CISA enables information sharing only in the context of "cyber attacks" (a term defined reasonably precisely in the bill). Essentially, what CISA says is that companies can run intrusion detection systems (like they already do) and then share the alerts with DHS.
PRISM is, as far as we can tell from the leaks, a tasking system for FISA 702 warrants. FISA 702 warrants can pertain to any foreign intelligence target. They have virtually unlimited scope (as does foreign signals intelligence as a whole).
I think this is a distinction with a big difference, but leaving that difference aside: the mention of PRISM is clearly an emotional appeal, and sets the tone for the rest of the open letter.
CISA is also at pains to avoid the sharing of PII (again: since CISPA, and the Rockefeller bill before that, these bills have been intended essentially for IDS alert sharing). It also does not shield companies from liability for sharing information via FISA 702 requests: the only liability protection CISA sharers get is for information shared to prevent cyberattacks.
† Given the little we know about PRISM, that is.
Surely companies in the US can today report to the police if someone gain illegal access to servers, do a DDOS, or sends fishing/malware to them. If the police then involve the FBI with the case while requesting relevant customer information, what laws would the company break from complying?
In any case, this issue is so far down the list of things the average American is concerned about that it's impossible to imagine meaningful change happening because of it.
If you keep throwing the bums out -- and don't tell me that's impossible, no matter how many ads they buy they can't directly control what vote gets cast -- eventually you'll have bums in office who have a better sense of self-preservation. There's a very smart epigram along the lines of, the way to get good policy is not to elect good politicians, because such beasts hardly exist or get corrupted fast: it's to give bad politicians an incentive to act good. Let's give our bad politicians a nice strong incentive to oppose the surveillance state, hey?
The public is clearly capable of voicing moral outrage: see gay marriage, abortion, and the Black Lives Matter movement. Where are the protests about surveillance? Why haven't the data-driven, opportunistic people who run campaigns identified this opportunity and seized it? Where are the people who care outside of HN and the rest of the internet libertarian community?
If you could find the votes to enact such a strategy in a way that politicians would understand they were being punished for surveillance and not just subject to the irrationality of the American people like they always are, wouldn't it be much simpler to rally those people around support for a candidate that will actually dismantle the national security apparatus?
Not so! I think that the number of people who care about surveillance is small, and the number willing to change their vote because of it is microscopic. But, you know what? Nobody said lobbying for political change is easy.
> If you could find the votes to enact such a strategy in a way that politicians would understand they were being punished for surveillance and not just subject to the irrationality of the American people like they always are, wouldn't it be much simpler to rally those people around support for a candidate that will actually dismantle the national security apparatus?
It would be simpler, but it would be less likely to succeed. Even if you find such a candidate, and even if they were sincere in their promises, they're still likely to end up steamrollered by all the other politicians who don't meet those standards. If you change the incentives, though, you've changed the entire system and now all the insincere politicians -- which is 95% of them -- are on your side. Victory will inevitably follow.
You see how it sounds?
*Obligatory internet disclaimer: This is a analogy.
On a sidenote, I think this kind of thinking has the potential to stray into a purist and idealist kind of dead-end exercise in frustration.
Also, the blog you linked to is from the same organization that wrote the article we are looking at.
Here is the bill's actual text:
This is what, the 4th incarnation of this bill?
Fun fact: the third incarnation is much worse than the second, which EFF/FFTF vigorously (and, I think, dishonestly) campaigned against.
Virtually nobody who campaigns against these bills ever takes the time to read them, despite how remarkably easy it is now to read not only the bills but the amendments it collects as it goes through the legislative process.
And still, as you can see on this very thread, most of what we get in the way of commentary is stuff about how this is being "snuck past the American people" --- as if 85%+ of Americans wouldn't automatically favor anything with the word "cybersecurity" in it.
(I was ambivalent about CISPA, and am not ambivalent about CISA; CISA is a bad bill. I think CISPA's opponents bear some small responsibility for that badness.)
You must have more free time than I do. I'm satisfied to let the EFF read it and base my conclusions off of theirs.
I believe a lot of the stuff that was "defeated" in the past, got inserted into the recent "net neutrality" ruling that had the internets cheering! (800 pages if I recall, so I didn't read it to find out for sure.)
They will not stop-- law enforcement types have permanent jobs and they're there each year claiming they need more and more control/surveillance.
A company or institution cannot introduce or vote on a law, a Representative or Senator can
Want to stop this from happening, and make our elected officials more responsive to the people who elect them? Fight for campaign finance reform. That one fight will do more to "fix government" at all levels (i.e. make it responsive to the people) than just about anything else.
Because the people who want this as law are assuming that at some point they'll be able to sneak it past the American public.
Is there a complete list of who endorsed this? Google is turning up very little.
The teacher used those number in her argument that piracy was literally the same as stealing a car, while admitting that even she did it.
It makes me depressed that major companies still support such an idiotic organization.
I know in some districts electing a member of the opposite party (and this being a cross-party issue that can be a crap shoot) is not going to happen, but we can work to primary-out the damn fool. The only way politicians are going to listen is if you take their seat away. If you make them fear you if they even think about introducing legislation then you win.
From a consumer point of view, it also makes sense to avoid "officially tapped" (read "US") services.
In the long run, it looks to me that gov't is laying the foundation of the demise of its own surveillance program because no one in his right mind would want his data in the US anymore, even less so if you're not an American company. Except for the German government, of course.
What do you mean?
Each of the above provably happened and the responses were (in descending order of their "strength"):
- the chancellor cancelling the phone contract with Verizon
- asking the US for an apology (didn't happen)
- asking the US to sign a no-spy treaty (which would be purely trust-based - no control possible and still the US refuses to sign it)
-- end of list --
Note the absence of lawsuits, demissions / resignations and "diplomatic tensions".
- Not caring that its intelligence agencies are selling their own citizens metadata (and content)
This has not been proven (yet).
Also agrees with the other answer that goverment contracts will be dropped.
> granting companies blanket civil and criminal immunity from any existing privacy law in the process.
Immunity from civil and criminal liability is something companies might unsurprisingly be interested in.
One doesn't need to suppose dramas where they are worried about being blackballed from government contracts unless they support it, as other commenters do. Their self interest in the provisions of the law itself which lessen their vulnerability to civil lawsuits or criminal prosecution seems sufficient. It's more of a bribe than a threat.
The funny thing about your made-up reason? It's actually forbidden by statute in the very bill we're discussing.
This is the new peace. The NSA won't attack your business, and your business will become a part of the national security apparatus.
Disclaimer: I work for Pivotal Labs, PWS is run by another division of the same company.
“At Salesforce, trust is our number one value and nothing is more important to our company than the privacy of our customers' data,” said Burke Norton, chief legal officer, Salesforce. “Contrary to reports, Salesforce does not support CISA and has never supported CISA.”
Disclaimer: I helped build AppFog as a contractor.
Mostly, I trust the way it's built. Apart from components integrated from upstream, every line is TDD'd and 100% pair programmed.
You can use public installations on Pivotal Web Services (by the company I work for) or BlueMix (by some plucky startup from Armonk). Or you can install your own on OpenStack, vSphere or AWS.
Now granted I pay about $300/month for the VM I have with my hosting provider, but I can pick up a phone at any hour and talk to a tech when things go south.
I really don't care how good a service is, I want to talk with a breathing human being when my business is down.
You do get support for no additional fee, but you can pay for additional access to support staff. That said, they've always been quite responsive to our requests, with a fairly short turnover time by email.
It is however customary in the industry to pay for additional levels of support:
High-availability, automatic failover, managed, with diamond-cut SSDs I hope? Who are you with? For that money you should just pick up a box.