
Senate Intelligence Committee approves cybersecurity bill - Varcht
http://www.reuters.com/article/technologyNews/idUSKBN0FD2LG20140708
======
opendais
Well, if this passes I see many stories like this one coming to light:

[http://techcrunch.com/2006/08/06/aol-proudly-releases-
massiv...](http://techcrunch.com/2006/08/06/aol-proudly-releases-massive-
amounts-of-user-search-data/)

[http://www.nytimes.com/2006/08/09/technology/09aol.html?page...](http://www.nytimes.com/2006/08/09/technology/09aol.html?pagewanted=all&_r=0)

"Stripped of personally identifiable information", "consenting" [which is
probably just a throwaway paragraph in the ToS/privacy policy that no one
reads] and "liability protection" in the same bill.

Yep. That will end well. I guess the good news is it is voluntary so, in
theory, companies like DuckDuckGo can make it point they differentiate on from
a company like Google. I'm not seeing that being a major selling point since
most people don't understand that these "anonymity measures" are of limited
value unless you can prevent people from connecting literally _any_ dots.

The problem with 0 dots to connect is it would be worthless from a security
perspective since a given attack vector is already generally shared when its
discovered. :/

------
mpyne
If any of the detractors here have better ideas about how to allow companies
to work together to avoid falling victim to state-sponsored cyberattacks, I'm
sure suggestions would be valuable, even if not sent to the Senate Select
Committee on Intelligence.

Just think of it as helping the private sector avoid falling victim to attacks
from the NSA, if it helps, since if they can stop the NSA then they should
also be able to stop things like the Aurora attack launched against Google.

~~~
opendais
They can work together already on everything pertinent to an attack. Nothing
stops me from publishing/sharing a log file from a machine that was DDoS'd
with IP addresses, etc. Nothing stops me from sharing any evidence of an
actual attack of some kind.

All this really does is enable them to act as _informers on their customers_
without liability.

------
kordless
> Among other things, the bill by Feinstein and Chambliss would authorize
> companies and individuals to monitor their own and consenting customers'
> networks for hacking and voluntarily share cyber threat data, stripped of
> personally identifiable information, with the government and each other for
> cybersecurity purpose.

Who wants to be my first customer?

~~~
sp332
Anonymizing datasets still doesn't work.
[https://news.ycombinator.com/item?id=8010061](https://news.ycombinator.com/item?id=8010061)

~~~
TeMPOraL
It will never work; with enough data to cross-correlate you'll always be able
to deanonymize it. Otherwise the data itself would be meaningless.

~~~
api
Side note: I really wish someone would _really_ explain this to Bitcoin
people. Bitcoin is cool but it isn't an anonymity tool. Every single
transaction is permanently in the ledger, and combined with IP snooping, big
data, machine learning, and a bit of gumshoe police work the potential for
tracing things is incredible.

------
1457389
Where the hell is the new Intercept article on HN? The more I see obvious
manipulation and malevolent flagging on this site the less I want to visit it.

~~~
declan
It's here:
[https://news.ycombinator.com/item?id=8008025](https://news.ycombinator.com/item?id=8008025)

I don't pay close attention to the way HN does these things, but I recall that
NSA was one of the terms that the HN moderators chose to penalize. Or they
could have manually penalized it as well.

HN is a sandbox that YC created for folks to play in. Their sandbox, their
rules. I'm not criticizing you for complaining about the Intercept article
being buried on the fourth page or whatnot (I would have more liberal rules if
it were my sandbox), but merely saying it's probably not that productive to
complain about theirs.

~~~
1457389
It isn't just the rules. I think the post is greyed out because a number of
members seem to have flagged it, for no specified reason as far as I can tell.
If you look at the post about their Reddit AMA it's the same story:
[https://news.ycombinator.com/item?id=8009696](https://news.ycombinator.com/item?id=8009696)

~~~
sangaya
I didn't flag it and wouldn't, but I could understand people flagging it for
not fitting in with the type of content they find most valuable on the site.
If enough people feel that way and act accordingly, it should indeed be buried
quickly.

I personally find this community as a haven away from the types of stories
that will be featured on the 10 O'clock news and multiple front pages of
common news sites. Especially anything that's highly political.

I enjoy reading about new programming frameworks, thoughtful and fresh
approaches to launching a business, or someone that has done something "cool"
with any type of "technology". HN is a happy place, and politics are anything
but happy.

~~~
1457389
I'm sorry but this:

> HN is a happy place, and politics are anything but happy.

makes me want to puke a little. I think you are probably right though, I can
sense a major demographic on this site who are eager to ignore controversial
issues. As I said earlier, maybe it's time to move on, but to where I am not
sure.

~~~
sangaya
Not trying to ignore the issues entirely. Trying to ignore them when I come to
HN.

I'll gladly read about such issues when I'm in the mood for it from a source
where such articles are expected: r/worldnews, firstlook.org/theintercept/,
aljazeera.com, etc.

