

House Committee Approves Bill Mandating That Companies Spy on Their Users - d0ne
https://www.eff.org/deeplinks/2011/07/house-committee-approves-bill-mandating-internet

======
dkokelley
To me, this is like requiring auto makers to install GPS in their cars to
track driving data. Sure, it's not just given to the government. The
automakers hold on to that data. That way, if there is any suspicion of
criminal activity, a warrant for the whereabouts of a particular person can be
retrieved. "It's for the children!"

How can such a bill be legal? The government can't search my computer records
without a warrant being issued for reasonable cause. They're attempting to
bypass this by mandating the ISP intermediaries retain said records for 1.5
years. I don't know. It just seems way to grey-area.

------
18pfsmt
For the record, the following Reps have cosponsored this bill:

Rep Calvert, Ken [CA-44] - 7/15/2011

Rep Chabot, Steve [OH-1] - 7/11/2011

Rep Coble, Howard [NC-6] - 7/11/2011

Rep Critz, Mark S. [PA-12] - 7/11/2011

Rep Deutch, Theodore E. [FL-19] - 7/11/2011

Rep Emerson, Jo Ann [MO-8] - 7/12/2011

Rep Flores, Bill [TX-17] - 7/6/2011

Rep Forbes, J. Randy [VA-4] - 7/6/2011

Rep Franks, Trent [AZ-2] - 7/11/2011

Rep Gallegly, Elton [CA-24] - 7/11/2011

Rep Gowdy, Trey [SC-4] - 7/11/2011

Rep Jackson Lee, Sheila [TX-18] - 7/19/2011

Rep LaTourette, Steven C. [OH-14] - 7/12/2011

Rep Lummis, Cynthia M. [WY] - 7/12/2011

Rep Lungren, Daniel E. [CA-3] - 7/11/2011

Rep Marino, Tom [PA-10] - 7/12/2011

Rep Pierluisi, Pedro R. [PR] - 7/25/2011

Rep Quigley, Mike [IL-5] - 7/12/2011

Rep Ruppersberger, C. A. Dutch [MD-2] - 6/15/2011

Rep Schiff, Adam B. [CA-29] - 7/15/2011

Rep Shuler, Heath [NC-11] - 7/11/2011

Rep Stark, Fortney Pete [CA-13] - 7/25/2011

Rep Upton, Fred [MI-6] - 7/12/2011

Rep Wasserman Schultz, Debbie [FL-20] - 5/25/2011

------
_delirium
Fwiw, the 19-10 committee vote is here:
[http://judiciary.house.gov/hearings/pdf/07282011%20Roll%20Ca...](http://judiciary.house.gov/hearings/pdf/07282011%20Roll%20Call%2010-%20HR%201981%20PASSED.pdf)

As far as parties go, looks like the Republicans voted 14-3 in favor;
Democrats 7-5 against. Not a solid "against" showing for either party, but
seems the Democrats were a bit better. Oddly, none of the Tea Party Caucus
members of the committee were in the 3 Republicans who voted no (what happened
to limited government and less regulation?).

------
elb0w
And next bill will require all ISP's to run daily searches across the data
looking for copyrighted material and other criteria that they will deem as "A
threat to america"..........

~~~
d0ne
Among other use cases this is where something like
<https://www.socialfortress.com> would be very useful.

[Disclosure: I'm involved with Social Fortress and it is still in beta]

~~~
Shenglong
Could you give us HNers a more technical breakdown of "how does it work"? I'm
curious.

~~~
d0ne
Social Fortress currently provides transparent client-side encryption and
decryption within Facebook, Google+, Thunderbird and Outlook for your messages
and photos.

When you download and install Social Fortress your plugin is customized to
sync with just your account and the key management server. This unique plugin
is authorized to request keys for messages for your Trusted Contacts and
generate new keys associated with your account.

The keys are generated in parallel on the client and on the key management
server. They are always rolling forward and are synced in real-time with some
unique variables within your custom plugin.

No two messages are encrypted with the same key and are only stored in memory
during the encryption / decryption process. Every time a message or photo that
has been protected is viewed by yourself or others authorization to that
messages key is requested.

Your Trusted Contact list is managed globally by connecting with other users
through Social Fortress. Within Facebook all of your friends are initially
treated as Trusted Contacts and you can easily remove individuals from this
list with the click of a button.

Social Fortress uses AES-256 CTR for the encryption and communicates over a
256 SSL stream from your device to the key management server. The data in this
stream is also encrypted using aspects of your customized installation.

The technology for web services (Facebook, Google+) operates as browser plugin
for Firefox, Chrome and Internet Explorer (not publicly available right now)
and independent of any service's API.

The technology for Thunderbird and Outlook is a separate plugin which requires
installation.

We integrate transparently into the products we support so the user experience
is exactly the same. No extra clicks, no confusing decisions and nothing extra
to learn. We designed Social Fortress to be used by individuals who don't even
know what the word encryption is.

Within every environment you have the ability to enable / disable Social
Fortress protection with the click of a button or using a keyboard shortcut
(CTRL+Q). This only disables the encryption functions. The reader is always on
so you can use Social Fortress just to view your friends protected content
without having to protect your own. It's like having Flash or PDF Reader once
it is installed you don't ever have to do anything again.

If your device becomes compromised / lost / whatever you can login to the site
and disable all active installations in two clicks and this will not affect
previously encrypted messages and we just disable authorization access to your
old plugins and have no need to change any previously generated keys.

We also support other services but have yet to make them live:

Skype Chat, Twitter, mail.yahoo.com, Gmail.com, Chatter.com, Yammer.com,
Blackberry Native Email support

~~~
Shenglong
Thanks - appreciated.

------
mc32
The data retention portion of the bill:

"`(h) Retention of Certain Records- A provider of an electronic communication
service or remote computing service shall retain for a period of at least 18
months the temporarily assigned network addresses the service assigns to each
account, unless that address is transmitted by radio communication (as defined
in section 3 of the Communications Act of 1934).'"

EFF interpretation: "The data retention mandate in this bill would treat every
Internet user like a criminal and threaten the online privacy and free speech
rights of every American, as lawmakers on both sides of the aisle have
recognized. Requiring Internet companies to redesign and reconfigure their
systems to facilitate government surveillance of Americans' expressive
activities is simply un-American."

So they're wanting to mandate IP records from ISPs. How does that equate to
treating people like criminals and threaten on-line privacy, etc. I thought
the default notion was to treat the internet as if it was all out in the open
for anyone to see and read.

I actually sympathize with them, but this is very hyperbolic and ridicules the
argument, to me. Also, factually incorrect as it would also affect foreigners
living in America, irrespective of whether they are in fact, American.

~~~
dkokelley
I would equate it to mandating GPS be installed on all new cars for car makers
to track.

This bill treats all internet users with suspicion of criminal activity the
same way that the TSA assumes everyone might be a threat. It's a minor
inconvenience and invasion to many innocent in order to better prosecute the
few guilty.

Along the same "slippery slope", it could be argued that the government would
do a better job stopping domestic violence by installing cameras in everyone's
home. Sure, you're not treated as a _criminal_ , just as someone who could at
any moment do criminal things.

------
sologoub
Sent a note to my congressman... not that it will do much good.

Also, pretty annoying that they try to hide behind "protecting children from
pornography" tag line...

------
jfdi
Sent a note to my congressman too. Was a first time for me in doing so on any
subject.

I tried to lighten the EFF verbiage a bit to focus on what I think is the real
punchline for me --- Any law mandating the personal data on the activities of
its citizens be amassed and centralized, is a problem. Even if this law is
only partially achieving this point and it has the best of intentions it seems
very plausible or even likely that the data would be misused with possibly
devastating consequence. Additionally like so many laws before it, it's likely
that incrementally restrictive laws be built atop of it in socially difficult
to (but not impossible to) digest pieces until the system is unacceptable all
together.

Yes personal information is amassed about people who use certain products,
like Facebook (by Facebook), but that pool of consumers has a choice in the
use of that service and accepting it's terms. If they don't like the terms,
they can create a new great service - in turn, fostering the competitive
spirit and trending towards more acceptable terms and better choices for all.

------
glimcat
First thought is that people who don't understand technology shouldn't
generally make rules about technology. Hire an aide who gets this stuff if you
have to. One less donor's kid on the payroll shouldn't hurt you that much.

But really, they had no end of constituents willing to tell them why this is
stupid. They just don't want to listen.

------
dsmithn
This is about ISP's correct? The title made me think my employer would be
forced to spy on me. (not that they already don't)

Either way I hope this isn't something that will happen silently, I want to
know as soon as my internet history will be stored for an entire year by my
ISP.

------
Shenglong
Every time I think I understand the world, something like this happens. The
only response I have to this is (without the question mark):

 _what_

------
vdm
Dup: <http://news.ycombinator.com/item?id=2822365>

------
DenisM
So this is only about retaining IP address assignment records? I don't think
this changes much, as my Comcast IP address hasn't changed in over a year
anyway. You couldn't rely on IP address rotation to preserve your anonymity
before this law, and you can't do it with this law either.

------
sigzero
You left out "Internet" in the title. ISP companies will be required to do
this. My company, already does.

