July 6, 2015


Congress’ Fast Track to Bad Law

Congress appears poised to pass Trade Promotion Authority, otherwise known as “fast track,” for the Trans Pacific Partnership Agreement (TPP). If this happens, it will likely close the door to any possibility of meaningful public input about TPP’s scope and contours. That’s a major problem, as this “21st century trade agreement” encompassing around 800 million people in the United States and eleven other countries, will impact areas ranging from access to medicine (who gets it) to digital privacy rights (who has them). But, unless you are a United States Trade Representative (USTR) “cleared advisor” (which almost always means that you represent an industry, like entertainment or pharmaceuticals), or, under certain limited circumstances, an elected official, your chief source of TPP information is WikiLeaks. In other words, if Julian Assange gets his hands on a draft TPP text, you might see it, once he decides that it should be made public. Of course, you’ll have to hope that the copy that you see is current and accurate.

There have been no – not one – formal releases of the TPP’s text. Thus, this 21st century agreement has been negotiated with 19th century standards of information access and flow. Indeed, TPP has been drafted with a degree of secrecy unprecedented for issues like intellectual property law and access to information. Some degree of secrecy and discretion is necessary in any negotiation, but the amount of secrecy here has left all but a few groups in the informational dark.

This process, if you want to call it that, defies logic. Margot Kaminski has labeled the entire process “transparency theater.” Perhaps most problematically, “transparency theater” has caused widespread opposition to TPP, like mine, that might otherwise not have materialized. Standing alone, the TPP’s negotiation process is sufficient to cause opposition. Additionally, the process has seemingly led to bad substance, which is a separate reason to oppose TPP. Imagine if bills in Congress were treated this way?

Meanwhile, fast track will mean that Congress will simply vote yes or no on the entire deal. Therefore, fast track will exacerbate that informational vacuum, and the public will not be able to do much more than accept whatever happens. In essence, an international agreement negotiated with no meaningful public input – and to some unknown degree written by a few industries —  is about to be rushed through the domestic legislative process. [Note: I submitted testimony in the case referenced in the previous hyperlink by Yale Law School’s Media Freedom and Information Access Clinic].

At this point, if you are at all concerned about the TPP’s process, the best thing that you can do is contact your Representatives and urge them to vote “no” on fast track. You could also join the call to formally release the TPP’s text before fast track is voted upon (i.e., right now). Finally, you could help assure that two other important international agreements currently in negotiation but in earlier stages – the Transatlantic Trade and Investment Partnership and Trade in Services Agreement – are negotiated more openly. How? By paying attention, and calling your elected officials and the USTR when things remain murky. I’ll have much more to say about these processes in the coming months.


An empirical study of Namecoin and lessons for decentralized namespace design

[Let’s welcome to Freedom to Tinker first-year grad student Miles Carlsten, who, with fellow first-years Harry Kalodner and Paul Ellenbogen, worked on a neat study of Namecoin. — Arvind Narayanan]

Namecoin is a Bitcoin-like cryptocurrency that aims to create a secure decentralized namespace — that is, an online system that maps names to values, but without the need for a central authority to manage the mappings [1]. In particular, Namecoin focuses on establishing a censorship-resistant alternative to the current centralized Domain Name System (DNS).

In a new paper to be presented at WEIS 2015, we report the results of an empirical study of Namecoin. Our primary finding is that so far Namecoin hasn’t succeeded at this goal — out of about 200,000 registered names, only 28 represent non-squatted domains with non-trivial content. We argue that there’s a crucial game-theoretic component to namespaces that must be designed properly for such systems to be successful.

[Read more…]


The story behind the picture of Nick Szabo with other Bitcoin researchers and developers

Reddit seems to have discovered this picture of a group of 20 Bitcoin people having dinner, and the community seems intrigued by Nick Szabo’s public presence. It’s actually an old picture, from March 2014. I was the chief instigator of that event, so let me tell the story of how that amazing group of people happened to be assembled at Princeton’s Prospect House.

Photo credit: Matt Green

[Read more…]


Bitcoin faces a crossroads, needs an effective decision-making process

Joint post with Andrew Miller.

Virtually unknown outside the Bitcoin community, a debate is raging about whether or not to increase the maximum size of Bitcoin blocks. Blocks are created in Bitcoin roughly once every ten minutes and are currently limited to a size of 1 megabyte, putting a limit on the rate at which the network can handle transactions. At first sight this might seem like a technical decision for the developers to make and indeed it’s largely being treated that way. In reality, it has far-reaching consequences for the Bitcoin ecosystem as it is the first truly contentious decision the Bitcoin community has faced. In fact, the manner in which the community reaches — or fails to reach — consensus on this issue may set a crucial precedent for Bitcoin’s long-term ability to survive, adapt, grow, and govern itself. [1]

[Read more…]


The Error of Fast Tracking the Trans-Pacific Partnership Agreement

National media reported yesterday that a Congressional agreement has been reached on so-called “fast track” authority for the Trans-Pacific Partnership Agreement (TPP). This international agreement, having been negotiated under extreme secrecy by 12 countries including the United States, Australia, Canada, Japan, Malaysia and Singapore, is supposed to be an “ambitious, next-generation, Asia-Pacific trade agreement that reflects U.S. economic priorities and values.” Indeed, if it comes into effect, it will be the largest such agreement in history, covering some 800 million people. Unfortunately, its chances of meeting that laudable goal have been severely diminished by the aforementioned secrecy.

In theory, “fast track” authority should allow the President to more thoroughly and forcefully negotiate trade agreements with other governments by streamlining the domestic political process. By eliminating much of Congress’s review and amendment process that could force the TPP negotiators back to the table, “trade promotion authority” allows for complex international trade agreements to receive a swift and decisive Congressional sign-off. However, because the TPP has been negotiated largely in secret, with only a precious few outside the government (almost exclusively representing the entertainment and pharmaceutical industries) privy to its text, fast track will have the effect of eliminating the last possibility for anyone outside the above select few to change the contours of the agreement. That’s a significant concern, as the TPP (based upon leaks) covers issues ranging from access to medicine to liability for linking to allegedly copyright-infringing content on the Internet. Democracy deserves better.

To be sure, even without fast track, the chances of realistically being able to change the TPP once it hits Congress would be slim. Requiring negotiators to go back to the table after the TPP text is agreed upon in international negotiations is a significant undertaking that would be discouraged. But with fast track in place, the chances of offering any meaningful amendments to the final text are near zero. As a result, the moment that TPP’s negotiators announce that they have a final text will also be the effective end of the opportunity for small businesses, labor, civil society groups, and even the general public to impact the provisions of the agreement. Their only play will be to oppose TPP outright (which, in fairness, some may do regardless of how TPP was negotiated).

The very secrecy around TPP could be its undoing, as it was with the failed Anti-Counterfeiting Trade Agreement. Therefore, it is well past the time that the negotiators should make the text public. If it isn’t released, and soon, “fast track” could become a fast track to failure of this multi-year negotiating process – which, depending on the terms of the agreement, could be the right result.


Bitcoin is a game within a game

In this series on Bitcoin and game theory, I’ve argued that Bitcoin’s stability is fundamentally a game-theoretic proposition and shown how we’ve had blind spots for years in our theoretical understanding of mining strategy. In this post, I’ll get to the question of the discrepancy between theory and practice. As I pointed out, even though there are many theoretical weaknesses in Bitcoin’s consensus mechanism, none of these ever appear to have been exploited. [Read more…]


Decertifying the worst voting machine in the US

On Apr 14 2015, the Virginia State Board of Elections immediately decertified use of the AVS WinVote touchscreen Direct Recording Electronic (DRE) voting machine. This seems pretty minor, but it received a tremendous amount of pushback from some local election officials. In this post, I’ll explain how we got to that point, and what the problems were.

As one of my colleagues taught me, BLUF – Bottom Line Up Front. If an election was held using the AVS WinVote, and it wasn’t hacked, it was only because no one tried. The vulnerabilities were so severe, and so trivial to exploit, that anyone with even a modicum of training could have succeeded. They didn’t need to be in the polling place – within a few hundred feet (e.g., in the parking lot) is easy, and within a half mile with a rudimentary antenna built using a Pringles can. Further, there are no logs or other records that would indicate if such a thing ever happened, so if an election was hacked any time in the past, we will never know.
[Read more…]


Scan This or Scan Me? User Privacy & Barcode-Scanning Applications

[Please welcome guest bloggers Eric Smith and Nina Kollars. Eric Smith serves as the Chief Information Security Officer (CISO) for a higher ed consortium with membership consisting of Bucknell University, Franklin & Marshall College and Susquehanna University. Nina Kollars is assistant professor of government at Franklin & Marshall college, where her scholarship examines the ways in which individual user creativity affects the development of technology and practices.]

QR (Quick Response) codes—the two-dimensional barcodes designed by the Denso Wave company in 1994—were originally intended to track and inventory millions of parts on assembly lines. Since then, these nearly ubiquitous black and white squares have been applied to an ever-broader range of uses including business cards, patient-tracking systems, and mobile coupon clipping. In order to make use of these codes, the vast majority of consumers utilize smart phone technologies in order to convert the codes into usable information. However, neither Apple’s iOS nor Google’s Android operating systems include a robust native capability to scan and decode printed barcodes. As a result, users of these devices must download third-party applications that will do this work for them.

Research Question and Findings:

Our research question was straightforward: are there privacy and security risks associated with this emerging QR app ecosystem? In an attempt to answer this, we installed and analyzed over twenty of the most popular QR code applications. Our findings suggest that a majority of the most popular QR code readers found in the Apple App and Google Play marketplaces are not passive systems of information routing, but instead capture and transmit additional data about the device and the user back to the application developer. (For full details see our paper.)

Our findings reveal that many smartphone barcode scanning applications represent a significant threat to the privacy and, potentially, security of their users. On both platforms studied, the most popular QR code scanning apps, according to search result rankings were shown to transmit the contents of all scanned QR codes, as well as GPS location data, to a third-party server.
[Read more…]


Where is Internet Congestion Occurring?

In my post last week, I explained how Netflix traffic was experiencing congestion along end-to-end paths to broadband Internet subscribers, and how the resulting congestion was slowing down traffic to many Internet destinations. Although Netflix and Comcast ultimately mitigated this particular congestion episode by connecting directly to one another in a contractual arrangement known as paid peering, several mysteries about the congestion in this episode and other congestion episodes that persist. In the congestion episodes between Netflix and Comcast in 2014, perhaps the biggest question concerns where the congestion was actually taking place. There are several theories about where congestion was occurring; one or more of them are likely the case. I’ll dissect these cases in a bit more detail, and then talk more generally about some of the difficulties with locating congestion in today’s Internet, and why there’s still work for us to do to shed more light on these mysteries.
[Read more…]


Bitcoin and game theory: we’re still scratching the surface

In an earlier post I argued why Bitcoin’s stability is fundamentally a game-theoretic proposition, and ended with some questions:

Can we effectively model the system with all its interacting components in the language of strategies and payoff-maximization? Is the resulting model tractable — can we analyze it mathematically or using simulations? And most importantly, do its predictions match what we observe in practice?

Let’s look at those questions in the context of a “block withholding attack” between mining pools.

Recall that mining pools are groups of individual miners who pool their computing power as well as their rewards. Suppose two mining pools — let’s call them blue and red — are both seeking to maximize their mining rewards.  Let’s say the manager of the red pool decides to infiltrate the blue pool and decrease their efficiency using some of the mining power that red (directly or indirectly) controls. This can be done by submitting shares (partial proofs of work) to earn a share of rewards, but withholding any valid blocks which are found and therefore not contributing any productive work to the blue pool. At first sight this seems like cutting off your nose to spite your face — sure, blue’s efficiency will be hurt, but red is wasting hash power as well.

[Read more…]