
How does the Cybersecurity Act of 2015 change the Internet surveillance laws? - tptacek
https://www.washingtonpost.com/news/volokh-conspiracy/wp/2015/12/24/how-does-the-cybersecurity-act-of-2015-change-the-internet-surveillance-laws/
======
pipermerriam
I've come to believe that "the powers that be" will never stop this
progressive march towards pervasive monitoring and surveillance. If we succeed
in keeping this bill from passing, we'll just be fighting another just like it
or worse in a few years. We have to make it fundamentally impossible to
monitor our private communications and to share our private data.

To get there, it is going to take a complete shift in how we build internet
software. These problems cannot be fixed using the current status quo. I
highly encourage you to start looking into projects like Ethereum, IPFS,
Whisper and Swarm. The offer a way to build web applications that are
completely immune to censorship, monitoring, and large scale data breaches
while giving user's control over their data.

This isn't to say that there aren't battles to be fought in the legislation
arena. There are and kudos to entities like the EFF for leading the charge.
What I'm trying to say is that as long as it's possible to do pervasive
surveillance, we're going to keep seeing the powers that be continue in that
direction. If it is possible, they will try and do it.

Sources:

* [https://www.ethereum.org/](https://www.ethereum.org/)

* [https://github.com/ethereum/go-ethereum/wiki/Swarm---distrib...](https://github.com/ethereum/go-ethereum/wiki/Swarm---distributed-preimage-archive)

* [https://ipfs.io/](https://ipfs.io/)

* [https://github.com/ethereum/wiki/wiki/Whisper-Overview](https://github.com/ethereum/wiki/wiki/Whisper-Overview)

~~~
HappyTypist
Please keep in mind that this person is an Ethereum developer and has a vested
financial interest in seeing their Ethereum tokens appreciate in value. This
may be a conflict of interest and cloud up the actual technical merits of
Ethereum.

I find it a bit disingenuous that this is not being disclosed, considering
that there are numerous Ethereum competitors (primary, Bitcoin with SegWit,
coming 2016, and Storj, Maidsafe).

~~~
pipermerriam
I still stand behind everything I said regardless of the technology that ends
up accomplishing it. I chose to mention Ethereum because I think it has the
best shot. If Ethereum fails, I'll be looking for the next best viable option
for a decentralized internet.

I thought about adding the disclaimer and chose against it. Maybe I chose
wrong. I sort of see your point about conflict of interest, but that line of
thinking also disqualifies almost all of the people who are most intimately
familiar with the technology.

If you're skeptical, lets have a conversation about it. I regularly describe
my position as skeptically optimistic about Ethereum's future success.

~~~
jlgaddis
> _" I thought about adding the disclaimer and chose against it. Maybe I chose
> wrong."_

Yes, when one is advocating for and recommending a product, it is pretty
standard (and, in my opinion, an ethical requirement) for one to also disclose
that he/she is heavily involved with that product. It is even more important
when one stands to benefit -- especially financially! -- from the product's
success.

One's credibility quickly goes right out the window when one fails to disclose
these basic facts.

~~~
pipermerriam
Quite fair and message heard and received. I hope you can take this for what
it is, an oversight rather than intent to deceive.

------
HappyTypist
In all honestly I do not see what the concern over this law has been about. It
doesn't expand the (terrible) surveillance powers but just allows network
operators to do what they have been doing anyway (e.g. CloudFlare's WTF and
cloudsourced DDoS protection), and share data that you reasonably should
expect to be shared.

What is concerning is what the law may be twisted to "authorize" (see
patriotic act and mass metadata), but on the surface of it I really don't see
concern about CISA.

~~~
hoorayimhelping
> _In all honestly I do not see what the concern over this law has been about_

> _What is concerning is what the law may be twisted to "authorize"_

------
ck2
We need end-to-end encryption everywhere, stat.

It's the only way to keep government and politicians honest.

Of course they are working on inventing reasons to make that illegal too.

~~~
Cieplak
End-to-end encryption is useless without endpoint security, i.e. security of
the device you're using. As far as I can tell, all new chips have something
like the Intel Management Engine, which allows out-of-band access to the
device. It takes about 6 lines of VHDL to modify a CPU so that if it receives
a specific combination of instructions, it will transition to ring 0. That
could even be added to the microcode so you wouldn't even be able to find it
with a microscope. That essentially means if someone knew the right
combination of instructions, a simple javascript expression could give you
kernel level access to the machine.

~~~
pipermerriam
Despite how troubling this is, I have trouble accepting that end-to-end
encryption is _useless_. It still offers significant protection from being
monitored even if that protection can be theoretically circumvented by lower
level methods.

~~~
Cieplak
+1 You're absolutely right; I really just meant to say that it could be
circumvented by specific parties. We absolutely do need end-to-end encryption
everywhere to protect information while in transit. But if someone is worried
about a tyrannical government, then end-to-end encryption may not solve that
person's problem.

------
Animats
This might work out. With the preemption clause ("notwithstanding any other
provision of law"), network providers can now snoop on any government snooping
directed at them.

------
mtgx
Is the Cybersecurity Act more of that "balance" the US government has been
promising us since the Snowden revelations? And I bet this "balance" between
privacy and security will keep moving towards one side of the scale (you can
guess which) in the future.

