no obligation, implied or implicit, my best wishes for an environmentally conscious, socially responsible, low-stress, non-addictive, gender-neutral celebration of the winter solstice holiday, practiced within the most enjoyable traditions of the religious persuasion of your choice, or secular practices of your choice, with respect for the religious/secular persuasion and/or traditions of others, or their choice not to practice religious or secular traditions at all. I also wish you a fiscally successful, personally fulfilling and medically uncomplicated recognition of the onset of the generally accepted calendar year 2013, but not without due respect for the calendars of choice of other cultures whose contributions to society have helped make America great. Not to imply that America is necessarily greater than any other country nor the only America in the Western Hemisphere. Also, this wish is made without regard to the race, creed, color, age, physical ability, religious faith or sexual preference of the wishee.


Facebooktwittergoogle_plusredditpinterestlinkedinmail

Politically Correct Way to Say Merry Christmas

Please accept with no obligation, implied or implicit, my best wishes for an environmentally conscious, socially responsible, low-stress, non-addictive, gender-neutral celebration of the winter solstice holiday, practiced within the most enjoyable of the persuasion of your , or practices of your choice, w ith for the religious/ persuasion and/or traditions of others, or their choice not to practice religious or traditions at all. I also wish you a fiscally successful, personally fulfilling and medically uncomplicated of the onset of the generally accepted year 2012, but not without due respect for the calendars of choice of other cultures whose contributions to society have helped make America great. Not to imply that America is necessarily greater than any other country nor the only America in the Western Hemisphere. Also, this wish is made without regard to the race, creed, color, age, physical ability, religious or sexual of the wishee.


Facebooktwittergoogle_plusredditpinterestlinkedinmail

Politically Correct Way to Say Merry Christmas

Please accept with no obligation, implied or implicit, my best wishes for an environmentally conscious, socially responsible, low-stress, non-addictive, gender-neutral celebration of the winter solstice holiday, practiced within the most enjoyable traditions of the religious persuasion of your choice, or secular practices of your choice, w ith respect for the religious/secular persuasion and/or traditions of others, or their choice not to practice religious or secular traditions at all. I also wish you a fiscally successful, personally fulfilling and medically uncomplicated recognition of the onset of the generally accepted calendar year 2011, but not without due respect for the calendars of choice of other cultures whose contributions to society have helped make America great. Not to imply that America is necessarily greater than any other country nor the only America in the Western Hemisphere. Also, this wish is made without regard to the race, creed, color, age, physical ability, religious faith or sexual preference of the wishee.


Facebooktwittergoogle_plusredditpinterestlinkedinmail