We may also share information when we have a good faith belief it is necessary to: detect, prevent and address fraud and other illegal activity; to protect ourselves and you from violations of our Statement of Rights and Responsibilities; and to prevent death or imminent bodily harm.
This is a broader privacy exemption than CISPA offers; CISPA (in its final amended state) actually goes through some effort to define and narrow the scope of what it's "protecting" and what "illegal" activity it governs. Unlike the Facebook ToS, CISPA explicitly excludes mere "violation of consumer licenses" from its scope.
The difference now is CISPA gets the government involved. Up until now, yes, FB has had a relaxed attitude toward user data when it comes to the law. However, I and many others, believe the government and via proxy the MPAA and RIAAs of the world will now have access to this data and it will be misused and abused all in the name of CISPA and with authority.
* CISPA is opt-in, so if Facebook doesn't want to share information with the government, CISPA isn't going to change its obligations.
* If Facebook wants to share information with the MPAA and RIAA, its Terms of Service already enable it to do so, explicitly.
* CISPA itself has gone through multiple successive drafts to eliminate the perception that it was merely a tool of license enforcement; the version the House finally passed (a) defines "cyber threat" specifically in regards to the "Confidentiality, Integrity, Availability" triad familiar to netsec practitioners (it is the first piece of federal legislation to do so, I believe) and (b) specifically exempts "consumer licensing" from the events that engage CISPA information sharing.
* SOPA was intended to provide countermeasures to "criminal" copyright infringement and actually did provide some government control over network traffic. CISPA provides no countermeasures of any sort; it only governs information sharing.
What are your thoughts on that? Do you think I'm misreading the law on any of those four points? Or, having been made aware of them, is your reasoning on CISPA at all influenced?
He really got down to my issues with this bill.
* There doesn't seem to be a need for it. Was there a situation where justice was not served but would have been/ could be after CISPA?
* I just don't trust it, no matter how harmless it currently is. There is a term for this type of legislative process, not quite slippery slope, but it escapes me at the moment.
I've been informed since I started reading and discussing CISPA that a primary purpose of this bill is actually the opposite of what people are worried about: that instead of getting private companies to share with the government, CISPA exists largely to provide a legal framework for the government to share information with private companies, so that when government systems are hit with new (say) Microsoft Office malware and "spear phishing" attacks, they can notify stakeholders in private industry.
So that's one reason for CISPA. Another might just be to encourage private companies to share more information about network attacks; the supporters of this bill are not wrong that private companies are loathe to do that now for a variety of reasons.
But again, ultimately, I agree with you. I don't support CISPA.
I honestly wouldn't have a problem with that (who would?), but I have to wonder exactly what sort of legal problems they were having in doing this and why they couldn't create private agreements allowing that?
In sales and negotiation circles, it's known as the foot-in-the-door technique:
Remember that we're talking about questions that didn't exist five years ago, and to which there isn't any community consensus. Most investors won't understand the argument, never mind Alex's side of it. So educate them: Tell them how the issue speaks to how these choices will evolve, and bring forth concerns that are currently held by only a few people. Point out that it was a similar group of people that worried about the Microsoft OS model twenty years ago, and that they were so right that the work they did on own on open source laid much of the groundwork for our current environment.
If you can get investors to link stuff like CISPA to business model sustainability, they'll go to school on the issues, and the conclusions they form will shape the equity marketplace for every social media company to come. But they have to hear what the debate is, and its implications for the businesses.
1. It seems to me that inviting government examination and regulation of network traffic, in the name of security, seems unlikely to make the 'net _more_ flexible, and potentially could lead real rigidity that would be bad for development of 'net businesses and degrading the experience possible over the 'nets.
2. Stuff like CISPA is generally validating of 'net control regimes such as in Iran and China. As the malice of those becomes ever more apparent, US policies viewed as precedents and justifications will be suspect, as will supporters of those policies. Supporting this stuff will be like supporting tobacco companies and netting dolphins to catch tuna -- and may cause deep customer suspicion in a field where trust will be crucial.
Now item item 1, more rigidity, could be seen as positive for incumbents like FB. To which I'd would say that technology has already evolved around a lot of rigidity and that any business founded on a particular regulatory environment is dated to the moment when technology obviates those regulations.
Item 2 is more speculative, but I actually think more likely to prove telling. But it's going to take 5 - 10 years.
Someone more knowledable of CISPA could do better. The broader point of my remark is, figure out how those details relate to the Facebook business model and speak to that. Do that and you'll have an audience. And there's no need to rush, the stock will be around for a while.
With that in mind, I'm curious as to how your reasoning might change. Do you think an opt-in information sharing mechanism for corporations really validates the state-sponsored network access control used in Iran and China? I'm interested in how.
† They already probably can't be sued for that, but I believe the thinking here is that by spelling it out in black-letter law, companies will be encouraged to share information more than they already do; note that ISPs already do have programs to share attack information among themselves, but application service providers tend not to.
More seriously, that depends on the terms of "opt-in" and "sharing" and "security", yes? Such details make nice real estate for the Devil. I'm by no means convinced that the people writing these laws understand the implications and possibilities -- I don't trust their values because I don't think they have the understanding to even have values. Or understand how those values are advanced or eroded. What opinions I have of their values are formed by the SOPA episode.
To _my_ mind, I would need to see the compelling argument for why we need legislation in the first place. At which time I'd have to go to school on this more than I have. And most of the security problems I've read about have more to do with corporations doing a terrible job configuring their own equipment than with some remarkable threat that can only be met through government-organized action.
So in general, I'm against any law without some compelling need. I don't see one here, and that might be ignorance, but that's my view at the moment.
How would I relate that to Facebook? If my view were valid, my first stab would be, "They are supporting over-broad legislation, without a stated need, that could easily go wrong. That bespeaks a centralized-solution attitude contrary to the values that have built the 'net we have today, and unlikely to found the trust needed to make the 'net work best going forward."
But even if that withstood scrutiny I'm not sure their business is going to live or die based on what is essentially a question of corporate culture. If they don't die of something else, they'll get opportunities to change their approach on this stuff.
As regards "opt-in": it's inherently opt-in, because it provides no mechanism for the government to demand information from any provider. Obviously, the government can already use court orders to get access to information. Beyond that, the bill explicitly prevents the government from making such demands; for instance: "Nothing in this section shall be construed to permit the Federal Government to... ‘(A) require a private-sector entity to share information with the Federal Government;".
As regards "security": the bill actually defines this term (a novel twist in "cyber security" legislation):
‘(i) a vulnerability of a system or network of a government or private
‘(ii) a threat to the integrity, confidentiality, or availability of a
system or network of a government or private entity or any information
stored on, processed on, or transiting such a system or network;
‘(iii) efforts to deny access to or degrade, disrupt, or destroy a
system or network of a government or private entity; or
‘(iv) efforts to gain unauthorized access to a system or network of a
government or private entity, including to gain such unauthorized
access for the purpose of exfiltrating information stored on,
processed on, or transiting a system or network of a government or
But like refactoring code, I don't see why I'd even discuss changing law without having some very good reason. And I still don't see why this is a good place to run the risks of unintended consequences and / or malign legislators.
The panel acted as if that were an iconoclastic, even blasphemous thing to say. That attitude, that only focusing on quarterly results and "building shareholder value," is of course just the attitude that has gotten the business world in so much trouble. There have been some great articles of late exploding the myth of "shareholder value," from Steve Denning's brilliant Forbes article "The Dumbest Idea in the World" http://www.forbes.com/sites/stevedenning/2011/11/28/maximizi... to James Allworth at the Harvard Business Review talking about Steve Jobs and the Innovator's Dilemma: http://blogs.hbr.org/cs/2011/10/steve_jobs_solved_the_innova...
I thought kn0thing had a great answer when he described that as part of the ethos of "builder culture," to be sure. If only the panel had taken a moment to ask themselves whether that approach might actually lead to stronger profits and stronger companies overall, such as one of the best examples around, Apple.
I am curious though, how did this (you becoming a go to commentator for tech) end up happening?
Well, before the SOPA/PIPA frenzy of MSNBC, CNN, CNBC, Fox, and Bloomberg... I became a 'regular' tech correspondent on Bloomberg after moving to NY and appearing on a panel moderated by Margaret Brennan. She invited me to appear and they kept inviting me back (they liked the combo of 'good on air' and 'actually did it').
To their credit, BloombergTV let me talk about SOPA there before any other broadcast TV news channel.
After Soledad had me on to talk SOPA/PIPA protests and she and her producers dug my style.
CNN even let me announce my joining the DonorsChoose.org advisory board meeting on air at SXSW.
(I'm glad of that, in case that comment sounded dismissive.)
There is at least one reporter at a well-respected news organization who thinks that "Patrick appeared in the NYT and said 'Japan'" makes me an excellent source for coverage of Japanese politics. (Who is the prime minister right now?)
It's Yoshihiko Noda.
Try telling them you learned everything you know about Japanese politics from watching "Reform Without Wasted Draws" (ムダヅモ無き改革) ;)
I don't think she understands how IPOs work.
As it stands, Facebook does what it does pretty well: gives people a place to communicate with each other. The walls of their interactions have a lot of holes, and you hear them complain, and you certainly see Facebook toe the line, but I think they've mastered that sport, especially as they approach 1 billion users.
- Investors might not like Zuckerberg's "builder culture"
- He wouldn't be surprised to see more acquisitions by FB
- We need more programmers
- When he sold Reddit to privately-held Conde he knew who he had to satisfy, unlike Zuckerberg and his investors.
At this point we are talking about personal opinions, which no one can really be right, but I am not alone.
I bring this up because there has been a lot of very terrible reporting on CISPA alleging all of these things; from what I can see, that reporting squares up with no version of CISPA that has ever been submitted.
If your primary source of information about CISPA is, say, Cory Doctorow, then of course I can understand why you think it might negatively impact Facebook to support CISPA. But Doctorow appears to be flatly wrong about CISPA.
Finally, that Wikipedia section is a hodgepodge (tracking opinions on evolving current events is not something Wikipedia excels at). It would be easy to get the wrong idea from that list, because many of those sources are discussing multiple different bills and weren't written or intended as coherent oppositions to CISPA.
Um I would be inclined to say Google knows far more about us all then Facebook does or can ever dream of.
otherwise, look at discount brokerages like Questtrade(Toronto based) and eTrade to execute orders. $9 per trad.
I'm sure they've learned their lesson about investing in "hot" companies.
That is not Facebook, it sells nothing other than the network, much like MySpace used to. If yours friends drop off Facebook, you will drop off too. That is not same for Apple. Apple users will continue using the products even if their friends do not. Its a personal device.
This works both ways. I use Facebook because my friends are there. I use Apple products because I like the products. Switching social networks is has a high friction point - all my friends need to move. Switching phones is my own choice and easy to do.
Look how much easier it is for Google to gain half the smart phone market compared to how (relatively when compared to Facebook) unsuccessful they've been at getting "social network" market share. I think a very good argument can be made that Facebook's position is more defensible then Apples.
A lot of the value in Apple's products comes from the ecosystem: iTunes, the App Store, and so on. Don't discount the value of a platform on which a large number of developers are incentivized to build.
It is now, but the iPod is a good portion of what made all that possible.
ZNGA: sends lots of traffic to facebook, gets users from facebook. Not a great investment for people who bought at the IPO ($10, $8.36 now), but not horrible.
LNKD: ($45 IPO, $114 now) -- social network, but professional vs. personal/social. Small percentage of the company was put on the market, so I'm not sure how valid the market cap really is.