CISPA wouldn't stop a hired security analyst from reading your Facebook messages, it'd stop Facebook from sharing them with the government. Under a passable CISPA, anyway. And furthermore, the whole point of CISPA is to explicitly codify some very grey area. It is possible they do indeed share threat intel with their direct competitors, but there is no legal precedent for doing so. The whole point of CISPA was to lower that risk exposure for these companies.
And Facebook has no obligation to disclose breaches, not legally, anyway. Where did you get that information? And even if they somehow do have a special obligation, most companies do not, so it's not really relevant. The example is apocryphal.
And AV isn't who this is about, it's about the people who make a living off of having indicators you don't have. I shouldn't have to hire a company who's been hired by everyone else to get the collective knowledge of what hackers look like. They're criminals, and the government takes care of criminals.
For someone repeatedly making demonstrably false assertions, you are oddly sure of yourself. You're not even challenging a viewpoint here, you're just straight up talking out of your ass. You should stop doing that.
I didn't know California law applied to every company in the US. I said Facebook was just an example, and that it's not important if Facebook specifically does or does not have to disclose breaches, or can you not read?
And Facebook has no obligation to disclose breaches, not legally, anyway. Where did you get that information? And even if they somehow do have a special obligation, most companies do not, so it's not really relevant. The example is apocryphal.
And AV isn't who this is about, it's about the people who make a living off of having indicators you don't have. I shouldn't have to hire a company who's been hired by everyone else to get the collective knowledge of what hackers look like. They're criminals, and the government takes care of criminals.