"Each time you use a credit card, each time you read your bank statement, all of your IP information and your search history will be required by your ISP to be stored for 18 months at all times."
How can my ISP store my search history? DuckDuckGo and Google offer https to do the searching.
How can my ISP know where I use my credit card? Whenever I pay by credit card I use https.
I might be revealing my stupidity here, but surely your ISP can MITM the HTTPS handshake and decrypt all of your traffic? Unless you have a pre-arranged key that hasn't travelled through their network.
Your ISP won't be able to get a trusted certificate authority to issue them a cert for "*", which is what they would need to do in order to transparently MITM SSL. They could generate that cert on their own, and maybe install it into the Windows cert store with the "installation CD", but they couldn't intercept your traffic on an unadulterated system.
SSL is designed so that only the server with the private key for a specific certificate can complete the handshake correctly for that certificate, and the certificate is tied to the domain name.
The ISP can MITM the handshake and return a different certificate, but unless a certificate authority supported by your browser is complicit, they can't get that certificate signed for the domain you're trying to visit, and the browser will complain.
If they did, we'd get versions of Firefox and Chromium at least with the US certificate authorities root certs yanked out within a day, and companies scrambling to replace their SSL certs with certs that'd still be trusted by users.
Unless they made it illegal to, I'm sure we'd see all the major browsers work to deprecate those certificate authorities pretty quickly - not doing so would make SSL useless.
The thing with certificate is that you have to trust that the certificate authorities won't sell (or give) fake certificate to ISP or government. If they do so, the ISP can MITM you.
There's a very slippery slope of misuse that eventually creeps in with any new enforcement privilege. One example - the extra abilities the Patriot act gave to law enforcement that now are used almost exclusively for non-terrorism related investigations.
That seems to be the right way to fight these things, if those that have been abused as children are against this law, then this law isn't to protect the children, but to simply push it under the rug.
Its worth noting that the RH (reported in house) version of the bill is significantly better. This requires logging only ip addresses and only for 12 months
AND the response may only be compelled by a government entity.
(1) A commercial provider of an electronic communication service shall retain for a period of at least one year a log of the temporarily assigned network addresses the provider assigns to a subscriber to or customer of such service that enables the identification of the corresponding customer or subscriber information under subsection (c)(2) of this section.
`(2) Access to a record or information required to be retained under this subsection may not be compelled by any person or other entity that is not a governmental entity.
It still needs work, like requiring reasonable suspicion of child pornography, but it is significantly better.
Also if anyone can confirm whether or not that Reported in House means that the actual bill that has been fixed and that it is not just suggested changes to the bill that would be great
I agree; this isn't nearly the scale of SOPA/PIPA.
This bill just makes it a requirement that ISPs keep customer IP addresses on record for at least a year. I'm guessing that most major ISPs have already agreed to do this sort of thing for law enforcement without any law requiring it.
We need to call them out on how Orwellian this bill is and how they are hiding behind child abuse to monitor the whole Internet and everyone, before they get a chance to ask "why are we against protecting children online?".
Let's frame the issue before they do. Also bring up the point that Rep. Lofgren tried to add an amendment called "Keep Every American's Digital Data for Submission to the Federal Government Without a Warrant Act.". Of course they rejected it.
Maybe Reddit should organize a campaign to send every member of congress a copy of _1984_, and maybe _Fahrenheit 451_. Seems like they could pull it off. On the other hand, it might just give them more ideas.
The first paragraph is completely wrong. Of the things listed in the first paragraph as things the bill requires, not a single one is correct.
The only factual statement in that paragraph is the link to the bill text.
In fact, I cannot find any even remotely plausible (or even an implausible) way to misread the bill so as to come up with his claims. Either the author is simply lying (to generate controversy and traffic perhaps), or is just repeating something he got elsewhere and made no effort whatsoever to verify.
This is not HN quality material. Flagging.
For those curious, here's what is actually going on. Under current law, an ISP has to cough up certain customer information to the government upon a proper legal request. That information is name, address, phone number connection records or session times and durations, how long the customer has been a customer and what services they use, subscriber phone number or subscriber number, temporary network addresses, means and source of how they pay for the service (including credit card number if that is how they pay).
As far as I can see, there is no requirement that the ISP retain this information. They just have to make it available if they have it. Practically, of course, most of it will be retained for business purposes.
What this bill adds to this is that the ISP has to keep a log for one year of temporary IP address assignments and mapping of them to the customer information listed earlier. So, it's adding a new data item to log, and it is making it so that the customer information mentioned early has to be kept a year (which in practice is not a change because it is almost certainly kept anyway regardless of legal requirements).
It also adds a section that says that access to this information may not be compelled except by a government entity. This may be good news for those who are doing file sharing, as on first reading it would prevent plaintiffs in civil suits from getting access to the information.
Anyway, there is nothing whatsoever that will "have your internet service provider tracking all of your financial dealings online. Each time you use a credit card, each time you read your bank statement, all of your IP information and your search history will be required by your ISP to be stored for 18 months at all times".
When is Lamar Smith's next election? Are there any candidates running who would say they're opposed to this nonsense? Seriously consideing putting together a PAC in New York City.
If there's a group of people that understand technology less than Smith and care less about protecting freedom of speech on the internet than him, it would have to be the people living in Texas's 21st congressional district, which he represents.
Smith's been in the House since 1987, so he won't be going away any time soon without a fight. He won his last reelection with 69% of the votes, in 2010. Even though you've got 2 more years to prepare to take him down, I'd say you're extremely unlikely to succeed, particularly when you consider how short the public's collective attention span is.
Reddit already did an analysis of this[0], and determined which Congresspeople who supported bills like the Patriot Act, NDAA, and SOPA/PIPA are most vulnerable in the 2012 elections. I think they decided upon one or two targets to focus on, which is a smart move. If they can come up with a winning strategy and get a pro-internet/freedom of speech politician who sticks to his principles into office, then they have hope of gaining support from other groups of people in future elections.
Personally, I believe that many of the current problems with the political system stem from (a) the electoral system and (b) the campaign finance system.
The electoral system allows otherwise unelectable politicians to get into Congress and hold onto their seats purely by virtue of gerrymandered Congressional districts. This[1] is Texas's 21st Congressional district. Ignore the vast swaths of land in the middle of nowhere, as those are not very densely populated. Focus on the parts of the district that approach the cities of San Antonio and Austin. See how oddly shaped they are? This is to ensure that only wealthy people in those cities are in the district. By combining the social conservatives (religious people) in the rural areas with the fiscal conservatives (wealthy people) in the suburban areas, they've created a district that is unwinnable for a non-Republican (Democrat or 3rd party).
Moreover, the lack of proportional representation in favor of a winner-takes-all situation makes it impossible for 3rd parties to get a foothold in the public consciousness, so that they can build over several elections into a formidable force. So even in districts that aren't so blatantly gerrymandered, you're left with what's essentially a political duopoly.
We've gone over the campaign finance issues with lobbying and all in other threads here, so you probaly already know the issues with that. The bottom line is that solving any of these issues requires first getting "our" people into office, using the current system.
The best hope of doing this is to identify local elections where we can first bring in an opposition candidate who supports us. This requires an election where (a) there's an incumbent who isn't really liked by his/her constituents, (b) a dearth of opposition candidates, and (c) someone living in the district who's supportive of our views and has the time, interest, and ability to run and win. This person would have to run as a Democrat or Republican (whichever the incumbent isn't) in order to get people to vote for him. If we can repeat this process in the same geographical area for several other positions, all of these candidates could then leave the parties they're a member of at the same time and form a new one. Now you would have a 3rd party with credibility and several respectable members already in political office. From there, it would be a matter of expanding to other states, and eventually to the national level.
(a) Virtually no-one ever admits their country's system is flawed. The Brits don't realise that the House of Lords is a really crappy substitute for a senate. The Americans don't realise that proportional representation, compulsory voting, and instant runoff voting is a much better system. They say stuff like "you'll just get a candidate that nobody hates, not someone who a few extremists really love, and if voting is compulsory you'll have normal people voting", and not realise that's a good thing.
I've no idea what the Australians get wrong ... though it probably involves having too many levels of government.
The Americans don't realise that proportional representation, compulsory voting, and instant runoff voting is a much better system
I can't comment on instant runoff voting, but my impression from following politics in Europe is that proportional representation creates a situation where all legislators toe the party line, as opposed to still having some degree of independence, as in Britain or the US. This gives an undue amount of influence to a small number of party bigwigs, and the inevitable mess results.
As for compulsory voting, at least in Belgium, it has been credited with fuelling the rise of more extreme parties, notably the anti-immigration Flemish nationalists, since people who feel disenfranchised by the whole system tend to cast a protest vote, without seriously considering the consequences. Also, the notion that you could get fined or jailed for not voting seems to me to be as illiberal an idea as ACTA or the Patriot act.
Coming from a country with proportional voting (Norway), I can't say I agree it makes people toe the party line - in Norway all the big parties have factions with varying level of parliamentary support.
But even if it did, it makes it sufficiently easy to establish new parties and get representation in parliament that the parties are careful about not letting too big conflicts arise these days (one of the current coalition partners in government, for example, started out as a large chunk of the youth organization of the other, which broke away as they were far more left wing than the parent party)
Norway has regularly had 10+ parties represented in parliament (with 169 seats).
If done well, this results in an environment where everyone are interested in compromises because it's the only way of getting anything done - anyone who just tries being obstructionist like the current crop of Republicns would end up with no influence, as it just makes the other parties go elsewhere to find someone to cooperate with to establish majorities.
The current government is a coalition of three parties, and coalition governments have become the rule rather than the exception in Norway over the last few decades.
I meant that members of parliament toe the party line in PR systems -- are you saying that members of parliament in Norway commonly vote against their party faction or even switch factions when they feel like it? If so, I'm impressed :-)
I fully agree about it being important that parties can be esatblished and elected easily; again in Belgium, there is a rule (initially devised to keep out the increasingly popular Flemish nationalists) that parties need to get 5% in elections to gain any seats at all.. It's good to hear not all countries have this!
I'm not so sure about the spirit of compromise being so positive; again relating to Belgium, decades of compromise agreements between Flemish and Waloon, and left- and right-leaning parties has created an institutional structure that is very complicated and obtuse (google the term "Belgian compromise"), and indeed its complexity and inflexibility have been at the heart of the recent problems.
It might be a bit unfair of me to base all my argument on the example of a single country, but I guess my main point is that it is not so much the choice of political system which determinces how messed up things get, but much more the polititians themselves. I'm not surprised that you as a Norwegian seem quite satisfied with your political system, because Scandinavians have a reputation for being prudent and reasonable, and I would bet that it wouldn't make all that much difference if the rules there were more like in the US for example.
It isn't unusual for votes to go against their party faction, though the parties do generally have rules that allow the party to demand they follow the party line in certain situations, though they can't legally enforce that. The worst they can do is exclude said person. There have been a number of situations where there have been important cases where they've tried to enforce a specific vote and members have left the party in question in order to vote as they pleased, which makes the parties careful about when they use those mechanisms.
But the ability for smaller parties to get in also mean that each of the parties are far more homogenous than the US parties, for example, so it's natural for them to toe the party line to a reasonable extent for important votes. In US terms, most of the parties in the current Norwegian parliament would've been members of the Democratic Party, but in Norway that span is considered so wide that it would be unthinkable for any of the current parties to merge.
In terms of barriers, there's a 4% limit below which you need to get in on direct votes, but no other limits (other than being able to fill a list, so you need at most a couple of dozen people willing to put their names on each regional list for parliamentary elections - a low enough number that even parties with a few hundred members have no problems fielding lists in parliamentary electins). The way the Norwegian system works is that most seats are tied to a region, so there's, say (I haven't looked up the actual number recently), 18 seats for Oslo. Each party provides an ordered list. So for the first 2 people on a party list to get in on direct votes, they need the total number of votes for Oslo / number of seats * 2, or more.
All the parties that get more than 4% nationwide then shares in a pot of additional seats that are used to even out their share to best match the actual nationwide percentages. Which regional party list is awarded the seat depends on who got closest to getting in, but the party is determined based on proportion of the vote.
The combination of this is that small parties have a chance of getting in - it takes 15.000-20.000 or so votes per region to win a seat - and larger parties proportions are further evened out so there's no tactical advantages in fighting harder for "close" seats. At the same time a regional link is maintained, which tends to be one of the thing people like to use as an argument for single seat constituencies.
In terms of compromises, I think Belgium has a big problem because it is too disparate. Belgium has two alternatives: Devolution of power (or splitting the country up), or compromises that nobody will be happy with but that are still better for either side than if the other side were to shove things down their throat. When these types of compromises are bad it is usually a sign that both sides to some extent would prefer to shove decisions down the other sides throat, or they could've agreed to devolve more power to the regions...
Norway does have enough conflict too where neither side are happy, but that's the nature of a system that represents everyone reasonably well.
I'd tend to think the "toeing the party line" would tend to be a feature rather than a bug, to the extent that most people inform themselves about politics simply by watching the national news. If parties are more homogeneous people can make meaningful votes without having to know who in particular is representing their district. I do agree about compulsory voting, though.
Proportional representation creates more diverse parties. You don't vote for a "Left Democrat", you vote for a Green. Or a Pirate. Or some Tea Party equivalent. That's where you get "extreme" parties. But if you believe in the importance of free speech, you should also believe in putting a plurality of views into parliament (even ones you disagree with), where they can have a fair debate.
The fears over compulsory voting are ... interesting. I'd say that disinterested people make the best decisions, not party fanbois. Disinterested people are less informed, though. What's needed is some way of informing them at the poll booths. In Australia, party reps will hand out "how to vote" marketing brochures. This process could definitely be improved. Candidates could be forced to answer some structured questions, which could be written by an independent commission (to try to reduce bias, though the commission might be a little corrupt or biased). Stuff like "Do you support X, yes, no, or undecided".
> I can't comment on instant runoff voting, but my impression from following politics in Europe is that proportional representation creates a situation where all legislators toe the party line, as opposed to still having some degree of independence, as in Britain or the US. This gives an undue amount of influence to a small number of party bigwigs, and the inevitable mess results.
You know, if you'd said that fifty years ago, I think you'd be right. But have you paid much attention to US politics over the last ten years? The Republicans have engaged in strong campaign against "Republicans In Name Only", and have enjoyed enormous party discipline as a result, even when it seems like they shouldn't.
I suspect the future of congressional politics in America looks like European-style parties only with no European-style party diversity.
Most people don't understand technology, but they do understand freedom. The strategy to get a pro technology representative elected is to get a small government person elected in such region, who believes federal government has very little role in every day life of a citizen.
The problem is that for these people, freedom of the speech on the internet isn't important because they don't use the internet. They don't see it as something important for America, now or in the future. They just see it as a place infested with scumbags who are hacking (not the PG definition), steal, and abuse children.
I really don't understand why a republican would sponsor this. Their party claims to want a smaller government, and yet, they don't have a problem with a more intrusive one?
The things the parties champion are what they can always most easily intrude upon because their bases ignore it (they buy the jargon and assume their party stands for what they claim).
For example, it wasn't Clinton that doubled the size of the government, it was Bush and Reagan both. It was the Bush spending increases that have really sanctioned Obama's spending increases. Bush would say he was for lower taxes, but his spending forces long term tax rates to skyrocket.
But it was Clinton that set new records on pot busts. It was the Democrats that tried to restrict freedom of speech with the fairness doctrine (nice name). The Democrats have had no problem with the Patriot Act thus far. It was a supposedly civil liberties loving President that just wiped out habeas corpus and the right to due process (NDAA bill).
The Democrats champion civil liberties and hammer you on them all day long. The Republicans champion free markets, yet they've acted the like the anti-free-market party (including creating the Federal Reserve in secret).
> Each time you use a credit card, each time you read your bank statement, all of your IP information and your search history will be required by your ISP to be stored for 18 months at all times.
Where did the author get that idea? I just read the bill, and the only part relating to ISP record-keeping is the section requiring ISPs to keep a log of what IP address is assigned to a customer. There's nothing about tracking searches or financial transactions, or any traffic monitoring at all.
Am I reading this right? At the bottom of section 8 is this gem.
[...] a court shall presume [...] that the distribution or publication using the Internet of a photograph of [...] a specific person serves no legitimate purpose [...]
What does that mean? If you transmit a picture of somebody without them giving the okay first you're probably up to no good?
Lamar Smith, creator of SOPA and this bill, is the same guy who killed the "Ending Federal Marijuana Prohibition Act of 2011". Proposed by Barney Frank and Ron Paul, he cut it down before it had a chance using his rank of chairman of the House Committee on the Judiciary.
It would have pushed legislation from the federal to the state level. . A lot of our young ones are ruined in our current penal system over trivial crimes.
He is a staunch anti abortion activist, and has signed multiple bills to make abortion as difficult as possible, if not impossible. Even signing a bill to prevent a mother from taking her unborn over state lines to perform an abortion.
If you ever want to know my political opinion on something, just check Lamar Smiths' position, I'll be on the other end of it.
The usual assumption about politicians and lawmaking goes something like this:
A lawmaker receives large contributions from certain moneyed groups with an agenda, and will introduce legislation favorable to that group. The only way to prevent this from happening is to either contribute more money to the opposing side or more directly by ensuring that passage of the legislation will anger so much of the populace that no amount of money will save the incumbent come election time.
That doesn't seem to make sense in this case. The same technologically clueless people who introduced SOPA aren't of their own accord going to decide that ISP's need to keep a year of DHCP logs in case that information is useful later.
It looks like the only entity to benefit from this would be the U.S. Attorney General, as it ostensibly will prevent the circumstance where the evidence of a case hinges on tying a person/household to an IP address but the logs are missing or overwritten.
Creepy. If this involved real-world monitoring and logging it would be the biggest news story of the day, but since it's the Internet it's just tech stuff.
"Think of the Children!" will always remain a tactic as long as people are concerned that, by opposing the argument, they will be seen as "anti-children." Simply knowing that it is a tactic should take away the fear of opposing it for what it is. A manipulation tactic.
I love living in a country where the government realizes it is too technologically inept to try to legislate and regulate the internet.
It just creates normal laws for the normal world, and whenever things from the internet crosses borders to the real world (like Amazon-orders) that just falls under the normal laws for mail-order businesses.
Is it possible that a website be created that will aggregate thoughtful arguments against such legislation, attach videos, talking points, letter templates and such as well as connect local people that can practically get involved in resisting constant attacks on freedom?
Yup. The most popular current excuses to shirk problems by suppressing liberty:
(1) anti-terrorism
(2) health and safety
(3) think of the children
I was actually pretty shocked to hear initial talk of protecting American inventions from 'foreign thieves'. That kind of language seems way out of date...
Y Combinator is right to be mad, but wrong about the target.
Smith also attempted to expand the DMCA in 2006, again pushing for new wiretapping privileges for police. It's a question whether this guy is trying harder to destroy the Internet or the Fourth Amendment, but imagine how awesome it would be if that was just an academic question about a guy who didn't have a career in politics any more.
The bad news is he's been in office since 1987 and has won his most recent elections with crushing victories. The good news is he's a Republican, and SOPA is wildly anti-business; the other bad news is it may be tough to make that stick, because it's only obvious to the technologically literate. Fortunately, he also he has motivated, successful enemies on his home turf; his district includes parts of staunchly Democratic Austin, and that's because the Supreme Court ordered his Congressional district redrawn after the League of United Latin American Citizens won a gerrymandering lawsuit against then-governor Rick Perry. This probably also means he's extremely corrupt, but it's hard to imagine SOPA coming from anybody who wasn't extremely corrupt in the first place.
Let's all form a political action committee called the Coalition To Defend The Internet From Ignorant, Corrupt Assholes and get contributions from every millionaire in Silicon Valley so we can deep-six this guy so completely "Lamar Smith" becomes a synonym for "no career in politics ever again."
We can use a two-pronged attack; fund his Republican competitors, and find ways that they can show how pro-Hollywood and anti-business SOPA was (Republicans hate Hollywood), while at the same time also funding his liberal opponents. A Democratic victory in Smith's district is very unlikely, but his Democratic opponents probably hate him enough to make some noise, and I think it's extremely likely that Texas is full of younger Republicans who would love to take his place. There's got to be at least one who understands the Internet.
If you want context, I also posted nearly exactly this same thing on my blog, plus a bunch of links (mostly to Wikipedia) providing factual backdrop:
Let me just point out that, according to the research done by Steven Levitt, author of Freakonomics, money does not win elections, so if you agree with Levitt's conclusions, financing Smith's opponents is not the best way to proceed.
Catching predators is (still) a matter of law enforcement (and IMHO that's a useful safeguard, even if flawed in some instances).
Providing law enforcement with better tools might be a worthwhile geek venture (and given the tools they are sold by megacorps, "better" might not even be hard), but with the existing procurement rules (etc etc) it's probably hard for a startup to enter that market.
Alternative route: Build tools to optimize other public office work, and then use the political process to request that freed money (and headcount) is retargetted to supporting the police ("think of the children!").
While there is still a procurement problem, there might be areas covered in less red tape than police work.
How can my ISP store my search history? DuckDuckGo and Google offer https to do the searching.
How can my ISP know where I use my credit card? Whenever I pay by credit card I use https.