Extremely boring. The executive branch has to work within the framework of existing laws (like the ECPA) and cannot do things like shielding private entities from liability. So where CISPA and Lieberman Collins had certification programs and information sharing, this EO says only that an "information exchange network" will be established to share "indicators and warnings".
The overwhelming majority of this document has to do with security inside the federal government, which is again the largest IT operation in the world.
Yes, you're spot on here. It might still be ineffective, almost certainly so, but because of existing laws, it's almost all internal to the federal government rather than L-C or CISPA affecting our relationships with Facebook, Google, or any other private company with mass storage of our user data.
It also won't mean startups need to collect user data in case the feds come calling.
Very insightful comments throughout the discussion, thanks, Thomas.
I wonder if this EO stating the requirement for the information exchange network is designed to serve as de facto budget approval for building it out - circumventing any potential congressional blocks.
The one thing every faction in government agrees on is that there needs to be public/private threat sharing. Also, that's just not how the "budget" works.
I'm not sure what this means. Techdirt here claims the EO has been "leaked" (because that will drive pageviews). Reporters at real publications have already read the entire order. It wasn't "leaked". Techdirt is just making things up like they normally do.
Techdirt is horrible and people should feel bad for posting their stories here.
Reportedly, this might be of more relevance: "There is apparently a different executive order in the works, and it is described in this Washington Post story http://www.washingtonpost.com/world/national-security/white-... as a 4-page executive order that would create voluntary standards to guide companies in guarding themselves against cyberattacks, and would establish a special council made up of key government agencies to identify cyberthreats. The Cybersec Council would be led by DHS and would have representatives from Commerce, Defense, Treasury, Energy, Justice and the DNI. That seems more of a reaction to non-passage of the Lieberman-Collins bill, Title 1 of which would have done all of these things, than does the 19-page order that Bloomberg described."
Um, "leaked" like pg "not marked top secret" email? Lots of reasons to "leak" all kinds of data. Leaked simply means distributed prior to official release. This is likely a "trial baloon" or sum such. then, they change it after the criticism to avoid further embarrassmnet, nor not. either way.
What does that even mean? Graham sent an email blast to hundreds of people with negotiation advice in it. The problem isn't that the mail got out --- of course the mail got out. He sent it to a giant mailing list.
The problem is that publications like Venturebeat and Techdirt went to town on the email spinning it into something it wasn't. And the problem is people who promote that cynically packaged excreta on sites like HN.
Uh, it's marked FOUO, not Top Secret, and it's going to be made public when it gets issued anyway, troll.
.....
FOUO=for official use only, ie = confidential
pg internal email = confidential [1]
almost all leaks = confidential
a PR before embargo = confidential
......
What does that even mean?
This is the world we live in...Leaks are a form of "black hat" PR [2]
......
Calling someone a [troll] for suggesting this may be a [trial baloon] seems un-intelligent at best.
Whether or not its good policy or bad or good pr strategy or bad is a fair topic of discussion.
.......
[1] This was a simplification of "internal", if it technically includes portfolio companies that are legally distinct entities from YC. But being pedandtic here is off point. This was being illustrative that "all kinds of data could be leaked", and in particular all manner of private, non-governmental information, that for whatever reason, people feel should not be sent to the press and have a reasonable expectation of privacy around.
[2] I.e. The leak can be by a friend or foe, for information or dis-information, etc.
It's easy to keep an argument going if you just ignore what the other party says and repeat your talking points over and over again. But my last comment was pretty simple: Graham's "internal" mail, which went to hundreds of people on a mailing list, wasn't "confidential".
For that matter, "FUOU" is explicitly not classified.
If you can't make a reasonable analysis of something as simple as Paul Graham's mail to YC companies, what makes you think you're a credible critic of public policy, which is much more complicated?
And Pg and other VC's don't sign NDAs but confidentiality is understood in certain areas...almost all communication relating to corporate finace and investment, BOD internal deliberations, communications for example...
For that matter, "FUOU" is explicitly not classified.
Again, this is off-point...its not "official" use to send internal <government> documents to the press for "public" consumption. This is really "rookie" 101 type stuff, things that in a BigCo job are subject to all kinds of intenal compliance procedures...ect...not even debatable
In addition, there are disclosure rules around market moving informations, and all kinds of stuff...
Routinely dis-respected, but thats another story.[1]
__________
[1] These rules typically apply to Public companies, and revolve around providing fair access to information for retail investors and the like. Reg FD is an example.
Also easy to keep an argument going by saying "my point is understood to be correct" instead of backing it up. You seem to be having a hard time with the point that Graham sent his negotiating advice to a giant freaking mailing list with many tens of companies on it.
If he wanted it confidential, he wouldn't have done that. Graham is many annoying things but an idiot is not one of them.
None of this, none of it at all, has anything to do with what happened to ...
Nice try again, but this is directly addressing something else altogether. It seems to show, that you most likely have never personally handled information at this level.
You're just wrong to think unless something is "TOP SECRET" and a government document, its not a "leak" in contemporary usage.[1] YC's email that ended up public was not meant to be public, however you want to debate the wording. It was provided here only as an illustration people are familiar with. There is no opinion expressed here about the situation, nor implied (its been discussed by PG on numerous threads).
There are well-trodden notions of confidentiality, privlege, and confidence outside of govenment. Things that are familiar to people operating at the level of founders, vcs, board members, etc. If you are't familiar with this, that would explain some of your comments. You were the one who needed a citation. Here is a typical excerpt:
Most other folks are too nice to actually mention it, but since I'm not a VC or big deal business tycoon, I'll just say the most important point outright: Asking for someone to sign an NDA also often makes you look amateurish. -- Anil Dash
But, that would genuinely surprise me, to the extent I almost don't believe you would not be aware of this. I'll be charitable and assume you mis-read or mis-interpreted what I wrote. It seems most likely you mis-inferred something about what may or may not follow as a result.
For this reason, you'll note there are [now] more footnotes and citations, for the benefit of others. [This was one]. Some of these were added after you made initial comments -- I'm happy to take advice to make things clearer -- and I happy to aknowldege these changes.
Hundreds. Stop trying to argue that Paul Graham was trying to keep a secret on a mailing list that might hit 1000 people.
The reason for all the drama about Graham's mail wasn't that it was a leaked secret. It's that dishonest tech publications cynically spun it as one. Just like they're doing on this story.
tptacek - you're acting desperate with that smear.
......
You seem to be having a hard time with the point that Graham sent his negotiating advice to a giant freaking mailing list with many tens of companies on it.
No. I understand this. These are people with whom he has a investment interest, are portfolio companies, and YC alumn executives and the like. Ie, the types of people he would be giving advice to about raising money.
So, I'm not implying anything about PG.
I wrote "NOT MARKED TOP SECRET" as a modifier for his e-mail. As a point of fact, he's not a government agency.
And the point is certainly not the issue that PG <sent> the email.
The only relevance here was that it was "leaked" to the <press>, by a party [intentionally or otherwise] he implicitly trusted enough in the first place send it too.
It clearly was not a <press release>.
PG made many comments here on HN. It did not seem that he wanted or envisioned his note to be in the press.
The point is that non-government, non-top-secret information can be "leaked." Which is true, and not really a debating point.
It was almost certainly leaked by the very people who are writing it, to gauge reactions and gather feedback. This is practically SOP for draft executive orders that are likely to affect a significant number of companies.
The overwhelming majority of this document has to do with security inside the federal government, which is again the largest IT operation in the world.