
The law depends on compute power - Labo333
https://medium.com/@jeremyjkun/the-law-depends-on-compute-power-29095fd58354
======
nl
This is the perfect example of what happens when a programmer (or in this case
a mathematician) thinks that the law operates like a computer.

It doesn't.

The law is interpreted by humans, based on case law, and attempts to
understand the intentions of the law as written.

Many programmers don't like this, but that is how the law operates.

(If the author would like to go down another rabbit hole, perhaps he should
consider if encrypted information is actually published at all. After all,
well designed encryption renders information quite close to random noise in
the absence of a key. Perhaps making encrypted information available isn't
actually publishing - maybe it is the act of posting how to decrypt it that is
the act of publishing.

Note that here, the law would answer "it depends", and that is fine.)

~~~
amelius
> The law is interpreted by humans, based on case law, and attempts to
> understand the intentions of the law as written.

So what you are saying is that "loopholes" in the law actually don't exist,
because those loopholes run counter to the intentions of the law? Interesting!

~~~
zyxley
Generally speaking, "look! I found a clever loophole in the law!" \- as
performed by any layman who doesn't actually understand the legal system -
leads to getting smacked by a judge for being an annoyance.

------
lisper
It is not illegal to publish a social security number. Watch this:

268-91-7112

That is a social security number, but I guarantee you I will not be prosecuted
for publishing it. What is illegal is publishing the _binding_ between a
particular social security number and a particular person.

Geeks get way too hung up on this idea that publishing these things should be
OK because "they're just numbers." No, they are not "just numbers". They are
numbers with some associated semantics. This number is Bill's SSN, that number
is Sony's secret key. It's the semantics that matter, not the number.

~~~
sliverstorm
Didn't Sony try to claim a patent on the specific number, rather than some
kind of security argument?

~~~
lisper
No. To patent something you have to disclose it, so patenting a secret key
would totally defeat the purpose.

~~~
sliverstorm
Well, I remember that being part of the contention. Sony said, "we've patented
it". Everyone else said, "how can you have patented it, when you won't tell
anyone what it is!?". Or something along those lines.

~~~
lisper
If you can find the patent number that would make it easier to formulate a
cogent response.

~~~
sliverstorm
Some googling suggests it was not a patent they claimed, but that it was an
"illegal number". Very possible I confused the two.

[https://en.wikipedia.org/wiki/Illegal_number](https://en.wikipedia.org/wiki/Illegal_number)

I think at the time what I found ridiculous was that you were prohibited from
"having" the number, but of course nobody could say what number it was you
weren't allowed to have... seemed like something that belonged in Dr.
Strangelove.

------
rayiner
Calling an SSN "a number" is reductionist even for a programmer. Does open()
return an integer or does it return a file descriptor? Is it okay to do
arithmetic on it and expect sensible results because it's just s number? In
fact, programmers go out of their way to add a rich set of semantics and
behaviors to things that are, under the hood, just numbers.

------
Al-Khwarizmi
_" now that it’s public, you have to wonder whether this will bite me in the
ass when I’m 60 (...) and my identity gets stolen"_

Could someone from the US care to explain why publication of these numbers is
such a big deal, and why it can lead to identity theft (an idea that I see
often on the internet)?

In Spain we have a unique ID number and it is pretty common to see them
published all over the place. The government and administrations routinely
publish lists of people with their name and ID number, for example if you have
applied for a public sector job, a government grant, etc. your ID number will
be published in a list that everyone can see and even find on Google. We don't
see it as a problem because knowing someone's ID number doesn't mean you can
steal their identity - to do that they would need to forge the actual ID card,
for in-person procedures, or steal passwords or keys, for online stuff.
Knowing the number alone doesn't give you access to anything. In fact, it is
publicly known that the current king has the ID number 15 and the former king
10 (number 1 corresponded to dictator Franco who created the system), but it's
not that easy to go around impersonating the king :)

What can you do if you know a person's social security number in the US?

~~~
msane
Credit theft. People can acquire a credit card by mail or online.

That's interesting... in Spain does getting credit require an in-person
appointment? Because maybe that's a simple answer to 2/3 of the identity theft
in the U.S.

~~~
marcosdumay
In Brazil, I can get some credit lines (usually small) by just spending more
than I have on the bank, for others (a bit bigger) I'll need to enter my pin
number either on a phone or an ATM, and for big credit lines, I'll have to go
to the bank.

~~~
toast0
That's credit from a business you have an account with. In the US, I can often
get credit from a business I have had no prior contact with with just my name
and SSN. Recently, there may be multiple choice identity verification
questions (pick where you used to live, what other credit accounts you have,
how much their payments are, etc).

------
davidgerard
The trouble with this logic - to which I am not entirely unsympathetic - is
that under it, a computer program binary would also constitute an "illegal
number". "You've copied Microsoft Office!" "Nonono, that's just a very large
number in binary."

The actual answer is: the law is _all about_ intent.

------
chroma
I desperately want to read a lawyer's answer to the questions raised by the
author. My bet is that most of the gray areas exist simply because no cases
involving them have been litigated. If such cases ever go to trial, courts
will probably rule in a rather common-sensical way, such as by creating a
bright-line rule[1].

1\. [https://en.wikipedia.org/wiki/Bright-
line_rule](https://en.wikipedia.org/wiki/Bright-line_rule)

~~~
sandworm101
Lawyer answer (in general terms and without citations):

All intellectual property rights are limitations on free speech. Courts rule
against the publication of exact copies, or identical copies in different
media, every day. IP law requires courts to prevent copying else it be
meaningless. The flag is not an expression of a new idea, it is a facsimile of
a protected number, protected data little different than a copyrighted movie
or patented design. Its publication could only be legal as some sort of "fair
use", but exact copies that directly impact the financial viability of
protected material rarely fall within fair use.

They would rule against the flag. If persons want to express themselves using
this material, they need to add some form of comment so as to avail themselves
of fair use protection. Add a stripe to the flag and get back to us.

~~~
j2kun
What about the computational power question? At what point does it become
illegal to publish an encrypted SSN/illegal number if you know it takes 1 day
to break the encryption using current computational power? What about 10 days?
a year? ten years? a hundred years? a thousand years? And what if
computational power changes, and a thousand years turns into 1 day? Does the
action become illegal retroactively?

~~~
roel_v
Those are meaningless questions. It's trivial to think of 100's of hypos and
go 'is this legal? Is that legal?' 1000's of first years do that every year
because they think that's what being a lawyer is about, not to mention the
amateurs. A judge however considers one specific case, with arguments as to
what is the objective reality as presented by the parties. 'What ifs' don't
matter. Law is not a closed rule-based system. 'Loopholes' (I loathe thay
word) are not like buffer overflows.

(have law degree, not practising lawyer)

~~~
j2kun
Wait, but aren't so many of the important US supreme court rulings so
contested because they have to consider the ramifications, e.g., of whether a
ruling will take power away from the state and give it to the federal
government? How is that not a "what if" scenario? Isn't the Baston rule just a
big loophole?

~~~
evgen
Appellate courts get to make such considerations, but not the lower court. The
lower court judge can say "I believe the facts say X and therefore law Y
should apply" but the appellate courts can say that the interpretation or Y or
even law Y itself is incorrect and tell the lower court judge to reconsider
the outcome of using law Y in that manner given facts X.

------
haasn
At some level, laws inherently have to be up for interpretation, and operate
on some level of abstraction above the intimate details - because virtually
everything in life is a spectrum, including the applicability of a given law.
In the “fringe zone” in which it's not clear whether a law applies or not,
judges have to resort to individual judgement on a case-by-case basis.

This is not something that's new or unique to technology, although technology
does a fantastic job of illustrating the difference between a legal problem
and a technological problem - as well as the different mindsets you have to
approach both with.

------
stickfigure
Social security numbers are in the uncanny valley between something private
enough to be plausibly used as a shared secret and public enough to be
exploited widely. There is really only one effective solution to this: Make
all SSNs public and therefore useless as a secret key. All the services that
are currently (ab)using this number will find alternatives.

~~~
gioele
> Make all SSNs public and therefore useless as a secret key.

An exhaustive list of all US SSNs will be mishandled, intercepted and posted
online. It is only a matter of when, rather than if.

(For precedents of whole-country database dumps, see the Turkish, Philippines
and Qatar cases.)

~~~
umanwizard
How do you make the leap from "something has happened in three countries" to
"it will inevitably happen everywhere" ?

~~~
Qantourisc
(chance greater then 0) * (a lot of time)

~~~
jacobush
Right. Reminds me of how to destroy the earth. Just wait until its atoms
decay.

------
seanwilson
>The case was eventually settled out of court, but the question remains
whether it’s illegal to publish a specific number on the internet. The law
currently seems to agree with Sony, that free speech doesn’t cover Hotz’s
case. > One counterargument is that if a specific number is illegal to
publish, then so is anything derived from that number. An excellent example of
this is the Free Speech Flag

There's obviously a huge difference between publishing a number and publishing
a number with a message next to it saying "this number is the password for X".
Clearly the intent of the law is to stop the latter.

------
jwatte
The main problem is that parts of our society still treats social security
numbers as off they were passwords. However, they are short, uniquely
assigned, and not changeable - which means they are user names (identifiers.)
(Same thing with finger prints, BTW.)

Meanwhile, designing systems that can uniquely identify
consumers/customers/employees/suppliers/students with a generally unique ID
world lead to a reduction in error rates and increased efficiency.

Security must be solved with told designed for it (state issued signing
key/device?)

------
posterboy
The term embedding is hardly confusing. It would be impossible to prove the
embedding, unless processing power raises, though.

