April 24, 2014

avatar

Regulating Bitcoin

On Tuesday the State of California sent a letter to the Bitcoin Foundation, saying that the Foundation might be in violation of California’s law against running an unregistered money transmission business. The letter isn’t important in the grand scheme of things—it’s clear that the Bitcoin Foundation isn’t transmitting money—but it does raise the obvious question of how governments will try to regulate the use of Bitcoin.
[Read more...]

avatar

Open-source Governance in Bitcoin

Josh Kroll, Ian Davey, and I have a new paper, The Economics of Bitcoin Mining, or Bitcoin in the Presence of Adversaries, from the Workshop on Economics of Information Security. Our paper looks at the dynamics of Bitcoin, how resilient it would be in the face of attacks, and how Bitcoin is governed. Today I want to talk about governance in Bitcoin.
[Read more...]

avatar

I Join the EFF and Others in Calling for Craigslist to Drop CFAA Claims

[Cross-posted on my blog, Managing Miracles]

Craigslist is suing several companies that scrape data from Craigslist advertisements. These companies, like Padmapper and 3taps, repurpose the data in order to provide more useful ways of searching through the ads. I have written about this in earlier posts, “Dear Craig: Voluntarily Dismiss with Prejudice,” and “A Response to Jerry: Craig Should Still Dismiss.” Fundamentally, I think that the company’s tactic of litigating against perceived competitors is bad for Craigslist (because it limits the reach of its users’ ads and thus the success of Craigslist), it is bad for the law and policy of the web (because scraping of public web sites has historically been a well-established and permissible practice that beneficially spreads public information), and is in bad taste (given Craiglist’s ethos of doing well by doing good).

One of the most problematic aspects of the lawsuit is the set of claims under the Computer Fraud and Abuse Act (CFAA) and its California state-law counterpart. The CFAA, passed in 1986, introduces criminal and civil penalties for “unauthorized access” to “protected computers.” The CFAA was largely a reaction to generalized fear of “computer hacking,” and it did not envision the public internet as we know it today. Nevertheless, some have tried to apply the CFAA to public web sites. This approach has been widely frowned upon by both the tech community and the courts. For instance, the Center for Democracy and Technology (CDT) and the Electronic Frontier Foundation (EFF) are actively pushing to reform the CFAA because it has been subject to prosecutorial abuse. Craigslist has nevertheless alleged violations of the CFAA based on access to their public web site.

Today I signed on to an an amicus brief written by the EFF–which was also co-signed by other scholars in the field–that urges the court to dismiss these ill-advised CFAA claims. The brief reads, in part:
[Read more...]

avatar

The low-transaction-fee argument for Bitcoin is silly

A common argument advanced by Bitcoin proponents is that unlike banks and credit cards, Bitcoin has low (or even zero) transaction fees. The claim is a complete red herring, and in this post I’ll explain why.

Let’s assume for the purposes of argument that Bitcoin transaction fees are, in fact, zero. There are small mining-related transaction fees, but it seems plausible that these fees will always be far smaller than those associated with traditional banking.

Why do banks and credit cards charge those annoying fees? A major reason is fraud. Banks eat the cost of fraudulent transactions, but pass on the cost to the customer by taking a cut of each legitimate transaction. Fraud is not an artifact of a particular system that we can design away — it is inherent to every form of money handled by humans. To compare Bitcoin meaningfully with traditional banking, then, we must ask how big fraud-related losses are for Bitcoin users.

Framed this way, the comparison is not a happy one for Bitcoin. From thefts of wallets to hacks of Bitcoin exchanges, fraud in the Bitcoin ecosystem is rampant. It only gets worse when we add sources of risk other than fraud. A recent study found that 45% of Bitcoin exchanges shut down. Several of the rest have suffered attacks and losses.
[Read more...]

avatar

On the Legal Importance of Viewing Genes as Code

The Supreme Court yesterday issued its opinion in the much–awaited Myriad case, which challenged the validity of patents on isolated human genes. The Court held that the isolated genetic sequences claimed in Myriad’s patents did not satisfy the inventive threshold for patentability, although the complementary DNA (cDNA) claimed in the patents did. One of the more interesting elements of the case for me is the extent to which the outcome turned on a single conceptual choice: When assessing patentability, should the legal analysis focus on the isolated DNA’s chemical structure or its information-coding function? The Court decided that the information-coding function was the proper focus. That choice led the justices to the inevitable conclusion that the isolated sequences were not patentable. The Court of Appeals for the Federal Circuit, by contrast, had focused on the sequences’ chemical structure and had reached the opposite conclusion.

Why did this conceptual choice turn out to be so consequential? To be patentable, an invention must be the product of human ingenuity. Products of nature and natural phenomena are excluded from the scope of patent protection. The leading case in the domain of patents on living organisms is Diamond v. Chakrabarty, in which the Court said that patent protection could extend to “anything under the sun that is made by man.” The scope is very broad (i.e., “anything under the sun), but it isn’t unlimited (i.e., it has to be “made by man”).  The question courts must ask to separate products of nature from products of human ingenuity is whether the claimed invention is “markedly different” from something that is found in nature.
[Read more...]

avatar

Do Judges Play a Role After the NSA Call Records Have Been Collected?

Those who defend the NSA’s massive call records collection program point out that although the program allows indiscriminate data collection, it also meaningfully restricts data analysis and use. They note, in particular, this paragraph from Director of National Intelligence Clapper’s June 6, 2013, press release:

By order of the FISC, the Government is prohibited from indiscriminately sifting through the telephony metadata acquired under the program. All information that is acquired under this program is subject to strict, court-imposed restrictions on review and handling. The court only allows the data to be queried when there is a reasonable suspicion, based on specific facts, that the particular basis for the query is associated with a foreign terrorist organization. Only specially cleared counterterrorism personnel specifically trained in the Court-approved procedures may even access the records.

It seems to me that some have probably misunderstood this paragraph to suggest that the judges of the FISA Court (FISC) play a role in approving each individual query made to the data, the way a judge approves a warrant to search for or seize evidence in a criminal case. An article in Slate explained, somewhat approvingly, that “the rules that most of us would apply at the collection stage—reasonable suspicion, specific facts, court approval—are applied instead at the query stage”. A blog post author on Forbes explained that “[i]n order to analyze the data at hand, the NSA must get a court order justified by the reasonable suspicion of an imminent terrorist act.” Some legal scholars may be making the same assumption.
[Read more...]

avatar

51% foreign test doesn’t protect Americans

One of the notable claims we have heard, in light of the Verizon / PRISM revelations, is that data extraction measures are calibrated to make sure that 51% or more of affected individuals are non-U.S. persons. As a U.S. person, I don’t find this at all reassuring. To see why, let’s think about the underlying statistics.
[Read more...]

avatar

Revisiting the potential hazards of the ‘Protect America’ act

In light of recent news reports about NSA wiretapping of U.S. Internet communications, folks may be interested in some background on the ‘warrantless wiretapping’ provisions of the Protect America act, and the potential security risks such wiretapping systems can introduce. Here’s a 2007 article a group of us wrote entitled “Risking Communications Security: Potential Hazards of the ‘Protect America’ Act”. http://www.cs.princeton.edu/~jrex/papers/PAA.pdf

avatar

Twenty-First Century Eavesdropping

Yesterday’s revelations about widespread government data collection led me to re-read my nine-post series on “Twenty-First Century Eavesdropping” from back in 2006. I was surprised to see how closely that discussion fit the current facts.

Links to the 2006 posts: 1, 2, 3, 4, 5, 6, 7, 8, 9

avatar

How Consensus Drives Bitcoin

Josh Kroll, Ian Davey and I have a new paper on the dynamics of Bitcoin, which we’re going to release in a few days. This post is the first in a series exploring our paper’s analysis of why Bitcoin works and what could derail it.

Consensus drives Bitcoin. Like any fiat currency (a currency not backed by anything of intrinsic value), Bitcoin has value because of an expectation that people will continue to accept the currency in payment. Like Tinkerbell, who exists because you believe in her, Bitcoin has value because enough people believe it has value. This much is true for all fiat currencies.

But Bitcoin is not just a currency, it is also a technology—and that technology must function correctly for the currency to operate and retain its value. In particular, there are two additional forms of consensus that must exist for Bitcoin to operate.
[Read more...]