Friday, August 29, 2025

CEH v13 - A Surprising Pass

I took and (surprisingly) passed the CEH v13 exam yesterday.

First, I want to thank and praise Northern Virginia Community College (NVCC) and its Workforce program for all the help it gave me in passing this exam. Professor Nick Pierce is one of my favorite Workforce professors. Ms. Pico is the awesome staff member who reaches out to students and keeps them on track with credentials, exam scheduling, and provides us with great course and time management outlines.

If you live in Virginia, love learning about technology, and want to make a career change, or just improve your knowledge, I highly recommend NVCC's Workforce program and their G3 grant.

The CEH course I took was a 5-day boot camp conducted by Professor Pierce via Zoom in early August of 2025. It runs from 9 a.m. until 5:30 p.m. Monday through Friday. It's both an instructor-led lecture and a hands-on VM labbing experience. It's an official EC-Council recognized course (for which you need to take the CEH exam if you do not have 2 years of job experience).

The tuition for the Workforce course covers an exam voucher and a retake, if needed. It also covers the official EC-Council CEH courseware - a 3,000+ page e-book and virtual labs for every module.

I'm going to warn you ahead of time that you should consider the 5-day bootcamp as your introduction to the course. You need to put twice as much effort into studying after the bootcamp as you did while taking the bootcamp. And it's rough and hard because Workforce requires you to attempt your first take of the exam within 2 weeks of successfully completing the course.

My Study Routine & Tips for Learning

Hands-On Labs: Don’t Skip Them

First, do as many of the labs as you can. I did not complete them all, but I did go back in after the course ended and completed many of the labs. Getting that hands-on feel for what you're learning conceptually will really help you to internalize and remember things.

Nmap. Learn it. Know the flags. I found this cool little Nmap learning tool while surfing Reddit: https://wordwall.net/teacher/21960721/marukatee. In addition to all the ones you learn from it, learn the Maimon flag too.

Study Habits That I Wish I Had Used

I believe the biggest 'misses' I had on the exam were the names of tools. Learn not only the main tools a section of the book teaches you, but also the names of alternative tools that do the same or similar things to the main tool they teach. I missed (I assume) multiple questions because all 4 choices were tool names (or fake tool names) that I had not seen before/ paid attention to beyond recognizing the main tool name the EC-Council introduced you to in the official courseware.

Let me give you an example of what to look out for when you're reading through the official book:

Screenshot from EC-Council, Certified Ethical Hacker (CEH v13) Official Courseware (Aspen/VitalSource, 2024), Module 18, p. 2832. Used under fair use for commentary and educational purposes.

This page is on Shodan, but in really small print at the bottom, I've highlighted additional tools they mention. PAY ATTENTION to these. Learn them too - at least insofar as they relate to or may be used in place of the main tool they are talking about. These are found throughout the textbook. Always be looking for them and take notes when you see them.

Study Habits That Worked for Me

After my initial go through of the book, I have 2 main ways of learning: video series and practice test questions. Because CEH v13 is relatively new, there was not a lot of material out for v13. I had trouble finding good practice exams/ questions to go over. I did find 2 good video series.

LinkedIn Learning has a good v13 video series by Omar Santos. And he's got an awesome-looking home lab setup, which you can do via VMs and containers. Here's a link to it.

I found another one on Percipio, though, that I preferred. And I preferred it because it had quizzes after each module and a final exam you could take, too. Here's a link to it.

The first source I used for practice questions, though, was the Sybex CEH v12 Study Guide; there is no Sybex v13 Study Guide out at this time, so I was stuck doing much of my practice exam using this older exam guide book. I generally like Sybex books because of their online tests they give you access to when you purchase the books. And for some aspects, this book was okay. But when it came to tools and tools that Pentesters are currently using, I think using this book hurt me a little. It's great for the concepts of the CEH exam itself; you just have to be wary of the tools they mention and make an effort to reconcile them with what's relevant for v13.

Some third-party question banks can be poorly worded. One I tried on Udemy didn’t match EC-Council’s style, so I dropped it quickly. If you use outside sources, pick carefully.

I did buy a practice set of exam questions from Udemy, but I was not happy with these and never got through the first set. The guy's wording was often so wonky and off that I felt his material was not a good representation of what I should expect on the actual exam. I think that part of exam learning/preparation is learning how the actual certification exam provider words and/ or articulates their questions. And this Udemy course, especially after completing the exam and now knowing for sure, was not good IMO.

Turning Wrong Answers Into Study Wins

I learn the most from the actual questions I get wrong. And I use ChatGPT and the official book to help me learn. I'm going to link a Google Doc that contains my prompt for a conversation with ChatGPT to help me learn and understand any questions I get wrong (and questions I got correct only because I guessed).

Here's an example of a Practice question from Percipio and the output I get from ChatGPT:

An innovative city traffic control system suddenly receives false reports of heavy traffic from multiple "sensors". As a result, traffic lights change their timing unnecessarily, causing congestion and confusion. Investigators have found that these false reports originate from multiple fake device identities controlled by a single attacker. Which attack is most likely happening here?

A. MitM

B. Sybil

C. Exploit

D. Ransomware

This one is a classic IoT/OT scenario 👇

✅ Correct Answer: Sybil attack

Why "Sybil" is Correct

In a Sybil attack, an adversary creates multiple fake identities or nodes in a network.
Those fake nodes send false data (here: fake traffic congestion reports).
Because the system trusts the number of inputs, the attacker can manipulate system behavior — in this case, traffic light timing.
This exactly matches the scenario: many fake sensors, one attacker controlling them.

Why the Other Options Are Wrong

MitM (Man-in-the-Middle) ❌
- Intercepts communication between two legitimate parties.
- Here, the attacker isn’t intercepting; they’re injecting false identities.
Exploit ❌
- General term for abusing a software vulnerability.
- The key here is fake multiple identities, not a single exploit.
Ransomware ❌
- Malicious encryption of files/systems demanding ransom.
- Not relevant here; the attacker isn’t encrypting or demanding payment.

Key Concepts

Sybil Attack: Multiple fake identities controlled by one attacker to manipulate reputation/voting/consensus systems.
IoT/Smart City Vulnerability: When systems trust quantity of sensors without strong authentication, Sybil attacks can overwhelm decision logic.
Real-world analogy: One person stuffing a ballot box with hundreds of fake votes.

Supplemental Flashcards (Self-Contained)

Q: What is a Sybil attack in IoT networks?
A: An attack where a single adversary creates multiple fake device identities to send false data and manipulate system behavior.

Q: How does a Man-in-the-Middle (MitM) attack differ from a Sybil attack?
A: MitM = intercepting and altering communications between two real parties. Sybil = creating many fake identities to inject false information.

Q: Why are IoT systems particularly vulnerable to Sybil attacks?
A: Many IoT devices use weak authentication, so attackers can easily impersonate many fake devices.

Q: What is a real-world consequence of a Sybil attack in smart city infrastructure?
A: Fake traffic or pollution sensors can cause incorrect traffic management or emergency response decisions.

Beware of Improper Study Materials

One trap you want to avoid while preparing for CEH is using shady or unauthorized test prep sources. Some websites and “question banks” floating around online are nothing more than braindumps — copies of actual test questions that were harvested and shared in violation of EC-Council’s policies.

Here’s why that’s a problem:

Ethical risk – CEH is literally built on ethics. Using stolen or unauthorized material undercuts the very certification you’re trying to earn.
Practical risk – These dumps are often outdated, wrong, or poorly copied. If you train yourself on bad questions, you’ll develop bad habits and may misread the real exam.
Career risk – If EC-Council or an employer suspects you used braindumps, that can follow you professionally.

When in doubt, check with a trusted source. I almost fell into this myself — Gemini suggested a resource that looked helpful, but a quick Reddit search raised red flags. I emailed my professor to be sure, and he recommended against it. That saved me from wasting time (and possibly creating problems later).

✅ Stick to trusted prep sources:

EC-Council’s official courseware and labs (Aspen/VitalSource).
Reputable publishers like Sybex or O’Reilly.
Recognized platforms like LinkedIn Learning or Percipio.
Professors, mentors, or certified peers who can sanity-check what you’re using.

⚠️ Bottom line: If something looks “too real” or too easy, it probably is. Don’t jeopardize your cert or your integrity with questionable study material.

Final Thoughts

Walking out of the exam center, I was honestly more relieved than confident. I knew I’d put in the work, but CEH v13 had more curveballs than I expected - especially around tool names and scenario-based questions. Seeing “Pass” pop up on the screen was a surprise I won’t forget anytime soon.

If you’re planning to take CEH, here’s my biggest advice:

Don’t rely on the bootcamp alone. Treat it as a starting point, not the finish line.
Practice the labs. Hands-on work cements the concepts better than reading.
Vet your study sources. Stick to official materials and trusted publishers, and avoid shady question banks.
Learn the tools and their cousins. Don’t just memorize tools like Dig - know the alternatives too.

Passing CEH is doable - even on the first attempt - but it takes discipline, focus, and the right study plan. Hopefully, sharing my experience helps you avoid some of the blind spots I hit along the way.

Good luck with your own CEH journey!

Thursday, April 17, 2025

Caught on Camera: The Legal Fault Line Beneath Virginia’s Speed Camera Programs

I received a speed camera ticket for a car I co-own—even though I wasn’t the one driving. That ticket was issued through an automated enforcement system run by a private company hired by the City of Harrisonburg. But the deeper I looked, the more I realized: the problem wasn’t just what happened to me. It was how the system is structured.

And under Virginia law, it might be unlawful.

Let me explain.

What the Law Actually Says

Virginia Code § 46.2-882.1 allows law-enforcement agencies to use speed cameras and to hire private vendors to support that process. But it doesn’t say that cities or counties can do so.

In Virginia, that distinction matters. It’s a Dillon Rule state, which means cities and counties only have the powers the General Assembly expressly gives them. If the legislature wanted to authorize municipalities to contract for photo enforcement, it could have—but it didn’t. Instead, the statute gives that power to law-enforcement agencies, which are not the same thing as the city or county itself.

Who Actually Signed These Contracts?

In Harrisonburg, it was the City, not the Police Department, that signed the contract with Altumint. This isn’t unique—municipalities like Arlington, Albemarle, and Prince William have done the same.

But here’s the catch: police departments in Virginia generally don’t have independent legal authority to enter contracts. They’re part of the city structure. So if the statute gives power to the agency, but that agency can’t contract—and the city wasn’t granted authority—then who had the legal right to act at all?

That’s the legal gap moving to the center of this fight.

Vendors Acting Like Courts

The statute also outlines how to rebut a citation. If you weren’t the driver, you can submit a sworn affidavit to the clerk of the general district court. But cities like Harrisonburg tell drivers to send those affidavits to the vendor—Altumint in Pennsylvania or Verra in Arizona.

These companies then decide whether your affidavit is “good enough” to avoid a hearing. That makes them the gatekeepers of your right to contest a ticket, even though they’re not part of the court system—and they have a financial interest in keeping the process moving.

That’s not due process. That’s privatized adjudication.

The Certified Question Before the Court

Because of these structural problems, I’ve asked the federal court to certify the following question to the Virginia Supreme Court:

Whether, under Virginia Code § 46.2-882.1(H), a city or county may lawfully enter into a contract with a private vendor to operate a photo speed enforcement program when the statute authorizes such contracts only by a “law-enforcement agency,” and such agency lacks independent legal capacity to contract.

This isn’t just about my case. There’s no appellate guidance on this. If courts decide these contracts are unlawful, the entire system built on them could be, too.

What’s at Stake

If the contracts are unauthorized, then:

Tickets issued under them may be void.
Vendors may have operated without legal authority.
Money collected could be subject to refund.
Drivers denied a hearing due to vendor discretion could raise due process violations.

This Fight Isn’t Just About Me

I didn’t file this lawsuit to dodge a fine. I filed it because the rules matter. Cities shouldn’t bypass the legislature. Vendors shouldn’t decide whether you get your day in court. And enforcement systems shouldn’t be built on shaky legal foundations.

That’s why I asked the courts to get clarity from Virginia’s highest court. Because if no one has the authority to sign these contracts, then we shouldn’t be issuing tickets based on them.

Read the Motion Summary

If you’d like to see a non-technical breakdown of the legal motion currently before the court, here it is:

Summary of Plaintiff's Motion to Certify a Question of State Law

Proposed Question to the Virginia Supreme Court:

Whether, under Virginia Code § 46.2-882.1(H), a city or county may lawfully enter into a contract with a private vendor to operate a photo speed enforcement program when the statute authorizes such contracts only by a “law-enforcement agency,” and such agency lacks independent legal capacity to contract.

Why It Matters:

Virginia law limits municipal power under the Dillon Rule—cities can only act when the legislature explicitly says they can.
The statute gives contracting authority only to law-enforcement agencies, not to localities themselves.
Most police departments can’t sign contracts independently, and cities weren’t granted this power under the statute.

Additional Concerns:

Vendors are receiving and reviewing sworn affidavits that the law says must go to a court clerk.
This delegates a judicial function to private companies with a financial stake—raising serious due process concerns.
The statute is fully workable without expanding its scope: sheriffs’ departments, which are independent, could serve this role lawfully.

Requested Relief:

That the court certify the question to the Virginia Supreme Court.
That the court stay proceedings until a definitive ruling is issued.

The Virginia Supreme Court hasn’t weighed in yet. But they should. Because no one—not a city council, not a vendor—gets to rewrite the rules of justice.

[Link to full motion coming soon.]

Wednesday, April 2, 2025

A Cautionary Tale With LRCC's Cybersecurity Program

Spring 2025 - My Frustrating Experience with LRCC’s Cybersecurity Program: An Administrative Letdown

As a cybersecurity student at Laurel Ridge Community College (LRCC), I've maintained a 4.0 GPA and fulfilled nearly all requirements for my associate's degree. However, I'm writing today out of sheer frustration—frustration caused not by academic difficulty, but by administrative oversight and poorly managed course scheduling at LRCC.

The Missing Link

I was just two courses away from completing my associate's degree: ITN 270, a core prerequisite class that must be taken before ITN 298, my capstone. After careful planning, I expected this class would be offered this summer, allowing me to smoothly transition into my bachelor's program at Western Governors University (WGU). Unfortunately, LRCC decided not to offer ITN 270 this summer, despite it being a mandatory requirement.

I checked the entire Virginia Community College System (VCCS)—including Northern Virginia Community College (NVCC)—and found that not a single institution was offering ITN 270 this summer. This isn't merely inconvenient; it's a complete systemic failure affecting students' ability to graduate on time.

Poor Advisement and Communication

Throughout my time at LRCC, advisement and administrative guidance have been significantly lacking. Had the school made it clear from the beginning that ITN 270 would not be available during the summer, I could have adjusted my plans accordingly. Instead, I've been blindsided by inadequate communication and advisement that failed to foresee and prevent this situation.

Credit Transfer Disappointments

My frustration doesn’t end with course scheduling. Even more disappointing was seeing how little of my recent coursework from LRCC transferred to WGU. Despite completing nearly an entire associate’s degree in cybersecurity with a 4.0 GPA, only two LRCC courses were accepted into WGU’s cybersecurity program. In stark contrast, an AAS in Automotive Technology from 30 years ago at NVCC and just a few CompTIA CE courses were far more impactful on my WGU transfer evaluation (I transfered 60 credits to WGU - of those 60, only 6 credits came from LRCC's cybersecurity curriculum). That raises a serious question: What value do LRCC’s cybersecurity courses really hold if they’re not recognized by reputable out-of-state institutions like WGU? This is supposed to be an accredited cybersecurity program—so why is much of it ignored in the transfer process?

The reality is simple: LRCC’s cybersecurity classes are structured more like vocational workforce training than academic equivalents, and without a completed degree or recognized certifications to back them up, WGU doesn’t many of them. It’s not just a transfer issue—it’s a reflection of how little value these courses carry beyond LRCC without a degree completion.

Why This Matters

This isn’t merely personal frustration—it’s a matter of accountability in higher education. LRCC’s lack of foresight in course scheduling and inadequate advisement directly impacted my academic timeline, financial planning, and sense of progress. But beyond that, this experience raises a deeper concern: how much real value does LRCC’s cybersecurity program actually provide if its courses aren’t even recognized by major accredited universities like WGU? When students invest their time and money into an accredited program, they expect it to hold academic weight—not just locally, but nationally. If that isn’t happening, something is fundamentally broken.

Moving Forward

I've already transferred my credits to WGU and will be moving forward with my bachelor's degree there. While I’m disappointed not to finish my associate’s at LRCC, the bigger lesson here is clear: institutions must do better in communicating with students, planning their course offerings, and managing credit transfers fairly and effectively.

I want to acknowledge that the majority of the instructors at LRCC were excellent. Their classes were engaging and informative, and they clearly cared about student success. My final semester here, Spring 2025, all 4 of my professors were great. Unfortunately, all of my cybersecurity professors efforts were overshadowed by structural issues and a curriculum that, in the end, did not translate into recognized academic progress beyond LRCC. The fault, not theirs, but rather the administration above them and my own.

I hope my experience prompts meaningful reflection and change at LRCC. Future students deserve better. Until then, my advice to prospective cybersecurity students is clear: think twice about LRCC’s cybersecurity program if you’re aiming for a transferable degree. If you're seeking a path toward a bachelor’s degree, you’ll likely get more cyber transfer credit—and more value—out of earning a few recognized industry certifications like the ones I took at NVCC. Don’t waste your time chasing a credential that won’t move with you.

In retrospect, if i knew then what I know now, I'd have asked better questions of my faculty advisor in regards to critical class availability. Unfortunately, the Course Catalog is not always accurate. I've seen many instances in the catalog where it says a class is only available in the 'Spring'. Yet, it will be available in the Summer too (and sometimes even in the Fall - despite the warning in the catalog on limited availability). Such is the case for the class I needed. Although it says it's only offered in the spring, Linux ITN 270 is being offered this fall - 2025; just not this summer like I needed. This lack of communication about class availabilities is an administrative communication issue.

The cyber associate degree itself is not without value. But it works and transfers better as a completed degree. If I had know I would leave LRCC without completing the associates degree, I would have stuck with NOVA's Continuing Education program and gathered even more certifications than I did (I managed to complete 3 CompTIA certifications from NVCC while simultaneously enrolled full time at LRCC). The certifications transfer better to a college that counts them for cyber course credit and/or experience credit. In addition to CompTIA's A+, Network+, and Security+ I could have completed CEH, Linux+ or RHCSA, and CISSP. And, without the constraints of the dual enrollment requiring all my time, I would have had them done now too.

Saturday, February 8, 2025

CIA USAID Impact

How Eliminating USAID Harms U.S. Intelligence Operations

In a controversial move, former President Donald Trump has taken steps to dismantle the United States Agency for International Development (USAID), a decision that could have serious repercussions beyond foreign aid. While USAID is widely recognized for providing humanitarian assistance and supporting global development, it also plays a crucial, albeit indirect, role in U.S. intelligence operations, particularly those conducted by the Central Intelligence Agency (CIA).

For decades, USAID has served as a gateway for intelligence collection and influence operations in foreign nations. Although the CIA is legally restricted from using certain organizations, such as the Peace Corps, as a front for intelligence gathering, USAID operates in a more ambiguous space. The agency's vast network of programs provides the CIA with opportunities to operate in remote and politically unstable regions without raising suspicion. Intelligence officers have historically used USAID-backed projects as a cover for gathering information, developing local contacts, and even conducting clandestine operations.

By eliminating USAID, the Trump administration risks depriving U.S. intelligence agencies of a critical tool for both soft power and covert activities. Without USAID-backed initiatives, intelligence officers would have fewer ways to access regions where traditional diplomatic or military presence is either impractical or unwelcome. This could significantly hinder the CIA’s ability to monitor potential threats, including terrorist organizations and hostile foreign actors.

Additionally, dissolving USAID could inadvertently pressure intelligence agencies to explore alternative cover organizations, which could have dangerous implications. The CIA has maintained a strict policy against infiltrating the Peace Corps due to ethical concerns and the risk of putting humanitarian workers in jeopardy. Without USAID, there is concern that intelligence agencies might be forced to lean on other humanitarian organizations for operational cover, potentially endangering their missions and credibility.

The broader impact of USAID’s elimination extends beyond intelligence concerns. As one of the key arms of American soft power, USAID not only provides assistance to developing nations but also fosters goodwill toward the U.S. among foreign populations. Losing this tool could diminish American influence abroad, creating power vacuums that adversaries such as China and Russia could exploit.

Ultimately, dismantling USAID is not just an issue of cutting foreign aid; it represents a significant shift in how the U.S. projects power and gathers intelligence abroad. The long-term consequences could leave both American diplomats and intelligence officers with fewer resources to navigate an increasingly complex global landscape.

This article explores the potential consequences of eliminating USAID, particularly its impact on U.S. intelligence operations. While the role of USAID in supporting American foreign policy is well-documented, some connections discussed here involve informed speculation based on historical cases and geopolitical analysis. The views expressed are for discussion purposes and do not represent classified or insider knowledge.

Sunday, January 26, 2025

LRCC Spring 2025 Professors First Impressions

Quick First Impressions on Instructors - Spring 2025

This is just a quick first impressions post on professors for this semester. Not in any order:

Professor Rebecca Smith-Terry: my second time having her. Highly recommend taking any class she teaches. She's on top of things, runs the assignments herself to verify things work in the lab, and is always a quick responder to emails.

Dr. George Efi Agbor: my second time with him. He's slightly different in his teaching approach - he seems to favor papers and discussions. He takes his time making quizzes that require you to think. So far the quizzes have been open book. But you must pay attention to the question. I would have no problem taking another class from him.

Professor Matthew Hansel: my first time with him. I think he's on par with my favorite professor (Dr. El Gbouri). Professor Hansel has gone above and beyond in helping students in a subject I really didn't want to take (Python Cybersecurity). He makes it bearable and he's willing to adjust his schedule to help students out.

Professor Jason Pell: my first time with him as a professor. Initial impressions are that he's engaging and also reviews the online material for accuracy. His fairly quick in responding and engages with the class throughout the week. So far I recommend this professor.

UPDATE 5/7/2025:

Just wanted to update saying this was an overall good semester with great professors. My initial impressions proved accurate.

I think Dr. Efi Gabor's Discussion Board questions were some of the best I've seen during my academic journey so far at LRCC. I wish some of the other students had chosen to engage more with the questions, but overall a great job by Dr. Efi Agbor.

Professor Pell's class was fun learning about digital forensics and getting our feet wet on the topic and I liked how a lot of his weekly lessons started off with a video showing digital forensics in action. Also, a lot of his assignments required verbatim answers from the book - something I prefer.

Python class - the bane of existence for all non-programmers. And yet, Professor Hansel made it bearable and do-able. Kudos to him and the extra time he took out of his teacher availability time in the evening to conduct Zoom meetings going over how to get everything done.

Professor Smith-Terry is one of the most efficient professors I've had. One of the best things I liked about her teaching method was she got things graded quickly and responded fast to emails. I find that really helpful if I'm struggling on something - quick feedback is nice.

Saturday, January 4, 2025

Beat An Automated Speed Camera Ticket In Virginia

How to Beat An Automated Speed Camera Ticket In Virginia: A Guide to Exploiting the Summons Defect

Disclaimer

I am not a lawyer, and this is not legal advice. The information here is based on how I argued my own ticket. Always research your situation and consult an attorney if you need legal assistance.

1. Understand the Issue

Automated speed camera tickets often rely on a process that includes mailing you a summons. However, in some cases, the instructions on these summonses violate Virginia law by directing you to send affidavits rebutting the ticket to a third-party vendor instead of the Clerk of the General District Court. This defect is significant because Virginia Code § 46.2-882.1 mandates that affidavits must be filed directly with the Clerk.

This misstep is not a minor error—it’s a fatal flaw that can make the summons legally invalid from the moment it’s issued. If the summons is defective, the court cannot hear the case, and you can request dismissal.

2. Check Your Summons for Errors

Carefully examine the summons you received. Pay special attention to the back or the instructions section.
Look for any language that tells you to send your affidavit to a third-party vendor (such as Conduet or Altumint) rather than directly to the Clerk of the General District Court. Sometimes the summons will actually say the name of the City you are in and use the physical address of the third-party vendor. Either way is incorrect.
Highlight or make a note of the problematic language, as this will form the foundation of your argument. (E.g. Falls Church, VA at the time of this writing instruct its citizens to mail the affidavit to Violation Processing Center in Tempe, AZ – which is obviously not the Clerk of the General District Court.)

3. Prepare for Your Court Hearing

Bring Evidence: Bring a copy of your summons to court, clearly marking the section where it misdirects affidavits to a vendor. This will serve as your primary piece of evidence.
Know the Law: Familiarize yourself with the relevant parts of Virginia Code § 46.2-882.1:

Part E: Requires affidavits to be filed with the Clerk.
Part G: Specifies that summons instructions must comply with Part E.

Practice Your Argument: Be prepared to explain why the error in the summons invalidates it and deprives the court of jurisdiction.

4. Bring Up the Summons Defect in Court

Your defense relies on demonstrating that the summons package is defective because it violates Virginia law. Specifically, the summons misdirects affidavits to a third-party vendor instead of the Clerk of the General District Court, as required by Part E of the statute. This is not just a minor issue—it is a fundamental flaw that invalidates the summons and deprives the court of authority to proceed. Here’s how to present your case:

A. Show the Defect in the Summons

Identify the Error:

Look at the summons mailing, particularly the instructions (usually on the back or in accompanying materials).
Point out that the summons directs affidavits to a third-party vendor, such as Altumint or a Violation Processing Center, instead of to the Clerk of the General District Court.

Explain Why This is a Problem:

Virginia law (Part E) requires affidavits to be filed directly with the Clerk of the General District Court. By misdirecting affidavits, the summons violates this statutory requirement and fundamentally misinforms defendants of their legal obligations.

B. Cite the Law

Virginia Code § 46.2-882.1(E):

Quote the section requiring affidavits to be filed with the Clerk:

“Such presumption shall be rebutted if the owner… files an affidavit by regular mail with the clerk of the general district court…”

Emphasize that the summons violates this mandate by instructing defendants to file affidavits elsewhere.

Virginia Code § 46.2-882.1(G):

Reference the additional requirement that summons instructions comply with Part E:

“Every such mailing shall include… instructions for filing such affidavit, including the address to which the affidavit is to be sent.”

Argue that the summons package fails to meet this requirement because the instructions do not align with Part E.

C. Argue Why the Defect is Fatal

The Summons Violates Statutory Mandates:

The defect arises from the summons itself, which directly violates Part E by misdirecting affidavits.
This failure renders the summons invalid and prevents the court from obtaining jurisdiction.

Part G Amplifies the Failure:

Part G strengthens your argument because it explicitly ties the summons’ instructions to Part E. The instructions’ failure to comply with Part E highlights a deeper, systemic issue.

Impact on Defendants’ Rights:

Denial of Proper Affidavit Filing: The summons misleads defendants into sending affidavits to the wrong entity, depriving them of their statutory right to rebut the presumption.
Loss of Judicial Oversight: Misdirected affidavits bypass judicial review, undermining the fairness of the process.
Confusion and Barriers: Many defendants may not realize the error, leaving them unable to properly contest the ticket.

5. Be Clear and Confident

Stay on Point: Focus on the defective summons. You do not need to argue about whether you were speeding or whether you can rebut the presumption of guilt. The defective summons is enough to request dismissal.
Use Simple Language: Avoid overcomplicating your argument. Explain the issue clearly and rely on the plain language of the statute to support your position.

6. Request Dismissal

At the end of your argument, formally ask the court to dismiss the ticket due to the defective summons. State that because the summons fails to meet statutory requirements, it is void from the outset and cannot be enforced.

Final Thoughts

Challenging an automated speed camera ticket can feel daunting, but understanding your rights and identifying errors in the process can give you a strong defense. The law is on your side when procedural rules are not followed, but it’s important to act decisively and prepare effectively.

That said, this argument is only valid until the language on the summons is corrected. If the issuing authority updates their summons to comply with the statutory requirements, this specific defense may no longer apply. Therefore, if you’re pursuing this argument, it’s critical to check your summons carefully to ensure the defect still exists.

Additionally, be cautious of prosecuting attorneys who might incorrectly cite Part H of Virginia Code § 46.2-882.1. Part H permits the outsourcing of administrative functions by "law enforcement", such as the installation and operation of speed cameras or the handling of fines. However, affidavit review and processing are judicial functions under Part E of the statute. These responsibilities must remain under the oversight of the Clerk of the General District Court, as mandated by law. Law enforcement is not part of the judicial branch of government; they are part of the Executive branch of government. The statutes permissions for outsourcing administrative function only allows executive branch delegations. Be ready to highlight this distinction if the prosecution raises Part H as a defense for their summons process. If needed, cite Article I, Section 5 of the Virginia Constitution. This is the provision that mandates separation of powers (it means one branch of government cannot take the power or authority of another branch of government without express authorization by statute).

By staying informed and vigilant, you can ensure that your rights are respected and that any procedural defects are properly addressed in court.

DO NOT GO BELOW THIS TEXT UNLESS YOU HAVE A STRONG STOMACH FOR LEGALESE

MEMORANDUM

RE: Statutory and Constitutional Defects in Virginia Speed Camera Summonses

I. INTRODUCTION

This memorandum analyzes fundamental statutory and constitutional defects in speed camera summonses issued pursuant to Virginia Code § 46.2-882.1. Specifically, summonses that misdirect affidavit filing by either naming private vendors directly or naming municipalities while providing vendor processing addresses (rather than directing filing to the clerk of court) violate explicit statutory requirements and constitutional principles of separation of powers. For example, some localities direct affidavits to private vendors explicitly, while others (like Harrisonburg) name the City but provide Altumint's Pennsylvania processing center address - both approaches violate statutory requirements for court clerk filing. These violations render such summonses void ab initio and may subject municipalities to disgorgement of improperly collected fines.

II. LEGAL FRAMEWORK

A. Statutory Requirements

Virginia Code § 46.2-882.1 establishes specific procedural requirements for speed camera enforcement:

Section (E) explicitly requires that rebuttal affidavits be "filed by regular mail with the clerk of the general district court."
Section (G) mandates that summonses include "instructions for filing such affidavit, including the address to which the affidavit is to be sent."
Section (H) permits law enforcement agencies to delegate certain administrative functions to private vendors but does not authorize delegation of judicial functions.

B. Constitutional Principles

Article I, Section 5 of the Virginia Constitution establishes separation of powers between branches of government and prohibits one branch from exercising powers properly belonging to another.
The Dillon Rule limits municipal authority to powers explicitly granted by the General Assembly or necessarily implied therefrom. Winchester v. Redmond, 93 Va. 711 (1896).

III. ANALYSIS

A. Statutory Violations

Direct Violation of § 46.2-882.1(E)
- Summonses directing affidavit filing to private vendors directly contravene the statutory requirement for filing "with the clerk of the general district court."
- For example, the City of Harrisonburg's summonses direct affidavits to be sent to Altumint's processing center in Pennsylvania rather than the Harrisonburg-Rockingham General District Court clerk.
- This violation is not a mere technical defect but undermines a core procedural safeguard designed to maintain judicial oversight.
Non-Compliance with § 46.2-882.1(G)
- Summonses fail to provide legally correct filing instructions as required by statute.
- The erroneous instructions actively misdirect defendants from proper judicial channels.
- The statute's requirement for correct filing instructions is mandatory, not directory.
Misapplication of § 46.2-882.1(H)
- Section (H) specifically permits "law enforcement" - an executive branch function - to delegate certain administrative tasks to private vendors.
- Law enforcement agencies, as part of the executive branch, cannot delegate judicial branch functions.
- The clerk of court's affidavit processing duties are judicial branch functions that fall outside the scope of Section (H)'s delegation authority.
- Affidavit processing involves judicial determinations such as:
  - Assessing sufficiency of affidavits
  - Maintaining official court records
  - Preserving chain of custody for evidence
  - Ensuring proper service and filing

B. Constitutional Violations

Separation of Powers
- Delegation of judicial functions to private vendors violates Article I, Section 5 of the Virginia Constitution.
- The executive branch (municipalities and law enforcement) cannot assume or delegate judicial branch responsibilities.
- Current practices improperly merge executive and judicial functions by allowing executive branch entities to process court filings.
- No statutory provision explicitly authorizes this transfer of judicial power to the executive branch or private vendors.
Dillon Rule Violation
- No statutory provision authorizes municipalities to redirect court filings to private vendors.
- Such delegation exceeds municipal authority under the Dillon Rule.
- The General Assembly's silence on delegation of judicial functions cannot be interpreted as implicit authorization - indeed, under the Dillon Rule, silence must be interpreted as a prohibition.
- This is particularly true where, as here, the proposed municipal authority would cross constitutional separation of powers boundaries.
- Section H's explicit grant of authority to "law enforcement" to delegate administrative functions reinforces that no such authority exists for judicial functions - expressio unius est exclusio alterius.
- Municipality contracts with private vendors cannot create authority not granted by statute, especially authority that would violate constitutional separation of powers.

C. Legal Consequences

Void Ab Initio
- Summonses containing incorrect filing instructions are void from inception, not merely voidable.
- As held in Board of Supervisors v. Conn, 206 Va. 822, 826 (1966), actions exceeding statutory authority are void ab initio.
- Each summons directing affidavits to private vendors is independently void.
- No subsequent action can cure this fundamental defect.
Jurisdictional Impact
- Void summonses fail to establish court jurisdiction.
- Cases proceeding on defective summonses must be dismissed.
- Courts cannot acquire jurisdiction through defective process.
- Jurisdictional defects may be raised at any time.
Potential Remedy: Disgorgement
- Fines collected through void summonses were obtained without legal authority.
- Municipalities may be required to disgorge improperly collected funds.
- The void ab initio doctrine suggests all actions taken under defective summonses are nullities.
- Class action relief may be appropriate for systemic violations.

IV. CONCLUSIONS AND RECOMMENDATIONS

Immediate Actions
- Challenge jurisdiction in pending cases based on void summonses
- Seek dismissal of cases initiated through defective process
- Preserve records of improper collections for potential disgorgement
- Document all instances of misdirected affidavits
Systemic Reforms Required
- Municipalities must revise summonses to direct affidavit filing to court clerks
- Private vendor contracts require modification to respect separation of powers
- Clear procedures needed for proper handling of judicial functions
- Training required for proper implementation
Long-term Considerations
- Legislative clarification may be needed
- Municipal procedures require comprehensive review
- Interagency coordination protocols should be established
- Constitutional compliance mechanisms must be implemented

V. SUPPORTING AUTHORITY

Statutory Authority
- Va. Code § 46.2-882.1
- Va. Const. Art. I, § 5
Case Law
- Board of Supervisors v. Conn, 206 Va. 822 (1966)
- Winchester v. Redmond, 93 Va. 711 (1896)
- Commonwealth v. County Board of Arlington County, 217 Va. 558 (1977)
Constitutional Principles
- Separation of Powers
- Dillon Rule
- Municipal Authority Limitations

This analysis reveals fundamental defects in current speed camera enforcement practices that render summonses void ab initio and require systemic reforms to achieve statutory compliance while respecting constitutional separation of powers.

Friday, December 6, 2024

LRCC ITE221 Review

ITE 221 PC Hardware and Operating Systems/ Dr. Leach Review

Edited December 10, 2024.

This Fall 2024, I enrolled in ITE 221 PC Hardware and Operating Systems at Laurel Ridge Community College, taught by Dr. Josephine Leach. This post reflects my personal experience with the class.

Outdated Course Material

The course relies on a textbook that, while comprehensive in its time, is now over eight years old. Originally copyrighted in the 1990s, some of its content no longer reflects current systems or trends in IT. While certain fundamentals remain relevant, a more updated resource would better prepare students for the rapidly evolving field of technology.

Course Management Issues

Several administrative issues impacted the overall experience:

Midterm Exam Error: The midterm exam provided was intended for a different class. Correcting this mistake required multiple student emails, as the professor initially insisted there was no error.
Final Exam Posting Delay: The final exam was not posted until late in the final week of the course, leaving students with limited time to prepare.
Confusing Instructions: The professor described the final as “open” without clarifying whether this meant open-book. Additionally, the exam was gated behind Respondus Lockdown Browser, making it impossible to use the e-book provided with the course. Edit 12/8/24: Dr. Leach, through an email reply, has indicated that the final is open book/ open notes, but could not explain how we are to use the eBook behind the LockDown browser. She indicated the LockDown browser is to keep people from using Google to get the answers.
No Study Guide: The absence of a study guide for the final exam was particularly frustrating. Instructors often provide such resources to help students focus their review and perform well. Without a study guide, students were left guessing which topics were most relevant to the exam. Edit 12/8/24: Dr. Leach has indicated through an email reply that the Final Exam is on the chapters only that came after the midterm exam. She also indicated that all exam questions are pooled from the quizzes from each chapter. This is certainly helpful information but, as of writing these edits, Dr. Leach has not posted this information to the class. It was only obtained in a reply to emails.

Exam Retake Policies

The course permits two attempts for both the midterm and final exams. However, while the first midterm’s answers were accessible for review, this does not appear to be the case for the final exam.

Restricting access to first-attempt answers behind the LockDown Browser prevents students from understanding their mistakes and improving their performance—a frustrating barrier to learning. While the instructions suggest students can “view your quiz results,” it’s unclear whether this includes detailed feedback on the questions or just the overall score. If it’s the latter, the lack of transparency significantly limits the value of having a second attempt. Edit 12/9/2024: I took the exam yesterday and you could not review the questions/answers after the exam. I went back and checked on the Canvas Exam page this morning and there is now a note saying you CAN view the results 'immediately after submission', one (1) time. Day late and a dollar short for me. There were 2 essay questions at the end of the exam that I had to guess at. Overall, I did not see any value in going back and taking the exam for a 2nd 'take'.

In the end, how the exam is given is the professor's prerogative, but some consistency and clarity would be nice instead of the last minute snafu that happened for the final.

Pedagogical Approach

A major concern with the course is its focus on memorization over research skills in its midterm and final exams. In IT, the ability to "look it up" is essential due to the field's vast and ever-changing nature. Courses that emphasize problem-solving and resourcefulness better equip students for real-world technical challenges. Unfortunately, this class lacked that forward-thinking approach.

Conclusion

While I appreciate the opportunity to expand my knowledge, I found both the class and its management lacking. Updating the course material and adopting a more student-centered teaching philosophy could significantly improve the experience for future students.

You may have no choice, due to your degree program, but to take this course. If so, make it a little better on yourself by trying to do it with a different professor than Dr. Josephine Leach. It's my understanding that this is Dr. Leach's first year teaching. I hope, if she were to read this, that it's taken as constructive criticism. As a first time teacher I understand it can be tough. Hopefully, with time and communication from students, she will improve. As an elective, I would look elsewhere than this course to fulfill any credit requirements.