Nothing says "small government" like expanding government oversight, right? I really don't understand what the Republican party actually stands for. There's no consistency in their platform. I might not agree with the Libertarian Party either, but at least I understand why they say what they say.
When politicians say "small government" they really mean "low taxes", and when they say "liberty" that is measured as 100% minus the top marginal tax rate. Restrictions on people's behavior or privacy aren't really part of the discussion. When they say "spending" you can safely suffix that with "on someone other than me".
Seriously though, the Republican party isn't a libertarian organization and never has been. They've been marketing themselves that way lately, since they are a bit closer to the libertarian ideal than the Democrats (I guess not in this case though!).
If you're talking about the "old Republicans" who may pretend right now that they are also libertarians (like Glenn Beck is doing for example), then I agree. But since the "Ron Paul movement" a lot of true libertarian people entered the Republican party and are still trying to take over it. The "real" Republicans are actually fighting them, though, because besides lower taxes they have almost nothing in common.
Also if you were thinking about Rand Paul, in a way he's his father's son, and unlike others who just pay lip service for liberty and such, he's actually fought hard against the Patriot Act, FISA, NDAA, drones and so on. He filibustered them for many hours, introduced amendments (which obviously got rejected), etc. However, he also seems to play way too much towards the overly religious base in the Republican party, and in that way he's also much like the "old" Republicans, which is a shame, and I think it makes even libertarians have second thoughts about him. The "always lower taxes" attitude at least could work on most libertarians, but the very religious side of him, kind of ruins it for libertarians, too.
Rand Paul is nothing like his father. While Ron Paul fought hard against FISA, NDAA, PATRIOT, and Drones, his son follows the party line, but gives enough lip service to not turn off his father's supporters.
I didn't say Rand Paul fought against the bill when it was up for a vote. He has, however, been fighting hard against the expansion of the Patriot Act's provisions.
Historically the Republican party has been libertarianish, at least in the sense that the guiding principles were minimizing the size and reach of government, keeping the government out of people's lives, and legislating at the most local levels possible (don't make a state law if a local law will do, and don't make a federal law if a state law will do).
This changed in the '60s- Democratic support for the civil rights movement caused a massive shift in the south, in which a huge number of voters (evangelical, socially conservative voters who had supported the Democrats since the end of the Civil War) switched allegiances from Democrats to Republicans. That period also saw the rise of Barry Goldwater, who also wasn't a traditional Republican- he was more of a demagogue who engaged in a lot of flag waving and and emotional oratory to get people riled up.
Ever since then there's been a cognitive dissonance within the GOP- the old-school libertarianesque beliefs wedded to the social conservatives and demagogues of the Religious Right (who aren't traditionally right-wing (or left-wing) at all, they've just latched on to the Republican party as being more amenable to being bent to their will).
This cognitive dissonance has reached epic proportions in the last 10 years, in some cases leading to polarization in the party (fiscal conservative/social liberals vs. those who are completely driven by religion and social conservatism). In other cases it leads to politicians who somehow try to appeal to both the libertarians and the Religious Right (Ron Paul being a prime example), and I just don't know what to make of that. The views of the world embodied by those two groups could not be more different, and seems impossible to reconcile in any intellectually honest way.
Anecdotally I've seen a notable upswing in the self-identification of republicans as "libertarian" in the last 6 months (when that's clearly not the reality).
Republicans view Libertarians as closer to Democrats. That's a fairly unbiased sign that they don't correlate very well with either the so-called "left" or "right" designations.
It's not clear what your second "they" referred to.
The left-right divide is best described as a tendency to support established power versus a tendency to support those who seek to overturn established power. Hence "conservative" (meaning "preserve the existing social order, or return to the social order of the recent past"). Republicans on the whole are, without a doubt, right-wing, since the best way to predict what cause they will support is to look at the causes of the already wealthy and privileged.
The left roots for the underdogs, the right roots for the top dog. This explains why, today, the left more sides with Palestine and the right with Israel. Why rightwing-types are more likely to defend the rich (low taxes helps most those who pay the most) and leftwing-types to defend the poor. Why in Soviet Russia, the "right" were those who supported the ruling party, and the "left" were those who supported the opposition.
Yes, the more-left(/less right) party currently controls the White House and 1/2 of Congress. This doesn't mean that they have become the established order that the left should now oppose, since the established order is much bigger than mere politics.
Interestingly, the right hand is the strong one for ~90% of people.
The terms "right wing" and "left wing" date back to the French Revolution and the preferred seating positions of the nobility and the reformists in the Estates General. I'm really stretching my powers of speculation, but given that the nobility would have received training in arms, is it coincidence that they would have preferred a seating position that allowed the easier use of their sword-arm when directed toward the center of mass of the opposition party?
To be clear, my second "they" referred to Libertarians. They're not on the "left-to-right" axis but on the "you're-both-missing-the-point" axis. (That is of course, my own opinion - I'm just saying that "hipster Republicans" is far from accurate).
I disagree with this. Closer to Democrats than what? Republicans view their party as an amalgamation of a number of distinct ideologies. To say that any given one is "closer to Democrats" means nothing except in respect to your own vantage point within the coalition. When your average Republican hears "libertarian" he's much more likely to think "Ron Paul," with all the connotations that includes, than "Democrat."
(Source: Until recently I served on the State Central Committee of a major swing state's GOP.)
Fair point. My statement was based on the typical experience I have where my republican friends see me (a libertarian) as the pro-marijuana, anti-war, pro-gay-marriage guy, and my democrat friends see me as the anti-tax, anti-welfare guy. They tend to (quite naturally) see the philosophical differences between themselves and equate me with their primary opposition.
Closer to Democrats than your average "modern" Republican who believes in morals-based law, huge military, aggressive military actions, continuation of victimless crime, etc. It's the mouth breathing idiot Republicans that only listen to Rush Limbaugh and such. They view anyone who is their enemy as affiliated with "liberals," whatever that means, not the ones that actually have a clue about government.
That might not be the majority but it's certainly the loudest group.
I think what happens is that the deeper you go into the left, if you are of a generally radical anti-mainstream bent like I was entering school, you're attracted to leftist ideology because of the fairness aspect of the politics. It's a great time to read Howard Zinn and get pissed off about government, but I think as people who still hold that anti-government bent get older, they do tend to lean Libertarian. I know lots of ex-punks that are hard paleoconservatives now.
I went to all the left-wing anticapitalist protests and was routinely mistreated and violated by police and government. While my politics have moved center, I still maintain that distrust of the system because I know when you are outside of it, you're going to get mowed down. As I've gotten older, I care less about unfairness and more about interference. I've found unfairness can be overcome while interference cannot.
In short, I've found that while I've pretty much abandoned any desire to become a communist hobo, I still have a starting point of extreme suspicion and distaste for central authority.
Capitalism is a social system based on the recognition of individual rights, including property rights, in which all property is privately owned. (Credit goes to the Ayn Rand Lexicon for this particular wording of the definition)
No form of anarchism can protect individual rights, therefore, anarcho-capitalism is not capitalism.
Except the scenario that _my_ gang, also known at the U.S. government, happens to expand its territory to cover the entire United States, which is the goal, and enforces a monopoly on government.
many of us were Libertarians before it was cool, so, yeah, I guess you make a strong point. does this mean I have to give up my hacker card and start wearing skinny jeans and ironic facial hair?
Neither the Republicans nor the Democrats support the views they claim to. Those are just ways to get votes from their gullible and emotionally persuadable constituents who will pick the least-worst of the 2 choices as long as the candidate of their choice presents a veneer of authenticity.
Politicians really support the views of the people who actually matter to them - the donors who fund their campaigns, the lobbyists who give them nice perks while they're in office, and the companies who promise them high-paying jobs once they've left public office.
Borrowing from Arnold Kling's "three axes", generally speaking:
- Libertarians evaluate things on a freedom/tyranny axis.
- Republicans evaluate things on a civilization/savagery axis.
- Democrats evaluate things on a fair/unfair axis.
I think that explains Republican voting behavior here fairly well. They're not for small government because they're libertarian; they're for small government because the US is historically connected with libertarian philosophies.
Republicans seem to care less about civilization than "family", more precisely "conserving [Christian] family values". That's why it's linked to all the nonsensical, irrational thinking about gay marriage and abortion; they think it violates the ideals of the traditional Christian family. It cannot be equated with "civilization" unless you somehow believe that those things are uncivilized, which makes the entire axis analysis tautological.
There are certainly Republicans who are all for family values for other reasons besides Christian morals. They equate this with civilization not in contrast with uncivilization, the question for them isn't "civilization vs. savagery" exactly, it's more nearly "civilization vs. decadence." Open homosexuality and abortion call to mind the Roman Empire in its decline, not the Dark Ages.
A really powerful argument in this vein comes from the Nixon tapes. It's very much worth listening to, no matter what your views on the matter are, because I think it really crystallizes why conservatism and the religious right have so much common ground.
Not sure about this. If I think it is savagery to have lots of people dying without healthcare, that's a pretty Democrat sentiment isn't it? Or are we talking about the parties as they were decades ago rather than today?
So that's clearly "unfair" on the Democrat axis. Old school Republicans should be for some measure of properly financed universal healthcare (oh, hi there, Mitt), but there is also the financial end to consider: overspending is moving away from civilization, and towards savagery.
You're using the figurative version of "savagery". I think what republicans are opposed to is the older form of the word "savage" i.e. "the way of life of those people less evolved than I".
Nothing says "civil liberties" like getting multinationals to share data freely with the FBI and CIA. This is why I don't understand what the Democrats actually stand for either, and there are plenty on that list.
To be actually fair - if we could label the parties with anything it would be:
Republicans stand for strong tribalism - doing only what the tribe approves and not applying any actual rationality to it. Insanely pro-team people are regularly kicked out of this party for mild disagreement with a small subset of this weeks ideals.
Democrats stand for weak triablism - they are sort of in the same camp on some stuff, but generally are allowed to disagree with the cult on things too. No one is kicked out, but bickering gets in the way of standing up to a strong voting block of the super-tribalist republicans.
When has a Republican senator or representative been kicked out for voicing a differing opinion? I'm assuming, according to your logic, John McCain will be kicked out sometime soon for his vote yesterday? What about the Republican senator who is now pro gay marriage (Dick Cheney is one too as a matter of fact)? Will they be kicked out too? Or what about Ron Paul and his foreign policy? Will they call for his head soon?
I see you are one of those people who doesn't understand snarky hyperbole. Too bad for you.
The point still stands, republicans very vocally value tribalism over most other things. They loudly rant about "real americans" and "how they don't matter, just us" and "I don't like it, but thats just how we play" (the last a particularly vile buck passing - rather than take responsibility, it gets to be no one's fault "cuz the party").
The major parties in the United States are what the rest of the world calls "the right wing." Their goals are more or less "keep the wealth in the hands of the wealthy" and "keep the power in the hands of the powerful." The only difference is which groups of wealthy and powerful people the parties cater to, though there is plenty of overlap there.
"Small government" is a code phrase for reducing the social safety net. Nothing more.
For much greater detail about why Democrats and Republicans think they way they do, read what the cognitive scientist George Lakoff has to say.[1] By the end things like "We respect life!" but "We want the death penalty!" on the same platform actually make sense.
Ask most voters to explain the reasons they voted the way they did and you would find a big disconnect between not only what they thought the candidate said and what the candidate actually said, but also between what the candidate said and what they do.
It's a sham. The voting process is just there to create an illusion of control and provide a circus for the masses; just another means of control by manufacturing consent.
The Republican Party's purpose is just to mobilize a certain segment of the population when a war needs fighting or some banks need bailing out, and as controlled opposition to the Democratic Party's social agenda. The Democratic Party likewise serves as controlled opposition to the Republican agenda: Obama is President, but you still get the wars and Wall Street anyway.
Democrats don't campaign in support of "big government." That's something that they are characterized as being for by the people that oppose them.
That's like a Democrat saying that Republicans like "letting the poor die" except when it comes to veterans, children, and those wounded by terrorist attacks. What hypocrites!
Increasing the social safety net, increasing regulations on commerce and business, leveraging the public largesse for greater equality aren't using the same words as "big government", but aren't doable without one.
I agree with your point in that it was an invective, pithy statement, but the big government categorization wasn't unfounded.
The point is that Democrats do not say, in the first person, from their mouths, that they are for "big government." In addition, the term lacks lacks usefulness without a basis for comparison for the word "big", except as a code for the individual policies that you have named to be used by the enemies of those policies. For example, if you're for a big military, are you for big government?
It's an advertising term, not itself a communication of fact.
As I argued elsewhere, all the 'party line' sentiments are advertising, and ultimately, the measure of either party's effectiveness is probably a measure against how effectively they act in accordance with those slogans.
For what it's worth, it wasn't meant as a slight to democrats, just a slightly less aggrandizing presentation of the point made.
Arguably, Republicans that claim to prefer a smaller government often would take the surplus from the cut of safety-net programs and apply them to the military. In practice, that may be fair, but it doesn't necessarily result in a smaller government either.
If I were critiquing both parties on effectiveness, I would easily fault the Republican party for failing to substantially reduce the size of government, while at the same time, I would critique democrats for settling for a reduced quantity of freedom in the interest of allowing everyone to share equally in the freedoms that remain.
That said, I prefer neither party, so feel free to critique however you see fit.
I'm not a Democrat, and didn't vote for Obama, I just think that straw men are a waste of time. Convicting Democrats for not being for "big government" across the board when none of them claim to be for "big government" at all is a waste of time.
The phrase is being used in lieu of the specific and extensive arguments that would have to be made connecting business regulation, social safety nets and progressive taxation with marriage being defined as heterosexual, abortion restrictions, and war(?).
Democrats may support some policies that lead to big government, however they don't support big government as inherently good, but merely as a unavoidable side effect to other important policies. Republicans, on the other hand, frequently argue that small government is worthwhile for it's own sake.
I think if we look at both motives without attempting to ascribe negative connotation, we might get somewhere.
"Small government" isn't purposeless, it's (supposed) tenet is to limit the government in both scope and authority to those powers enumerated by the Constitution. Either way, the point isn't just that the government should be non-existent, or smaller for its own sake, but that it should allow the citizens to provide for their own welfare and provide the minimal in opposition to that. The Republican mantra believes that people can and will fend for themselves, and either enjoy their own successes or failures with minimal intervention.
The democratic mantra is to provide a minimum standard for all, at the expense of those in excess of that standard.
It's a contrast in ideology, but neither is good or bad on its own. Also worth noting is that over time, the parties have effectively flipped positions on matters entirely. The Republicans, for example, freed the slaves despite FIERCE opposition by the democrats. Nowadays, the Democrats generally carry the African-American vote.
In short, it's a popularity contest. Both parties have ideals that they live up to some percentage of the time, but any individual politician (or party dynamic) is likely to shift their belief in the interests of getting elected, staying elected, appeasing campaign contributors or even to appease their constituency.
>Increasing the social safety net, increasing regulations on commerce and business, leveraging the public largesse for greater equality aren't using the same words as "big government", but aren't doable without one.
>I agree with your point in that it was an invective, pithy statement, but the big government categorization wasn't unfounded.
It may take a lot of money to have a social safety net, but we spend a crazy amount on the military, too.
When Republicans say they don't want "big government", it really is entirely a code phrase for the social safety net. Ask any Republican whether trimming $300 billion from the Pentagon's budget would be a good idea, and (except for a few Libertarians) you'll get a resounding no way, with vague references to national security. Despite the fact that the US spends more on the military than all other countries combined.
So no, the "big government" accusation is entirely unfounded. It's all about what they want to spend billions of dollars on, not whether they want to spend it.
Actually you're succumbing to a silly strawman. A huge chunk of government "bigness" doesn't come from those programs, it comes from a penny-wise and pound-foolish stance most americans seem to take of: we must spend 300-800% of any given cost on accounting, oversight, tripple checking etc. That isn't a typo - it costs so much to do things because most of the money goes to oversight crap. We could simplify all the red tape, let a full 25% of costs go to grift, and still come out ahead by a lot.
Note: this assumes that there isn't just fancy grift in the whole set of red tape procedures.
You have only two parties that matter. They have to take a stance in virtually every matter ever; abortion, gun control, unemployment... And they neet to take the opposite view, or it becomes a non-issue.
It is simply impossible to make a de-facto two-party system like the US make sense.
There are more than 2kinds of people, so uou need more than 2 parties to represent them.
Forgive my ignorance but can I get a clarification on what specific parts of the bill will be damaging to privacy? From what I've read so far of the bill it will permit government organizations with classified intelligence about a possible threat to tell those that might be attacked without going through a lengthy declassification process. While that is certainly valuable, I gather there are other provisions that allow for sharing of user data without consent by those under threat?
EDIT: Seeing now that the measure does not require participants to remove user data, but it doesn't prohibit that, correct?
EDIT2: The CISPA Myths vs. Facts and the EFF articles are informative. Regardless, I think it is important to note that because of classification this information may not have been able to be communicated to organizations prior to something like this bill being in place. I would highly recommend encapsulating each constructive measure in its own bill (and I favor that for all legislative endeavors) however that may not work given the difficulty of the process these days.
Like I said before guys, start using end-to-end encryption. Stop talking and start sticking it to the man. If a company cooperates with the government, then don't use their products or services.
The man wants you use end-to-end encryption. NIST has been trying to tell you how to do it for years. They even published Suite B to try to get us to use modern crypto instead of the '90s stuff we're using today.
Take, for instance, Skype. It has end-to-end encryption, and call are damn hard to intercept due to p2p routing.
Instead of rejoicing, the man forced MS to build a backdoor into it.
The man is glad if your valuable communication can't be stolen by some Chinese spies. But you are a good citizen and have nothing to hide from your own government, right?
In Russian there's a semi-joking term 'thermorectal cryptanalysys', inspired by a number of gangster stories and movies, which involves a hot soldering iron and... yes, you guessed right.
Beats a compute cluster hands down.
This is why encryption is good against a foreign government, but not as good against your own.
i.e. "the equities issue", which has been debated at NSA for decades. Is it better to strengthen the US civilian infrastructure from foreign attack, or to keep systems weak for (primarily) international intelligence purposes (since they use off-the-shelf US products like Windows and Android), and to a lesser extent, monitoring within the US (for NSA, of foreign entities, although I'm sure they also care slightly for domestic law enforcement's concerns, especially post-9/11 since terrorism within the US blurs the division somewhat)
NSA has a duty to protect American commerce. For example, it is in their best interests that companies like Boeing, Google, and Goldman Sachs are using encryption the Chinese, French, and others can't beat.
If NSA is trying to retard cryptography, why are they getting people to migrate from RSA-1024 to ECC? Can you find a cryptographer that believes RSA is the future?
ECC is a minefield of patents, making it basically impossible to deploy; pushing for ECC does little to advance cryptography in practice. ECC also does not address concerns about quantum computers. In terms of mathematics, ECC is based on a problem that is in the intersection of NP and coNP, the same complexity class as the RSA assumption; there are more modern constructions based on NP-hard lattice problems.
Really, if you want to point to the NSA/NIST helping to advance the state of cryptography, point to the AES contest.
That was true 10 years ago. It is not at all true today. Meanwhile, RSA and simple prime-field DL crypto are the subject of serious progress, while whole avenues of attacks seem to be precluded for the ECDL problem.
"Meanwhile, RSA and simple prime-field DL crypto are the subject of serious progress, while whole avenues of attacks seem to be precluded for the ECDL problem."
When last I checked, the 20-year-old GNFS algorithm was the most efficient way to attack RSA. Yes, this is faster than the best known attacks on ECDLP, but ECDLP attacks are still subexponential. Nothing has changed in the past ten years about the complexity class of ECDLP (it is still both in NP and in coNP).
Really, the future of cryptography is not elliptic curves, it is systems based on lattices, hidden linear codes, and hard learning problems (these are all related). You can do some interesting things with ECC, but there are far more interesting lattice cryptosystems being developed by researchers.
"ECC is increasingly common in commercial systems. Who's asserting patents against those systems?"
Really though, Dan Bernstein is not a lawyer, and I would not trust his analysis if I had a business to run. Even if he is right, that does not change the fact that ECC deployment is lagging because of fears about patent suits. The NSA's response to concerns about patents was to get a special license, specifically for government uses of ECC; they did nothing at all to encourage ECC deployment elsewhere, and they did not demonstrate that such deployment was a priority.
I've never seen anyone use McEliece, NTRU, &c commercially. Unlike ECC, these schemes aren't on the horizon for TLS.
ECC goes back to Lenstra and Koblitz in the mid-80's. I'm not wading into the validity of the patents the way DJB does, just saying, we're coming to the end of their lifespan.
You know darn well your question points to a strawman. It's pretty standard patent theory anymore to wait a little while, until there is lots of infringement, then to get a patent troll involved.
Generally, anything that's easy for the NSA to crack is also easy for its Chinese, Russian, European, etc. counterparts to crack. They want to read everything foreigners use, but want foreigners to not be able to read US citizens' (and corporations') communications.
There's a logic and motive to state intelligence organizations, it's not just a blind "everything must be readable!"
If you encrypt the data coming from the client all the way to the database or any other persistence mechanism, then it doesn't matter if the company is obliged to forward your data to a gov database. It would be encrypted, hence not easily readable.
In my case, as a service provider, we are encrypting as much as we can, so that we can't even read the data even if obliged to. It becomes troublesome for some pieces of data because we need to decrypt it so that it can be displayed in the website. So if we can decrypt it, as a provider, then we would be obliged to decrypt it for government agencies.
It would be interesting to see what can we do as a provider, to protect our own customers without breaking the law.
You can't do anything. The complete system is corrupted to the bone. If you are a successful company someday somebody with very deep pockets or a huge bank credit will show and buy you up. A few days later the encryption will start to disappear (e.g. Skype). If you don't sell your competitor will get the money and drive you out of business by the sheer force of money - pay higher salaries and get better ppl, better locations, more ads, etc.
The voluntarily part is also shaky. Eventually not 'volunteering' to do it will be too costly. The systems, rewards, costs will be rigged so that volunteering is the only way to play, but not required.
Also, the so called protections that it must be a cyber-security threat also hold little check and balance, how about an attack just happening when an agency needs information, or waiting for an attack by baiting it, any protection against creating honeypots to bait certain services? Probably not. Everyday servers and systems are attacked, so it is pretty much open season for getting information. There are no checks and balances and 'volunteering' means nothing. Try getting a gov't contract or deflecting problems without volunteering.
I am glad all these freedom giving up people have nothing to hide such as their business ideas, sites they visit, downloads, emails etc will all be tracked now. I am sure they have something to hide from then. All of this will now be stored not only on their computers and their services, but at the ISP and the NSA now as well. Lots more chances, especially at the ISP level, of identity theft and threats.
If possible, you, the provider, can claim zero knowledge and walk away free.
For instance, SpiderOak makes a point of not knowing what their clients store on their servers, because all encryption happens on the client side, and the key never reaches the server side.
If the algorithm is correctly implemented, Javascript encryption is no worse than any other.
The problem with JS is that the browser may be not good enough, failing to prevent certain attacks from other tabs.
The OS may be compromised, too, so that the data is available before encryption, or the key phrase gets stolen and siphoned out by a keylogger. However good your software is, you can't fight against it.
As memory is getting cheaper, running each ___domain in a different process in a different container or VM becomes more feasible (see Qubes OS). In a well-insulated environment, JS encryption should be as safe as any other.
True. But if what you say is true, that the encryption in javascript is good enough or comparable to their desktop counterparts, then it is a step in the right direction.
Nothing is 100% secure, specially in the web, but anything is better that what we have today.
I will start doing some research on the solutions to this. We are going to do for our clients, what I expect my providers do for me.
"We got two models for you: either you continue running your site as you see fit, which of course will mean tons of take-down orders, NSLs and other harassment - OR you could OPT IN to our new system which necessitates no further action on your part, as long as you install our little black box here next to your server. Your call."
There is immunity for sharing information "in good faith" under CISPA. CISPA is not a blanket authorization to share data.
If an ISP suffers a breach and coughs up huge amounts of PII that they handled negligently, they are absolutely still liable after CISPA becomes a law.
I did mean within the context of security and handing it over to authorities without due process, but it can easily extend to contradict your proposed scenario. If they claim that said negligence was even tangentially related to some other good faith effort to facilitate anything security related, they get a pass.
User-to-user encryption is really not feasible/possible for public forums, social media, blogging, photo sharing, or web search. It's hard enough to do where it actually is feasible, such as message interchange - especially considering the fact that we now all have multiple auto-synched devices.
Call your congressperson. They do care what you think, at least a little bit, especially if you take the time to call or write their office thoughtfully.
If your congressperson voted for the bill, you can express your dissatisfaction, which counts for something. This kind of thing is not the sort of issue your congressperson likely understands or even thinks about for very long - they just do what their staff suggest and they don't expect to be called on it when they get back home to their districts. So if you can make it an issue, make it something they think might affect votes, you'll raise the priority and raise the level of discussion a little bit. And that makes it harder for the kind of disinformation that spreads around CISPA to survive.
Congresspeople are currently very afraid of "getting SOPAed" where they try to make some kind of tech policy regulation and then accidentally set off a huge wave of activism.
Keep in mind, just because something passes in the House doesn't mean it's law. There's a long process - right now it's still just a bill (that they voted for on Capitol Hill (sorry)). There's a lot that can be done, and, now, probably will be done to mobilize on this issue. I doubt that it will come to SOPA-level activity (SOPA would have affected the bottom lines of big tech companies. This is "just" about privacy). But there's always room for trying to make things more reasonable.
Let's say the senate amends the bill, and successfully passes that. The house would need to vote on that modified bill.
Normally, once the two sides pass relatively similar bills, a conference committee is formed to resolve any differences, and then that resulting legislation is voted on.
I'm not from America, but, as an Internet citizen, I still care deeply about the issue. Can I just call American politicians to express my dissatisfaction? Does it count if I don't have a social security number? I already donated to Fight for the Future, is there something else I can do about this?
On a related note, is there a list of cloud providers and hosts with zero US presence?
I'm looking for a European provider of virtual machines, with competitive prices and features, but with no US company behind it and ideally not even a US datacenter. Just a strong IaaS offering within the EU and a commitment to stay out of the US.
Take care, some European countries are very pro-American and will cooperate without even thinking about it. At least Germany and Bulgaria would most probably hand over all requested data, so West-East Europe doesn't really make a difference here.
So far the Russians have been pretty cool - when America told them to shut down their mp3 search engines, their reply was something along the lines of "go fk yourself". I assume they have this saved as a template.
They look really good except for their AUP which appears to be massively over-reaching and incompatible with any product or service that has user generated content.
I've dropped them an email asking about those things, as they do appear to be good.
This FAQ includes what I think are very misleading statements about CISPA; for instance, CISPA is clearly not intended to enforce copyright, and includes provisions that no copyright advocate would have accepted were that the purpose of the law. For instance, CISPA, unlike any other statute in the US Code, specifically exempts ToS violations from the purview of the statute.
There are many laws that were intended for x and subsequently used for Y. This is the whole problem with not watching the policce and prosecutors and trusting them to do public good. They have their own career goals and personal failings getting in the way of public goods.
Reread my comment: the bill contains measures that make it difficult to use the act to defend copyright. If it's a backdoor SOPA (the venn diagram between those two acts are two adjacent disconnected circles), why does it do that?
'Backdoor SOPA?' Those are your words, not the EFF's, and they're concerned about a lot of this legislation besides the abuse by copright holders.
Anyways, I believe you're referring to this section: 'Does CISPA do enough to prevent abuse of the law for copyright enforcement?'
Here's the relevant text from that section:
CISPA’s definition of "cyber threat information" includes information directly pertaining to a threat to "confidentiality." But what does confidentiality mean? The definition encompasses measures designed for preserving "authorized restrictions on access," including means for protecting "proprietary information." "Proprietary information" is not defined, and could be read to include copyrighted information. For example, one type of restriction on access that is designed to protect proprietary information is digital rights management (DRM).
The problem here is the vagueness of the language. As others as have pointed out, the concern is not so much about intent of the language, but abuse of the vagueness to strongly serve the interests' of copyright holders over the general public.
Please read the bill, not just EFF's summary of the bill. To be covered under CISPA, the information must be stored or transmitted on a protected system, and whatever the violation is, it can't be either a consumer terms of service agreement or a consumer licensing agreement.
Additionally, published content isn't confidential.
I find opposition to this bill somewhat hilarious. On one hand on the front page right now, we have FBI soliciting the public for information after we've experienced a serious attack. Efforts are underway to crowdsource the identities of the perpetrators in a completely unstructured and privacy-invading manner on forums like Reddit (/r/findbostonbombers). On the other, we have people loudly complaining that companies shouldn't be able to do the same when they experience an attack. Sharing of this information would occur via structured records and include oversight and audits that get reported to the public.
I think the problem is one of perspective. In the Boston bombings, it's incredibly simple to see the harm and it directly affects those being asked to share the information they have to help. In the persistent and ongoing computer intrusions that are now a reality for any successful business, the public is largely unaware and only indirectly affected by such events. Hence, why try to solve it?
That already happened. From the IDL release on March 19th:
Dear Internet Defense League member,
Last year, right on the heels of our historic victory against SOPA, a piece
of really nasty legislation almost passed that would have radically undermined
online privacy.
It was called CISPA. And it raced through the US House of Representatives,
passing before any of us had a chance to react. We stalled the bill in the
Senate, but now CISPA is back, and we don't want to make the same mistake twice.
Before there is *any* movement on the bill, we want to send a strong message
to Congress that CISPA shouldn't pass.
That's why we're partnering with the Electronic Frontier Foundation to launch
an Internet Defense League action starting tomorrow, Tuesday March 19th.
Can you participate? If so, get the code for your site here: http://members.internetdefenseleague.org
The problem is that online activism seldomly accomplishes anything. But a more pessimistic point of view might also suggest that we don't stand a chance against this, because this shit will come back every year until it passes. It will pass in pieces because they have to hack it up into easily swallowable packets, but it will pass. Online privacy and freedom goes the same way as net neutrality, sadly.
I'd love to have a meaningful conversation about how we can make online activism actually have an effect on Congress. Any takers?
It seems to me like we need a new generation of tools that allow people to take actions that matter. Beyond relatively poorly designed click-to-call your congress person tools, we really don't have much right now. I think with better software we can do a lot more, but I'm still trying to figure out exactly what that'll look like.
First and foremost I think the internet needs to focus on one issue at a time. Once you divide the activists the whole message gets blurred and no one cares. (Case in point, look at occupy wall street, what exactly did the protesters want??)
Point two, it can't involve petitions, those are stupid and counter-productive.
Point Three, activists like to be involved. Have a way for people to earn points contacting their representatives or helping the site in other ways and perhaps be able to use those points to vote on what issue to tackle next, or the actions presented for an issue?
Really I'm picturing something like a cross between reddit and stack overflow geared towards political action. Power users can vote on issues, have meta discussions in the background, but normal users just see the one issue that's going on at the moment with a simple interface that explains the issue and has 1-3 meaningful actions they can take.
My thoughts for the 3 actions could be: Call your representative, Request a pre-addressed envelope be mailed to you so you can write a letter in your own words, or donate money to pay for mailing the pre-addressed letters to people.
Glad to see the HN community getting excited about this issue. In my professional capacity as the resident technologist at an activist-y non-profit, I have a few things to note:
1) Single issue organizations are quick to grow but hard to sustain. Once the first fight is over, how do you take your list and pivot to a new issue? People lose interest quickly unless there's a hook to keep them involved.
2) Petitions may seem silly, and many of them are, but some have actually had big successes. These are due more to the strategy behind them than the actual numbers; you have to find the right leverage point in the political process to make the numbers matter. They are also useful as signals to organizers that people are interested in an issue, even if they won't be successfully delivered.
3) Gamification in this space is hard. You're one step away from the "slacktivism" critique, and sliding ever closer with each point or badge you give out. For some examples of this being done well, see http://repurpose.workersvoice.org/
For the "3 actions you must take", the handwritten letter is probably the most impactful. Staffers tend to weight online signatures, phone calls, letters, and in person visits by increasing orders of magnitude of importance. Getting 100,000 signatures is now "worth" less than 1,000 letters, particularly as petition numbers continually increase.
> 1) Single issue organizations are quick to grow but hard to sustain. Once the first fight is over, how do you take your list and pivot to a new issue? People lose interest quickly unless there's a hook to keep them involved.
Instead of working to sustain single-issue organizations, a better strategy might be to reduce the friction to creating successful, short-term organizations in the first place. Something like an activist flash mob.
I agree with a lot of these points. I think it's tricky to focus on one thing at a time though, as that's not how things happen in the real world, and people are interested in different things - so keep active communities going around issue seems the best way forward to me.
Regarding the points system - I agree on that. Gamification might be a good way to keep people engaged.
And regarding actions, I'm working on that already. The pre-adressed envelope might be achievable in different ways too (type a letter, and we'll print and email it).
My first step is going to be to set up a http://discourse.org site for us to discuss. I do like the reddit model too, though it perhaps promotes sensationalism over actual content. That being said, it does seem to work quite well.
I think this generation and perhaps the one before has forgotten, or in the case of the previous, has never been taught that we employee these people. Without us they do not exist. It's regaining that mentality that will be the catalyst to having our freedom back.
It doesn't help that 'contacting your Congressperson' is code for 'being intercepted by some intern that will put your concern on a post-it note, which your representative will never see.'
I thought when activated it would black out all of the member sites. And I thought it had some big names like Reddit. But I don't remember anything special happening on March 19th.
It must really not be working if someone like me who reads tech sites every day didn't notice it?
The reason this doesn't work is because the blackout would have to be invoked again and again, and sites are reluctant to do this because it disgruntles users. Lobbyists on the other hand have no problem introducing this kind of legislation a few times a year. We're already seeing resistance wearing off, especially since they're trying to be more gradual and fuzzy about introducing legislation that threatens the core of the internet.
"If we let them persuade us we didn't actually make a difference, if we start seeing it as someone else's responsibility to do this work and it's our job to just go home and pop some popcorn and curl up on the couch to watch Transformers, well, then next time they might just win. Let's not let that happen"
Released where? I went to their webpage to find information on this, but I couldn't see anything. They said the call is out, but they only link to the member singup page, not actual information on the issue.
The "Cat Signal" was activated prior to this debacle as a means to urge netizens to contact their elected representatives and garner opposition to CISPA.
My elected representative voted no.
Thank you Tulsi!
Could someone give me a specific concrete example of how this would be bad? I read the bill and found that many of the online claims about it are simply incorrect. Maybe I missed something.
Weren't they supposed to activate the "Cat Signal" that would go up on everyone's favorite websites? I never saw it, and that seems like it would have been the only thing that could have re-invigorated people to action like they were for SOPA and such.
Everybody's saying contact your senator. Call them, write them a letter... Is the problem the disconnect between the elected officials and the public? If so, can we make the communication a bit easier? My grandparents write me letters. I barely use my phone to call.
What if each elected official's website had a place where their electorate can create and fill out polls, giving the member of congress access to much finer grain information?
It seems to me that if you told me that you're running for the House in my district and you'll answer my questions on 8thdistrictva.com or whatever, I would completely believe you're better than the other guy. You might listen to me.
Has anybody tried to do this? To be fair I've barely looked at my representative's web page. But this seems much better than calling or writing a letter. I guess you could email them, but every standard means of communication I just imagine an office full of overcaffeinated interns skimming the message for keywords and picking the closest automatic reply. Most of the time, I'd just want to communicate a simple feeling (eg I don't like this bill) and I'd be okay with them looking at a graph of the poll results.
Having worked in political advocacy, what you're wanting is exactly the right way to go.
It's almost impossible to get an email to your actual representative. What you want to do is get your sentiment to their aide via email. Simply put, your subject should be one of:
"Please oppose Senate Bill <number>" or "Please support Senate Bill <number>". Make sure you know if it's a senate bill or a house bill, and make sure you know the number. If you can't be bothered to perform that simple amount of research, then it's a signal to them you probably aren't a voter, or don't have strong opinions on the matter (right or wrong).
In the contents of the email, which probably won't be read, but in the case that they are, state your name, district (if applicable), and whether you're registered to vote, and if it's for their party, then say so. If it isn't, omit it.
After that, do whatever you like, but keep it brief, polite and on-topic.
Obviously this is bad for those of us in the USA, but can someone explain how this will affect the rest of the world? And is there anything that those of us outside the US can do to try and defeat this, other than spread the word?
It's frightening to see how much of my data is stored in the US. The new Whatpulse (2.0+) keeps track of how much data is sent per country, using a geoip database. By far, most data went to America. That quite convinced me I should get my e-mail out of there at the very least (MS/Hotmail), and possibly find alternatives for Google services like Plus and Drive.
Right, so the only option for "the rest of the world" is to switch to solutions that do not store any data in the US? Is that realistically feasible? How can "the rest of the world" protest against CISPA?
Well put it this way: What can they do that we can't replicate? ;) Behind China's great firewall there are lots of alternatives to twitter, youtube, facebook, google (this one I know by name: Baidu), etc.
So technically feasible, yes. Realistically... depends on whether developers of these clones can find something that gives them an advantage over the originals, besides privacy or legal issues. Businesses want to keep data in-house regardless, and not many consumers care enough. Having one global network for social networks has certainly advantages, but when the laws in the "home country" (for the lack of a better word, if there is any) become hostile and privacy invading... then I don't know. If I could pay to get off of all google services and have my data imported into a dutch google clone, I'd do it.
Do you use any sites in America? Do you access any sites hosted outside of America but accessed via any network infrastructure owned by an American company?
If so, any of this information can be easily shared with the US Government free of charge to you!
Can you tell a short story about how the legally-binding privacy protections in this bill work, that would prevent sharing with the government without a warrant?
The onus is not on the opposition to this bill to explain how privacy will go wrong, it is on the supporters since it is a new law with vague language and far-reaching potential consequences.
Also, having privacy amendments shot down or not brought to vote doesn't make CISPA seem very democratic.
The whole point of the bill is to facilitate the sharing of a limited set of operational network security data without warrants or court orders, so it is very difficult to respond to your question.
Nothing about the bill suggests it will be limited to operational network security data, so you should stop spreading this untruth. In fact, it's pretty obvious that it won't be just netflows.
(For those following and don't know what a netflow is, it doesn't contain payload data. It's more or less headers and statistics. Nothing about CISPA attempts to limit information to netflows only.)
I don't think it's very honest of you to suggest that I'm claiming CISPA only covers Netflow information. I use Netflow as an example of the kind of benign information that is difficult to share today, and would be easier to share under CISPA. I've explicitly described scenarios that could include message payloads on these threads, and I know you've read those messages because you've replied to them.
So the whole "directly related to a cyber threat" thing doesn't limit the data that can be shared in any way?
I wish this bill were more focused on network security events and didn't have any language in it to deal with stuff like cyberbullying, but I'm glad it's moving forward.
Worst case scenario we find it in the Supreme Court where it gets narrowed to be more like what it should have been written as. Happens all the time, we're not going to wake up to a dystopian future with silent arrests and "we have always been at (cyber) war with Eastasia!" the day this passes.
Company holds Bob's health records on their servers, and also some of his emails. Company forwards health records along with emails to the USG, even though emails were only what was requested by the USG. Company cannot be held liable for HIPAA violation.
1. Cyber threat intelligence is defined as information pertaining to the things you listed. That is much more broad than your definition, for example sharing information pertaining to a vulnerability is much more broad than sharing the vulnerability itself since the latter only includes e.g. the code that results in the vulnerability whereas the former also includes any customer data directly related to it.
2. CISPA does not just grant immunity for the sharing of "cyber threat intelligence". It grants immunity for anything that is shared as such "in good faith". So in reality, it can include anything, as long as it was shared "in good faith". I quote: "EXEMPTION FROM LIABILITY.—No civil or criminal cause of action shall lie or be maintained in Federal or State court against a protected entity, self-protected entity, cybersecurity provider, or an officer, employee, or agent of a protected entity, self-protected entity, or cybersecurity provider, acting in good faith— ‘‘(A) for using cybersecurity systems or sharing information in accordance with this section; or ‘‘(B) for decisions made based on cyber threat information identified, obtained, or shared under this section."
As you can see, the set of things you get immunity for is extremely broad. Far broader than you describe.
Furthermore, this bill puts no oversight in place that even checks that things were shared according to these (extremely broad) rules. And people have no way of knowing what information about them has been shared. So warfangle's scenario is very conceivable. For example if a company thinks you have in some way triggered a vulnerability (accidentally, or though a programming error on their side, or you didn't trigger anything at all but they just think that you have ("in good faith"), doesn't matter), some lazy chap can just dump the database with all data related to your user ID and send that over as long as it is his private opinion that it is information "pertaining to a vulnerability". Not only is that perfectly OK according to this bill, but you'll also have no way of knowing that that happened, and there is nobody evaluating if sharing all that data was actually OK or not.
Apart from the "good faith" thing, which I've mentioned repeatedly on this thread and others, all you've done here is expanded the "vulnerability" clause.
Absolutely. Thing is that those two "buts" greatly expand the scenarios of information sharing relative to what you wrote. If you would have written your comment like this:
"""
CISPA allows for the sharing of information that the company doing the sharing can "in good faith" believe to be "cyber threat intelligence", which is defined as:
(i) Information pertaining to a vulnerability
(ii) Information pertaining to a threat to the integrity, confidentiality, or availability of a system or network or any info stored or transiting one
(iii) Information pertaining to efforts to deny access
(iv) Information pertaining to efforts to gain unauthorized access (with the exception that violations of consumer terms of service are not covered by CISPA)
So indeed your scenario of sharing health records may be a valid concern."""
So basically anything goes as per the CFAA definition of "unauthorized access"? weev got thrown into jail for it, and all he did was increment a number in a URL.
I am no expert on the matter, but I believe what this does is pave the pre-approval for something that has long been in place; echelon.
Basically the government had previously stated that capturing of any electronic information and storing it is not the same as wire-tapping/reviewing the information.
They can capture and record whatever they want and should they at a later date want to look at anything you did, they can get the warrant and look at this historical info.
With CISPA -- the legal process for doing any of this is now far easier for them.
CISPA doesn't revoke ECPA or SCA. It overrides it, purportedly for the sole purpose of enabling the sharing of operational network security information, in roughly two scenarios: discovery/dissemination of new vulnerabilities, and ongoing incidents.
Why do you continue to say that "operational network information", when (A) that clearly isn't the case and (B) the whole bill doesn't even mention the word "operational" once? (nor does it mention "network information" for that matter)
Why not simply say what the bill says:
"The term ‘cyber threat information’ means information directly pertaining to a vulnerability of, or threat to, a system or network of a government or private entity."
This way people can decide for themselves what could be the possible interpretations of that which a lawyer could successfully defend to be "in good faith" -- which is all that the bill requires. I would be surprised if anybody would come to the conclusion that the only defensible interpretation of that is "operational network information".
What version of this bill are you quoting from where that is the definition given of "cyber threat information"? URL? I'm looking at the current version on the House Subcommittee site, and that is not the definition, or even the language for that one clause of the definition.
Sorry, you're right, I clicked the older version, my bad. The current version is: [1]
‘(A) IN GENERAL.—The term ‘cyber threat information’ means information directly pertaining to— ‘‘(i) a vulnerability of a system or network of a government or private entity; `‘(ii) a threat to the integrity, confidentiality, or availability of a system or network of a government or private entity or any information stored on, processed on, or transiting such a system or network; ‘‘(iii) efforts to deny access to or degrade, disrupt, or destroy a system or network of a government or private entity; or ‘‘(iv) efforts to gain unauthorized access to a system or network of a government or private entity, including to gain such unauthorized access for the purpose of exfiltrating information stored on, processed on, or transiting a system or network of a government or private entity.
So the actual meaning hasn't changed much. Because this only clarifies the threats/vulnerabilities/evil efforts and not the information about such threats/vulnerabilities/evil efforts that can be shared, my point applies equally well to this wording. This version of the bill also still has no mention of "operational" or "network information".
Yes, although you've left out the "Exclusion" for terms of use and license contracts.
I do not think your point stands with this definition. You're right that I used a shorthand rather than copying that exact language from the bill into yet another comment, as a cursory Google search will tell you that I've done repeatedly. There was no way the bill was going to use the term "operational network security data", because that term is even more vague than the bill's definition.
A more productive thing for you debate other than semantics would be how this specific definition --- which is far more complete than anything else in the US Code, unless you'd like to correct me on that --- should be tightened.
For lawyers probably "operational network data" is vague, but for the technical readers on HN I think it is clear that this is much more restricted than what is actually allowed by the bill. For example operational network data contains perhaps access logs & http headers, but it does not include, say, your emails. For this bill however, there are many conceivable situations under which it would grant immunity for the sharing of your emails. So for the HN audience "operational network data" does not adequately cover the the bill, and furthermore the things that "operational network data" does not include are exactly the the kind of private information that people are most worried about.
If it was up to me then I would certainly first change other aspects of the bill which are far worse than this definition, but as far as this particular definition goes, I would limit the information that can be shared to the information that can reasonably lead to the solution of the problem (fixing vulnerability / removing threat / stopping evil efforts) not "information pertaining to the vulnerability / threat / efforts". It may well turn out that in court that is already how this will be interpreted, but the problem is that this wording does not make that clear at all. And in a legal case where it has to be decided whether a company gets immunity for a particular piece of information that was shared, "reasonably" should be determined by an external technical expert, and not according to the private opinions of the person who shared the information.
Yeah but it may take me a bit because I'm commenting in between Ansible runs. You may find a good way to get me to write a canonical summary is to make a bunch of egregiously false statements about the bill. :)
Are the MA representatives allowed to vote while not present? It seems very strange that an entire state's representatives will not have a vote on this issue because of a scheduling conflict. Can the votes not be phoned in?
Unfortunately, that sets a very dangerous precedent. Already we have a situation in which senators and congressmen skip debates and skip votes, and end up uninformed about the bills they do vote on. Do you really want to increase that?
And if they can vote absentee for 'extreme' circumstances only, who gets to decide? The party leaders? The proponents of the bill? The opponents?
Feingold is the only one that sticks out in my mind as bucking this trend - he never missed a single vote, even as he was losing his 2010 re-election campaign and his opponent was working the campaign trail every day.
Unfortunately, people like Feingold are the exception, not the rule.
Also frustrated by this. I understand there are other things happening, but we have absolutely no representation on this thing? Even some sort of absentee voting for such an extreme circumstance?
Do they? I don't think there's anything more important for these particular politicians than representing the interests of their constituents.
There's a reason we have police and local authorities in addition to high-level politicians. They handle local politics and issues. If we actually need our state representatives so involved in something like this that they can't perform the functions they were elected for, then that's a systemic problem that should be addressed.
Is this a bit insensitive? Perhaps. But these people have a responsibility to look at the big picture, and if that means ignoring something tragic but not related to their responsibilities, they need to recognize that and act appropriately.
Time to see if Obama and his office are going to follow through with their veto threats and play their hand. Considering the amount of publicity his opposition to the bill has received, it would be in his best interests to follow through.
the only way this is going to be stopped now is if Google, Twitter, and the other big tech companies come out strongly against it. except for reddit, they've been quiet so far. don't count on Obama's veto threat at all.
I'm really proud of how you guys managed a 3-deep comment thread saying the same thing each time. It really speaks to the breadth of intellectual quality we have available here.
To be fair, the majority of YEA's come from Republicans, who control the House, and the majority of NAY's come from Democrats, who control the Senate. This has already died in the Senate once, so I wouldn't be surprised if that happens again.
Libertarians are probably the weakest leg of the Republican coalition. The religious right and the neocons are much stronger, the former has little reason to oppose this, the latter might be naturally inclined to support it.
Interestingly, I've been hearing a bit about Democratic-leaning "civil libertarians" -- people who want small government without buying into any of the Republican social agenda. Maybe there's a way to build a coalition that can take a big enough bite out of both parties to force them to take notice...
It's half-and-half with dems though, while republicans while overwhelmingly in favor of it. There's a chance the democratic senate will reject it, but considering a large number of them are blue dog democrats, it's not looking good.
If he were to veto it, it would already pass again in the House with a 2/3's vote. The Senate would require some politicking, but it's not unimaginable that it could also get a 2/3's vote.
Having your veto overturned is a bad thing. That alone would be a reason. The other reason being that Obama chose to stay silent on the SOPA/PIPA/CISPA issue the first time around. Coming out against it would have cost him relatively little in public opinion, which must mean there are interests relevant to him that aren't entirely opposed to the bill.
288 Yea votes. They're very close to 290, which would be enough to override a veto.
Even if it doesn't come to that, a credible veto threat is often enough to get the President to sign the thing. So bending even a few votes in either direction may have some political meaning here.
Can someone help me out here?