
The White House's Draft Cybersecurity Executive Order - 001sky
http://www.techdirt.com/articles/20120914/19280020390/leaked-heres-white-houses-draft-cybersecurity-executive-order.shtml
======
tptacek
Extremely boring. The executive branch has to work within the framework of
existing laws (like the ECPA) and cannot do things like shielding private
entities from liability. So where CISPA and Lieberman Collins had
certification programs and information sharing, this EO says only that an
"information exchange network" will be established to share "indicators and
warnings".

The overwhelming majority of this document has to do with security inside the
federal government, which is again the largest IT operation in the world.

~~~
samstave
I wonder if this EO stating the requirement for the information exchange
network is designed to serve as de facto budget approval for building it out -
circumventing any potential congressional blocks.

~~~
slurgfest
This was leaked, ergo it must contain something illegitimate and
embarrassing...

~~~
tptacek
"Leaked"? It's been shown verbatim to reporters.

~~~
001sky
_from the vague-enough-for-ya? dept_

\-- sub-heading.

~~~
tptacek
I'm not sure what this means. Techdirt here claims the EO has been "leaked"
(because that will drive pageviews). Reporters at real publications have
already read the entire order. It wasn't "leaked". Techdirt is just making
things up like they normally do.

Techdirt is horrible and people should feel bad for posting their stories
here.

~~~
001sky
_people should feel bad for posting their stories here_

Ad hominem or shoot the messenger? Take your pick...

~~~
tptacek
I'm shooting at the messenger for sure.

~~~
001sky
user: tptacek created:1780 days ago karma: 106,895 avg: 8.09

Nice... But you're off base.

~~~
001sky
viz "Reporters at real publications have already read the entire order. It
wasn't "leaked".

\-- This makes no sense. To those that are following along.[1]

_________

[1] "Draft Cybersecurity Executive Order" was marked for official use only.

------
HistoryInAction
Reportedly, this might be of more relevance: "There is apparently a different
executive order in the works, and it is described in this Washington Post
story [http://www.washingtonpost.com/world/national-
security/white-...](http://www.washingtonpost.com/world/national-
security/white-house-drafting-standards-to-guard-us-against-cyberattack-
officials-say/2012/09/07/0fbb173e-f8fe-11e1-a073-78d05495927c_story.html) as a
4-page executive order that would create voluntary standards to guide
companies in guarding themselves against cyberattacks, and would establish a
special council made up of key government agencies to identify cyberthreats.
The Cybersec Council would be led by DHS and would have representatives from
Commerce, Defense, Treasury, Energy, Justice and the DNI. That seems more of a
reaction to non-passage of the Lieberman-Collins bill, Title 1 of which would
have done all of these things, than does the 19-page order that Bloomberg
described."

------
danbmil99
I read this as "The White House's Daft Cybersecurity Executive Order"

which maybe would have been more entertaining

------
Zenst
The fact that this draft bill about cyber-security was leaked does in itself
highlight that they need to go back to the drawing board and rethink it.

One day this incident will be listed as the definition of ironic.

~~~
dguido
Uh, it's marked FOUO, not Top Secret, and it's going to be made public when it
gets issued anyway, troll.

~~~
001sky
Um, "leaked" like pg "not marked top secret" email? Lots of reasons to "leak"
all kinds of data. Leaked simply means distributed prior to official release.
This is likely a "trial baloon" or sum such. then, they change it after the
criticism to avoid further embarrassmnet, nor not. either way.

~~~
tptacek
What does that even mean? Graham sent an email blast to hundreds of people
with negotiation advice in it. The problem isn't that the mail got out --- of
course the mail got out. _He sent it to a giant mailing list_.

The problem is that publications like Venturebeat and Techdirt went to town on
the email spinning it into something it wasn't. And the problem is people who
promote that cynically packaged excreta on sites like HN.

~~~
001sky
_Uh, it's marked FOUO, not Top Secret, and it's going to be made public when
it gets issued anyway, troll._

.....

FOUO=for official use only, ie = confidential

pg internal email = confidential [1]

almost all leaks = confidential

a PR before embargo = confidential

......

 _What does that even mean?_

This is the world we live in...Leaks are a form of "black hat" PR [2]

......

Calling someone a [troll] for suggesting this may be a [trial baloon] seems
un-intelligent at best.

Whether or not its good policy or bad or good pr strategy or bad is a fair
topic of discussion.

.......

[1] This was a simplification of "internal", if it technically includes
portfolio companies that are legally distinct entities from YC. But being
pedandtic here is off point. This was being illustrative that "all kinds of
data could be leaked", and in particular all manner of private, non-
governmental information, that for whatever reason, people feel should not be
sent to the press and have a reasonable expectation of privacy around.

[2] I.e. The leak can be by a friend or foe, for information or dis-
information, etc.

~~~
tptacek
It's easy to keep an argument going if you just ignore what the other party
says and repeat your talking points over and over again. But my last comment
was pretty simple: Graham's "internal" mail, which went to hundreds of people
on a mailing list, wasn't "confidential".

For that matter, "FUOU" is _explicitly not_ classified.

If you can't make a reasonable analysis of something as simple as Paul
Graham's mail to YC companies, what makes you think you're a credible critic
of public policy, which is much more complicated?

~~~
001sky
_Graham's "internal" mail...wasn't "confidential"_

And Pg and other VC's don't sign NDAs but confidentiality is understood in
certain areas...almost all communication relating to corporate finace and
investment, BOD internal deliberations, communications for example...

 _For that matter, "FUOU" is explicitly not classified._

Again, this is off-point...its not "official" use to send internal
<government> documents to the press for "public" consumption. This is really
"rookie" 101 type stuff, things that in a BigCo job are subject to all kinds
of intenal compliance procedures...ect...not even debatable

In addition, there are disclosure rules around market moving informations, and
all kinds of stuff...

Routinely dis-respected, but thats another story.[1]

__________

[1] These rules typically apply to Public companies, and revolve around
providing fair access to information for retail investors and the like. Reg FD
is an example.

~~~
tptacek
Also easy to keep an argument going by saying "my point is understood to be
correct" instead of backing it up. You seem to be having a hard time with the
point that Graham sent his negotiating advice to a _giant freaking mailing
list_ with _many tens of companies on it_.

If he wanted it confidential, he wouldn't have done that. Graham is many
annoying things but an idiot is not one of them.

~~~
001sky
_Also easy to keep an argument going by saying "my point is understood to be
correct"_

Citations: On NDAs an etc.

....

Why a VC Will Take a Lighter to Your NDA - Wilson Sonsini

[http://startuplawyer.com/venture-capital/why-a-vc-will-
take-...](http://startuplawyer.com/venture-capital/why-a-vc-will-take-a-
lighter-to-your-nda)

Why Most VC’s Don’t Sign NDA - Foundry Group

[http://www.feld.com/wp/archives/2006/02/why-most-vcs-dont-
si...](http://www.feld.com/wp/archives/2006/02/why-most-vcs-dont-sign-
ndas.html)

One More Time: No NDAs - Anil Dash

<http://dashes.com/anil/2010/05/one-more-time-no-ndas.html>

From PG: YC Library <http://ycombinator.com/lib.html>

The Cult of the NDA.

tl;dr "Cases where trade secrets and/or patents are both protectable and
essential are rare."

<http://www.frozennorth.org/C509291565/E1939404619/index.html>

.......

Lots of communication happens in _confidence_ , but not under NDA for various
reasons.

~~~
tptacek
None of this, none of it at all, has anything to do with what happened to Paul
Graham.

~~~
001sky
_None of this, none of it at all, has anything to do with what happened to
..._

Nice try _again_ , but this is directly addressing something else altogether.
It seems to show, that you most likely have never personally handled
information at this level.

You're just wrong to think unless something is "TOP SECRET" and a government
document, its not a "leak" in contemporary usage.[1] YC's email that ended up
public was not meant to be public, however you want to debate the wording. It
was provided here only as an illustration people are familiar with. There is
no opinion expressed here about the situation, nor implied (its been discussed
by PG on numerous threads).

There are well-trodden notions of confidentiality, privlege, and confidence
outside of govenment. Things that are familiar to people operating at the
level of founders, vcs, board members, etc. If you are't familiar with this,
that would explain some of your comments. You were the one who needed a
citation. Here is a typical excerpt:

 _Most other folks are too nice to actually mention it, but since I'm not a VC
or big deal business tycoon, I'll just say the most important point outright:
Asking for someone to sign an NDA also often makes you look amateurish. --
Anil Dash_

But, that would genuinely surprise me, to the extent I almost don't believe
you would not be aware of this. I'll be charitable and assume you mis-read or
mis-interpreted what I wrote. It seems most likely you mis-inferred something
about what may or may not follow as a result.

For this reason, you'll note there are [now] more footnotes and citations, for
the benefit of others. [This was one]. Some of these were added after you made
initial comments -- I'm happy to take advice to make things clearer -- and I
happy to aknowldege these changes.

_______

[1] _The original post is at ... and includes a leaked email ..._
[http://uncrunched.com/2012/09/07/turning-the-drama-down-
on-y...](http://uncrunched.com/2012/09/07/turning-the-drama-down-on-y-
combinator-v-google-ventures/)

[edited for tone]

