
Facebook supports horrible proposed Internet bill CISPA - voodoochilo
http://boingboing.net/2012/04/13/facebook-supports-horrible-pro.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+boingboing%2FiBag+%28Boing+Boing%29
======
jellicle
A short summary of CISPA:

\-- any large internet company can share your data with the government; they
can't be sued for it. The U.S. will end up with large data hoses stuck into
all large internet companies.

\-- any large internet company can share your data with the RIAA/MPAA/private
copyright police; they can't be sued for it. The copyright police will end up
with large data hoses stuck into all large internet companies.

That's about the start and the end of it. If you think it's great that the
RIAA/MPAA will end up with the ability to suck down everything that
Google/Facebook/Twitter/Verizon/Comcast/etc. know about you, with no subpoena
or other legal process required, based on their allegation that you are
infringing their copyrights, then you should be cool with this bill. If you
think it's great that the NSA will end up with the ability to suck down
everything those companies know about you based on their allegation that you
are a threat to national security, again with no legal process required, then
you should be cool with this bill.

If you don't think that's great, you should probably oppose this bill.

~~~
tptacek
Here's the actual text of the bill, which of course doesn't say any of that:

<http://www.opencongress.org/bill/112-h3523/text>

Boing Boing, the EFF, and Demand Progress have seized upon the words "theft or
misappropriation of private or government information, intellectual property,
or personally identifiable information", claiming that they betray an intent
for CISPA to be used as a tool for antipiracy. But, of course, "DVD rips" are
just one of a zillion kinds of "intellectual property", most of which is
obviously worth protecting.

The real problem with this bill is that it doesn't do anything that private
industry already does. ISPs already share information about attacks between
themselves. The ECPA already allows potentially private information to be
shared as part of good-faith investigations of computer misuse.

I am personally much more cynical about the motives of major anti-CISPA
activists.

~~~
jellicle
>Here's the actual text of the bill, which of course doesn't say any of that:

Of course it does. Learn to read.

>Boing Boing, the EFF, and Demand Progress have seized upon the words "theft
or misappropriation of private or government information, intellectual
property, or personally identifiable information", claiming that they betray
an intent for CISPA to be used as a tool for antipiracy.

Yes, they "claim" that a law about the theft of intellectual property is about
anti-piracy. Heavens to Betsy! What will they claim next?

>I am personally much more cynical about the motives of major anti-CISPA
activists.

Do tell! What are the motives of Boing Boing, the EFF and Demand Progress?
They hate America, right?

Sorry tptacek, but your above comment is truth-free. If you have any actual
comment on the bill, feel free to make it. The bill says exactly what I said
it says.

~~~
Locke1689
tptacek already made a very reasonable claim about the bill which you have yet
to refute: that the bill doesn't make anything important legal that wasn't
already legal.

~~~
harshreality
Let's assume the ECPA already allows all the information sharing and immunity
from liability and disclosure that this bill allows.

1) This bill still says what it says, even if it is redundant.

2) Why is Facebook supporting this bill if it does nothing? They like risking
social capital for a no-op?

~~~
tptacek
This mindset, very common on HN, confuses me. It says, in effect, that it's
more important for us to pick sides and cheer on our teams than to understand
what is actually happening. If I said that about a Javascript library, I'd be
run off the site on a rail. But when I suggest people actually read the bills
they're yelling about, the opposite happens.

Why do I care whether Facebook supports the bill?

~~~
tedunangst
It's hard to show how right you are without proving how wrong someone else is.
Today you get to be the somebody who is wrong.

~~~
rayiner
He's not wrong. He's giving an argument based on a reading got the text of the
bill, while harshreality is giving an argument (it doesn't even rise to the
level of argument) based on nothing.

~~~
harshreality
If you want to read what the ECPA says, here's one relevant portion: 18 USC
2511 (2)(a)(i).

Whether it carves any exception into the ECPA privacy protections for
wholesale disclosure to 3rd parties as tptacek claims looks debatable. What's
not debatable is that that exception does not grant immunity from any other
laws if you disclose information to a 3rd party.

If tptacek had cited something supporting his position then there could be a
real discussion. As it is, all I can do is say his argument looks wrong,
Facebook and EFF also apparently think his argument is wrong, but since I'm
not a legal expert on ECPA and related laws, I can't say for sure that there
isn't some more obscure provision of ECPA that does say what he's saying.

~~~
tptacek
What's the law you think Facebook would be violating by sharing potentially
PII-encumbered data with another service provider incident to anything they
could claim was a legitimate investigation?

In other words: in the world we're in now, pre-CISPA, what's the specific
legal risk you think is preventing Facebook from sharing data?

It's certainly not the ECPA! The ECPA, like I've pointed out repeatedly,
specifically carves out an exception for service providers sharing
information, and makes no mention of anonymizing that data (ironically, it's
CISPA that brings anonymization into the picture).

You yourself make a not-invalid point, that ECPA doesn't prohibit sharing but
also doesn't shield providers from claims under other laws. I agree that if
CISPA is worth keeping, the language around immunity should be tightened ---
oh wait, it just was in the latest draft! --- but again:

For CISPA's sharing immunity to be a meaningful threat, you'd have to cite
some statute that could reasonably threaten (again, say) Facebook for sharing
information during an investigation.

Finally, I know it's annoying that I keep saying this, but: _providers already
share information about attacks_ , and it's not all anonymized or particularly
carefully targeted. I have firsthand knowledge of what they used to do a few
years ago, and understand that sharing has only increased since then.

------
Xuzz
Remember guys, this bill does pretty much nothing. If you read it, it simply
allows some completely optional data sharing for prevention against attacks.
However, in most cases, there is already no law against completely optionally
sharing data with the government or private security firms.

But, tptacek said it better than I can:
<http://news.ycombinator.com/item?id=3815912>

~~~
iamandrus
I'm trying to understand this bill better before taking a true stance on it.
Is there a possibility that the powers that it grants can be abused?

~~~
zotz
If one is a fan of the National Security State, this is a great bill. For the
rest of us, not so much.

[https://www.cdt.org/blogs/greg-nojeim/112cyber-
intelligence-...](https://www.cdt.org/blogs/greg-nojeim/112cyber-intelligence-
bill-threatens-privacy-and-civilian-control) :

\- The bill has a very broad, almost unlimited definition of the information
that can be shared with government agencies notwithstanding privacy and other
laws;

\- The bill is likely to lead to expansion of the government’s role in the
monitoring of private communications as a result of this sharing;

\- It is likely to shift control of government cybersecurity efforts from
civilian agencies to the military;

\- Once the information is shared with the government, it wouldn’t have to be
used for cybersecurity, but could instead be used for any purpose that is not
specifically prohibited.

~~~
tptacek
What information that service providers and app providers are currently _not
authorized_ to share under the 1986 ECPA would become lawful to share under
this act?

~~~
zotz
The vagueness of this bill IS the problem. Vagueness in the law makes for
really bad laws.

Give me one reason I should support this bill.

~~~
tptacek
I don't support it (I think it's a NOP designed solely to gain attention for
its sponsors), so I certainly won't be offering you any such arguments.

Where I take exception is with efforts to stir up hysteria about it.

~~~
zotz
Valid concern ≠ hysteria.

~~~
tptacek
Sure, that's true. But not all the concerns regarding CISPA are valid.

~~~
zotz
Which ones?

~~~
tptacek
See: every other comment of mine on this thread.

------
tzs
CISPA does not include domain seizure. Doctorow has a tendency to go for
sensationalism instead of accuracy. His writings are getting close to going on
my "automatically flag" list because of this.

~~~
voodoochilo
agreed, but it does not need to be included either because they simply do it
already.

~~~
tptacek
Words mean things. This is what Doctorow wrote:

 _CISPA, the pending US cybersecurity bill, is a terrible law, with many of
the worst features of SOPA -- surveillance and domain seizures and censorship
and so on_

But 'tzs is right. CISPA does not include "domain seizures" or, for that
matter, censorship. It's an information sharing mechanism.

------
MattBearman
The linked article doesn't have a source for this, but after a bit of digging
I found this page - <http://intelligence.house.gov/hr-3523-letters-support>
which does unfortunately list Facebook as a supporter. Looks like it's time to
delete my Facebook account, sigh.

------
Locke1689
Meta note: while usually it's considered good practice to leave the title of
the article, when the title of the original article is extremely opinionated
without direct explanation (this specific article is about Facebook supporting
CISPA, not CISPA being bad), I would consider it good practice to rewrite the
title to moderate the language.

------
jgrahamc
Shouldn't be any surprise there really. Facebook is now a major corporation
and is listed alongside Microsoft, IBM, Symantec, Intel, EMC, and Oracle as
supporting the bill.

<http://intelligence.house.gov/hr-3523-letters-support>

------
effigies
Are people really under the impression that Google and Facebook opposed SOPA
for surveillance reasons? SOPA would have broken the Internet so fundamentally
that they couldn't continue operating without special immunity from the US
Government. Failing something that serious, I wouldn't expect them to be on my
side, generally speaking.

------
Loque_k
Its funny, I remember starting out on the internet, I would never put an ounce
of "real" information on there and that was how people lived... now we have
facebook/myspace/twitter/"blogging" and people are happy to disclose all types
of personal information. Let alone geodata on photos.

As far as I can tell CISPA will only give out the information you provide to
them. As bad as it is, you can mitigate it by not giving people your
information on the webz?

~~~
Jilaris
I understand why some people can be upset, but when i think about what I enter
into websites... are people really under the impression the government doesn't
have this data?

The government knows my credit card numbers, they know where I live, they know
how much I make, etc. They don't give two shits that I bought new racketball
glasses yesterday on Amazon, and they really, really don't care that I posted
a new picture on facebook.

It seems to me the people who are really upset with this bill are the people
doing the illegal activity. Everyone is torn on the whole pirating issue
(probably because they love consuming for free), but the fact is that it's
still illegal in the US. I imagine the opponents of this saying "Oh, well,
look at these rights they're taking away from us!!" while they've got six
torrents in the background in an attempt to distract from the point.

~~~
Jach
See: "'I've Got Nothing to Hide' and Other Misunderstandings of Privacy":
<http://papers.ssrn.com/sol3/papers.cfm?abstract_id=998565>

~~~
Jilaris
I had a long post that talked about this paper, which you may or may not still
be able to see. If not, I'm replacing it with a much shorter version:

A 28 page PDF, which is single column, and takes up about 25% of a page is an
absolute joke. To think this has actually been deemed a "book" is outrageous.
Also, it's padded with comments he received on HIS BLOG. He references fiction
novels to prove points, and he generally skirts the question.

I read the whole thing, which honestly seemed like it had no real point, and I
still say (as a business intel guy): No company- no entity care about me or
you unless we do something very wrong. We're so full of ourselves thinking
"The government is going to read my e-mails!" The fuck they will; in the grand
scheme of things, your e-mails are as important as goose shit.

As I'm reading this PDF I get the feeling the author is under the impression
that for every person on the planet there are two more in a backroom somewhere
just following his life. We all need to get over ourselves. We're just not
that important.

------
smilinggila1
it's an election times, you have your votes to make the difference. why show
any surrender. use it to stop this bill. If republican is behind this then
vote for them, so did with the dems but if both of them inside then just vote
them out. As for the presidential election, push to all the candidates in
which running for the primary and the one who now incumbent. Vote for the law
from one of your party; then you're history. what I truly meant is that you
have to power right now. so use it. if any of the presidential candidate party
supported this bill, tell those presidential candidates either the challenger
or the incumbent; that the support from the people who love the freedom is
lost forever for them and their party should any of the candidate party member
who sit on the congress or senates support this bill. Against it then we'll
support your candidancy; is just that plain and simple. Truly there's no need
to black out the net. Please shared this to every one that love the freedom
ASAP.

------
loverobots
Horrible for us and internet in general, but probably as good as Facebook Inc
can do to protect ITS own, vast, interests. What if a key US Senator offered
them help with a privacy /cookie tracking bill in exchange for supporting
this? It's just one of the many possibilities.

Remember the Verizon-Google neutrality thing?

------
voodoochilo
since i "cancelled" my FB account 15 months ago i miss nothing.

------
leeoniya
i would me much more concerned if the contents of my email box were shared
than my FB profile. the government already has 100 ways to get at most of the
info i give to facebook and the rest is pretty meaningless. if i want to do
something questionable or off the radar, don't f*cking post it online or have
a trackable device with you while doing it. common sense 101 here.

case in point: if your data is transmitted without encryption or can be
decrypted by anyone other than you, don't expect privacy, the law is much more
flexible than AES.

