Hacker News new | ask | show | jobs
by tptacek 4842 days ago
So what you're saying is, the best possible thing to happen would be a law specifically preventing any American company from relaying threat information --- packet captures of exploits, netflow traffic profiles of botnets, &c --- to the US government, and, further, preventing any agency in the USG from providing traffic capture information, packet filter information, or botnet identification information to private companies.
1 comments
TallGuyShort 4842 days ago
No. In my mind, the best possible thing to happen would be a law specifically preventing any American government agency from requiring any company to hand over such information without due process. Sadly, you would think this was already clear enough from the constitution, but there are already enough loop holes that it happens anyway. Another good thing would be for American internet companies to voluntarily adopt and adhere to privacy policies along the same lines.
link
tptacek 4842 days ago
CISPA does not require any company to hand over any information to the USG without due process!
link
TallGuyShort 4842 days ago
I think you're taking the "opposite" in my initial post more literally than I intended. My point was that if the law seeks to violate certain rights to privacy we believe we have, the law being struck down is not the final solution. The final solution if the rights to privacy we believe we have successfully being codified into law to prevent that bad parts from being practical options in the future. I did not mean to imply that each term in CISPA be logically negated and passed into law.
link
meric 4842 days ago
He isn't saying CISPA should be opposed, but rather, additional specific legislation to protect individual's data from being retrieved by the government without due process.
link
tptacek 4842 days ago
But that is already unlawful.
link
TallGuyShort 4839 days ago
I think the recent thread about how people can be compelled to keep searches and confiscations secret makes my point sufficiently clear. I think by "due process" you mean "according the law". By "due process", I mean in a very fair, transparent, limited and well-defined way.

edit: Specifically, this is a precedent that is a big step in the right direction for this kind of thing, IMO: https://news.ycombinator.com/item?id=5382891

link
meric 4841 days ago
I was pointing out a misunderstanding of what he was saying.
link