[tptacek]

I don't understand why you think CISPA is hard to parse. The 2013 draft bill is public. The bill is extraordinarily short. And much of the objections --- which you rightly call out as emotional --- are contradicted by the text of the bill.

I don't so much care whether CISPA passes. What I do care about is people trying to fundraise by convincing willfully ignorant nerds that CISPA is a backdoor SOPA bill; why, just look, GoDaddy supports it, it must be bad!

[crisnoble]

Any willfully ignorant nerds should read the bill's text, which is available here: http://www.opencongress.org/bill/113-h624/text

[anoncow]

Can you link me to a layman version?

[crisnoble]

I find that if you ignore the white space and numerals, it reads pretty well.

[tptacek]

What parts of the bill are you having trouble understanding?

[rdl]

The reason it's hard to parse is that random amendments can be added late in the game which totally change the meaning of the law (of course, they could be added to any bill). And, I was trying to be charitable.

[tptacek]

It's funny you should mention that. Random amendments were in fact added to CISPA 2012. They did things like, for instance, ensuring that terms of services violations wouldn't constitute cyberthreats, or making it clear that bill wasn't intended to stop piracy.

The amendments are public too. You can actually read them.

As you can see, I'm not very charitable about this. Nerds are to online regulation what the Michigan Militia is to gun control. I respect and defer to fact-based objections to CISPA, but I have no patience for the (large set of) people who simply make things up about it to try to win arguments.

[rdl]

There's a legitimate reason for the Internet Hate Machine to try to preempt bad law -- it takes a long time to power it up, and sometimes bad law is forced through quickly. The forcing through bad laws with minimal public comment and debate (epitomized by PATRIOT) is the real problem, there, though. There is no possible argument that CISPA, SOPA, or PIPA issues are so pressing as to not allow a reasonable period for commentary and debate.

[tptacek]

I feel like I'm being charitable by discussing CISPA as if it was somehow similar to SOPA or PIPA, because CISPA has nothing whatsoever to do with SOPA or PIPA.

I do not have a problem with people who generally oppose Internet regulation of all sorts (I don't agree, but I don't make fun of them either).

I do have a problem with "Internet Hate Machines" of all sorts. You are not entitled to invoke principles to deploy bad facts.

Have you read the 2013 House CISPA amendments. I have. They're public. I'm guessing, no, right? Are you a gambling man? Would you like to bet me how agreeable they are relative to the text of the bill itself? The 2012 CISPA amendments tightened and restricted the act. What do you think the new 2013 amendments do?

[rdl]

The connection between SOPA/PIPA and CISPA goes the other way; anti-SOPA/PIPA entities are using CISPA to fundraise and influenceraise, independent of the reality of CISPA.

The only amendments I've read about in 2013 are PII removal and removing the "national security" terms, both of which are civil liberties enhancements. (although I don't know where to find the actual text of the amendments). The 2012 amendments were improvements to baseline CISPA (especially the ToS vs. CTI clarification, which was my only real objection to CISPA originally). I do not think I'd take your bet; the probability of something bad being attached is low, but if something bad is attached, it's high severity, so moderate risk. You'd give odds based on probability and I'd want based on expected-harm.

Re: IHM. Reasonable people don't really win at politics. Look at how AARP/etc. essentially eviscerate anyone who thinks of touching Medicare or SS. Thus, horrible public policy (wealth transfers from the poor and young to the old and wealthy!) persists in the face of all logic. That it does shows how effective their lobbying/rabble-rousing strategy is.

Civil libertarians tend to err on the other side, for "what would be best for society", and end up with all kinds of bad stuff happening to them.

I'm ok with "ends justify means" in this case -- if "means" is "make everyone in Congress terrified of any cyber-laws which aren't explicitly and transparently improvements to individual privacy and freedom."

[unfasten]

>(although I don't know where to find the actual text of the amendments).

This¹ site lists the amendments and has a PDF for each. I'm not sure if it's all of them or contains the ones you mention. The PDFs are dated and some are Feb-April 2013. This PDF² seems to be the current bill with the amendments accounted for in the text ("H.R. 624 as Amended").

edit: I just noticed that ² has a date of Feb. 2013 while some of the amendments have April 2013 dates, so I don't think it's the most current version.

¹ http://intelligence.house.gov/hr-624-bill-and-amendments

² http://intelligence.house.gov/sites/intelligence.house.gov/f...

[declan]

I have read the 2013 House CISPA amendments and wrote about them here: http://news.cnet.com/8301-13578_3-57579012-38/privacy-protec...

I'd be interested to hear defenders of the legislation explain why CISPA remains such a lovely bill after the House Intelligence committee rejected these four amendments that were aimed at protecting privacy:

* Limiting the sharing of private sector data to civilian agencies, and specifically excluding the NSA and the Defense Department. (Failed by a 4-14 vote.)

* Directing the president to create a high-level privacy post that would oversee "the retention, use, and disclosure of communications, records, system traffic, or other information" acquired by the federal government. It would also include "requirements to safeguard communications" with personal information about Americans. (Failed by a 3-16 vote.)

* Eliminating vague language that grants complete civil and criminal liability to companies that "obtain" information about vulnerabilities or security flaws and make "decisions" based on that information. (Failed by a 4-16 vote.)

* Requiring that companies sharing confidential data "make reasonable efforts" to delete "information that can be used to identify" individual Americans. (Failed by a 4-16 vote.)

[rdl]

I kind of hate those amendments (without having read them). I'm not really defending CISPA (I would like better security, but I generally distrust the government both for competence and for goals/morality/ethics).

1) NSA and USAF are specifically the only parts of the USG I want to have access to this data. I trust NSA and DOD way more than I trist FBI, DEA, etc. to not fuck me personally if my data is somehow included in a dump given to them for anti-terrorism purposes.

2) Useless bureaucrat. I don't believe in oversight of government by government; mandatory reporting requirements to the public, with independent watchdogs like EFF/ACLU, are the only thing which would really work for me.

3) Vague thing is vague.

4) I don't really want companies to have to do PII filtering; I'd rather they be able to dump bulk data if under attack, since J. Random big dumb company or non-security startup is in no position to do forensics, filter, etc.

[DannyBee]

To be fair: THOMAS is usually very slow at putting up amendment text, sometimes taking weeks or months after a vote to put up floor amendments.

(I have complained, and they said the should be there the next day, but then I pointed out about 25 cases where it wasn't, and they kinda stopped talking :P)

[declan]

In this case the amendments were online on a .gov site about six hours or so after the vote (thanks, I suspect, to my bugging the committee).

[tptacek]

(THOMAS being the Library of Congress document management system).

[declan]

I agree with tptacek (hi there!) that CISPA is not that difficult to parse, and that people might as well read it for themselves. More: http://news.cnet.com/8301-13578_3-57579012-38/privacy-protec...

But I disagree with his "Michigan Militia" analogy, which is a bit silly. Another way to look at it is that starting with Clipper, CDA, CALEA, crypto export controls (plus mandatory domestic key escrow approved by a House committee), we've lived through 20 years of ill-advised regulation. So unless the merits of a new proposed law clearly outweigh the downsides, which is not the case in CISPA, a measure of skepticism is reasonable.

[tptacek]

Wait, what? We don't have Clipper or key escrow of any sort. You seem to be arguing that every measure ever introduced into Congress has to be judged against the dumbest ideas ever introduced into Congress.

[declan]

tptacek: You're quite right that neither are with us today. The reason: Clipper and key escrow were defeated by the same advocacy groups you claim, without any evidence, are trying to "fundraise by convincing willfully ignorant nerds" CISPA is bad.

I can imagine FBI director Louis Freeh saying the same thing when he was defending bans on non-escrowed encryption in the late 1990s: "Nothing wrong with mandatory key escrow! Silly ACLU EFF EPIC etc. are just trying to fundraise off of fear and emotion."

[tptacek]

What does EFF's opposition to Clipper have to do with what CISPA says?

You yourself have conceded on HN that advocacy groups have directly misstated details about CISPA. Now you're writing comments suggesting that I'm being misleading by pointing that track record out. That is not honest debate, Declan.

[declan]

tptacek: Two points. First, if an employee has a history of writing bad code, you may scrutinize their efforts more closely in the future. Same with Congress. I was making a historical point for context that based on rdl's mention below.

Second, I'm not aware that anything ACLU EFF EPIC said that's intentionally false re: CISPA. As you correctly say, other groups may not be as careful (although even then, you could have unintentional falsehoods, and I rarely like to speculate about motives).

[tptacek]

How many of the names on CISPA were in Congress for Clipper? Answer: Frank LoBiondo. That's it, out of a long list of names. Congress is not one monolithic thing.