
Tech companies lobbying for CISA are abandoning their users' privacy - ingve
https://www.youbetrayedus.org/
======
jupiter2
I can't believe anyone is surprised by this. Windows 10 came out of the gate
completely weaponized in a way no Operating System ever was before (I was a
Windows user, can't speak to the level of data-mining on the mobile OSes). So
much work was put into all aspects of data-collection that it screamed class-
action even to a layperson like myself.

Microsoft never states if their (unnamed, unnumbered) trusted 3rd-parties can
also share data.

Microsoft does not release the names or the number of third-parties involved.
They can be foreign, governmental, outsourced developers.

There is no language covering the release of this data to "non-trusted"
parties.

Microsoft does not distinguish between personal and business data. This,
additionally, puts businesses that are required, by law, to protect
client/patient information (Law, Medicine, Finance) at further risk.

Microsoft does not distinguish between the (illegal) search/seizure and
distribution of personal/business data. It does little to distinguish between
adults and children. Captured data (including video) of those under 18 in
legally questionable situations, redistributed to (unnamed and presumably
large number of "trusted" third parties) may and should place Microsoft as
distributors violating various child abuse laws.

Military and Politician data captured can (and should) be viewed as acts of
espionage/treason by the US Government.

Their data-collecting scheme had immediate and obvious legal ramifications. I
couldn't figure out why OUR government wasn't more responsive to this threat.
It's becoming increasing clear that there has been lots of back-door collusion
between the tech giants and our own government.

This bill is a testament to that.

~~~
cryoshon
Yeah, the Win10 dragnet has inspired me to switch to Linux moving forward. I
hope that it has done the same for others.

~~~
jupiter2
It did the same for me. I had been on Linux for about 6 months (because of
some issues with Win7) waiting for the Win10 release. A new laptop was in my
future.

A week after the Win10 release (still seeing red because of the privacy
issues), picked up an older laptop (wanted something super Linux-friendly)
with legacy BIOS and haven't been this happy with an OS in over a decade.

My biggest worry now is that Open Source Software with strong privacy rights
policy might be pressured by government/politicians, commercial entities and
general public apathy to engage in the same kind of illegal data-mining for
so-called "national security" reasons.

At the rate we're going, it's inevitable.

------
Absentinsomniac
This is incredibly bad. The amount of personal information large companies
like these have on everyone is scary enough on its own, but now they're
getting blanket governmental immunity to share it with not only other private
companies, but also several government agencies? I think of myself as
relatively pessimistic, but I did not expect something _this_ insane for some
reason. If this is as straightforward as that site portrays it, or worse, than
I'm kind of speechless.

Edit: It looks like the NSA/Law Enforcement wouldn't even need due process
since the companies are just giving away the private data.
[https://www.faxbigbrother.com/#whatiscisa](https://www.faxbigbrother.com/#whatiscisa)

~~~
mozumder
Is government compelling these companies to hand over data? Or is it
voluntary?

If government forced me to hand over data on users, I wouldn't want to be held
liable for that. So, I'm not sure why people are complaining to companies
about it? Do they expect companies to break laws?

People forget that government is always the highest power of the land. You are
forced to do what government decides it wants to do.

Take your issues up with government, not me.

~~~
tristanj
Participation in this program is voluntary. Section 8 of the bill prohibits
this act from being construed to permit the federal government to require an
entity to provide information to the federal government. Here's the money
quote:

(i) No Liability For Non-Participation.—Nothing in this Act shall be construed
to subject any entity to liability for choosing not to engage in the voluntary
activities authorized in this Act.

Reading through the bill, it seems like this is a well-intentioned attempt to
promote data sharing between corporations and security agencies in the event
of a widespread cyberattack. There are definite use cases for a law like this.
For example, if both Lockheed Martin and Boeing are hit by a cyberattack,
under this bill they are allowed to coordinate and mitigate the attack using
data from both parties. But the enormous flaw in this bill is that there are
only vague restrictions on the type of data allowed to be shared. These
restrictions are so vague that an unscrupulous company could send all their
customers' private data to the government under the context of this law.

The US needs reform on its cybersecurity defense and this bill is a step
towards change. But with the potential for abuse this bill is a huge step
backwards. Hopefully there are other ways to improve US cybersecurity defense
without compromising civil liberties.

You can find a copy of the bill, including a short summary of each section, at
the link below:

[https://www.congress.gov/bill/114th-congress/senate-
bill/754](https://www.congress.gov/bill/114th-congress/senate-bill/754)

~~~
mozumder
OK WTF? So why is this a problem?

Doesn't this just mean companies don't have to hand-off private data to
government?

Isn't that the exact opposite thing people are complaining about?

~~~
NhanH
They companies don't have to, but they decide to do it anyway. That's why
people complained.

Did you even read the original link, or anything anyone posted in the thread
so far?

------
nness
Out of interest, EFF wrote about CISA when the bill was introduced last year:

[https://www.eff.org/deeplinks/2014/06/zombie-bill-comes-
back...](https://www.eff.org/deeplinks/2014/06/zombie-bill-comes-back-look-
senates-cybersecurity-information-sharing-act-2014)

------
lumberjack
A few years ago there was an IAMA on Reddit with an MS employee and he
blatantly said that MS was funding anti-privacy propaganda so that their user
base will be more complacent with their increasing privacy violations. I think
this was when the cloud was still a new buzz word and Microsoft was coming out
with Office 365 and in this case he justified it by saying that all these new
bright technologies of the future depended on the users willingly giving away
their privacy and so MS and Google were funding these marketing campaigns to
prepare users for it.

So even if you look at it from a purely tech perspective, it is not in these
tech giant's interest to safe guard your privacy nor do they want you to think
that your privacy should be safe guarded.

And of course everybody is always drooling to data mine these user bases and
who knows, sell the data to insurance companies maybe. I'm sure they will find
some loophole to allow this.

~~~
cryoshon
Then there's the "PRIVACY IS DEAD" billboards which are plastered onto city
busses in NYC. No business or advertisement mentioned, just "PRIVACY IS DEAD".
Almost like it was trying to wriggle into the subliminal.

I think it's been fairly obvious for the past few years that privacy is being
suppressed by malicious groups who have plans for user data. There's been
really no resistance, except from niche groups who are encrypting everything--
but if it's only niche, it doesn't matter.

~~~
webXL
Got any links?

Google image search of "PRIVACY IS DEAD" \+ bus didn't turn up anything. Then
I dropped the quotes and replaced dead with NSA, and got a bunch of bis pics
with THANK YOU EDWARD SNOWDEN, so I don't think Google is part of this
conspiracy.

~~~
walterbell
They are ads for Mr. Robot:
[https://www.google.com/search?q=privacy+is+a+myth+mr+robot&t...](https://www.google.com/search?q=privacy+is+a+myth+mr+robot&tbm=isch)

------
leni536
I like the petition, I dislike the lack of sources. Please put sources for
your claims, if they "began _publicly_ lobbying Congress to pass the
Cybersecurity Information Sharing Act (CISA)" then you sure have a source. Put
it there! I guess this is the letter in question:

[http://www.bsa.org/~/media/Files/Policy/data/09142015CongLea...](http://www.bsa.org/~/media/Files/Policy/data/09142015CongLeadershipDataAgendaLetter.pdf)

------
tempodox
How do you boycott all those bastards at the same time? The last halfway
viable option seems to be to build up alternative services outside U.S.
jurisdiction. The shifting of revenue streams will be the only language those
CISA fans understand.

~~~
hackuser
> How do you boycott all those bastards at the same time?

Use free-as-in-speech and open technology. Then, you can know what it's doing
and modify it if you don't like it.

------
nickff
One branch of the government authorizes another to force corporations to hand
over all the private communications and information of a large number of
citizens, and all foreigners; the majority of the public of that country
agrees. Are the companies which are continually compelled to cooperate at
fault for seeking to minimize the financial repercussions of this situation?
How have these companies betrayed anyone?

The politicians, voters, bureaucrats, and judges involved in these actions
have committed a horrible abuse of their fellow citizens, and (depending on
your views on moral obligations to foreigners) an even larger number of other
people. The companies they are forcing to cooperate have not betrayed the
people any more than a taxpayer does when they (are coerced to) pay taxes that
fund these programs.

~~~
dmos62
I do not agree to lift blame off of companies. They have social
responsibilities like everyone else. They are also high on the power
hierarchy.

~~~
mozumder
Companies have to operate within the parameters of the law.

I don't get this. Are people expecting companies to break the law? Is this
data hand-off voluntary?

~~~
jsnathan
> Companies have to operate within the parameters of the law.

This does not seem to apply in the context where companies are lobbying for /
supporting _new_ laws.

~~~
mozumder
I don't see anything in the bill that would allow a company to actually break
their EULA with you.

~~~
pdkl95
For the millionth time, _an EULA is not a contract_. A business can try to
force a contract of adhesion on you (that is, a contract you do not have the
opportunity to negotiate, but until the elements of a contract are satisfied,
it's just one party blowing hot air at the other.

Even if there _was_ a contract involved, clauses of the contract can be judged
to be unconscionable if they are obviously trying to take advantage of the
other party in an unusual or misleading way, or if they try to extend the
scope of the contract.

~~~
mozumder
You're going to be really depressed when you find out EULAs are contracts.

------
chinathrow
If you work at one of these companies, and chances are some of fellow HN users
are, please think how you would like the future to be - not only in terms of
your product but also in terms of policy, freedom and privacy.

Thank you.

------
pdkl95
So the surveillance-as-a-business-model people are getting their Letter of
Marque.

------
ionised
I hate this fucking planet.

------
b3lvedere
"The following companies just betrayed billions of people." According to that
picture Google is still my friend. :)

~~~
dijit
I'm actually one of the few people who seems to be scared of google, and
probably rightly so- so far it's just been paranoia that "they have all this
data" on me and so many others.

yet continually they seem to be actually fighting for privacy.

I admire that, but they're still an insanely large target, and, even if they
don't share that information now- you can bet they're tracking/logging it...
it's their business model.

~~~
b3lvedere
All that data may be profitable in the future in some weird way we cannot even
imagine at the moment. They have the resources to store and use it. Maybe even
abuse it if they can find out some happy legal way to do so.

The grey zone between privacy and public keeps morphing. Problem is what kind
of data/information should be public and what should not be public. And in
what form? In what timeframe? Some information could be very benificial for
one (company, person, government, institution, etc.) , but have horrible
consequences for others.

------
apexkid
Time to start surfing on the dark net.

PS: TOR will be so happy.

~~~
sekasi
I can almost guarantee that the people that maintain TOR won't be happy to see
something like this, since their lives are spent maintaining a tool that can
give people anonymity.

~~~
ionised
The more people that use Tor the more effective it becomes.

More users = more noise = more anonymity.

~~~
wfo
Except that there's only so much bandwidth to go around. It's not that simple.
More users (who don't run nodes themselves) means the same bandwidth among
more users = slower for everyone = less usable for people who actually need
it.

~~~
scott_karana
Unlike exit nodes, most relays are underutilized, as far as I know. (I run a
couple)

So if commonly used .onion domains start springing up, exit nodes won't feel
any crunch. :-)

Imagine reddit082350235.onion, for example...

------
nness
I had wondered, if companies are ordered by the Government to hand over the
data and have little to no recourse to prevent it, are they then liable?

No doubt a number of people tried to challenge the companies liability in
these matters after the Snowden leaks and I'm wondering if anything
interesting eventuate from it.

~~~
bad_user
> _are they then liable?_

Of course they are.

~~~
nness
Legally, I mean. What's the precedent?

~~~
ivanca
Internationally, maybe other countries will see this as a threat against their
citizens who share information with these companies (because it is), and
therefore accuse of treason to the local subsidiaries of those companies,
and/or ban their products and websites.

But maybe I'm just optimistic and all play ball, nevertheless the world hate
against the US will keep raising and being rightfully justified until one day
the heat may be too much.

~~~
happyscrappy
>the world hate against the US will keep raising

And some day in the future there might be a single European candidate that may
run on an anti-US platform. Or maybe not.

------
stinos
When talking about 'users', is their a (legal) difference between US and non-
US citizens here?

~~~
dijit
Foreign persons have no rights in the eyes of US law in regards to privacy.

~~~
pjc50
However EU nationals have rights under EU law, and data protection "safe
harbour" rules require that information of EU nationals that's exported from
the EU should be protected.

I believe the Microsoft case in Ireland is about this question.

Edit: see also
curia.europa.eu/jcms/upload/docs/application/pdf/2015-09/cp150106en.pdf

"The Advocate General considers furthermore that the access enjoyed by the
United States intelligence services to the transferred data constitutes an
interference with the right to respect for private life and the right to
protection of personal data, which are guaranteed by the Charter. Likewise,
the inability of citizens of the EU to be heard on the question of the
surveillance and interception of their data in the United States amounts, in
the Advocate General’s view, to an interference with the right of EU citizens
of the to an effective remedy, protected by the Charter."

=> therefore the "safe harbour" allowing the export of private data from the
EU to US servers can and should be suspended.

------
yk
Black hodie, check

Mirrorshades, check

Hackers living in the margins of an orwellian society, check

And all I wanted was a flying car.

------
blumkvist
I found this thread on the front page (#1 spot). I read all the comments and
when I checked the front page again, it was nowhere to be seen. At the moment
of this comment it has 270 points in 1 hour...

WTF?

~~~
objectified
Apparently it has been marked as a duplicate of a story with a very much less
informative title, IMHO.

[https://news.ycombinator.com/item?id=10263812](https://news.ycombinator.com/item?id=10263812)

------
ivanca
I just want to thank Google and Facebook for not being part of this. "Don't be
Evil" still means something for some of you, history will remember.

------
iondream
This law is necessary to protect companies when they submit data when they
report breaches to the government. Without it, companies aren't going to stick
their necks out by letting people know they were hacked. That's what this law
is about.

------
iharhajster
It's nothing surprising. I hope we are all aware the controlling few are
slowly but surely putting their agenda of total control to action. I've seen
an attitude of some Rockefeler fellow in the movie Zeitgeist, who stated when
asked what is their (rich people that control the world) goal, why do they
grab more even though their families have more money that we could guess:
"Well, out final goal, is to implant a chip i every human being. That chip
will be radio controlled. And when we don't like that person anymore, we push
the button and the person die." Now, this may sound cruel, but I agree with
this guy. The smart, rich and capable people should have this kind of "swift
justice contoll" of other people because most of people that I know, waste
their lives. When you give an average person the freedom and power, most of
them will not know what to do with it, and they would end up in corruption of
the soul. They would turn bad, looking for hedonistics. Maybe, my country is
just above average filled with "I don't know how to productively use my God
given blesdings and learned skills" kind of people. Cheers I.H.

~~~
chinathrow
"Mow, this may sound cruel, but I agree with this guy. The smart, rich and
capable people should have this kind of "swift justice contoll" of other
people because most of people that I know, waste their lives."

I know that personal attacks are not allowed in comments, but what on earth
were you thinking when you wrote this comment?

------
dang
This looks like the same story as
[https://news.ycombinator.com/item?id=10261397](https://news.ycombinator.com/item?id=10261397),
so we're going to provisionally treat it as a duplicate. If that's wrong, we
can restore it.

Edit: Ok, we'll restore it, but with a less inflammatory title that is taken
from the article's top paragraph. If someone suggests a better title we can
change it again.

~~~
duncanawoods
I don't think this is the right choice when the titles are so different.

I did not read "Why we are leaving Heroku" because someone's gripes with a
host I don't use is low-priority. Its effectively invisible to me. I am
however interested in the broader story that impacts dozens of companies,
changes to US law and the nature of privacy itself - so I read this one and it
was clearly gathering more interest.

How about retitling the other story and merging the discussions?

~~~
dang
Whether it's a duplicate is not a question of the titles but of the story's
content. Two stories from the same site advocating for exactly the same cause
are pretty clearly dupes by the usual HN standard. But since people seem to
feel strongly about this one, we'll override that and restore it.

