

Obama Administration Threatens To Veto CISPA - DiabloD3
http://www.techdirt.com/articles/20120425/12445718657/obama-administration-threatens-to-veto-cispa.shtml

======
mncolinlee
The president threatened to veto the National Defense Authorization Act as
well, yet he still signed it into law with the objectionable clauses. The
administration simply added a signing statement that the President wouldn't
use the more dangerous powers to indefinitely detain U.S. citizens, which were
granted by that legislation.

I'm glad to hear this veto threat, but I hope our President has the sense this
time to realize that signed laws can be used or abused by any future
President.

We cannot predict how laws will be used. Software patents are a classic
example.

~~~
ewillbefull
> The president threatened to veto the National Defense Authorization Act as
> well, yet he still signed it into law with the objectionable clauses.

These are disjunctive. The President threatened a veto of the NDAA over very
specific provisions that he disagreed with, which _were_ removed eventually.
In addition, the NDAA did not authorize anything habeas corpus related that
the Supreme Court hadn't already ruled AUMF did. (See Hamdi v. Rumsfeld)

I would rather see a more pointed example of blatant disregard of a veto
threat before I cast judgement on the credibility of this one.

~~~
mncolinlee
This doesn't invalidate anything I said. The sections which were removed were
designed to compel the executive branch to take certain actions. The Obama
administration believed Congress should not have the power to compel the
President to take action. Instead, the administration is only _allowed_ to
indefinitely detain citizens without trial in the final bill's section 1021.
Unlike section 1021, Hamdi v. Rumsfeld only applies to citizens arrested
overseas like Hamdi (in a literal battlefield) so long as they may contest
their designation as an "enemy combatant".

A veto threat is not a veto promise. Just because most Americans oppose a
certain provision doesn't mean the veto threat is conditioned on removing that
same provision. The proof is in the handling of the NDAA bill text.

~~~
azernik
In that case, the sections the Administration objected to (and got removed)
were about compelling the executive branch to act; in this case, the ones
cited in the veto threat ([http://www.latimes.com/news/opinion/opinion-la/la-
ol-obama-a...](http://www.latimes.com/news/opinion/opinion-la/la-ol-obama-
administrations-threatens-to-veto-cispa-20120425,0,1194826.story)) are about
the precisely the privacy concerns you're worried about.

Though I'm not familiar enough with the bill to know if everything
objectionable in CISPA is in fact objected to in the memo, it's definitely a
substantial and positive step.

~~~
dfc
How would you know if its a _"substantial and positive step"_ if you are not
familiar with everything in the bill?

~~~
azernik
Because the changes mentioned in the memo cite the specific parts of the bill
to which they would apply. For example:

    
    
      In addition, H.R. 3523 would inappropriately shield
      companies from any suits where a company's actions are
      based on cyber threat information identified, obtained, or
      shared under this bill, regardless of whether that action
      otherwise violated Federal criminal law or results in
      damage or loss of life.  This broad liability protection
      not only removes a strong incentive to improving
      cybersecurity, it also potentially undermines our Nation's
      economic, national security, and public safety interests.
    

I don't need to know everything about the bill to know that liability
protection that broad is a Bad Thing, and that attempts to strip it out are
both substantial and positive.

~~~
tptacek
Under what law would an email provider be exposed to liability should they opt
to share information about email accounts, or even the contents of email
messages, in the course of responding to a network security incident?

Hint: the Federal law that attempts to establish that email stored at a
provider is even "private" to begin with carves out a broad exception for
exactly this kind of sharing, with no limitations on how that information is
stored or relayed.

~~~
azernik
But a lot of companies that aren't e-mail providers (for example, health care
providers) are currently exposed to a lot of liability if they share your
information without your consent.

~~~
tptacek
This is a really good point. I see the conflict between HIPAA and CISPA as an
artifact of it being a bad, poorly- thought- out bill, though, not a
conspiracy to gain access to (e.g.) medical data.

It's also worth noting that HIPAA is a notoriously toothless regulation; if
you talk to practice managers that focus on health care, you'll hear stories
about companies simply setting aside funds to pay the (comparatively minor)
fines they're unlikely to be assessed.

------
tptacek
This thread is mostly an uninformed fever swamp. The Obama Administration is
not being a friend to the Internet here; the opposite is in fact largely true.

<http://news.ycombinator.com/item?id=3891094>

------
dmfdmf
Its fascinating and frightening watching the advancement of the legal powers
and psychology necessary for a dictatorship in the USA. Its an open question
whether Americans will see it in time to stop it before said powers are used
to suspend the constitution, in the "public interest" (via the Democrats) or
"national security" (via the Republicans). In the end, the specific
rationalization won't matter. Don't forget, the Nazis did not "take over"
Germany but were legally voted into office where they proceeded to legally
suspend the rights of German citizens.

It is no accident that the US government is trying to control and throttle the
internet. As dictatorships around the world have discovered, its the internet
and freedom OR dictatorship. Our homegrown power lusters, such as Obama, are
paying lip service to our rights while doing everything in their power to
abrogate them. The internet has destroyed the traditional means (primarily via
the NYT and the MSM) of controlling the political discourse and agenda . Like
it or not, we are in the middle of the greatest social revolution since the
invention of the printing press destroyed the power of the Catholic Church.
See Clay Shirky's article on this topic;
[http://www.shirky.com/weblog/2009/03/newspapers-and-
thinking...](http://www.shirky.com/weblog/2009/03/newspapers-and-thinking-the-
unthinkable/)

Nobody really knows how this will turn out.

~~~
coffeemug
There is no evidence that any individual, oligarchy, or organization is
driving the country towards a dictatorship. The truth is actually quite a bit
scarier - it's the massive, complex, screeching, unstoppable human system that
happened to have evolved a set of incentives that have nothing to do with
dictatorship but drive the country towards one anyway.

The congressmen are concerned by the next election, and the primary concern
that currently drives american voters is the economy. So they're working to
protect the intellectual property since it's pretty much the only thing we
produce. That's a tiny assault on the constitution. The president is terrified
of another terrorist attack because it will probably mean the end of his
administration. So he has massive incentives to expand the rights of security
organizations. That's a tiny assault on the constitution. The mayors are
concerned with looking tough on crime, so they incentivize the police officers
to stretch the concept of probably cause to clean up the streets. That's a
tiny assault on the constitution from the other side, the municipalities.

This goes on, and on. If we had a person or an organization to take a stand
against, things would have been much easier. But how do you take a stand
against a massive system that includes every commercial organization,
individual, municipality, and state and federal agency in the country?

Ultimately, a small group citizens concerned about individual freedoms cannot
fight a massive system head on. There isn't enough energy or resources for
dealing with millions of little issues one by one. The _only_ way to make a
difference is change the minds of the electorate in a scalable way. We haven't
figured out a way to do that yet, because the right idea, the right meme that
resonates with the majority of the populace hasn't been feed. This is why
things may seem hopeless. But as we've grown to appreciate, this can change in
a matter of days.

TL;DR: freedom needs a viral YouTube video.

~~~
tptacek
That, or, we built one of the most (econ) productive decades in the history of
the country on a foundation of hastily constructed and sloppily deployed
technology that is riddled from stem to stern with security vulnerabilities
and are now belatedly realizing that most nation states can rally together a
group of local teenagers and use them to plausibly cause 9-10 figure damages;
that, unlike when Wargames was filmed, in the world of 2012 it might actually
be possible for a "hacker" halfway around the world to disrupt the electrical
grid or shut down trading on an electronic market, and now we're all going to
spend 4 years arguing about who's going to pay to fix it.

Unfortunately for the thread, what I just described is an economic and
engineering problem, not the narrative arc of a Cory Doctorow novel; in other
words, my comment is boring, and so surely scores lower than its parents on
HN.

~~~
aero142
There is a big difference between what a bill says it does and what it will
actually do. In this case, I am very confident that this bill will not improve
the security problem you describe. I'm not even sure it's possible to write
such a bill even with the best of intentions and the brightest people.

~~~
snowwrestler
You have to understand the problems that CISPA seeks to solve.

1) Corporations will not share cybersecurity vulnerability data for fear of
attracting lawsuits. As a result, known, relatively simple attacks succeed at
company after company after company. CISPA seeks to solve this problem by
limiting liability for voluntary data sharing. In theory this will help
improve everyone's security by improving the dissemination of knowledge.

2) Federal cybersecurity intelligence is classified and therefore not
available to private companies, who by the way run the vast majority of the
U.S. data infrastructure. CISPA commands federal intelligence services to
create a way to share their classified data with companies. Again: better
dissemination of knowledge.

Both of these would help improve security.

------
unreal37
I love that the statement says "his senior advisers will recommend a veto" and
not actually that he plans to veto it. There are weasel words in there for him
to pass the legislation as-is.

~~~
lallysingh
Election year.

------
HistoryInAction
Four main points in the veto threat:

1\. Protect user privacy, separate intra-government sharing from
government/private sharing (troubling because data shared with DHS could
possible be shared with NSA or FBI then, even if the company doesn't intend
for that data to go to those agencies) 2\. More oversight/liability for
inappropriate use of these proposed powers; data sharing should not be used to
help incumbents crush startups 3\. Liability waivers to encourage information
sharing go way too far, protects bad behavior 4\. Internet is civilian, but
bill treats it as military re: intelligence, which is bad

~~~
tptacek
You're kidding yourself if you think privacy is a top-of-mind issue for the
Administration. They're pushing back on CISPA --- as they have been since last
year, and even longer if you understand the idea CISPA is trying to express
--- because _their_ agenda is to enact government controls on the security of
"critical information systems".

CISPA is the GOP's "let the industry regulate itself" response to the Obama
Administration's concern about Chinese state sponsored hacking. The privacy
issue here is a fig leaf; CISPA is entirely voluntary (unlike previous
"cybersecurity" bills supported by the administration), and private industry
_already has_ the legal tools to feed private information to the government
under the ECPA.

~~~
HistoryInAction
When it comes to government, I try not to put my personal views in for just
the reasons you cite. That's just my analysis of the language in the veto
threat, nothing more.

ECPA, though, that's another thing to research, thanks. I just want to focus
on getting founders the visas they need to build great companies; I don't know
anything about this open internet stuff, but I keep getting dragged into it.

------
MBlume
I still get a bad feeling from the fact that this e-mail talks about
"cybersecurity" like it's not a made up word with no referent

------
droithomme
Several times Obama has deflected criticism of some dangerous bill by saying
he would not sign it, and then when everyone wanders off because they assume
the veto is a sure thing and protest is no longer needed, he signs it.
Example: NDAA.

------
francoisdevlin
He WANTS the DHS involved? I'm not sure that's a trade off I'm willing to
make. Let's hope the thing just dies.

------
jellicle
Obama has vetoed two (2) bills to date.

CISPA is certainly not going to be #3.

Grade sitting Presidents participating in a reelection campaign on their
actions, not their words.

~~~
krschultz
That's because once the president says he is going to veto a bill, it almost
never makes it to his desk.

Much like the threat of a filibuster is basically as powerful as a filibuster,
the threat of a veto is almost as powerful as a veto.

~~~
maratd
> That's because once the president says he is going to veto a bill, it almost
> never makes it to his desk.

You're being vague. The truth is, once the president says he's going to veto a
bill, it never makes it to his desk _in its present state_. In fact, _all_ of
the veto threats outline the _parts_ he has a problem with and those _parts_
usually go away.

But some laws can't be fixed. They can't be fixed because they're based on a
false premise.

Enough with these threats of fix this or fix that! Garbage shall not pass. As
simple as that.

------
picklefish
If CISPA were to pass, what would stop someone from hacking into your local
ISP and dumping a database on the web so all your friends can check out your
surfing habits? If ISPs are required to start logging data like that there is
no way it's going to be safe.

Granted I'm sure a lot of them already log data like that already.

~~~
snowwrestler
CISPA would not require ISPs to start logging data, or in fact to do anything
whatsoever. Participation in data sharing under CISPA would be completely
voluntary, which is why businesses like the bill.

~~~
parfe
Ask Qwest how the government encourages "voluntary" participation.

[https://www.eff.org/deeplinks/2007/10/qwest-ceo-nsa-
punished...](https://www.eff.org/deeplinks/2007/10/qwest-ceo-nsa-punished-
qwest-refusing-participate-illegal-surveillance-pre-9-11)

------
vinayan3
:(. As others have noted advisors recommend he should veto it. I hope the
President directly says that he will veto it. If this gets passed and goes
through I'll be really disappointed.

------
tomelders
It's great that he said that, but no one should take it for granted. The
public efforts to oppose CISPA should be maintained, even if it's just to be
doubly sure that it doesn't pass.

------
DanielBMarkham
Information on the bill from govtrack:
<http://www.govtrack.us/congress/bills/112/hr3523>

Note that there are already 112 co-sponsors of the bill with folks from both
parties. If there isn't some huge groundswell of public opinion (and a few
nerd-oriented trade articles don't qualify) this could get a fairly big vote
in the House. Perhaps veto-proof, more probably loaded up with lots more stuff
anybody in their right mind would support (Orphan-Feeding Act of 2012?). It
has certainly been set up to succeed. (Political wonk note: big difference
between a bill with 100+ supporters from both parties coming to a committee
vote and something like Chuck Schumer's yesterday one-of threats for better
immigration law. They both might be reported in the same way, but there's a
huge difference in the underlying reality.)

