> legal immunity for violating ... laws [when working] with the government
Aka, a Letter Of Marque[1]. Facebook wants to be a modern privateer. Selling plundered data and reputation is less violent than the cargo that was traditionally the target of privateering, but it's still government-backed piracy.
CISA is a vehicle for the distribution of Indications of Compromise and other standard infosec threat intelligence between Government entities as well as the public and large corporations. The liability protections are completely reasonable if private companies were going to participate at all. The privacy protections built in are also much more thorough than I was expecting in a bill of this nature.
Really the only thing that really worries me about is that the things that the Government is allowed to do with shared information includes "identifying the use of an information system by a foreign adversary or terrorist". Which seems a little too broad for my tastes.
In fact, I was on the CISA hate train but after reading it I feel that it's an entirely inoffensive law and my outrage has fizzled into indifference. I'm not going to lose sleep if this passed nor if it isn't but likening it to a Letter of Marque is not warranted.
People are less likely to reply when you're being silly. Facebook didn't plunder this data, and a letter of marque sounds like a bounty hunting license, not a law adding immunities for certain classes of action.
I had to ask the two main people from FFTF that post here and on Reddit twice here on HN and around six times on Reddit, but one of them finally answered my question [1] as to exactly what part of CISA would give companies immunity as long as they also share with the government.
Because surely the government will interpret "cyber threat indicator" in the most restricted, privacy-saving way imaginable?
The first thing this bill allows for is to have Facebook rat out whatever communication they deem "malicious" to the federal government and be shielded from the fallout.
That's not true. The bill does not allow Facebook to "deem" any communication "malicious". It can share only indicators, a term that has a definition in the bill more detailed than that of any other computer security term anywhere else in US law.
Meanwhile, the clear implication of the article we're commenting on, and the idea FFTF is trying to spread, is that CISA allows Facebook to violate user privacy, and to build its business doing so, by leveraging CISA. That's a nonsensical argument, and a terribly dishonest one.
CISA is a bad law, much more so than CISPA, which preceded it. The reason we have CISA instead of CISPA? FFTF.
After reading the text of the bill I'm full of indifference towards it. Can you expand on why you think it's a bad law? I'd like to know because I'm probably missing an angle.
Where you are with CISA, I was with CISPA. But CISA extends CISPA so that data collected from providers can be used to further a whole set of unrelated criminal investigations, which blurs the line, from trying to solve a computer security problem to building new investigative tools.
I'm not opposed in principle to new investigative tools, but I don't think debate about them should be avoided by sticking them into cybersecurity bills.
Still: virtually everything organizations like FFTF say about CISA seems to be false, and all you have to do to see how is to read the actual text of the bill.
"This is Jeff from Fight for the Future. I wish we could disclose our sources for this, but unfortunately we agreed not to. Multiple sources on the hill have reported that Facebook is THE tech company lobbying in favor of CISA, several offices have heard from Facebook that they support CISA.
"Facebook themselves has declined to take up our offers to take a public position thus far. The nature of this lobbying game is that people leak information because they can't come out and reveal who they talk to and give information to. I know that sucks, but we decided it was better to put out the information we can than to just keep it to ourselves. And, what they are doing now matters to what ends up happening. So, that's why we're asking Facebook to tell us what their position is and to come clean.
"Facebook was probably the loudest supporter of early versions of CISA, until it became unpopular. Then they went silent. Unlike all the other big tech companies that have come out against CISA, Facebook is still silent. Their top Senate lobbyist comes straight from the office of CISA sponsor Sen. Richard Burr, and "cybersecurity issues" is listed on her lobbying disclosures. The publicly available information about Facebook's position on CISA just supports what we know -- Facebook is one of the major forces pushing for this bill to pass."
Facebook is an utter joke. They have put a lot of effort over the years into locking down easily minable api endpoints for "their" data (i.e. no authentication tokens), only to be able to make it available for such backroom dealing.
Luckily, humans will always be the weakest links in these systems and you can get as many auth tokens you want for checked in public repos.
In Cory's case the lack of evidence is a little surprising, but not for FFTF. I had no idea that FFTF was take seriously enough to get to the front page of boingboing or HN.
It would not be a surprise if this is true and Facebook was lobbying for CISA. Facebook supported an earlier version of the bill called CISPA; here's a letter on Facebook letterhead saying we "commend you on your legislation": http://intelligence.house.gov/sites/intelligence.house.gov/f...
On one hand, Facebook is one of dozens of tech companies that are members of CCIA, which has criticized CISA in its current form. (https://www.ccianet.org/2015/10/ccia-urges-senate-to-improve...) On the other hand, CCIA's positions do not necessarily reflect the views of every member company on every issue, and Facebook has endorsed an earlier version.
Unless there's more evidence than an advocacy group's "we've gotten information" claim, let's give Facebook a chance to reply before assuming the worst.
I was wondering about the private vs. public position of companies on this. Seeing Microsoft recently flip to the "good list" of companies made me very suspicious.
“CISA would give companies like Facebook legal immunity for violating privacy laws as long as they share information with the government.”
So the Government is using sock puppets to violate its own laws. Nice. Criminals of all continents, unite! The U.S. is your land of opportunity.
Really, why be a terrorist when you can fuck everyone over legally and even get rich and powerful with it. As an added bonus, you get to call yourself a patriot while you're at it.
We put the question mark in above. That's a standard moderation tactic we use when a headline makes a dramatic statement that we have no way of verifying.
The statement in the OP's title breaks the HN guidelines by being misleading (presenting an allegation as fact) and baity (by using sensational language like "betrayed"). Putting "Petition:" in front does mitigate that, but not enough in my view.
If anyone can suggest a better way of solving the problem in this case, we'd be happy to change the title again.
I perceive the question mark at the end of the headline to mean that A) the author believes this but doesn't want to be "on the record" for something that lacks evidence, or B) the author doesn't believe it and just wants clicks.
An imperfect solution used by newspapers is to put the source of the allegation at the beginning: "Montoya: You killed my father" or "Sources: US plans to invade Canada".
Either way, some damage will be done by false headlines. The question is just whether you can signal to HN users that the article is speculative.
Personally, I would prefer a declarative headline with a modifier like "allegedly" rather than a question mark. I also like the idea of attribution--"Fight For the Future Alleges Facebook Is Lobbying for CISA."
The good news is that FB has behaved so poorly that almost no one I know uses it or trusts it any more, so we know that in the long run at least this kind of behavior doesn't work.
1.5 billion people use Facebook at least once a month[1]. That's 50% of all humans with access to the internet[2].
I'd say your anecdotal evidence is very, very, very wrong. Facebook's behavior, in the long run, is extremely effective. Large companies willing to lobby for favorable laws have been a dominant force in all societies since there was a such thing as a "large company". I don't know what could happen to change that.
I have so much trouble understanding their numbers in light of the persistent decrease in interest in facebook as a fraction of total search volume (https://www.google.com/trends/explore#q=%2Fm%2F02y1vz). I know the paper predicting the "end of facebook" in 2017 got a lot of laughs but it really looks like interest is going down.
Everyone says "because mobile" but I'm not convinced. Mobile also means that people are searching less for everything else that might be competing with facebook. Then there is the weird jump in October 2012 that the authors of the "end of facebook" paper corrected for.
It's hard to tell what's really going on.
Maybe the last 500 million users are the ones who get free facebook (but not web) and think facebook isn't even part of the internet.
> Mobile also means that people are searching less for everything else that might be competing with facebook.
Not true. Each service accessible on the web or on an app is separate. People don't always switch wholesale. I still know people who use Pinterest exclusively the web, but have switched from Facebook web to Facebook the app.
It do feel that it's possible that Facebook usage is declining as its core audience gets older and young people use other things, but WhatsApp and Instagram are certainly compensating for that, so the company's total users across properties are still growing aggressively.
Whether or not Facebook is secretly lobbying for CISA, the article describes the way the incentives look.