
Obama Will Veto CISPA Unless Changes Are Made - llambda
http://livewire.talkingpointsmemo.com/entries/obama-will-veto-cispa-unless-changes-are-made
======
tptacek
Note to poorly-informed HN readers: the conflict playing out here isn't --- IS
NOT --- between the GOP which wants intrusive monitoring of Facebook and the
Obama camp which wants government to keep its grubby paws off private data.

Instead, what's happening is that policy people in the Administration believe
we need _extensive further legislation and rulemaking_ to ensure that computer
systems which are in any way "vital to the national interest" are kept
"secure", where a final definition of "security" is sure to rest on "XXX hours
of $400/person/hour time from a Raytheon or Lockheed subcontractor".

Restated†:

The GOP:

* Wants Government to keep its hands off private networks

* Does not currently see "cybersecurity" as a subject worth increasing Executive power over (possibly a side effect of who controls the Executive)

* Is, true to form, pursuing a policy of finding minimalistic ways of allowing private industry to self-regulate the problem away

* Is marginally more likely than the Democratic Administration to want to concede privacy concerns to private industry and away from end-users in the service of this goal

The Democratic Administration:

* Generally believes itself to be at (undeclared, cold) war with China over information systems

* Believes Government intervention is going to be required to protect utilities, communications, military, and trading exchange networks

* Is marginally more likely than the GOP to want to enact rules regarding information privacy that protect end-users from private industry --- but _not_ from the Government.

The animating concern regarding CISPA to HN readers is privacy. You should be
aware that privacy is a third- or fourth- tier concern of both factions in
this policy debate. The real concern is: does private industry tackle the
"China hacker problem" itself, or does the Government step in?

Excepting that the only mechanism the government has to add security to any
network (private, public, or military) is to purchase blocks of Raytheon
hours, I don't even disagree with Obama: the security of many networks that
are _prima facie_ vital to the public interest are not only a shambles, but
continue to degrade in quality as rounds of purchasing and infrastructure
upgrades continue to execute without any serious attention given to software
security quality. Look at the "Smart Grid" for the most obvious example, but
there are more, such as SCADA networks that are "modernizing" into web-based
systems with circa-2005 levels of application security. The Administration is
not wrong that CISPA doesn't go far enough --- and again: that is the central
conflict here, that CISPA _does.not.go.far.enough_ \--- but they have no
effective mechanisms to bring to bear to improve the situation either. Their
vantage point implies a bonanza for giant government contractors like Lockheed
and SAIC.

Be careful what you wish for, especially if all your opinions about CISPA came
from EFF. For the first time, my perception is that the EFF is running with
this CISPA issue not out of genuine concern over policy, but because it's a
vehicle for fundraising off Internet rage. And look at the result: stories
where the Democratic Administration looks like a white knight. Wow, is that
ever the opposite of what's actually happening.

† ( _and please note I'm a dollars-donating supporter of the Democratic party;
I support public schools and believe in single-payer health care --- but party
identification is unavoidable here and vital to understanding what is
happening_ )

~~~
dillona
The United States government has spent and will continue to spend untold
millions understanding these threats and studying the situation and
techniques. In addition they are targeted by both more numerous and more
advanced attacks than any group in the private sector by far.

Without a doubt no organization in the world knows as much about cybersecurity
as the United States government, and up until now all of that knowledge has
been held from the private sector behind many layers of classification. Don't
you feel that it could be beneficial for the public to have a path for the two
groups to work together?

~~~
tptacek
The "US Government" isn't a coherent whole when it comes to information
security, so I find your comment hard to respond to. However:

"Without a doubt no organization in the world knows as much about
cybersecurity as the United States government"... I've been a practitioner in
this field since the early '90s; I know not one other practitioner who shares
that opinion.

~~~
joubert
Honest question: do you think there's a group/organization that knows, on
balance, more about "cybersecurity" than the NSA?

~~~
hnhg
Yeah, the parent makes the point not to conflate the NSA with 'the US
Government'. There's the adage that a team is only as good as its least able
member - guess that would apply to the US Government's knowledge of IT
security.

~~~
waterlesscloud
Whereas that may apply in terms of effectiveness, the opposite applies in
terms of knowledge.

------
geophile
... or until he caves, yet again.

~~~
geophile
Why was that downvoted? The guy has a track record. He was dead-set against
telecom immunity, before he voted to support it (back when he was a senator).
He was for repealing the Bush tax cuts until he wasn't. He caved on budget
negotiations when he agreed that the deficit was the biggest budget problem.
He was all for closing Gitmo until he wasn't. He was against signing
statements until he got into office. His record on civil liberties (domestic
spying, FOIA, strip searches -- he argued for the majority opinion, domestic
use of drones) has been in stark contrast to the sort of things he was saying
when he was a candidate.

I think he has proven that statements beginning with the words "I will" must
be taken with a large grain of salt. In fact, with CSIPA you can already see
it happening -- the weasel words to note are "in its current form".

How can you believe his progressive-leaning statements any longer without
being completely naive?

~~~
tptacek
I downvoted it because the comment was content-free. "Backs down" from what?
What's the likelihood that a random HN commenter intends to communicate
support for the 2012 White House "Cybersecurity" agenda with a comment like
that? Epsilon.

As for your "in their current form" innuendo: that would be clever, except
that the Administration has for several years communicated loud and clear what
their agenda is on this subject. That it is surely something you will not
approve of (likelihood that random sampling of HN readers will go apeshit over
what the Obama Administration wants to do vis a vis cyberspace: 99.999%)
doesn't make it "weaselly". They've been anything but weaselly on this topic.

