Hacker News new | past | comments | ask | show | jobs | submit login
CISA passes Senate (eff.org)
281 points by heimatau on Oct 27, 2015 | hide | past | web | favorite | 73 comments

Interesting votes:

  Nay		  I  	Sanders, Bernie	VT
  No Vote	  R  	Cruz, Ted	TX
  No Vote	  R  	Graham, Lindsey	SC
  No Vote	  R  	Paul, Rand	KY
  No Vote	  R  	Rubio, Marco	FL
Above from GovTrack [1]

Note, the Guardian [2] has Sen. Graham as voting yes. > Democratic presidential contender Bernie Sanders voted against the bill. None of the Republican presidential candidates (except Lindsey Graham, who voted in favor) were present to cast a vote, including Rand Paul, who has made privacy from surveillance a major plank of his campaign platform.

[1] https://www.govtrack.us/congress/votes/114-2015/s291 [2] http://www.theguardian.com/world/2015/oct/27/cisa-cybersecur...

That kind of makes sense, because the bill cleared its cloture vote with overwhelming support, and if you follow the amendments from the beginning, pretty much everyone seems to have had their fingers in it. There's nothing anyone could have done to change the outcome.

But it's much easier to tell a reporter, "I voted against CISA" than it is to explain cloture.

Then why didn't any candidate except Sanders vote against it?

Paul for example is running for President. He has to be at the debate if he even wants to pretend to still be in the running. Could he be in both places in the same day? I don't know, I guess you'd have to find out how plausible that is in terms of debate preparation.

I didn't realize the Republican Debate was tonight. Either way, they will get another chance to cast a vote on the conference report.

"I did not vote for CISA"

The tech world badly needs the equivalent of the NRA. We need to routinely be grading politician voting records [1] on privacy focused bills. If a politician votes against privacy, then they should be forced to fear a highly contested re-election.

If it works for guns and the tea-party, then why can't it work for tech?

[1] https://www.nrapvf.org/grades/

The EFF is already the most reliable org fighting for our digital arms. As far as comparison to the NRA, I suggest GOA[1] is a better model. The NRA is only a fair weather friend of the 2nd.

[1] http://www.gunowners.org/114hrat.htm

The EFF is probably as good as it gets for digital privacy issues, unless it becomes a widespread concern for millenials.[1] When you're a small minority like digital privacy activists are, using the legal system instead of the ballot box is your proper recourse, by design. Money would help, somewhat, too, but I'm not sure the tech companies with deep pockets actually support the digital privacy agenda in more than a tepid way.

[1] Which I doubt. Eventually, you'll have millenial senators. But I am guessing they will still care more about terrorism, chinese hacking, etc, than electronic privacy.

Somewhat perversely, Chinese hacking largely _is_ a privacy issue, just not individual privacy. The reason why Chinese hackers in particular are of concern is (1) they seem to engage in substantially higher levels of corporate espionage and (2) are outside of jurisdictions where such things can be appropriately disincentivised / punished [Although there are some signs China might start playing ball as they develop more domestic proprietary information].

There's a data science hurdle -- can e.g. the Russian mob filter though mass hacked email and facebook accounts to find blackmail material that has reasonably good returns with minimal personal time investment -- before the two become one and the same. If we end the decade before we have public conversations about (modulo details) an email from yourself saying 'send money here or we will forward this email to your employer/spouse', I would be surprised. Until then, people only have privacy because there's no economic incentive to shatter it. There are no rules. Yet.

> unless it becomes a widespread concern for millenials

Why do you think millenials don't care about privacy?

This news is #2 on the Reddit homepage right now, and did you not see Reddit explode (and blackout) over SOPA, either?

Not for this stuff. The EFF has no lobbyists in Washington DC, in fact doesn't even have an office in Washington DC. What they do, they do well: Litigating in court. But don't give them money to influence Congress.

But the EFF sided with Greenpeace, which IMO makes me question their sanity

> If it works for guns and the tea-party, then why can't it work for tech?

Because a viable critical mass of people are willing to be single-issue voters when it comes to guns. And that's the case because gun ownership is deeply ingrained into the culture of many parts of the country.

Neither is true for electronic privacy.

I remember being somewhat surprised by the regional success of the various Pirate Parties, which seem to be close to single-issue parties, at least if you consider the constellation of things around copyright/privacy/patents to be one issue. In fact their main problem seemed to be that they tried to turn into more than single-issue parties, at which point they collapsed into in-fighting because they didn't agree on anything else. But it suggests that, at least in some regions, there's a significant minority of people willing to single-issue vote on those issues. The U.S. so far doesn't seem to be one of them, but I'm not 100% confident that an organization rating candidates on EFF issues in a scorecard-style way couldn't have at least some influence, if it got enough recognition/PR, even if obviously not as big as the NRA's.

That doesn't work in a system like in the United States where we directly vote for a candidate who needs 50.1% of the vote. In most (all?) if the European countries where the pirate party has experienced success, 15% of the vote equals ~15% of the representation. In the US 15% gets you 0% representation.

> That doesn't work in a system like in the United States where we directly vote for a candidate who needs 50.1% of the vote.

First, 50.1% (or 51% or 50% + 1, more common alternative descriptions) is an inaccurate description of the requirement in a majority/runoff election, "greater than 50%" is correct (since votes are always in whole numbers, 50% + 0.5 would also be a correct minimum threshold.)

Second, many single-winner elections in the US are plurality rather than majority/runoff, for which the threshold is actually "greater than any other candidate" not "greater than 50%".

Third, the system used for elections is subject to change (in many states, through citizen initiative, so the "but the incumbents will never vote for it" objection doesn't apply), so, "it doesn't work in the existing electoral system" isn't really a reason something won't work, just a reason why making it workable also involves advocating for change in the electoral system.

You know what I meant on the 50.1 thing, so I'm not going to get into that.

I'm not saying the system we have now is the best one or that it can't be changed. I was just responding to the parent's question of whether a small single issue party could gain traction in the US like the Pirate Party has in other places. Our current system makes that nearly impossible at the national level.

There is only one obvious issue that could get the masses to fight the anti-privacy bills - the one they usually come bundled with, i.e. copyright. Most people will start to care when you deny them their pirated Game of Thrones or threaten to actually put them to jail for that House of Cards download. Obviously, this is something EFF can't get behind.

Incidentally, what started the huge European movement against SOPA was, AFAIR unrelated, coincidence - the FBI riding Megaupload. Most popular video streaming sites (which were using Megavideo as a video source) suddenly stopped working and the population of Poland went to the streets to fight against SOPA, realizing that the thing is serious. It's amazing how much activism you can get by depriving someone of the next episode of their favourite show.

The NRA is a good model for EFF in that the EFF really needs to grow their rank and file membership. Right now, not enough non-techie people care, or even know what EFF is. It is why what Snowden did was important (agree with it or not), because it pushed the tech privacy issues into mainstream awareness.

The reason for that lag is not some campaign which loses to the mainstream media, but a market driver. Think of all the people who were shocked after it was discovered that Samsung TVs could arbitrarily send background voice data back to a C&C. EFF done a good job there, but they always make it some rare thing. Parker Higgins' tweet about that seeped into the consumer space and Samsung probably suffered greatly, and the public were better off.

Now there are stories of Intel chipsets having all kinds of weirdness in them, and it is not sufficient to sit on the fence here. Things are changing

who is our Charleton Heston?

Pierre Omidyar perhaps, to go with the Lessig mention. He has the money and has put some of it where his mouth is.

Lawrence Lessig?

Edward Snowden from afar? Feels like he's involuntarily taken the torch from Aaron Schwartz.

More like John Oliver

We just need our own Waco or Ruby Ridge, I thought that would be Snowden but I guess I was wrong.

I've, for the past couple years, had an idea for a PAC specifically for tech issues. The PAC would also monitor and rate politicians stances on tech issues (I have a list of stances that would be part of the mission: net neutrality, privacy protections, data portability, and a few others). I've just never pushed very far with it.

You might like a pair of CNET columns I wrote 13 years ago calling for a PAC for tech issues:



I interviewed Grover Norquist, founder of Americans for Tax Reform, for one of the columns; whether you agree or disagree with him, he's an able advocate for his issues. Here's what he said:

"One of the most important things the tech industry can do is a rating," Norquist says. "Every politician in this country wants to tell you that he's tech friendly...Pick 10 or 20 issues and give ratings. Then people who say they're tech friendly but they're not--there's a cost to that. You as a tech group don't have to advertise that. The candidate running against that person will promote it. It certainly puts the lie to some people running around who say they're tech friendly and don't have the records to back it up."

I also wrote some Perl code to scrape Thomas and create tech voting guides for Wired and CNET with an interactive Javascript map. Unfortunately I think the Wired one has died in a redesign, and the CNET one no longer works either. :( http://www.cnet.com/news/technology-voter-guide-2006-grading...

Push forward with it so the tech community can have a more full throated voice on issues involving the tech community. Politicians need to be afraid of losing elections.

Does there not already exist an organization that rates politicians on those issues? I would be very surprised.

I would also be very interested in this. Will do some research.

The hardest part is coming up with a thoughtful rubric.

I agree that we need some sort of "internet voters guide" or rating system for existing legislators. If the two of you (or others) would like to work on it, shoot me an email (in profile). This is the sort of thing Taskforce.is would love to work on I think.

> The tech world badly needs the equivalent of the NRA.

The NRA -- as a lobbying organization -- is a single-issue lobbying organization with an incredibly straightforward mission.

"The tech world" isn't an issue like "gun rights", and can't support an NRA-like organization. A more specific privacy-oriented viewpoint with the kind of simplicity and clarity that the NRA's mission has might -- but it would have only limited correlation to the "tech world" in its support.

Privacy is a resonably coherent subject, especially in the context of telco/internet regs. It's also a coherent area of constitutional law (bill of rights).

The "tech world" just seems like a straw man and easily falls down, for the obvious reasons.

Please don't conflate tech and privacy. From a tech perspective, there are very useful and interesting public safety projects that can come from interdepartmental data.

>privacy focused bills

How much tech revenue depends on spying on people and then selling advertisements? I have no idea, but it seems like a lot.

At worst, I'll get annoying advertisements for burqas. Don't see how these are comparable.

You mean like the EFF...

EFF is a 501(c)(3) organization, which isn't permitted to support or oppose candidates in an election. EFF can take a position on proposed legislation, but not on political candidates.

The EFF is too splintered for this goal. They do fantastic work in courts, but they don't currently have the resources to lobby successfully.

They began to start grading politicians, but it has since been neglected: https://standagainstspying.org/

That said, they are currently our best option. You can support them by donating ( https://supporters.eff.org/donate ) and setting them as your Amazon Smile charity.

Go even further and be a GOA, perhaps in addition to an NRA equivalent just to push the Overton window.

The NRA's power comes from its perfect political triangularity with a certain, vital voting bloc. There is no equivalent for digital rights.

Because ordinary voters care about "safety" than privacy.


According to https://en.wikipedia.org/wiki/National_Rifle_Association#Fin... the NRA receives the majority of its funding from small donors. I don't know what you consider "unbelievable", but it seems like the lack of corporate support wouldn't stop an organization like the NRA.

EFF isn't getting it: powerful and rich people want this bill to pass for increased government surveillance, control, financial contracts, and bribes. It's probably that simple. They didn't make a mistake any more than they accidentally give the Pentagon or defence contractors ridiculous sums of money for useless stuff that just keeps people employed in their districts, their stock portfolios in the black, and their campaign funds full. This is part of systematic corruption. They just don't give a shit, they have incentives not to, and agencies promise them an exemption which they believe. (Wait, there's the mistake.)

Aside from huge voter push, the only thing that could change it would be similar money and power pushing in the opposite direction. Not talk, not lawyers, not faxes: one or more groups paying for and demanding curtailing of mass surveillance with ability to disrupt contracts, bills, or the politician's careers. Right now, only the pro-surveillance people are in that position. So, they're winning and will keep winning until people get how the system really works and make it work for them.

Goes way beyond that...

On the NSA/spying...

The (mass surveillance) by the NSA and abuse by law enforcement is just more part and parcel of state suppression of dissent against corporate interests. They're worried that the more people are going to wake up and corporate centers like the US and canada may be among those who also awaken. See this vid with Zbigniew Brzezinski, former United States National Security Advisor.


Brezinski at a press conference


Here is my problem with EFF: They are raising a stink and not providing any cited evidence. In Wikipedia terms-- [citation needed]. Take any article published by them and count how many links deep you have to get to any actual information and not just general opinion. I still haven't found anything that goes through the bill and explains what the problem is citing the text of the bill.

This is an actual opening sentence from some material the EFF published: "Although grassroots activism has dealt it a blow, the Senate Intelligence Committee's terrible bill, the Cyber Intelligence Sharing Act(CISA) keeps shambling along like the zombie it is." It's hard for me to get behind an organization that writes like this.

What I dislike about all the crazy right-wing emails I get is it's all inflated scare mongering and no actual sourcing. The EFF's publications are getting way too similar and it saddens me.

Now, on the flip side, I have yet to see the authors of this bill really put out much material that relates the bill in simpler terms. For that, I am also saddened.


TL;DR: More surveillance under the guise of "Cybersecurity"

Enormous multi-national corporations should not function as an extension of our Government. This is the separation of church and state debate all over again.

Sure, the US needs a separation of state and economy for the same exact reason and state and church - any mingling generates intense, dangerous corruption. You'll never see that separation however, because 2/3+ of the political class are heavy statists that like to accumulate perpetually greater amounts of power - and to accumulate power, you must have control over the economy.

I think you've got it backwards. For the last 200 years, the government has mostly functioned as an extension of wealthy people/corporations. Heck, the revolutionaries of the Boston Tea Party were upset that legally imported British tea was cheaper than the colonists' smuggled Dutch tea. The USA was founded by merchants trying to avoid competition.

Well yeah, the US government has a mandate to protect commerce.

"Enormous multi-national corporations should not function as an extension of our Government"

You've demonstrated you're completely historically illiterate. It has always been thus, you're just becoming aware of it.

From war is a racket:

"I helped make Mexico, especially Tampico, safe for American oil intersts in 1914. I helped make Haiti and Cuba a decent place for the National City Bank boys to collect revenues in. I helped in the raping of half a dozen Central American republics for the benefits of Wall Street. The record of racketeering is long. I helped purify Nicaragua for the international banking house of Brown Brothers in 1909-1912. I brought light to the Dominican Republic for American sugar interests in 1916. In China I helped to see to it that Standard Oil went its way unmolested."[p. 10]

"War is a racket. ...It is the only one in which the profits are reckoned in dollars and the losses in lives." [p. 23]

"The general public shoulders the bill [for war]. This bill renders a horrible accounting. Newly placed gravestones. Mangled bodies. Shattered minds. Broken hearts and homes. Economic instability. Depression and all its attendant miseries. Back-breaking taxation for generations and generations." [p. 24]

General Butler is especially trenchant when he looks at post-war casualties. He writes with great emotion about the thousands of tramautized soldiers, many of who lose their minds and are penned like animals until they die, and he notes that in his time, returning veterans are three times more likely to die prematurely than those who stayed home.


US distribution of wealth



The Centre for Investigative Journalism


Some history on US imperialism by us corporations.


I'm not sure how you came to conclude that I wasn't aware of the long history of corporate and government collusion. My point is very clear, it shouldn't be legal.

The problem you're not seeing is that no law will ever be passed that goes against it because the rich people that have been ruling you for the past 200+ years don't want it.

You don't seem to be historically literate at all. I suggest chomsky. And the book by the trilateral commission.

Book link:


Crisis of democracy - chomsky


Manufacturing consent:



What is the bigger picture here, what is really happening?

Europe also wants to regulate internet traffic, at the same time an internet law is passed and both us and europe want a broader commerce union with TIPP.

Are all these tools implemented to eventually censor people who will disagree with all that is coming with this new union? something like china does with everything that is against the party? what are they trying to do to our society with these baby steps?

Does the final version produced by the conference committee require revotes in the House and Senate again before heading to the President for signature?

The gap between US lawmakers and the EU is only widening when it comes to Privacy matters. This vote only lends more credence to the EU's decision earlier this month to scrap Safe Harbor [1].

[1] https://www.schneier.com/blog/archives/2015/10/european_cour...

> Does the final version produced by the conference committee require revotes in the House and Senate again before heading to the President for signature?

Yes. The House and Senate must actually pass the same bill, not merely similar bills.

Thanks! So there is more time to voice concerns with elected representatives.

What impact did Facebook's lobbying have on this?

Wonder if TPPA and CISA are related somehow.

The final bill passed with a resounding 74-21 (https://www.govtrack.us/congress/votes/114-2015/s291). Here's the list of people who voted for it:

D Bennet, Michael CO

D Blumenthal, Richard CT

D Boxer, Barbara CA

D Cantwell, Maria WA

D Carper, Thomas DE

D Casey, Bob PA

D Donnelly, Joe IN

D Durbin, Richard IL

D Feinstein, Dianne CA

D Gillibrand, Kirsten NY

D Heinrich, Martin NM

D Heitkamp, Heidi ND

D Hirono, Mazie HI

D Kaine, Timothy VA

D Klobuchar, Amy MN

D Manchin, Joe WV

D McCaskill, Claire MO

D Mikulski, Barbara MD

D Murphy, Christopher CT

D Murray, Patty WA

D Nelson, Bill FL

D Peters, Gary MI

D Reed, John RI

D Reid, Harry NV

D Schatz, Brian HI

D Schumer, Chuck NY

D Shaheen, Jeanne NH

D Stabenow, Debbie MI

D Warner, Mark VA

D Whitehouse, Sheldon RI

I King, Angus ME

R Alexander, Lamar TN

R Ayotte, Kelly NH

R Barrasso, John WY

R Blunt, Roy MO

R Boozman, John AR

R Burr, Richard NC

R Capito, Shelley WV

R Cassidy, Bill LA

R Coats, Daniel IN

R Cochran, Thad MS

R Collins, Susan ME

R Corker, Bob TN

R Cornyn, John TX

R Cotton, Tom AR

R Enzi, Michael WY

R Ernst, Joni IA

R Fischer, Deb NE

R Flake, Jeff AZ

R Gardner, Cory CO

R Grassley, Chuck IA

R Hatch, Orrin UT

R Hoeven, John ND

R Inhofe, Jim OK

R Isakson, John GA

R Johnson, Ron WI

R Kirk, Mark IL

R Lankford, James OK

R McCain, John AZ

R McConnell, Mitch KY

R Moran, Jerry KS

R Murkowski, Lisa AK

R Perdue, David GA

R Portman, Rob OH

R Roberts, Pat KS

R Rounds, Mike SD

R Sasse, Benjamin NE

R Scott, Tim SC

R Sessions, Jeff AL

R Shelby, Richard AL

R Thune, John SD

R Tillis, Thom NC

R Toomey, Pat PA

R Wicker, Roger MS

Both of my Senators had been previously flagged as being against this bill yet they voted for it. So they lied to someone.

How... expected.

I mean, or they changed their minds. It does happen occasionally.

both senators from both WA and CA, which are the tech-heavy stastes. No good!

Those senators vote on tech issues as they are instructed by tech companies. If they voted this way, I think its reasonable to assume that tech companies lobbied for it.

Wow. It's not every day that Oregon gets to show up WA and CA at the same time. :-)

That's 1 more call for consumers not to use US companies for IT/Web related matters.

Considering the US is also tapping every cable leading out of the country, where do you suggest folks take their business?

I think OP means non-Americans should not patronize American businesses. Unfortunately though, much of the Internet's transit traffic passes through the US.

and this is why people should cheer when Democrats and Republicans cannot agree on how to run the government instead of buying into the line that divisiveness is bad.

because when they get along we lose.

We need to raise hell on all of those politicians including the White House months from now, when there will inevitably be another breach where tens of millions of people's data is hacked and their beloved CISA didn't stop it.

Shame them into admitting it's not only a useless, but harmful law, and force them to repeal it.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact