April 20, 2014


Why Dorian Nakamoto Probably Isn’t Satoshi

When Newsweek published its cover story last week claiming to have identified the creator of Bitcoin, I tweeted that I was reserving judgment on their claim, pending more evidence. At this point it looks like they don’t have more evidence to show us—and that Newsweek is probably wrong.
[Read more...]


FOIA: When the Exemptions Swallow the Rule

I’ve been researching and writing over the last few years on privately ordered—what the government calls “non-regulatory”—approaches to online IP enforcement. The gist of this approach is that members of trade groups representing different types of online intermediaries (broadband providers, payment processors, ad networks, online pharmacies) agree in private contracts or less formal “voluntary best practices” documents to sanction or cut services to alleged IP infringers. I put quotes around “non-regulatory” not only because that’s the government’s word, but because the descriptor masks the fact that the government, at the behest of corporate rights owners, leans heavily on targeted intermediaries to negotiate and accept these agreements, all the while holding the threat of regulation over their heads. It has proven to be a very effective strategy. Many of the website blocking provisions in SOPA, which so memorably went down in flames of public outrage, have subsequently been implemented through these agreements, which belong to a broad category of regulatory practices that governance scholars call soft law.
[Read more...]


9 Problems of Government Hacking: Why IT-Systems Deserve Constitutional Protection

Governments around the world are increasingly hacking into IT-systems. But for every apparent benefit, government hacking creates deeper problems. Time to unpack 9 of them, and to discuss one unique perspective: in response to a proposed hacking law in 2008, the German Constitutional Court created a new human right protecting the ‘confidentiality and integrity of IT-systems’. The rest of the world should follow suit, and outlaw government hacking until its deep problems are addressed. [Read more...]


“E agora José?” The current status of Marco Civil da Internet

I hope non-Brazilian readers will forgive me, but I could not find a better expression to summarize the current situation of the Brazilian Marco Civil da Internet. “E agora, José?” The expression can be translated into English as “What now, José?”, and is quite popular in Brazil, having its origin in a famous poem by Carlos Drummond de Andrade (1902-1987). Although it might carry different meanings, this expression is mainly used in hard times, when people are challenged by a situation in which desirable or ideal solutions just seem impossible. When puzzled by a conundrum, one might say: “E agora, José?”.

Here I will try to explain why I do think that the Marco Civil is facing such a situation. [Read more...]


Are User Identification Networks the Future of Commercial Bitcoin Transactions?

With 12.3 million bitcoins mined to date, the total value of bitcoins has reached $9.975 billion US dollars. While this may pale in comparison to the $1.23 trillion US dollars in circulation, the use of bitcoins in commerce is gaining traction.  With this traction the potential exists to link users’ identities with their public bitcoin wallet addresses and commercial transaction histories.

Earlier this year Overstock.com announced that it would begin accepting bitcoins as payment for consumer purchases. The company’s announcement makes Overstock.com the first major US online retailer to accept bitcoins, albeit via a third-party payment processor. Prior to this announcement, a patchwork of smaller online vendors and brick-and-mortar stores had already begun accepting bitcoins. Using bitcoins, individuals are now able to order food for delivery, engage in online dating , and purchase everything from babyfood to videogame consoles.

As bitcoins enter the stream of commerce, we should all consider the privacy implications associated with the use of bitcoins in commercial transactions.   [Read more...]


Understanding Bitcoin’s transaction malleability problem

In recent days, several Bitcoin exchanges have suspended certain kinds of payments due to “transaction malleability” issues. There has been a lot of talk about why this happened, and some finger-pointing. In this post, I will try to unpack what “transaction malleability” is and why it has proven to be a problem for some companies.
[Read more...]


ECHR Fast-tracks Court Case on PRISM and TEMPORA (and VERYANGRYBIRDS?)

So. The NSA and GCHQ piggyback on Angry Birds to spy on its 1.7 billion users. potential terrorists. Not only that, but everything on smartphones can be compromised: “if its on the phone, we can get it”. Will it ever stop? A few days ago, the European Court of Human Rights (‘ECHR’) made the unique move to fast-track a case on the legality of mass surveillance practices by the GCHQ. A judgement is now expected in months, rather than years – in time to have a huge impact on the global debate on mass surveillance. Time for some analysis. [Read more...]


It matters what the NSA does

It seems axiomatic that if we want to have an informed conversation about the legality, ethics, and policy implications of the NSA’s actions, it is useful to know what the NSA is doing. Yet a vocal subset of NSA defenders seem to be taking the contrary position, that information about the agency’s activities serves no public purpose.

Consider Tuesday’s Washington Post op-ed by Mark Thiessen. He argues that information about the NSA’s activities is just “espionage porn:”

As President Obama prepared to address the nation on surveillance, the New York Times revealed that the National Security Agency (NSA) has developed the capability to access computers that are not connected to the Internet. According to the Times, based on classified documents obtained from Edward Snowden, the NSA uses “a covert channel of radio waves that can be transmitted from tiny circuit boards and USB cards inserted surreptitiously into . . . computers” or in some cases “a briefcase-size relay station that intelligence agencies can set up miles away from the target.”

Evidence of another NSA plot to spy on Americans? Not at all. The Times reports, “There is no evidence that the N.S.A. has implanted its software or used its radio frequency technology inside the United States.” And the NSA confirmed that the “N.S.A.’s activities are focused and specifically deployed against — and only against — valid foreign intelligence targets.”

In other words, this (no longer) secret program poses precisely zero threat to American civil liberties.

So what is the redeeming social value of the Times’ story? What “abuse” is being revealed? Why is this something the public needs to know?

The answers are: None. None. And it isn’t.

Thiessen seems unaware that the Times was not the first to report on this capability—a German publication, Spiegel, had already published much more detailed information including the so-called “Spy Mall Catalog” detailing specific NSA “implant” technologies used for these attacks.

And of course it has been known for a long time that, even without any secretly implanted antennas, computers disconnected from the network can radiate information over a considerable distance. There are entire book chapters devoted to this, and the NSA itself has released non-classified articles about it.

Our adversaries surely knew all of this, even if DC pundits did not.

But even if this information was previously unknown, it would still have implications for the public debate. As Steve Vladeck argues, the NSA debate is not just about the legality of the agency’s actions, but also about whether they are good public policy—which surely depends at least in part on how they affect people internationally, especially our allies.

Of course, there might be a good argument in a specific case that publication of certain facts would cause national security harm that outweighs the benefit to public debate. Sanger and the Times have said that they will withhold facts if they believe this is the case. But Thiessen’s argument is not just that there is more weight on the national security side of the scale—he is arguing that there is nothing at all on the public debate side. “None.”

There is another subtext in the “espionage porn” argument that bears discussion: the label tends to get thrown at information that is technical in nature. The DC debate, which is dominated by lawyers, has no trouble accepting the relevance of every last detail of the statutory history of Section 215 or the wording of opinions in U.S. v. Jones. Yet somehow the facts about what the NSA is actually doing are seen as peripheral, if those facts involve technology.

Technical facts are not “porn.” They are more like an MRI—information about the patient’s body, yes, but information you need to get if you care about the patient’s health.


NSA call data analysis: inside or outside government?

Last week the President suggested that the NSA’s database of phone call data be stored outside the government, and he asked his Administration to study how this could be done. Today I’d like to start unpacking the options.
[Read more...]