notveryrational's comments

China's situation is entirely different.

1: The Asia Pacific is "hitting the knee on the curve" and modernizing its economy. Also, it's the most populous region on earth. It's why economic forecasters call the 2000-2100 period the Asian Century: https://en.wikipedia.org/wiki/Asian_Century

2: The Silk and Road Project ranges far outside "economically stagnant" areas. It's adjusted investments according to projected future growth, and also hedged into already modernized economies. It's as much about supply chain and trade routes as it is about direct economic investment. It connects China to Europe.

> If there wasn't a legal risk, why would the Guardian have complied?

They were at gunpoint.

If there was merely a legal risk, it would have been sorted out by the courts and with lawyers. Example: Pentagon Papers, NYT.

This was a no-disagreement, forced compliance situation. It's not like they debated with the armed guards and they came to mutual philosophical position.

And note that The Guardian _did_ disagree. They had no other option.

So the entire argument "They complied (when forced at gunpoint and under threat) -> therefore it must have been a legally gray thing for them to report on global surveillance documents" begs the question. And to that point, the argument would be thrown out of any courtroom on those grounds.

When strongarm governments exercise their authoritarian muscles, we don't need to apologize and make excuses for it.

American documents were leaked to journalists and that was a legally gray problem in the UK? Don't be silly.

Imagine if some Saudi documents were leaked to journalists and the American government walked into the Times and forced them to destroy the documents at gunpoint.

This was clear and simple government censorship.

Not particularly unusual or remarkable for the UK.

This conversation on HN can essentially be boiled down to "law versus ethics".

Those supporting censorship make basic references to it being okay because it is legal.

Those opposed to censorship make basic references to it being wrong because it is unethical.

Clearly, there is a tension between what is legal and what is ethical.

This has actually already been determined. For instance, businesses are required to serve all colors regardless of sexual orientation, color, religion, etc.

It's a regressive part of this epoch of human history that the opposite is true of free speech: companies are required by law to surveil and censor.

The HN readership has its own fascistic tendencies, including a large portion of its membership that defends censorship, surveillance and propaganda.

Increasingly, that's representative of the US population writ large.

Because the UK government has a censorship program that prevented journalists from reporting on source material relevant to the interests of their citizens.

When well-defined rules include "content that the government wants to suppress because it criticized them" the rules provide censorship via moderation.

In this case, Facebook - presuming what they did was "follow the rules" - is following censorship rules.

So perhaps the thread should be about the US government forcing companies to censor free speech for them.

No person is claiming that "moderation is censorship".

Merely, this specific act of moderation was an implementation of censorship.

Moderation and censorship are two different things that are not mutually exclusive.

Something can be both moderation and censorship at the same time.

You are presenting a false dichotomy.

In no way was there an attempt to transfer risk.

Facebook was a community platform where I could reach out to the people I knew and loved - my friends and family. That's the only reason I made Facebook posts.

Regarding moderation - do you agree that something can be both moderation and censorship at the same time?

To make this more clear, consider Facebook's relationship with the Turkish government. Facebook will moderate the content in Turkey to what is allowed speech in that country, including moderation to remove criticism of the government.

Is that moderation or censorship? Or is it both?

Having been censored multiple times by tech firms, I fall squarely into one camp.

During the Snowden Disclosures, I took to Facebook with the documents getting published and started to do my own summaries.

Facebook implemented a policy in which it would not let any post that contained a link to a Snowden Document. In some cases they would let the content get posted, but I confirmed with a friend's account that it was not visible when scrolling my feed from another account. Posts about other content were all visible and otherwise had no problems.

I complained and Facebook got back to me with a customer relations paragraph about keeping their platform free of unwanted or questionable content.

Not long after I discovered through media, and then some friends from Turkey, that what I experienced was identical to state sponsored censorship that Facebook extends to the Turkish government.

This lasted for close to the entire duration of public attention on the global and domestic surveillance scandal.

(Other links and content in other scenarios, for example May Day protest organization, was similarly blocked by Facebook - at least in Seattle for the organizers that I was in contact with).

Was talking here about the regulatory requirements for mortgages to be accepted in the first place as well as the rather lax regulatory regime (in practice) that was in effect at the time.

Yes, Glass-Steagall's removal of the separation between depository and investment banks had its own effects.

Let me clarify here that I did not intend to communicate that "everything everywhere was completely 100% good except for the bad US mortgage packaging". This was my miscommunication and I own it.

There were (and are) lots of problems in the financial sector.

This is what I got by trying to distill down a very complex process into an easily readable list.

Are we interpreting the bailout of a global US-created financial crisis "saving the world" now?

Here's what happened: - The international market, particularly the Asian market, burst.

- Investment went into the tech industry, which also burst.

- To keep investment rates high, the Fed coordinated changes to regulations so that private mortages could be sold as investments.

- The Fed pushed for other countries to adopt the same practices.

- This new regulation regime was inherently designed to push investment earnings as much as possible, and new financial instruments were created to centralize risk from individual risk toward systemic risk.

- It started to become clear that there were inherent structural issues with the investment scheme.

- The Fed continuously lowered regulations to feed the market in an attempt to prevent it from crashing.

- When no more regulations could be cut, the entire global market crashed.

- This was all based on a philosophy that investment is a key indicator of economic health, and that driving up investment would drive up the health of the overall economy.

- Regulators decided to distribute the costs of the mistake, and loan tax payer money to banks that had collapsed.

- With rate exception, people in the financial sector made hand over fist.

- Congress even evaluated making it legal to falsify accounting information in an effort to save the banks.

- The U.S. and European economy is still recovering.

Absolutely.

If your system is doing "all the right security stuff" and then nobody knows about it - sure, you're secure - but nobody knows that or how you are secure. And that's a very significant problem both to a bureaucracy and to its customers. It's also an issue in terms of maintaining those controls over time between changes to staff and business direction.

There's a whole "secondary market" (within an organization) for security assurance, and it tends to be much more measurable than security posture.

Policies and summaries of those policies go a long way toward feeding that "assurance feeling" secondary market without draining resources from ongoing investments actual posture.

Essentially the way it works is that you develop security controls toward an ideal end state/direction and describe your direction as your policy. Any gaps auditors or your company find then become fuel for making actual changes to the underlying security posture at a technical level.

The danger of not having your policy really be disguised summaries of your actual implementation is that the various security staff become free to debate over fictional security and can convince themselves that if they mandate some changes on paper to the policy (with there being nothing technical associated whatsoever) that this has or should have some kind of real affect.

It's more dangerous still if the internal security assurance program uses its own policies or some measure of "adherence to the policies" to then measure security. What happens is that the compliance operation becomes authoritarian about adherence to policies that don't exist outside of (otherwise non-discoverable) mandate, and the company and its auditors are able to "measure" their posture by their policies and convince themselves they are secure.

The worst version of this is where its done on purpose for fraud.

Real security is almost all technical and implementation. There's a very significant danger to security that policies be some kind of front line of defense, or be implemented over sound engineering practices.

In almost every work environment, I've seen the policies working directly against security: if not by contradicting it, ignoring the details where the real security decisions live, or by striking the wrong balances between prescriptiveness and generality - then by out-prioritizing security decision making. (I've worked at mostly 100,000+ person companies).

It's much better to have technical security controls >80-90% of the actual security. It's just expensive and harder to teach/learn/implement.

That said, there's some real security gained by policy. It comes from: - Ability to communicate expectations ("adopt technical solution X") - Ability to exercise legitimized (instanciated/codified) authority

Most of the rest of the value of policy comes in as business enablement value (policies are easier to communicate to auditors than security control implementations are).

Policy can also be a useful placeholder for real security in the sense it will satisfy many external parties who might otherwise reprioritize/randomize security investments.

HN is for technical conversation, which includes being impressed and commenting on the state of the art.

Seriously encourage reading about capabilities, especially the operations security maturity. The level of research and development is truly impressive.

Sorry for the opaque comment. Was gushing over the cool exploits of the "Inception Group" or "RedOctober APT" - believed but not proven to be Russian espionage.

https://www.symantec.com/blogs/threat-intelligence/inception...

https://securelist.com/red-october-diplomatic-cyber-attacks-...

James Bond level epic awesomeness and sophistication. Keep reading if you want to nerd out.

Russia's cyber military is James Bond level cool. There are speculations (nobody can prove it) that they set up their own TOR using onion-like proxies, with a custom crypto protocol, over Shodan-discovered endpoints, through a clever use of tunneling through UPNP systems on the internet, with incredible OPSEC - even burning the whole infrastructure several years after it was discovered.

Some day we'll get uncensored versions of these Ops disclosed by the various governments that run them and get to read about the research facilities and intense personalities that run them.