Why is this not getting massive attention here on Hackernews? Right now a post about a dude hacking together a selv driving car has garnered 5X the amount of votes on this post (not that the other post isn't interesting).
Remember that:
Apple, Reddit, Twitter, the Business Software Alliance, the Computer and Communications Industry Association, and other tech firms have all publicly opposed the bill. And a coalition of 55 civil liberties groups and security experts all signed onto an open letter opposing the bill in April. Even the Department of Homeland Security itself has warned in a July letter that the bill could flood the agency with information of “dubious value” at the same time as it “sweep[s] away privacy protections.”
Because virtually the same bill passed the Senate with 75% support, and the House passed the (significantly worse) PCNA back in April at approximately the same margin.
This bill was going to become law; the only question was whether the conference committee between the House and Senate would change it --- if it had, it would have changed it for the worse, since the House bill is worse than the Senate bill, which is the one that's going to pass.
Although when looked through policy-making perspective this change is further stabilizing the already dystopian trajectory of international tech laws.
The worst of the worst just keeps getting compiled and eventually voted through. And under the guise of "war on terrorism", "war on pedophiles", "war on hackers" etc.
I just don't see this ending anything but horribly.
Either with a monopoly driven "light-net" full of censorship, and no way of entry for the "smaller" businesses, ngo's, dissident groups etc.
My thoughts are that if you're not planning for an Orwellian Nanny-State who will demand access to all your private keys, you're probably not going to be able to scale up to the UK and China.
HN readers will be designing business models with that in mind.
Not saying this is "old news," just that the actual bill that aligns the US with China in terms of human rights violations will not affect startups as much as it will affect large incumbent businesses: Apple, Reddit, Google, Amazon, etc.
Those incumbents will continue to make money right up until they are disrupted by startups who can route around the internet damage caused by the US spying infrastructure. [1]
So here's a toast to the first HN company that succeeds.
Edit: I've seen a few people calling BS on this because of TechDirt. I found it from the EFF, who gave me this number to call. I feel strongly about surveillance legislation because I don't want myself or my friends to go to prison because [insert corp here] decided I did something illegal with their electronic content, and I don't want my geolocation, etc. perpetually in the hands of anyone with a security clearance.
The term cybersecurity threat does not include any action that solely involves a violation of a consumer term of service or a consumer licensing agreement
So? Your criminal liability for incrementing the URL is totally situational. If you're reading a catalog and you tick the URL to see what the next product is, you aren't going to be liable. If you see a URL used for XHR in the frontend for your bank and you increment it to see other people's bank accounts, you will be.
We don't have a law against "hacking" in the US; we have a law against "unauthorized access", particularly when that access has consequences.
According to one recently tried case, by the way, and one where the sentence was ultimately vacated.
And finally: CISA has almost nothing to do with criminal law (it defines no new offenses does not change CFAA or its sentencing). If you want to have a discussion about how totally broken CFAA's sentencing is, I'm right there with you.
All I'm suggesting is that since CFAA has a history of been construed to be applicable in extremely broad-terms by prosecution and (although I have not done a close reading of the entire act it contains provisions such as the following in it's definition of CYBER THREAT INDICATOR):
> (D) a method of causing a user with legitimate access to an information system or information that is stored on, processed by, or transiting an information system to unwittingly enable the defeat of a security control or exploitation of a security vulnerability;
That OP's second concern:
> and I don't want my geolocation, etc. perpetually in the hands of anyone with a security clearance.
Regarding being under surveillance for what they may consider to be their normal or otherwise professional activities is quite valid.
Anything that ends up in the yearly budget bill has absolutely no hope of getting voted down. It's not even worth one's breath to call, not even the energy to pick up a cellphone or even to tweet. It's as good as passed.
Someone asked me about this last night. Is there sourcing for this beyond "Techdirt says so"? Because on matters of law, Techdirt is extraordinarily untrustworthy.
I'd love to see the amendments or revisions that are purported to be doing this to the bill.
(I don't support CISA, but if you asked me which I'd rather get rid of, CISA or Techdirt, I'd have to think about it.)
I didn't read the techdirt article but did read the relevant section of the bill.
It sounds on the whole fairly reasonable. Here is my understanding...
Companies can monitor their own systems or the systems of clients for cyberthreats and share this information with the government and with each other. They must redact personal information of non-involved parties. The capabilities and scope of the monitoring system are to be disclosed publicly. All sounds fine. Where it appears to go a bit off the rails is page 1765-1766 (section A). Here the purpose seems to expand beyond "cybersecurity" and deviate into monitoring non-cyber criminal behavior. Preventing threat of death, terrorist attacks, harm to minors (yes.. think of the children), and... serious economic harm (what exactly is that and to who?). So... it is more than a cybersecurity bill but this little bit is buried in a small few lines 40 pages into the section after mentioning "cybersecurity" probably 70 times previously as the purpose of the bill. Seems a little bait and switch.
For the record I don't disagree (in total) with monitoring for these types of serious criminal activities.. I've always assumed it was done and assume it will continue to be done. Just don't call it "cybersecurity" when it is really flat out mass surveillance for non-cyber related threats.
Also, it seems that the bottom line is a committee to talk about a committee in some far off period of time. Typical.
But overall I agree... bureaucratic silliness. Bait and switch dishonesty. Think of the children nonsense. In short, typical Washington DC behavior. But not the end of the free internet.
It's fantastic if you just want a lurid source that will get your blood boiling while confirming your biases. If you actually want to learn things about public policy, though, Techdirt will harm you.
They're in business to generate rageviews, not to inform.
Techdirt is like the ZeroHedge of Internet policy news.
Probably a silly question, but is there a reason all these 'additions' are being snuck into bills and what not? Why does the system allow members of congress to add unrelated extras to bills in the first place?
Wouldn't a simple fix for things like this be 'only allow a new law proposal to be about a single topic and nothing else'?
> Wouldn't a simple fix for things like this be 'only allow a new law proposal to be about a single topic and nothing else'
Single-subject rules are adopted in many state, and they are neither complete solutions (viewing substantive subject-mixing as a problem), nor without their own potential problems. (And, anyway, to actually be mandatory, for Congress such a rule would have to be adopted through Constitutional amendment.)
Further, its quite arguable that substantive subject mixing is not a problem, poor representation is, and trying to limit substantive subject mixing just creates a new problem; where reps are effectively representing the interests of their district, why shouldn't they be able to effectively legislate based on considerations like:
1. X, considered alone, is better for those I represent, on balance, than not-X, and should be supported, and
2. Y, considered alone, is worse for those I represent, on balance, than not-Y, and should be opposed, but
3. X with Y, considered together, is better for those I represent than not-X with not-Y, thus, the combination of X and Y should be supported if X cannot be secured alone.
(While other representatives, with different constituents with different interests, see the same thing, but with X and Y reversed?)
If you could effectively prohibit subject mixing, that would prohibit compromises that are net gains for larger groups, even if smaller gains for the most-favored groups.
(Systems with parliamentary government with explicit coalition building essentially do massive subject mixing up-front in deciding the agenda of the coalition government when it is formed, and thus can avoid the need to do subject mixing when it comes to individual bills; the U.S. system works more on ad hoc coalition building, so the compromises are more on individual bills than anything analogous to the formation of a government in a parliamentary system.)
Then let's they first vote whether they want to mix X and Y, and then use ranked voting for deciding between 4 variants (X alone, Y alone, X and Y together, nothing).
So I'm late to the party but I'd say this doesn't really apply to this or similar controversial situations that CM30 solution aims to fix.
On budgetary matters, sure. You want to combine efforts to get legislation through that benefits your constituency even if it's a lot more costly than it would be if you could get your measure approved by itself. An example would be Congressman A has a bunch of people complaining about the all the dangerous intersections in their state, Congressman B has a bunch of bridges that are falling apart, so the two get together and create a Federal Road Improvements Act or whatever to appropriate budget for what is now being considered a nation concern. This is a logical place for riders as it allows federal budgeting to have the greatest reach it can for helping the states.
There is substantially less logical argument when the riders concern law. From your example, if a law ever put a congressman's constituency worse off than they were before, there is no time when that representative should support it. Creating an environment of sweeping bad law into bills set to pass is inherently dangerous because once in place, laws are considered correct until properly invalidated.
But the nature of these riders is different still. This is law being thrown into budget. Just like the super controversial sections in the 2012 NDAA, these are mixing two very different types of bills. Having law riders is dangerous enough as it is, but allowing them to be thrown into budgetary bills that must pass is just insane.
The problem is there is currently no delineation in congress between the two types of bills. Everything they do whether budgetary or policy based is law and is generally "over the head of us simple minded folk" so they have leveraged a tremendous amount of freedom in the way that they can push things through regardless of how much sense anything they do ultimately makes.
I think the first-step solution would be to separate bill types and only allow appropriation riders on budgetary matters and no riders when it comes to new law/policy. If that is too complicated for them, they shouldn't be law makers.
I actually prefer a solution that limits the length of individual bills. Want to pass a sweeping law change? Do it in parts, so no one can claim they missed it.
You know COBRA? That law that says you can buy insurance through your former employer after you leave the company. You know what COBRA stands for?
Combined Omnibus Budget Reconciliation Act
Stuffing projects into the budget happens all the time. Basically, no one will negotiate in good faith on the merits of individual proposals so they play these tricks to get things passed into law.
I like to think one of my better skills as a developer is asking a lot of dumb questions, and one rule in particular is to always ask what new acronyms stand for. Sounds like it wouldn't help me much in government. . . . :-)
Congress has broad authority to make the law the way they see fit. A lot of what we think of as the "normal" way to pass laws, are just traditions and rules that Congress sets for itself.
Those traditions and rules are good, which is why they exist in the first place. But they're not really binding or legally required.
Which, if you think about it, makes sense. Congress is the ultimate lawmaking authority in the land--who is going to tell Congress what they can't do? The only answers are the Constitution and the voters. The Constitution sets some limits on powers, but doesn't micromanage process. And the voters tend to care about issues, not process.
For CISA specifically, it had already passed both houses; adding it to the omnibus does not accomplish anything that was not already going to happen anyway. The text changes that tptacek details so thoroughly are the sorts of things that could easily happen in conference committee. Sticking it into the omnibus is mostly a matter of convenience at this point.
In the end, Congressional leaders negotiated the omnibus, will allow it on the floor, and the full Congress will vote on it. This is the same bar than any piece of legislation must get over on its own.
And there were nasty bills that did not make it into the omnibus, like de-funding Planned Parenthood.
There is a significant difference between bundling a bill into a high stakes omnibus such as the budget and passing it individually. It's much easier to stand up and say "I voted against a single bill" then "I voted against the budget and shut down the government". It's a strong arm negotiation tactic to force members to vote against their position on a less important issue. This is the same reason that so much pork gets thrown into the large bills.
> Wouldn't a simple fix for things like this be 'only allow a new law proposal to be about a single topic and nothing else'?
How do you define "a single topic"? Who gets to decide what is and isn't topical? Who gets to enforce it? Can you see how this definition might be abused for political gain?
> How do you define "a single topic"? Who gets to decide what is and isn't topical?
Easy. If 1/3 of Congress votes for something to be split, then it's split. (Kind of the opposite of the 2/3 super majority rule.)
As simple as that. Let the people actually voting decide if something is a single topic.
Yes, this could lead to nonsense where people split things to insane levels just to disrupt things, but I suspect it would not come to that because they would be ridiculed, and it would be just a waste of time for them since splitting something doesn't mean it doesn't get voted on in the end.
I hate to break it to you, but you have a bunch of people in Congress right now gaining politically by being disruptive. So your failure scenario is occurring now without your mechanism.
If the failure mode of this proposal (excessive splitting of bills) is less disruptive than the current situation (attaching bill-killing, shutdown-threatening riders), then it seems to me we would still be better off with this implemented than without.
In addition, as long as the votes for this are public, it seems like it would be harder to defend capricious action for political gain, since anyone could see that this group of senators all voted to split legislation that clearly should not have been split and then take them to task for it. It could even be mandatory that a proposal to split a bill must be accompanied by an explanation (also publicly available) of why it should be split that way. It's one thing in my opinion to put something controversial into an unrelated bill--there will always be people who are in favor of that, so it is politically defensible and can score points--but it is another thing entirely to try to (literally) rationalize the frivolous division of a cohesive bill.
It actually strikes me as quite an elegant solution to the problem of riders and sprawling legislation.
You believe that by increasing transparency and granularity, voters will punish or reward Congresscritters more effectively and efficiently.
I disagree strongly. I submit that most voters do not follow the legislative process very closely and vote accordingly. Rather, I submit that most voters make decisions emotionally using far less than the totality of the relevant information currently available to them. At this very moment, we have a batch of Congresscritters who gain the support of their constituents by obstructing their opposition by any means possible. Questions of frivolousness or caprice are not considered. This is the situation here, today, and now.
I think your notion fails because it adds extra information that voters will disregard. Because this information will be disregarded, it will not significantly impact the behavior of voters. The net result is likely to be an increased legislative overhead, more procedural tools to be wielded as partisan weapons, and voter behavior not shifting significantly. As a result, the failure mode of this proposal is everything wrong with the current (attaching bill-killing, shutdown-threatening riders) PLUS excessive bill-splitting for the sake of obstruction.
Might I suggest that your solutions should not hinge on sudden and dramatic shifts of voter behavior at a scale of many millions?
I think that a 'bill' should have a statement (which is not actual 'law') that clearly records the intended effects of the 'bill'. This could be seen as an executive summary.
The contents of the bill that are actually the changes to the code of law would prescribe how that effect is to occur. I would also like to see bills define, in law, how they are funded (even if that is, 'this is funded from a general fund').
I think that the above should be true for every level of governance. The bill should be rejected (patch refused), in it's entirety, if any material not 'directly' related to the intended purpose of the bill is within it, or if it conflicts with existing law in a way that is not corrected by the bill's application to the law. This is what the legal system in a given jurisdiction should do. All law would automatically be reviewed for correctness and compatibility.
There's no way a provision as "nice" as this would go through. Of course lawmakers want ways to sneak things in.
Oh, what are those last few pages you added? Never you mind, those are tertiary. This is all in the name of protecting the environment, and its citizens, and their metadata...
Seems like it would fall to the judicial branch to decide if something is topical or not if it was that contested. However, that would lead to accusations of the judiciary being involved in making the law, though their power would be limited to splitting bills into smaller bills.
So, you'd prohibit all amendments, but allow unlimited mixing of unrelated subjects as long as they were incorporated in the original bill as proposed, so instead of adding riders to existing bills, politicians would let one measure die, and introduce a new one with the all the various mix of subjects (including the central focus of the old one) that would have been in the first measure with added riders.
Aside from moving part of the action from formal amendment processes to informal processes, I don't see what change that gets you.
"Party X votes no in favor of bill Z, but we will vote again if you introduce bill Y which is the exact same as bill Z except with a new section funding for building a shipyard in the congressional district of a popular guy in Party X"
The line item veto, which purported to allow a kind-of, sort-of veto on spending items in budget bills was never (even had it been Constitutional) a solution to policy riders (whether on budget bills or otherwise.)
Before the 1974 Congressional Budget Act [0], it had been the law for 185 years that the president could simply refuse to spend money Congress had appropriated. He could hold back the cash even if he did spend other funds appropriated in the same law. That was the original line item veto.
Then Nixon tried to exercise his power to target specific projects and congressmen with an aggressive rescission project and Congress changed the system.
The current federal budget process was instituted in that law where Congress first authorizes all plausible spending and then appropriates only a smaller amount dedicated to specific programs and the president must spend that exact amount by law.
Congress tried to compromise between the two systems with a line item veto managed by Congress in 1996. The courts weren't ready to let the executive and legislature share spending power, especially when they were likely to be the referees and the post-1974 system persists.
Or, it persisted until about 1996. In recent years -- including all of the Obama presidency and the latter Bush years -- the Congressional budget process hasn't produced regular appropriations bills and has delivered only irregular authorizations. The process is supposed to produce at least twelve openly debated appropriations bills every year with participation by all of Congress. Instead a new system of continuing resolutions that limit all spending power to the president and the Senate majority leader and the House speaker in secret conferences has taken hold.
> In recent years -- including all of the Obama presidency and the latter Bush years -- the Congressional budget process hasn't produced regular appropriations bills and has delivered only irregular authorizations.
This uses an unusual distinction between "appropriation" and "authorization" (usually, policy language is "authorization", and then actual dedication of money to be spent on an authorized purpose is "appropriation"; CRs are appropriations, not authorizations.)
> The process is supposed to produce at least twelve openly debated appropriations bills every year with participation by all of Congress. Instead a new system of continuing resolutions that limit all spending power to the president and the Senate majority leader and the House speaker in secret conferences has taken hold.
CRs are appropriations. Congress votes on the rules by which CRs are considered, and on the CRs themselves. The negotiations for CRs, as those for regular budgets, often involve the White House and leadership from both Houses of Congress in various configurations, but if Congress chooses not to debate them thoroughly, that's a choice Congress makes. The power is still with the whole body of Congress, even if that body (by a majority in each House) chooses to defer to the leadership in each House.
The most obvious problem with the line-item veto is that some things should stay together, such as a new program and the funding to pay for that program, or the repeal of one tax and the institution of another tax to replace it.
Often, "additions" are included in these last-second, "must sign" bills because they face resistance and are unlikely to pass on their own. No representative, nor the president want to be responsible for a "government shutdown" so anything that makes it into the last version of the bill is likely to become law.
It was my vague understanding that there is some very low bar for attaching riders, so that members can kill a bill they don't like by attaching a poison pill. If so, the answer would be "make the amendment process require more votes" or something like that.
I'd very much like an clear explanation of how the amendment process works.
> It was my vague understanding that there is some very low bar for attaching riders, so that members can kill a bill they don't like by attaching a poison pill.
Floor amendments are voted on just like bills, and require a majority vote to pass. The way that it can be relatively "easy" for certain members to get amendments attached to a bill is in committee, since the committee to which a bill is assigned can either let the original bill languish (though if the rest of the House wants the bill out of committee, it can be pulled out) and adopt and report out an entirely new bill, on the same subject, with amendments, or report out the original bill with committee amendments as a package which are voted on together (this would be part of the rule for the bill, and this rule is, itself, subject to vote.)
It still seems like there's a possibility that a large minority, who will vote against the bill no matter what, can attach a rider that appeals to a subset of the majority that's in favor of the bill but which will make the bill unpalatable to the rest of the supporting majority. But those kind of hypotheticals quickly devolve into complicated strategies, and it's not clear there's a better mechanism than the majority vote.
Yes, that would be a simple fix. Unfortunately, this is such an effective way to sneak favors into bills (things like funding for a local initiative in the home district for a politician who voted for a previous bill) that lawmakers love it, so it's here to stay.
It's common because politics often works like that and nothing disallows it. "I'll vote for your [x] if you vote for my [y]". I definitely dislike it but just saying, sometimes that's why.
> Wouldn't a simple fix for things like this be 'only allow a new law proposal to be about a single topic and nothing else'?
Define "topic" in a way that still lets legislators write useful laws while unequivocally disallowing the kind of thing you want to try to ban, and you can probably get published in a major poli-sci or philosophy journal.
We can start with this HN thread's subject, which is a budget bill. Can we at least agree that budgets should not touch the U.S. Code? That they should be simply allocating money from the treasury to various programs and agencies previously specified by law?
TEMPORARY H-1B VISA FEE INCREASE.—Not-
withstanding section 281 of the Immigration and Nation-ality Act (8 U.S.C. 1351) or any other provision of law,
during the period beginning on the date of the enactment
of this section and ending on September 30, 2025, the
combined filing fee and fraud prevention and detection fee
required to be submitted with an application for admission
as a nonimmigrant under section 101(a)(15)(H)(i)(b) of
the Immigration and Nationality Act (8 U.S.C.
1101(a)(15)(H)(i)(b)), including an application for an extension of such status, shall be increased by $4,000 for
applicants that employ 50 or more employees in the
United States if more than 50 percent of the applicant’s
employees are nonimmigrants described in section
101(a)(15)(L) of such Act.
Companies like Infosys, Tata Consultancy Services, and Wipro who provide our country with tens of thousands of the world's greatest minds to maintain enterprise applications for about $70,000 a year.
As I understand it, by slipping it in on an Omnibus budget bill, leaders get to add in bullshit that nobody in their right mind could defend on the floor and then expect an up-down, yes-no vote on the entire budget, including the add-in, by the membership.
In addition, because it's a budget bill, regular conference committee rules don't apply. The idea was that having conference committees dicker over each line item would be a great way to prevent both houses from agreeing. So the "fix" they made for money bills can be used for cyber-surveillance bills too.
I may have missed the details. Apologies if that's the case. If this was added to the Omnibus, the reason why was obscurity. My misunderstanding of the details is a prime example of voters not being able to track who's responsible. That's the point.
likely go find the committee it came from, however this bill is being crafted with the President's blessing. don't think the Democrats in Congress agree to anything that he doesn't. There may be times where you can "see that one didn't" but its the same on both aisles, when the bet is sure they can afford to allow members who need a boost back home to "act" defiant.
otherwise, the establishment gets what the establishment wants. Keep voting those incumbents back in and it will always be so. Hence one reason why the Republican Presidential side of the race is so interesting, those who aren't the system or are seen as bucking it are front and center. Sadly Bernie was quickly pushed to the side as there was never going to be a choice there
In the larger sense, aren't all the representatives responsible? Certainly the ones who voted for it. I know it is controversial, but they should be reading the bills before passing legislation. And the ones who didn't vote? What are we paying you for, if you aren't even showing up for your job? And even those who may have voted no seen to bear some responsibility, why didn't you raise an alarm? You should still be reading bills that have a high likely hodd of passing, even if your intention is to vote no.
Of course, but some representative made the motion to include the text of the CISA bill part of the Omnibus bill, that should be on the record somewhere.
Anyone have more clarity on this? I think since this is just a single bill, figuring out who included which part of the final text is a non-trivial task. However, since senior leadership of both parties are mostly responsible for getting this bill through, I think they ultimately are responsible for allowing the CISA portion to be included.
So now they're legally allowed to do what they've already been doing without oversight anyways, which they were legally never allowed to do in the first place and still aren't legally allowed to do due to Constitutional restraints.
I don't like to sound defeatist, but honestly what does this change?
Today (and yesterday), Techdirt claims the following changes to CISA:
1. Removes the prohibition on information being shared with the NSA, allowing it to be shared directly with NSA (and DOD), rather than first having to go through DHS.
2. Directly removes the restrictions on using this information for "surveillance" activities.
3. Removes limitations that government can only use this information for cybersecurity purposes and allows it to be used to go after any other criminal activity as well.
4. Removes the requirement to "scrub" personal information unrelated to a cybersecurity threat before sharing that information.
'yuhong helpfully posted a link to the revised bill attached to the budget bill.[1] I compared it clause for clause to the version that passed the house. That is 10 minutes of my life I will never get back. Unsurprisingly, only one of Techdirt's claims is true (but worded misleadingly). The other three are simply false.
Here's the breakdown:
<strike>1. The "CERTIFICATION OF CAPABILITY AND PROCESS" part of Section 107 now allows the President, after CISA has been started by DHS, and after publicly notifying Congress, to delegate to any federal agency, including NSA, the authority to run the process described by the rest of the bill. The previous version required DHS to run the entire process. Techdirt isn't wrong about that change. Techdirt is wrong to be confused about why NSA would be a designated coordinator for threat indicators under CISA (NSA houses virtually all of the USG's threat intelligence capability; no other department has comparable expertise coordinating vulnerability information).</strike>
I was wrong about this; the new bill specifically disallows DoD or NSA from running the CISA portal.
2. The bill doesn't change the authorized usage of cyber threat indicators at all (nor does it change any of the definitions of threat indicators, vulnerabilities, and so on). The few places I found changes at all actually improved the bill (for instance: Section 105 5(A) no longer allows threat indicators to be shared to investigate "foreign adversaries").
3. CISA has always allowed the USG to use cyber threat information in law enforcement pertaining to a specific list of crimes --- that is one of the ways CISA is significantly worse than CISPA. But Techdirt suggests that CISA can be used by the DEA to investigate drug crimes. You cannot have read the bill and believe that to be an illustrative example, because drug crimes aren't among the listed crimes: fraud/identity theft, espionage, and protection of trade secrets. It should not surprise you that the list of applicable crimes has not changed in the budget bill version.
4. The new CISA act retains all the "specific person" and "technical capability configured to remove any information" language regarding personally identifiable information in "cyber threat indicators". The "scrub", by the way, has always applied to private entities (Techdirt may have tripped over themselves to write this bullet point, because the new bill clarifies "entity", "federal entity", and "non-federal entity", and so the scrubbing language now reads "non-Federal entity" --- but the original bill defined "entity" as "private entity"!)
Note that Techdirt didn't have the final text of the bill (and couldn't have) since it wasn't finalized at the time. They were commenting on the proposed changes, which they acknowledge didn't all make it in to the bill[0].
So you may be commenting on old information (note that I don't see those 4 items on their current article[1]), and they specifically acknowledge the changes from yesterday's proposal to today's complete text.
They could still be wrong in their analysis, but it would be more helpful to do a breakdown of their current stance on the final bill, rather than doing a breakdown on their analysis of proposed changes with data you have from the final bill text that they didn't have access to.
Nope. Not even a deeply cynical misreading of the bill gets you there. Here's Techdirt's current claims:
While the reports yesterday indicated that the bill would directly allow its use in "surveillance," the list of approved uses was changed slightly to effectively hide this fact. Specifically it says that the information via CISA can be used to investigate a variety of crimes -- and doesn't say "surveillance." But, obviously, surveillance isn't a "crime" that the government will be investigating. It's just the method that the government will use to investigate crimes... which is now allowed under CISA.
Every version of CISA has included this language, and the "variety of crimes" hasn't changed and remains microscopic. The list of approved uses wasn't "changed slightly to effectively hide this fact"; in fact, the only change in the approved list of uses is the removal of an approved use.
Also, yesterday we noted that the proposed change would "remove" the privacy scrub requirements. The final bill didn't completely do that, but basically changed the standard to pretend that it's in there. Rather than demanding a full privacy scrub, the bill lets the Attorney General determine if DHS is doing a reasonable job with its privacy scrub.
"Privacy scrub" is language that Techdirt is using, but the bill never has. The CISA requirements to remove personally identifying information --- which have always applied to private entities --- is unchanged.
News flash, privacy is going to (keep) getting worse before it grts better. This is why the instant someone invents a totally secure and private way for me to exist online, I'm going to dump a truckload of money down their coffers.
> News flash, privacy is going to (keep) getting worse before it grts better.
If by that you're saying we should just "wait it out" until it gets worse, then I'm not sure I agree. Unless you're expecting the US to go through a totalitarian regime and then through a revolution in the future, then I doubt it's going to "get better" if people don't try to fight these changes hard at all steps.
As the surveillance people get more power it's only going to become easier for them to pass new changes like these. It's also going to get easier for them to ban good encryption in popular services, as well as open source projects that are "aiding the terrorists" (or whatever their excuse will be).
It really doesn't matter how "silly" you think such excuses will be, if by then the judges can be compelled to agree with them. In fact, by then, you'd be lucky if the majority of the brainwashed population by the controlled mass media will even agree with you that such excuses are "silly", as they would most likely believe them. Just look at plenty of other countries around the world for such examples. I mean half of the US population probably still believes Snowden cooperated with Russia or is a Russian spy, thanks to the denigration campaign against him. Heck, 20% of HN probably believes that.
Unless the software-firmware-hardware stack is totally secure then someone, and it needn't be a government, will implement backdoors where there is value in doing so.
I don't know the origin of the word "scumbags" but it seems to fit perfectly here.
Can you imagine sitting across from someone you are negotiating with and you are about to sign and they slip a sheet of paper inbetween the document, making you agree to it?
Of course not. But what you'd never do to a fellow american in person, congress is more than okay with doing to you without you being there or realizing what is going on.
P.S., the reason you don't see as much wrangling or dramatic threats to shut down the government over this budget bill is because a bunch of stuff like this was loaded into it. Because Congress is under enormous pressure by law enforcement and intelligence agencies to undermine computer security in the name of "safety", but they can't be seen doing it because it's extremely unpopular.
What will be interesting is if all the riders on this budget bill are so unpopular that the voting public demands a government shutdown.
Personally, I think everyone here is better off spending time writing software to make surveillance less practical. Even if the U.S. government is nominally constrained by laws (they aren't in practice), there are plenty of other actors in the world that aren't governed by any constraints and will monitor all electronic communications up to their technical capacity to do so.
If you care about privacy and information security you need to be working on tools to make it impossible for surveillance to occur, not petitioning a Congress that is dead-set on screwing you.
> Taking this to extremes, why would politicians not sneak every crazy wild idea that they have onto this bill if it's a must-pass bill?
They try; there are various constraints:
(1) Individual members can't just stick a rider onto a bill, riders are amendments, and are voted on.
(2) Riders are, in effect, a strong-arm negotiation tactic between one house of Congress and the other, or between Congress and the executive -- a gamble that the other side sees the other provisions of the bill as "must pass" enough to accept the added conditions. But those gambles can be wrong, resulting in neither the main bill or the added provision getting passed. So, the biggest incentive to add non-germane riders is to a bill you are less concerned with passing than those you are trying to get to accept the rider as a precondition for the rest of the bill, where them rejecting the rider is more unattractive to them that it is to you. If you really think its a "must pass" bill (rather than just wanting others to think that so that they'll accept the rider), you won't want to risk causing it to fail somewhere in the process because the rider you attached was unacceptable.
Unless you want the political fodder to say the other party is also willing to shut the government down. If you don't care about shutting everything down you can put horrible things in a must pass bill.
If you don't care about shutting everything down, there is no such thing as a "must-pass" bill; at least, the fact that not passing a bill would lead to a shutdown doesn't make it must-pass if you don't care about shutting everything down.
But I think you are agreeing with what I said, that its more attractive to attach riders to something you think your counterparty sees as "must pass", but you do not.
That absolutely happens all the time. In a less scum-baggy case, the Republicans recently denied a healthcare bill for 9/11 first-responders citing high cost, and the Democrats' rather non-chalant response was to the effect of, "nah it's okay - we'll just throw it in the budget bill". It's the norm.
Rolling in a little late here, I am actually wondering what substantive rationale exists here. There are super competent people in the government, and they do percolate information out to Congress. So I don't think it's fully appropriate to call the Congress-critters chumps (although it's a national pastime), and I do also wonder what the effective means of altering policy are(No, I don't think the EFF is being effective).
The article says "The bill would make it easier for private sector companies to share user information with ... other companies". Taking this at face value, any potential employer could conceivably access everything I've ever said on YikYak, just, to you know, compare with their own notes and make sure I'm not a criminal. This wasn't really supposed to be that serious of a comment, as haven't said anything too horrible.
Don't you get it, America? Your masters want this. Why can't you have the good grace to let yourselves be observed and controlled without raising such a ruckus?
Remember that:
Apple, Reddit, Twitter, the Business Software Alliance, the Computer and Communications Industry Association, and other tech firms have all publicly opposed the bill. And a coalition of 55 civil liberties groups and security experts all signed onto an open letter opposing the bill in April. Even the Department of Homeland Security itself has warned in a July letter that the bill could flood the agency with information of “dubious value” at the same time as it “sweep[s] away privacy protections.”
http://www.wired.com/2015/10/cisa-cybersecurity-information-...
Isn't this massive news?
I mean the bill in itself is horrible policy making, but the way it's being snuck in is scandalous in its own right.
Have i misunderstood something?