Techdirt. Stories filed under "voluntary" Easily digestible tech news... http://www.techdirt.com/ en-us Techdirt. Stories filed under "voluntary"http://www.techdirt.com/images/td-88x31.gifhttp://www.techdirt.com/ Fri, 30 Nov 2012 13:28:00 PST Here We Go Again: Latest Draft Of White House Cybersecurity 'Executive Order' Is Leaked Mike Masnick http://www.techdirt.com/articles/20121130/12394321188/here-we-go-again-latest-draft-white-house-cybersecurity-executive-order-is-leaked.shtml http://www.techdirt.com/articles/20121130/12394321188/here-we-go-again-latest-draft-white-house-cybersecurity-executive-order-is-leaked.shtml leaked version of a draft for a cybersecurity executive order that the White House had been passing around, mainly to try to force Congress into passing a cybersecurity law. With the last ditch attempt by Senator Harry Reid to move that process forward failing, it took exactly a week for the White House to revise its draft exec order, and start passing it around on November 21st. And, today, that new draft leaked as well. You can see the full draft here or embedded below.

It's basically more of the same. It insists that there's a problem without providing any real evidence of that. Much of the order focuses on increasing information sharing among and between different government agencies. As expected, it's designed to encourage private companies, who are "owners and operators of critical infrastructure" to "participate, on a voluntary basis, in the Enhanced Cybersecurity initiative." This is part of what had people so concerned about the various bill proposals: whether or not companies would get broadly defined as "owners and operators of critical infrastructure" and then be forced or pressured into sharing private information, all in the name of "cybersecurity!"

And, of course, what is "voluntary" when it's the federal government, often means what is likely to put you in a very uncomfortable position if you don't participate. In fact, the executive order makes this somewhat explicit:
The Secretary shall coordinate establishment of a set of incentives designed to promote participation in the Program. Within 90 days of the date of this order, the Secretary and the Secretaries of Treasury and Commerce each shall make recommendations separately to the President... on what incentives can be provided to owners and operators of critical infrastructure that participate in the Program, under existing law and authorities, and what incentives would require legislation, including analysis of the benefits and relative effectiveness of such incentives.
So, yeah, "voluntary" belongs in quotes.

As for what counts as "critical infrastructure," well it basically involves various government agencies coming up with a list and then the government telling companies: "hey, you're critical infrastructure."
The Secretary, in coordination with Sector-Specific Agencies, shall confidentially notify owners and operators of critical infrastructure identified under subsection (a) of this section that they have been so identified, and ensure identified owners and operators are provided with relevant threat information.
There is one oddity snuck into that subsection (a):
The Secretary shall not identify any commercial information technology products under this section.
I'm not quite sure what that means within this context (so feel free to chime in and explain it if you do know...). Is it suggesting that this only applies to other forms of infrastructure? If so, that would ease the concerns of a number of tech companies, who were worried that they'd be listed as "critical infrastructure" under a broad reading of any rule.

The exec order does include a shout out to protecting civil liberties, though you wonder how much that will matter in practice:
Agencies shall coordinate their activities under this order with their senior agency officials for privacy and civil liberties and ensure that privacy and civil liberties protections are incorporated into such activities based upon the Fair Information Practice Principles and other applicable privacy and civil liberties policies, principles and frameworks.
They also say that any programs will be reviewed by the Chief Privacy Officer and the Officer for Civil Rights and Civil Liberties to ensure that the program isn't causing any problems in those areas. For what it's worth, apparently the administration has been also reaching out to a lot of people to get in on the executive order -- a process described as "highly unusual" for an executive order.

Either way, it's still frustrating that the order brushes over what the real problems are. It just handwaves that question away by insisting that we're under attack, without providing either (a) evidence or (b) notification on what laws are currently causing issues here. That's unfortunate.

Permalink | Comments | Email This Story
]]> why-do-we-need-this-again? http://www.techdirt.com/comment_rss.php?sid=20121130/12394321188 Tue, 16 Aug 2011 07:30:20 PDT Is Open Source Exploitative? Nina Paley http://www.techdirt.com/articles/20110815/05354615529/is-open-source-exploitative.shtml http://www.techdirt.com/articles/20110815/05354615529/is-open-source-exploitative.shtml exploitation

Permalink | Comments | Email This Story
]]> no,-but-the-political-system-is http://www.techdirt.com/comment_rss.php?sid=20110815/05354615529 Tue, 2 Aug 2011 09:54:52 PDT LA Police Admit That Red Light Camera Payments Are Now 'Voluntary' Mike Masnick http://www.techdirt.com/articles/20110727/09423715282/la-police-admit-that-red-light-camera-payments-are-now-voluntary.shtml http://www.techdirt.com/articles/20110727/09423715282/la-police-admit-that-red-light-camera-payments-are-now-voluntary.shtml dumping its red light cameras, and Jay Matteo was the first of a few of you to let us know that, rather than getting rid of them entirely, the police appear to be publicly stating that paying any such red light camera fines is entirely optional:
Officials said that paying the fines was optional and the city had no legal power to force people to pay.

The tickets are part of a "voluntary payment program," without sanctions for those who fail to submit fines, said Richard M. Tefank, executive director of the city's Board of Police Commissioners.

"The consequence is somebody calling you from one of these collection agencies and saying 'pay up.' And that's it," said committee member and Councilman Bill Rosendahl. "There's no real penalty in terms of your driver's license or any other consequences if you don't pay."
Of course, they never said that publicly before, and those who already paid can't take back their money, but it's still quite a revelation for the police to make.

Permalink | Comments | Email This Story
]]> if-you'd-like-to-contribute-to-the-police-red-light-fund... http://www.techdirt.com/comment_rss.php?sid=20110727/09423715282 Tue, 26 Oct 2010 09:31:44 PDT Local News Website Says You Need To Pay To Read Its Stories, Says It's Collecting Visitor IPs To Sue Mike Masnick http://www.techdirt.com/articles/20101025/16375311580/local-news-website-says-you-need-to-pay-to-read-its-stories-says-it-s-collecting-visitor-ips-to-sue.shtml http://www.techdirt.com/articles/20101025/16375311580/local-news-website-says-you-need-to-pay-to-read-its-stories-says-it-s-collecting-visitor-ips-to-sue.shtml The North Country Gazette (don't click that just yet...) covering parts of upstate New York via a blog format. Rather than putting in place an actual technical paywall, the site has apparently decided to go with a paywall-by-threat model. If you visit a story on the site, it tells you that you're only allowed to view one page for free, and then they expect you to pay up:
Gotta love that Comic Sans font -- in red, no less. Anyway, if you do "abuse the privilege," apparently you come up against the following (which now appears to have been taken down, perhaps due to all of the attention):
In case you can't see/read the image, it reads:
A subscription is required at North Country Gazette. We allow only one free read per visitor. We are currently gathering IPs and computer info on persistent intruders who refuse to buy subscription and are engaging in a theft of services. We have engaged an attorney who will be doing a bulk subpoena demand on each ISP involved, particularly Verizon Droids, Frontier and Road Runner, and will then pursue individual legal actions.
Where to start? First, I love how "Verizon Droid" (a phone) is included in the list of ISPs. But, more to the point, this site seems to believe that if it just says you can only visit once without paying, and you don't, it has the right to then use your IP to sue you for "theft of services." I'd love to see how well that plays out in court.

Permalink | Comments | Email This Story
]]> that'll-go-over-well http://www.techdirt.com/comment_rss.php?sid=20101025/16375311580