The issue is that CISPA is fundamentally flawed; I have no doubt that there are well-meaning people who believe we need something to address the problems CISPA allegedly addresses. But any solution which consists of "first, we stop caring about the Fourth Amendment" is a non-starter and must always be.
not at all. please read the bill. it says nothing of the sort.
CISPA's true motivation is becoming very clear. It's needed to expand a pilot program for dragnet surveillance by the NSA and defense contractors. You know, the same thing they've been doing for ages and getting sued over by the EFF. If you read the letters in support of CISPA by the defense contractors who are lobbying for it and funding Mike Rogers who authored it, they even acknowledge this program by name (it's called the DIB cyber pilot).
That's why the bill is so vague, and why they refuse amendments to narrow the scope. It's a get out of jail free card for complicit companies and they can claim virtually anything is related to "security". They can also be wrong, as long as they claim it was "in good faith". It's more or less the "state secrets privilege" equivalent, but for companies cooperating with the "data sharing".
It solves nothing, because it's already legal to share threat data. You just have to scrub it of private or protected information. If its protected, it's because we passed a law for something we felt was worth protecting. For CISPA to just undo all of those laws wholesale is outrageous.
What horseshit! Even your own link describes the program as applicable to private networks of the participating companies. That's why there's a quote from an email wondering (emphasis mine) "Will the program cover all parts of the company network -- including say day care centers (as mentioned as a question in a [deputies committee meeting]) and what are the policy implications of this?"
There are a lot of advocacy organizations (EPIC, etc) that like to bluster about what it does. Right now EPIC is blustering that it's part of authorizing a secret program.
What they didn't tell you is that this is their real goal is to gain possible congressional support for the FOIA request they filed, they are just trying to tie it all together so they can gain support from CISPA haters.
A lot of these advocacy orgs that lobby are good in the sense of trying to do what they think is right but they often present pretty extreme (IMHO) interpretations of bills/laws and viewpoints to support this.
Full disclosure: I have interned at one of these advocacy orgs before (CDT).
It's true the government would be happy if they could monitor everyone's activity, but that isn't CISPA, and crying wolf repeatedly about every bill just makes people less likely to care. If they really wanted to monitor everyone's activity, they'd just do it, and clean up the mess later.
If the search is reasonable, you don't need anything from a judge.
This doesn't mean you can go busting into places, but ...
I'm not sure how you are coming up with what you think is th analysis, but every law school textbook, supreme court opinion, etc, will tell you that you start with whether the search was reasonable.
If the search was reasonable by law , there is no 4th amendment violation. Period.
Maybe you are confused because they often say these are not searches? For example, you will read that doing helicopter flyovers, even when looking in people's fields, is reasonable (which at the time, meant it wasn't a violation of the subject's reasonable expectation of privacy), and thus, not considered a search that is subject to the rest of the 4th amendment. This isn't because it's "not a search" in reality, it's because the 4th only protects against unreasonable searches and seizures, not all searches and seizures, and thus, for the rest of 4th amendment purposes, it's not a search.
If the search was not reasonable, it either has to fall into an exception, or requires a warrant.
Now, current jurisprudence considers most searches without a warrant unreasonable (subject to plain sight, automobile exceptions, etc), but that is irrelevant to the steps in the analysis.
You seem to be mixing a lot of the analysis and requirements around.
I should be able to share the md5s of malware I found on my system with my direct competitor without being hit in the face by the Sherman Antitrust Act. I should also be able to disclose to my users/the public that I was hacked in the first place, without fear of being sued.
Are you seriously saying these aren't problems?
Again, that makes it a bit of a non-starter, regardless of what problem it's attempting to solve.
Furthermore, you don't have to invite anyone into your home if you don't want to, and yet even further you can tell the people you ask to come into your home to not share the information they find with the police. No idea why you would do that, but you absolutely can.
What they can't do, is give someone like me private info from user accounts. And they don't need to. And that's the way it should be. Do you really want me reading your private messages with impunity because I'm investigating a security incident? And do you want me to then share it with all of the other companies involved in the breach? Do you care if I leave dirty messages between you and your wife on an unencrypted hard drive somewhere, and people read it? Under current laws, I'd be liable for that (if I actually needed it in the first place).
Under CISPA, I can't be charged or sued for any action taken in good faith. I'll just say "oops, sorry, it was an honest mistake while investigating a security incident".
(Not that this use case has anything to do with what is actually motivating CISPA anyway, but I will refrain from repeating myself)
Also, for what it's worth, I've worked with AV industry groups and they all share not only hashes, but actual samples as well. Every single one of them. I'm not talking passing around an interesting sample or two, but full, multi-gigabyte feeds. I don't know where people get the idea that they can get sued for this; it's silly and it's not true.
And Facebook has no obligation to disclose breaches, not legally, anyway. Where did you get that information? And even if they somehow do have a special obligation, most companies do not, so it's not really relevant. The example is apocryphal.
And AV isn't who this is about, it's about the people who make a living off of having indicators you don't have. I shouldn't have to hire a company who's been hired by everyone else to get the collective knowledge of what hackers look like. They're criminals, and the government takes care of criminals.
For someone repeatedly making demonstrably false assertions, you are oddly sure of yourself. You're not even challenging a viewpoint here, you're just straight up talking out of your ass. You should stop doing that.
For example, the only reason adservers & their cookie tracking escape is because they fall short of the $5000 minimum damages established in law.
One of the main CISPA focuses seems to be upon data-sharing initiatives. Yet I've heard very few examples of where cyber-law hasn't been effective & would have benefited from such federal oversight. The case has been poorly made, so I'm not sure why you're on about objections- objections are a thing that get made once someone has a case, and CISPA seems far more like something the government just wants to do than anything it's tried to justify.
Unfortunately, that latter group is quite well-represented here on HN.
You leave no room for the vast majority of us who believe that the US government already has more than enough authority to spy on people; the government can get a warrant for collecting all of the data they currently want access to. Pretending the government doesn't already have the tools needed to enforce the law is disingenuous. Pretending that this bill is a "reasonable" response to real problems is disingenuous.
It isn't a debate between calm, rational, reasonable people who think the bill is fine (with maybe a tweak or two) on one side, and nutjobs who are paranoid and think like Gene Hackman in The Conversation on the other. There are reasonable people on both sides...but, I question the intentions (and possibly the integrity) of people, particularly people in the tech industry, who support the bill as it stands today.
It shouldn't be surprising that so many people on HN are uncompromising on Internet freedom. It's something we know more than most about, and something we care more than most about.
It wasn't my intention to offend by excluding or ignoring anyone, and I'm sorry if my post came off that way.
That's the kind of problem that CISPA proponents are trying to solve with regard to "cyberspace security". It's not supposed to be another way for the government to obtain information on people or threat groups, for the exact reasons you listed. It's supposed to be a way for the private sector and government to cooperate on network defense, sharing information as necessary to provide a coordinated defense in response, investigate attackers, etc.
Government can't do it alone as the private sector controls the networks and has a lot of the needed expertise. The private sector can't do it alone as they have no legal authority, which is quite deliberately retained with the government (especially in light of what happened to Sunil Tripathi).
There are actually similar arrangements already in place in other areas. For example disaster relief/emergency management has a lot of tie-in between Federal, state, and local governments, DoD, and NGOs such as the Red Cross, all of which have pre-planned responses to various disaster scenarios. But these can be done without changes to the law, which is at least somewhat unclear in the case of coordinated network security.
Now CISPA as it currently stands is dangerous because it still doesn't provide enough privacy protection (especially on the commercial -> government direction), but please don't act like it's just another feeder source for the FBI, as if that were the only possible motive, especially given existing issues such as the Aurora attack on Google.
And most of the US except for a few industries with powerful lobbyists.
Reality is, as far as i can tell, tech oriented folks care a lot. "Most of the US" probably doesn't give a shit one way or the other, or worse, would be okay with it.
In a US where a significant percentage of people believe we should be throwing the constitution out the window to 'fight terrorism', you are going to need a bit of evidence to suppor the idea that it's 'most of the US except for a few industries with powerful lobbyists'.
This is one of those scenarios, as I see it, where it is as easy as supporting the groups battling on the hill and educating/informing your friends when the topic comes up over a beer or such. My girlfriend asked me yesterday about what a "Kispah" was. Once I figured out what the hell she was talking about I simply gave her the quick overview of what it was introduced for and why it is against our best interests. She knows now and can make up her own decisions on support.
The government is dead serious about turning every sizable company on the internet into a part of a gross-national cybersecurity infrastrucutre maintainer, and they are not going to quit until the internet has been adequately leashed by the legislative hand.
If corporations are people, this is definitely a violation of the 3rd amendment. Look it up, you probably haven't heard of it in the past couple hundred years or so.
Which government? The head of the executive branch that threatened to veto such a thing over privacy concerns, or the Senate that wouldn't even give the bill the time of day (again, due to privacy concerns).
The government is a big damned huge complicated thing. Statements like "The government wants to do X" are silly simply due to the scale, even more so when two distinct pieces of "the government" are blocking the action you're asserting as their "dead serious" goal.
Who exactly is suggesting we house soldiers in peoples' houses?
Im not sure the government can on one had work that logic to prosecute citizens, while not applying the same logic to its own activities.
So, things have moved on and so "quartering soldiers" applied to today's society should apply with the same logic used elsewhere. Especially if elsewhere is the law.
Words don't mean what ever we want, but their meaning does change and evolve over time to reflect current society.
But it isn't. That's why e.g. the CFAA is separate from plain old criminal trespass.
> Words don't mean what ever we want, but their meaning does change and evolve over time to reflect current society.
Sure words evolve, but some words are more amenable to evolution than others. "Quartering soldiers" is a very specific term, referencing a very specific grievance that the colonists had with the British. It has nothing to do with spying--the grievance was about being forced to "quarter" (literally, to furnish with lodging) soldiers and bear the expense of doing so.
This is true, but there is some matter of consensus for language shift. Furthermore, if the meaning of words shift, laws become invalid rather than simply applying themselves overbroadly. A law containing the word A meaning B does not suddenly include C, D, and E because society moves on.
This is obvious in any other setting.
But hey, what's accuracy when you've got passion!
How so? I don't see anything in either the actual CISPA nor the imaginary CISPAs that much of the internet thinks exist that would raise a 3rd Amendment issue.
I don't think SCOTUS has had to interpret "time of peace" in the 3rd Amendment in modern times.
An unpopular law would be something like cutting Social Security benefits. That's something people would actually care about.
And CISPA is not unpopular, at least not generally. Most voters have no idea what it is, nor would they care if you explained it to them. What you really have is one small bloc: Google, Facebook, government security people, etc, supporting CISPA, and one small bloc, the ACLU, EFF, etc, opposing it. If CISPA gets passed, it's not some sneaky thing getting passed in an underhanded way against the wishes of the majority of the people. It's one small bloc winning out over another small bloc over an issue the majority of people don't care about.
(The problem with having representatives just being direct, non-autonomous proxies of their constituents is that people will vote for things that benefit them and then not vote to pay for it..)
"Time Warner called, they want you back on the couch!"
Some will take this as proof that the system is broken, but the truth is that we really do need some improvements and clarifications of certain laws to help companies improve their security. If the Senate passes a bill with better privacy protections, those could survive a conference and get signed into law.
Oh, well, since you put together such a persuasive argument.
What you see from groups like the ACLU, EFF, Demand Progress, etc. is opposition to the specific language in CISPA, not opposition to the concept of a cybersecurity bill in general. They did not oppose the Senate bill last year for instance.
Please try to be less obvious about your lack of arguments.
So I take it that you don't realize this is a logical error called Argumentum ad populum?
"The only people who disagree with this statement are people who are simply not informed" is more directly argumentum ad hominem, and, particularly, abusive ad hominem.
Its also, simultaneously, petitio principii since claiming that disagreement with an argument can only be due to ignorance to support an argument is equivalent to claiming that the argument is true to support the argument.
The argument that only a minority of misinformed people hold a particular view is a negative version of Argument ad populum. Apart from that, I agree with your analysis.
It is harder to make a substantive case against the need for a cybersecurity bill because to do that, one would have to actually know what one is talking about.
Here is an example of the sort of distortion that the current legal environment is causing:
I hope you will consider the idea that if companies feel forced into going to lawyers for network security advice, the system might benefit from a bit of tweaking.