Category: The Observer

The Fullerton Observer is a “progressive” publication based in the City of Fullerton. It is edited and published by Sharon Kennedy. The Observer is often criticized for the subtle interweaving of editorial content within news coverage. It doesn’t cost anything so you get what you pay for.

Posted onAhmad Zahra

The Shana Charles Experience

by 27 Comments on The Shana Charles Experience
Wants healthy communities…

An alert Friend recently advised me to visit the web pages of the Fullerton Observer. There, according to this person, I could find an “open letter” written by our new councilwoman Shana Charles and addressed to Mayor Fred Jung.

Apparently Ms. Charles stood up and hauled herself out of the State of the City speech given by Jung and subsequently felt the need to share her reasons with the public. Maybe she thought nobody saw her leave, or cared.

Now going to the Fullerton Observer is not a task I undertake very willingly, but I was interested to see what sort of silly drama was taking place. Here’s a link to the aforementioned open letter.

Looking down from above…

The missive explains that she walked out of the lunch in protest of some sort of verbal mistreatment of Councilman Ahmad Zahra and follows with a recitation of all the wonderful things Zahra has done for District 5’s “underserved” folk, yadda, yadda, yadda, and reminds her readers that his brand is the only LGBTQ Muslim, and he deserves respect!

I get the vibe that that the whole stunt was pre-planned and that the dress rehearsal was probably staged in Zahra’s living room.

In any case, the preachy petulance shown by this woman is telling. She admonishes Jung to rise above his personal “vendetta,” obviously uninterested in publicly exploring her assertion and “urges” Jung to apologize to the poor, injured Zahra. “If you wish to continue as Mayor” she sternly intones, Jung must put aside his own interest, an ironic admonition given the ceaseless self-promotion performed by Zahra.

That’s not very good, is it?

I don’t why or how Ms. Charles got her schnoz all bent out of shape, or if she was even really offended at all; and it really doesn’t matter. The fact is that those who have followed the self-serving “public service” of the serial prevaricator Zahra know what sort of creature he is and will find it hard to imagine that he is even capable of being offended.

Read More
Posted onAbout Us

THE LIE MACHINE

by 15 Comments on THE LIE MACHINE
It’s all about the do-re-mi..

Narcissists lie. Their entire performative existence is all about self-aggrandizement and shoring up lack of real accomplishment by spinning constant yarns about their achievements and abilities. And so I present a clinical case: District 5 Councilman Ahmad Zahra.

The Fullerton Observer/Heathy Community Mafia Forum took place last week and Zahra found another occasion to keep spinning the same myriad lies that he has told so often he may actually have come to believe some of them.

Here are a few to chew on:

Lie #1: Zahra repeated his origin story that he’s lived in the District 5 for the last 21 years.

TRUTH: Zahra’s voter registration clearly shows he has only lived in the District for the last 16. The supposition being if you tell the lie often enough, even you begin to believe your own BS.

TRUTH: Zahra had the crutch of masking his Hispanic street cred in 2018 because he has his Hispanic partner who he opportunistically paraded in front of Hispanic District 5 residents. Without the benefit of his plus one to hide behind, he is now resorted to fabricating a deep understanding of complex issues. Parking issues? Ahmad created parking issues when he mysteriously voted to extend RV parking so nonoperational trailers and motorhomes highjacked streets in District 5. 

Lie #2: “I share many experiences of our residents from parking issues, to rent, to housing affordability.”

TRUTH: Zahra is just a typical limousine liberal without the limousine. Your political life is tied to patronizing, top-down government. You are an bald-faced opportunist trying to scam people with your “caring” not you accomplishments of which there aren’t any.

Lie #3: “We have a shelter with good services right here in Fullerton.”

TRUTH: Zahra sold residents on the Navigation Center, which was funded and built for Fullerton homeless. That shelter has only 3 beds dedicated to homeless right now and none of them are from Fullerton. Zahra has done nothing to help Fullerton homeless or the homeless situation in Fullerton. There is a huge encampment of homeless under the 91 freeway at Euclid that has been there for weeks on in and Zahra did nothing to get it cleaned up because he cares so much about homeless.

Lie #4: “We created a safe parking program for residents who are sleeping in their cars.”

TRUTH: The program cost over $150,000 and only a handful of cars participated in the safe parking program because of the security restrictions around it. It was by all accounts an unmitigated disaster and a giant waste of taxpayer money. But a year and a half after it was mercifully ended by the remaining members of the Council, Zahra appears at this forum taking false credit for its imaginary success.

Lie #5: “Making sure our housing element has affordable housing.”

TRUTH: Does Zahra mean the housing element that is so late in development and approval that the City of Fullerton under your watch Ahmad is getting sued over it? Zahra is taking credit for aiding in Fullerton again wasting taxpayer dollars on defending or being a plaintiff in another dumb lawsuit.

Lie #6: “I’ve been working on traffic safety since the beginning.”

TRUTH: The beginning of what? The beginning of your tumultuous and ineffective Council career? The beginning of time? Since the birth of Christ? Considering more people have died crossing Orangethorpe and Lemon during his four year term, perhaps he means beginning after this forum.

Lie #7: “I installed a crossing guard.”

TRUTH: Hold on Skippy! The Fullerton School District pays for and authorizes school crossing guards. It has nothing to do with the City of Fullerton and even less to do with Zahra. But he’ll take false credit for it. The morons who believe Zahra’s lies will believe anything nonsense he says. But others, smarter, will show their contempt for his paltry efforts at the polls.   

Lie #8: “We need to take pride in our parks and reclaim our parks.”

TRUTH: Is that right? Pride in Union Pacific Park in the heart of your district, Ahmad? The park that has remained closed for his entire Council tenure? The park that you tried to give away to a private event planner with no parking solutions, until the majority of Council stopped your terrible giveaway of public parkland.

Lie #9: “We need to increase staffing levels.”

TRUTH: Zahra sat idly by and supported the incompetent City Manager Ken Domer, who cut the Parks and Recreation staff to levels unseen in Fullerton’s history. Zahra supported the now former City Manager as he gutted the parks system and here you are taking credit for caring.

Lie #10: “On my two years on the water district, I was the person who advocated the most to create treatment plans.” 

TRUTH: No, Zahra received $4000 a month pay for play appointment via Jennifer Fitzgerald and Jan Flory to get appointed to the district; and his also submitted completely plagiarized water articles to the Fullerton Observer and falsely put his name in the byline, which FFFF exposed. During Zahra’s brief time on the Orange County Water District, he did not advocate for a treatment plant. But he did try (and failed miserably) to grab a leadership position on the water district Board of Directors – alienating the entire Board. 

Lie #11: Regarding parking issues in Fullerton, “I have been working with Community Development to not negatively impact neighborhoods.”

TRUTH: Zahra and his quitter Planning Commissioner appointee, Elizabeth Hansburg, have underparked every single development that they have approved. To add insult to injury, Zahra gave away street parking to homeless from other states to park their broken down RVs on neighborhood streets. Real champion of the people Ahmad.

Lie #12: Ahmad asserts himself as the reinvented fighter for weed enforcement. That somehow he is a pro-regulation candidate.

TRUTH: Zahra voted for a retail cannibas ordinance that a miniscule measurable buffer zone from homes and schools and has done nothing to get rid of illegal dispensaries, all or most of which are in his district (wonder why?). He keeps telling his gullible supporters that he fights the good fight when in reality he is in the pocket of the weed lobby.

Lie #13: “Driving food to people in my own car.”

TRUTH: Zahra had some community service to work off as part of his criminal plea deal. Zahra makes his court requirement a part of his hollow altruism brand. 

There are so many more lies. Ahmad lies so effortlessly, he is one thing for sure: a sociopath.

And one final observation that does not require a TRUTH rebuttal. Look at Zahra’s facial expressions each and every time the Spanish language translator interrupts him to translate his words to constituents in his community since he does not speak Spanish. Distain. Utter distain. What a hypocrite! He doesn’t care of his community. He cares about himself. 

Read More
Posted onAhmad Zahra

The Hypocrite

by 17 Comments on The Hypocrite

Zahra-Busted
The smoke signals were ominous…

So I’m watching the council meeting on Tuesday and at one point listened in disbelief as Ahmad Zahra lectured his colleagues about their unethical activity. I don’t know what he thought he could get people to believe was unethical, but that’s not the point.

The point is that this petulant, preening, prissy popinjay would have the nerve to refer to somebody else as unethical, is quite remarkable.

We have been following the career of Mr. Zahra on this blog and the only thing he seems to be any good at is self-promotion to the gullible – in the same sort of way Pam Keller used to before being exposed by FFFF in 2010

Well, okay, being a prima donna and a camera hound isn’t exactly unethical – just annoying. But then there was the instance we caught him publishing under his own name water articles in the incurious Fullerton Observer that were actually written by some Water District staffer. He even got former Councilwoman Jan Flory to promote his bona fides as a water expert (or something) under the cover of that lie. Zahra may think this plagiarism and prevarication are just the prerogative of an elected, but boy is he wrong.

Let’s not forget his convenient claim that he was a “fan” of settling the City’s vindictive, expensive and humiliating lawsuit against FFFF & Co. No, that’s a lie, too. Along with Quirk-Silva he dug in his heels because he wanted to avoid personal humiliation by Joshua Ferguson and FFFF. What the Hell. It wasn’t his money that was wasted in the huge settlement.

And then there’s the case of the Disappearing Battery and Vandalism Case, in which Zahra was tuned up by his own cops and charged by the District Attorney. The case vanished and Zahra made a public declamation of his alleged “exoneration.” But word soon leaked out that he wasn’t exonerated at all; but, rather that he pled guilty, did some sort of community service, and had his record expunged. What’s the truth? I’m not sure, but I know one thing: if the case against Zahra were truly dropped he would have shared some evidence of that.

No, Ahmad Zahra is not one to cast stones of aspersion about unethical behavior at anybody. His glass house won’t stand it. Spouting liberal clichés and pretending to care about anything except yourself will only work for so long. 2022 is an election year for Zahra. And if he thinks pouting and pontificating and drumming up Astroturf support at council meetings by women pretending they can’t speak English will keep him on the city council, he has another think coming.

Read More
Posted onAhmad Zahra

Housing Scam Averted

by 17 Comments on Housing Scam Averted

Here at FFFF we like to praise our City Council when they do something smart; when they don’t we smack them on the snout with a rolled-up copy of the yellowing Fullerton Observer.

Movin’ on up…

Well, Lo and Behold! On Tuesday, last, the Council voted 3-2 to shitcan a horrible scam cooked up by California’s houseocrats to reward developers and speculators by taking over market rate housing at The Aspect apartment project and control rents – for people who make between $102,000 and $123,000. Yes, you read that rightly, Friends. According to our experts, if you make more than that, by definition, your housing is “market rate.” The perniciousness of this scam cannot be overemphasized. A new term has been cooked up to describe these unfortunate six-figure po’ folks: the Missing Middle.

The way this scheme works is that the City cuts a deal with the California Statewide Community Development Authority – a perfectly opaque agency, to be sure. The CSCDA floats a bond, the proceeds of which will buy out the existing owner, rewards up-front the agents and speculators who put the rancid deal together; management will be left in the hands of other parasites who are in on the deal, too. Did I mention that the sale price may well exceed market appraisal? Well, why not?

A little luxury for the “workforce.”

The funniest part of this may have been the revelation that the complex has a 98% occupancy rate – an astounding number – people who can ALREADY afford to live there! And these good folks will be the recipients of the small lowering of rents – or be forced to move out if they don’t have a long-term lease..

A reasonable person may well wonder why ANY of this is necessary, and the answer from the government Wohnungen uber alles crowd will be so crammed with feel-good bullshit that you know right away it’s a scam.

One of the problems is that because the apartment project is now owned by the government the property owner (CSCDA) pays no property tax; in order to sweeten the deal on The Aspect, the promoters promised a “Host City Fee,” essentially an annual tribute to the City. Meanwhile other entities are just shit-out-of-luck.

The enormity of this nonsense is pretty significant; all one has to do is look to Anaheim – a pay to play town where the City has spent gargantuan amounts buying up big apartment projects and rewarding the lobbyists like Curt Pringle, who skim right off the top of this sort of crap.

Well, finally, back to council meeting. Councilmembers Whitaker, Dunlap and Jung were adamantly opposed to this, to their credit. Not surprisingly, Zahra and Quirk-Silva who petitioned to put this item on the agenda were all-in for it, babbling phrases like “outside the box” and “innovative thinking” and brushing aside concerns about unknown details full of devils.

Thanks to Jung, Dunlap and Whitaker, and of course shame on Zahra and Quirk-Silva who were very clearly in the pocket of whichever lobbyist was promoting this idiocy.

Read More
Posted onA Step in the Right Direction

The Dead Kennedys & Others

by 26 Comments on The Dead Kennedys & Others

Now that the City of Fullerton’s retaliatory lawsuit against FFFF bloggers Joshua Ferguson and David Curlee has finally done its inevitable Zeppelin Hindenburg act, some folks who promoted and nurtured the despicable assault on freedom are already trying to rewrite their participation.

Don’t get too close. They bite…

Kimberly Barlow, Esquiress of the lamentable law firm of Jones, Mayer and Gecko is saying she’s just “happy the City got its documents back” another disingenuous swipe at Ferguson and Curlee who never deprived Barlow of anything; her “happiness” is costing us $750,000, at least , but she forgot to tell the reporter this inconvenient fact.

Zahra-Busted
Why is this man smiling?

Ahmad Zahra the hapless, preening poseur, and insufferable boohoo gasbag is now claiming that he was a “fan” of settling this lawsuit, a statement completely unsupported by any fact as the City continued its legal harassment of FFFF.

The track record was poor…

Then there’s Sharon Kennedy, the (former, supposedly) proprietor of the Fullerton Observer. In a comment string at their blog, Kennedy is now denying her involvement defaming our bloggers and pretending that her involvement was strictly objective. Unfortunately for her, the facts suggesst a slimy collaboration with the City and Jones, Mayer and Gecko. Her “expert” who claimed that she hired him, produced an opinion that was a joint statement to the Observer and an official Declaration to the Court in the case. How that happened and who, if anybody remunerated this self-styled expert is unknown – so far, but it looks suspicious as all Hell. Commenters are questioning Kennedy, but she isn’t answering. And naturally, the expert conveniently backed up the long-since debunked statement of the City’s own “expert.”

Kennedy can claim innocence all she wants, but her track record of venom toward this blog and really toward anybody else whose honesty threatens the well-being of government employees is well-known, and the malice might be pretty easy to prove in court if anybody cared to hold her accountable.

Well, the rats can scurry off the SS Jones, Mayer and Gecko as quick as their little legs will hurry them along. But the facts are incontrovertible and somebody, and soon, is going to have to pay the proverbial piper – just like the taxpayers are going to have to pay for the horrible and intentional malice of City Hall and its lawyers.

 

 

Read More
Posted onAhmad Zahra

Zahra Cares As Long As Somebody Else Does the Work for Him

by 17 Comments on Zahra Cares As Long As Somebody Else Does the Work for Him

Zahra-Busted
Why is this man smiling?

I get quite a lot of pushback from people around town for picking on District 5 Council member Ahmad Zahra. Leaving out the partisan hacks, the biggest pushback I get is from people who, naively, genuinely believe that he puts in the work and cares about their interests. The single biggest issue of contention from these fine well meaning folk is Fullerton’s water. Constantly we hear about how much Zahra cares about the quality of our water. After all, his caring was the key reason people bemoaned his not being re-appointed to the Orange County Water District (OCWD).

The evidence of his caring most commonly referenced are usually the articles he wrote for the Fullerton Observer on water. Such as HERE and HERE and HERE.

But what if I told you that he only cares so long as somebody else is doing the heavy lifting and/or thinking for him?

The truth is that Ahmad Zahra, like many politicians, wants you to believe that he does the homework because he cares about you, while in reality he’s nothing more than a puppet.

Here are those three Fullerton Observer articles “by” Ahmad Zahra side-by-side with the original counterparts as written by a spokeshole for the OCWD:

Recently said spokeshole retired from OCWD which means you can expect the quality of Zahra’s “writing” to change as well.

Why do I care about this ghostwriting?

First of all it’s because he’s pretending that this is his work as evidenced by the “By Ahmad Zahra” byline over at Press Release Central, the Fullerton Observer.

Second, it’s because it shows who Zahra was really working for while over at OCWD. His job as Fullerton’s Representative at OCWD was to represent Fullerton’s interests – the interests of we residents – but somehow he decided that instead he would represent the interests of OCWD going so far as to pass off their PR as his own ideas and work.

Like most dishonest puppets in government he forgot the very role he promised the people he would do while chasing the gravy that was his $40k+/year stipend from OCWD.

I didn’t expect anything else from this peacocking faux-pontificator but many people around town took him seriously that he was serious and that’s why this matters.

The best defense for Zahra here is that he had somebody rewrite OCWD’s work just enough to not be straight up ghost-writing. Even he knew that he had to make the PR look a little less PR-ey to get passed the “eagle eyes” over at the Observer who only publish City Hall’s propaganda without question.

Perhaps one of the saddest things is people actually believe that Zahra isn’t your typical politician because he checked all the right boxes and said all the right things. He claims he is so different and he really cares, but at the end of the day, he’s just as much the same bought and paid for crony who needs a PR rep to write his own words for him.

Read More
Posted onBad Cops

The Fullerton Observer in a Nutshell

by 16 Comments on The Fullerton Observer in a Nutshell

Pravda
Fullerton Observer in their Native Russian

I don’t read the Fullerton Observer because I find little value in their brand of blasé government cheerleading masquerading as serious “local” journalism. However, that doesn’t mean that I can always escape their content, after all they were the rag-tag group of City Hall Sycophants who hired a consultant to help the city smear me and this very blog with ludicrous claims of “hacking”.

More recently however it was brought to my attention that they ran a story titled “Weighing the Costs of Police Officers on Campus” and it’s a good example of where the Observer fails at local journalism.

The piece is a pretty run of the mill “school to prison pipeline” story with Fullerton data dropped into what feels like a form letter. It’s got local numbers and some local meeting information but it does what the Observer often does and it just… misses. And it misses where it counts – locally.

To summarize, it’s about School Resource Officers – or Fullerton cops on campus – and what role they have and possibly shouldn’t have in student discipline. Seems like a good idea for a story, I’m probably even in agreement with the writer on quite a few things.

But how in the ever loving hell are you going to write a story about SROs in Fullerton schools and completely omit the story of former Fullerton Police Officer AND SRO Jose Paez?

Paez

That’s the dude who used his department issued Body Worn Camera (BWC) to film up a 17 year old’s skirt. He also, based on the audit of his own BWC, had sexually explicit material of students on his (maybe department issued?) cellphone. We’ve never been given an explanation of this issue or a reason to believe anything has changed at FPD to stop another Paez from perving on our children.

It’s literally the single biggest example of why SROs, locally, need oversight and to be questioned.

In case somebody at the Observer finds this story, Paez’s case is #19NM12214 over at OC Courts.

Paez Case Detail

See the issue?

An entire piece on School Resource Officers that omits the best LOCAL example of the complete lack of transparency and oversight in the very program being discussed.

It’s not a shock though. The Observer has long been unwilling to point real criticisms or questions in the direction of City Hall. For such a shocking story, that we broke mind you, they’ve only ever mentioned Paez precisely twice on their site; once to regurgitate the FPD press release and once to mention in passing that the Fullerton school board avoided the topic.

Hell, the Daily Titan has covered this story more than the Observer which speaks volumes.

People ask me quite often why I’m so critical of government and while there are a few answers to that question, one answer would certainly be because somebody has to be critical when the fourth estate is more interested in acting like the fifth column.

Read More
Posted onChris Norby

Should Cops Arrest People for Dining Based on One-Man Rule?

by 29 Comments on Should Cops Arrest People for Dining Based on One-Man Rule?

*The following is an editorial provided to Friends for Fullerton’s Future by Former CA Assemblyman and Fullerton resident Chris Norby.*

Observer Stasi

“City Allows Outdoor Dining in Defiance of State Health Order” blares the front page headline of the Fullerton Observer. The article bemoans the lack of police response in chasing off outdoor diners and closing local restaurants whose only crime is feeding people. Strange sentiments from a “progressive publication”?

California state government is a democracy whose powers are divided among the legislative, executive and judicial branches. The “Regional Stay-At-Home Order” referred to by the Observer is the arbitrary edict of one man –Gavin Newsom– that has not been passed by the legislature. The Fullerton Police Department should not enforce it. It should not shut down hundreds of local businesses and throw thousands out of work.

Emergency powers granted the Governor are of limited scope, when there’s no time for legislative action. This pandemic has been with us now for 10 months, yet none of his 58 emergency edicts have been approved by the legislature, which has had plenty of time to act. On December 8, L.A. County Superior Court Judge ruled against that county’s outdoor dining ban, as there was no “risk-benefit analysis” showing any connection with Covid-19 spread. Newsom himself doesn’t think so either, as his crowded unmasked dinner at the French Laundry showed.

There are many places in the world where the police enforce one-man rule. Does the Observer really want Fullerton to be one of them?

–Chris Norby  /  Fullerton

*This is being published without comment with the only change being to add a link to the mentioned Observer story for reference*

Read More
Posted onAhmad Zahra

Ahmad Zahra Avoids Transparency, Calls Cops Liars

by 29 Comments on Ahmad Zahra Avoids Transparency, Calls Cops Liars

Zahra-Busted

Jesse La Tour over at the Fullerton Observer saw our post and went and asked Ahmad Zahra for a response to the pending charges against him for battery and vandalism. Check out his response:

When asked for a statement from the Observer, Zahra wrote via e-mail, “I deny each and every allegation and am innocent of the charges. I am confident that the truth will come out and expect to be fully exonerated.”

Notice how he doesn’t bother to actually explain anything or offer any defense. This is a typical strategy for politicians who expect you to forget about something while they wheel and deal to make the charges against them disappear down the memoryhole.

The problem here is that this isn’t a he-said/she-said problem – this is an actual arrest by a Fullerton Police Officer and charges filed by the District Attorney.

For Zahra to be innocent of the charges it means that the arresting officer, one Officer Brayley, falsified a police report and the District Attorney filed false charges.

Zahra’s implied allegations are very serious from a sitting Fullerton City Council member and deserve to be investigated. Do we have rogue officers arresting innocent people in Fullerton? Is our District Attorney filing charges which contradict the truth?

We deserve to know.

In the words of Fullerton City Council member Ahmad Zahra himself, as captured by The Fullerton Rag:

“I want you to know that YOUR City, YOUR Chief and YOUR Police Department are committed to accountability, and transparency, and the highest safety standards.”

Let’s see some accountability. Let’s see some transparency. Let’s make sure our officers aren’t arresting innocent people and smearing members of our city. We call on Fullerton PD to release the body camera footage immediately.

Read More
Posted onFullerton City Council

Fullerton v FFFF – Expert Response

by 15 Comments on Fullerton v FFFF – Expert Response

You may have seen the City of Fullerton via their attorney Kim Barlow throwing around words like “thieves” and “hackers” in regards to the current litigation they initiated against us here at FFFF. You may have also seen the Fullerton Observer Pravda parroting their nonsense with their own “expert”.

In response we’ve decided to publish the bulk our tech expert’s declaration as submitted to the court for easy reading right here on the blog (CV, footnotes, et in link). We hope this helps clear up a lot of the BS being bandied around to baffle the masses by City Hall and their water carriers.

Please allow us to present the stellar work by John Bambenek.

John Bambenek

Enjoy:

I. INTRODUCTION

I, JOHN BAMBENEK, hereby declare as follows:

1. The facts stated in this Declaration are true and correct of my own personal knowledge, except for those matters expressly stated on information and belief, which matters I believe to be true. If called as a witness, I could and would competently testify thereto.

2. I am filing this declaration in support of the Defendants Friends for Fullerton’s Future, Joshua Ferguson, and David Curlee’s Opposition to OSC re Preliminary Injunction sought by the City of Fullerton (“City”).

3. I have reviewed the following pleadings and documents filed in this case:

  • Complaint for (1) Violation of Comprehensive Computer Data Access and Fraud Act (Cal. Pen. Code § 502 et seq.); (2) Violation of the Computer Fraud and Abuse Act (18 U.S.C. et seq.); (3) Violation of Cal. Gov’t Code § 6204 et seq; Conversion; Trespass to Chattels; and (6) Conspiracy (filed by the City on October 24, 2019);
  • Ex Parte Application for Temporary Restraining Order and Order to Show Cause as to why a Preliminary Injunction should not be issued; Memorandum of Points and Authorities (filed by the City on October 24, 2019);
  • Declaration of Matthew Strebe and attached exhibits (filed by the City on October 24, 2019);
  • Declaration of Mea Klein and attached exhibits (filed by the City on October 24, 2019);
  • Declaration of Steve Lee (filed by the City on October 24, 2019);
  • Declaration of Bruce Lindsay (filed by the City on October 24, 2019);
  • Opposition to Plaintiff’s Ex Parte Application for an Unconstitutional Prior Restraint (filed by Defendants on October 25, 2019);
  • Transcript of the October 25, 2019 Hearing on Plaintiff’s Ex Parte Application;
  • Supplemental Memorandum of Points and Authorities in Support of Plaintiff’s
  • Motion for Preliminary Injunction (filed by Defendants on November 1, 2019);
  • Supplemental Declaration of Matthew Strebe (filed by Defendants on November 1, 2019);
  • Supplemental Declaration of Mea Klein (filed by Defendants on November 1, 2019);
  • Declaration of Christopher Tennyson (filed by Defendants on November 1, 2019);
  • Declaration of Mike Rice (filed by Defendants on November 1, 2019);
  • Declaration of Marni Rice (filed by Defendants on November 1, 2019); and
  • Declaration of Ivy Tsai (filed by Defendants on November 1, 2019);

4. Based on my expertise and claims made in the declarations filed by the City (as set out in paragraph 3, above), I have reached the following conclusions:

  1. The City’s declarations do NOT substantiate any evidence of unauthorized access or “hacking” as those terms are typically defined;
  2. The use of a VPN or Tor is common among a wide variety of users, including journalists;
  3. The attribution of VPN traffic, Tor traffic, and other “foreign IP addresses” to Mr. Ferguson and Mr. Curlee is, at best, deeply flawed.

5. For purposes of this declaration and to aid the Court in its understanding of the issues presented in this case, I have created a Dropbox folder to simulate the underlying circumstances that gave rise to this case. I do not have any access to the documents that are at issue in this case, and do not have the ability to reconstruct the exact configuration or access the Dropbox account at issue since it has since been modified and is no longer available through its original link, www.cityoffullerton.com/outbox. However, my reconstruction is consistent with information provided by the City in its declarations and the websites and information associated with this case.

II. QUALIFICATIONS AND BACKGROUND

6. I am President of Bambenek Consulting, LTD, a cybersecurity investigation and intelligence firm in Champaign, Illinois. I have worked 20 years in cybersecurity and consult with a wide range of law enforcement entities both in the United States and abroad on matters related to cybercrime or hostile nation-state activity. A true and correct copy of my curriculum vitae is attached as Exhibit A, and is incorporated by reference herein as if set forth in full.

7. I have been an adjunct lecturer in the Department of Computer Science and the School of Information Sciences at the University of Illinois teaching courses on digital forensics and cybersecurity. I am additionally an instructor at Parkland College also teaching a course on networking.

8. I am a co-author and helped design a digital forensics curriculum with the Information Trust Institute at the University of Illinois that lead to the create of interdisciplinary CS and Law courses on digital forensics and investigation.

9. Additionally, I have advised and continue to advise individuals on privacy and how to protect their information and privacy against hostile governments, abusive ex-partners, and variety of threat groups that target typically disadvantaged individuals and groups. I recently spoke at a conference discussing mobile malware attacks attributed to the Chinese government against Uighur Muslims and Tibetans .

10. I have assisted in law enforcement investigations including cases involving the 2016 presidential election including activity that helped retrieve some documents stolen by the Russian Government from the Democratic Congressional Campaign Committee. Most recently, I was the expert witness in Obeidallah v. Anglin, 2:17-CS-00720 (S. D. Ohio) where I testified in matters related to cryptocurrency and financial assets in a civil litigation matter.

11. I additionally provide auditing and consulting for a variety of companies, including law firms, on data protection and obligations around data security to comply with regulation or privilege.

12. I speak at conferences all over the world on matters relating to cybercrime investigation and threat intelligence and how to attribute malicious activity to individuals using technical information and metadata.

III. ANALYSIS

A. The City’s Declarations Provide No Evidence of “Hacking” or Unauthorized Access.

13. Dropbox is a web-based, file sharing application that allows individuals or organizations to store documents for their own use, share them with specific e-mail addresses (accounts are tied to e-mail address in Dropbox), or to make them available globally, worldwide, and without any access control.

14. These settings are under the complete control of the owner of the files. In the web interface, there is a “share” button that allows file owners to either share their files or keep them confidential however they may see fit. For example, if a user wishes to share a file, via Dropbox, with their attorney for review, the user could send an email from the web interface to the attorney’s specific email address. Below is an example of a screenshot of the interface demonstrating this capability, which was created in a simulated folder created for this declaration:

15. Dropbox provides a variety of security settings and access limitations, which could expire a link at a given time, prevent downloads, and determine who has access. A screenshot of the possible access restrictions for the fictional folder used as an example in paragraph 9, is below:

16. It appears from the City’s declarations that the City set its folder permissions to intentionally allow anyone with the link can view it. When you select this level of access, Dropbox makes clear that “Anyone with this link can view the folder.” A screenshot of how this would appear to the creator of the folder or the administrator of the account appears below:

17. This means that the City created the URL (or internet address for the Dropbox account) and mere knowledge of that URL is sufficient for access. Anyone with knowledge of the URL would have access would only have to go to that website to find that the entire folder contents are available and visible, including any and all subfolders that are stored therein. An example of how that would appear to a user who enters the URL of an unrestricted Dropbox account appears below:

18. The City’s administrator for its Dropbox account could have also changed the global access restrictions so as to prevent information from being disclosed outside of various groups. An example of these global settings can be seen in this screenshot:

19. While explanations of the configuration of the City’s Dropbox security settings are notably absent from its declaration, there are no allegations in the City’s declarations that I have reviewed that even allege that there was any access or password restrictions on the City’s Dropbox account. This confirms that the set up I have described in the preceding paragraphs was the manner in which the City’s Dropbox account was configured and that anyone with knowledge of the URL could see and access the folders contained therein.

20. As the City set the configurations on its Dropbox account so anyone with the URL could access the folders, subfolders, (and by extension the content contained therein), they themselves made this information available to anyone, anywhere in the world to download at any time and for any reason.

21. Compounding these problems, the City then expressly changed its URL (or the address of its Dropbox) to www.cityoffullerton.com/outbox, making it appear that the Dropbox account was an ordinary part of the City’s website.

22. Accessing a typical Dropbox account would require someone to go to www.dropbox.com and enter their login credentials, including a user name/email address and a password. An example of this can be seen in the following screenshot:

23. However, the City’s Dropbox was intentionally changed from this routine configuration, leaving no conspicuous way for the average user to know that the webpage housing the files was anything other than the City’s website.

24. From my review of the City’s website, the City also uses this configuration for various other types of disclosable public records and information. For example, information about the City’s meetings, including agenda and minutes, is available through the City’s website, by going to www.cityoffullerton.com, then clicking on the “Government” link, then on the “City Clerk” link, and then on the “Meetings and Agendas” link. However, this directs the user to the City’s Granicus account, which is a software platform used to manage government meeting data, including the storage and public access of agendas, minutes, and recordings of public meetings. The City uses OpenGov, another cloud-based software program, to manage and provide public access to its financial data. This is available directly through the City’s website by searching for “budget” in the website’s search feature, and clicking on the first link “City Budget”, and then clicking on link “OpenGov,” where the City directs users for information. There is no statement by the City in contained in any of these links or on any of these webpages which provide “express authorization” as to which links or files can be accessed by the public because the presumption is that information on a City website is public.

25. I have also reviewed the emails and communications described in and attached to the City’s declarations, but found no reference to any use restriction or admonishment until the City’s July 2019 correspondence to Kelly Aviles advising that accessing the Dropbox account was no longer authorized. Nor are there even any “terms of use” on the Plaintiff’s website to indicate such a restriction, even though that would not necessarily be sufficient to notify visitors that information on a public agency’s website was not intended for public access.

26. In my professional capacity as someone who evaluates security configurations of organizations with privileged and confidential information, I would have rated such a setup at an extremely high risk and priority for immediate change. The use of Dropbox to share confidential information or privileged communications is simply an unacceptable risk. Its use in this way can accurately be assessed as gross negligence.

27. This is particularly problematic for certain uses that are bound to keep information confidential. For example, attorneys have a duty of confidentiality, requiring them to take reasonable steps to maintain client information. (See California Rules of Professional Conduct, Rule 1.6; Cal. Bus. & Prof. Code § 6068.) This set up would be insufficient to ensure that confidential information is maintained. (See, e.g., https://www.americanbar.org/groups/business_law/publications/ blt/2017/09/01_kohut/; http://www.abajournal.com/magazine/article/ethics_secure_ client_communications/?utm_source=maestro&utm_medium=email&utm_campaign=tech_monthly; https://www.calbar.ca.gov/Portals/0/documents/ethics/Opinions/2010-179-Interim-No-08-0002- PAW.pdf; https://www.sdcba.org/index.cfm?pg=Legal-Ethics-Opinion-2012-1.)

28. Similarly, Dropbox provides information on the appropriate use of its platform for HIPAA-related information, which requires specific configurations and access restrictions. It appears from Plaintiff’s declarations that the City failed to follow any of these steps to protect the information they stored on their Dropbox which they claim is confidential. In fact, the steps they did take removed what little security is typically available in a default configuration.

29. Typically, “hacking” refers to the use of some tool or technique that defeats defenses in a computer system. A password cracking program may try to guess the password for an account. A tool may attempt to exploit a vulnerability to get access to the underlying database of a website. Malware (or colloquially, a “computer virus”) may be installed on a victim machine to give access to information. There is no evidence that any tool, vulnerability, technique, or manipulation of a computer system occurred by the Defendants in this case, nor does the City allege that there was any such action.

30. In the terms of the Computer Fraud and Abuse Act and its related state statute, the specific formulation is “exceeding access” or “unauthorized access” of a protected computer system. In this case, the Defendant could not have exceeded or acquired unauthorized access. The computer system (Dropbox) gave Defendants and the public exactly the access that the City set in the first place.

That may have been a mistake on the City’s part, but the system worked exactly how it was designed with the exact settings it was given.

31. In light of the above and in the absence of other evidence not yet in the record, I conclude that the city had no technical restrictions on accessing the data so a computer system was not subverted to access the information. I further conclude there was no stated access restrictions, so no “administrative” access controls were subverted either.

B. VPN Use is Common and Appropriate

32. A VPN is an encryption-based technology to keep one’s network traffic secure.

33. The City and its “expert” appear to infer that its use demonstrates an ill intent or conscious of guilt. Use of a VPN says nothing about the propriety of the actions taken while using a VPN. There are a wide variety of use cases for this tool and like all tools, it can be used for good or for ill.

34. Journalists use VPNs. The Global Investigative Journalism Network recommends the use of VPNs for journalists . This is especially true for investigative journalists who are looking into government misconduct (like the kind uncovered and alleged by the journalist in this case). This is because governments often retaliate against those journalists and impose “personal costs” (such as losing one’s job) as a price for uncovering misconduct. Ironically, the City’s actions in retaliation for the reporting done by Defendants in this case is exactly the kind of case study for why this advice exists.

35. The FBI recommends that political campaigns use VPNs in light of election manipulation attempts, the Electronic Frontier Foundation produces a guide on personal VPNs designed for journalists, activists, LGBTQ persons, academic researchers, and others. A personal VPN might be used by a victim of a domestic abuses to make them harder to stalk.

36. A VPN is used often in business for secure access to corporate networks. A VPN can be used in academic to access University resources while remote. A VPN can be used to access video content, circumvent censorship, or to protect the confidentiality of someone who may be facing threats.

37. I, too, use several VPNs, one to access corporate files securely on untrusted networks, one to access campus resources provided for faculty and students only, and a personal VPN to watch “American” Netflix while overseas.

C. Attribution of VPN and Tor traffic is deeply flawed

38. There at no statements in Mr. Strebe’s declarations authenticating the logs attached as Exhibit A. The logs contain a table of information. The eighth column has no header but is populated with names from time to time (e.g. Tor, PureVPN, etc). There is no information about what this is, how it was gathered, or how it can be reproduced.

39. I created a Dropbox business account to compare the format of the logs that Dropbox itself generated. An example of what I saw in my experimental logs is below:

40. There appear to be key differences in the formats of the logs I obtained from the Dropbox account I created and the logs attached to Mr. Strebe’s declarations. For example, there is no corresponding column provided by Dropbox that maps to the 7th (“Region”) and 8th (untitled) columns in the logs attached as Exhibit A to Mr. Strebe’s original declaration. In Mr. Strebe’s supplemental declaration, the 8th untitled column is no longer included.

41. Also of note is that the logs I accessed from Dropbox using the account I created, unauthenticated users were logged, but only 1st and 2nd octet of the IP address were logged, the other half of the IP address was obscured (i.e. instead of seeing 12.24.36.48, what was produced shows 12.24.XXX.XXX).

42. While the City’s declarations do not state how the logs attached to Mr. Strebe’s declarations were generated, the discrepancies raise serious questions about the integrity and authentication of the logs attached to Mr. Strebe’s declarations, as they appear to have been manipulated or modified by the “expert,” compromising the integrity of the evidence.

43. Even presuming that these logs are authentic, and the information contained therein is accurate, there are serious flaws in the City’s analysis of what they purportedly show.

44. Several entries allege Mr. Ferguson’s account was logged into Dropbox and accessed city records purportedly from PureVPN (12/28/2017, 12/30/2017, and 3/29/2018 from Oslo and 10/26/2018, 10/27/2018, 10/30/2018, and 11/06/2018 from the Netherlands). There are no log entries produced by the City that indicate other occasions of Mr. Ferguson account accessing the City’s Dropbox. There are no logs at all indicating Mr. Curlee’s purported access.

45. Plaintiff then uses these brief occurrences to conclude that all access via PureVPN to Plaintiff’s Dropbox must be from Ferguson, Curlee, or their “unnamed associates.” (Strebe Dec., ¶ 40).

46. The City then reaches even farther to suggest all accesses via Tor must also be from the Defendants despite the complete and utter lack of evidence for that conclusion in their own exhibits. (See Strebe Dec., ¶ 60.)

47. The City and Mr. Strebe, undaunted by a complete lack of evidence and unhindered by any respect for appropriate investigative reasoning, then decide all access from foreign IPs otherwise unattributed must also be from the Defendants. (See Strebe Dec., ¶ 51.)

48. The only indication Plaintiff’s give for such reasoning is that some of the access attributed to Tor, PureVPN, or other “foreign” IP addresses was for documents responsive to records requests made by the Plaintiff that no one else would know. But this is a conclusion, not evidence. Nor is such a conclusion warranted based on the purported Dropbox logs.

49. PureVPN, according to Crunchbase has $15.7 million in revenue. Assuming that is correct, and based on the listed monthly cost of service (before discount) at $10.95/month , this would equate to approximately 120,000 PureVPN users. It defies credulity that Plaintiff could have eliminated all but 2 of those users from this activity.

50. According to the Tor Project, there are currently around 1.75 million active daily tor users . While there was at least some limited activity that Plaintiff could attribute to Defendant Ferguson via PureVPN, there is no activity over Tor that contains metadata implicating the Defendants.

51. The City and its “expert” stated there was a foreign access to Dropbox content on August 23, 2017. (See Strebe Dec., ¶ 37.) They argued this was “likely an authorized user” but provide absolutely no evidence for that conclusion. Who is the authorized user? How do they know its authorized? The ambiguity on that point stands in stark contrast to the certainty they express previously about all PureVPN, foreign VPN, and Tor traffic must be the Defendants.

52. Mr. Strebe also makes liberal use of printouts from a website myip.ms. This is not a forensically sound way to attribute IP addresses. There is no documentation as to how myip.ms works or where it gets its information, which makes it use questionable, at best.

IV. CONCLUSION

53. The evidence presented by the City in no way supports any allegation of “unauthorized access” or “exceeding access” of any computer system. The evidence shows that the City itself placed this information on the internet without access control allowing anyone full permission to download the content. The access logs, even if authenticated, do not substantiate, in the absence of other corroborating evidence, that all Tor, VPN, and foreign traffic belongs to the Defendants. Nor is Mr. Ferguson’s use of PureVPN a sufficient or even suggestive data point to implicate guilt.

I declare under penalty of perjury under the laws of the State of California that the foregoing is true and correct and that this declaration was executed on November 7, 2019, at Chula Vista, California.

Read More