

EFF Challenges New Jersey Subpoena Issued to MIT Student Bitcoin Developers - Smerity
https://www.eff.org/deeplinks/2014/02/eff-challenges-new-jersey-subpoena-issued-mit-student-bitcoin-developers

======
joesmo
So now everyone writing code has to fear the state of New Jersey will overstep
its bounds and try to get them into court when they clearly have no
jurisdiction or right to do so? I don't even see why this subpoena has to be
answered by an out of state resident that has nothing to do with the state of
New Jersey. Will the state pay for all these expenses?

~~~
jarrett
It's bigger than that. Theoretically, anyone can use the law to go after
anyone, anywhere, for anything. For example, the government of California,
where I don't live and have never once been, could accuse me of trafficking
drugs there, which I haven't done. Or, I could sue you for personal injury,
even though we've never had contact outside this comment thread. Indeed, you
could do the same to me.

Our legal system exists to resolve these claims. Ideally, when an absurd claim
is made, the courts toss it. But crucially, _that doesn 't prevent the victim
having to waste time and resources on a defense or response._

What's the solution to this problem? Usually, it's to create some disincentive
against outrageous or frivolous legal actions. Sometimes, this can take the
form of sanctions, which can involve a monetary penalty. But what happens when
a state government is the one initiating the action? Theoretically, sanctions
might be possible in some scenarios. But I'd imagine that in practice,
governments get sanctioned only once in a blue moon, if that.

~~~
joesmo
Exactly. The part that I don't understand is why the programmer even has to
acknowledge the subpoena at all or show up to court. It's obviously out of
jurisdiction. If NJ issues a warrant, then NJ would have to be avoided in
travels, but beyond that I cannot see anything that NJ could do to him if he
just ignored the subpoena. Then again, I'm not a legal expert, so perhaps
someone with more information about such processes could comment more.

~~~
jarrett
> The part that I don't understand is why the programmer even has to
> acknowledge the subpoena at all or show up to court.

That's actually the whole point of subpoenas. They're a step up from a simple
letter demanding information. In the latter case, the recipient may choose to
respond in the hopes of placating the sender, or s/he may choose to ignore it.
You can see why that would be a problem. Sometimes litigants genuinely _need_
to force the other party to produce information. There has to be some method
of doing so, and there has to be some way to enforce compliance. Thus the
subpoena: A request you're not allowed to simply ignore.

Obviously, if you create a procedural right like this, there's room for abuse.
The courts theoretically serve as a check on such abuse. The court may reject
a litigant's application for a subpoena outright. Alternatively, the recipient
may file a motion to quash, explaining to the court why s/he shouldn't have to
comply with the subpoena. Subpoenas that are abusive, oppressive, overly
burdensome, unreasonable, or downright outrageous will likely be quashed.

Even with these checks in place, the system is imperfect. Recipients of
defective subpoenas are still burdened with, at the very least, filing a
motion to quash. Practically speaking, anyone who receives a subpoena will
have to pay for a lawyer or find one to represent him/her for free.

This problem is not unique to subpoenas. The same argument could be made about
nearly any legal process. If I sue you frivolously, you still have to get a
lawyer. If the state arrests you for no reason, you still have to get a
lawyer. Et cetera. Is there a solution? There may be a partial solution
available to our society: We could increase the penalties for abuse of legal
process, and make those penalties applicable in a broader range of
circumstances. Of course, this approach increases the risk to those who would
make legitimate use of legal processes, so it's not without downsides. It's a
difficult balance to strike.

------
johndevor
If it's possible to replace advertising with your CPU cycles, how, exactly,
could this hurt the consumer? Sounds like it could _benefit_ the consumer
immensely. This could be another form of micropayments for people who might
not be able to afford the cash upfront.

What the developer has created actually sounds rather ingenious.

~~~
aeturnum
I think what the state of New Jersey is worried about is either that the
authors are being dishonest about the informed nature of the consent, or are
viewing this as producing a tool that is too easy to exploit (whatever that
means).

Personally, I think that's pretty absurd, but I can understand how a non-
technical attorney reading about a MIT student developing something that lets
websites mine bitcoins on consumer computers might get the wrong idea. As
usual, the hard-headed nature of american prosecutors does us all a
disservice.

Edit: rayiner points out that no one is being prosecuted, so I should probably
rein in my rhetoric about prosecutors. Still seems like an extreme reaction.

~~~
rayiner
Nobody is being prosecuted. Its an agency issuing a subpoena to get
information. That's how agencies get information.

~~~
SeanDav
You cannot just reply to this "information request" unless you know what the
consequences would be to any answer and if one could be potentially
incriminating oneself inadvertently. The only sensible solution would be to
consult a specialist lawyer and they don't come cheap.

I would guess you are looking at thousands of dollars at a minimum and easily
much more.

~~~
celticninja
of course you can reply, only in the USA do you have such a proponderance to
rely on the law to ask or respond to questions.

~~~
tptacek
That makes sense, since most of the world's countries have civil law systems,
and the US has a common law system.

------
Aqueous
"One interrogatory asks Rubin to provide a list of all instances where Tidbit
and websites using the code "accessed consumer computers without express
written authorization or accessed consumer computers beyond what was
authorized."

Sigh. This is why we need more judges and lawyers who have at least knee-deep
knowledge of technical details about the subjects they regularly rule on. This
absurd language would not have been put into the subpoena if they even had a
basic understanding of how client-side scripting works on the web, and by
extension if they had a rudimentary understanding of how the web works at all.

~~~
slapshot
How so? If I embed a piece of malware in a website that launches an .exe on
your computer without you knowing it, that certainly constitutes access
"beyond what was authorized." If that piece of malware mines bitcoins and uses
my power supply to do it, the lack of authorization is extremely relevant. I
agree that "written" authorization might be overkill, but the general idea of
access without permission comes across clearly.

Of course, I don't think Tidbit was actually being spread as malware -- but
it's easy to imagine a similar system that does.

~~~
marcell
<script type="text/javascript"> var x = 1 + 2; </script>

Is this "beyond what is authorized"? What was authorized to begin with?

------
matthewmcg
"Time for some [web] traffic problems at MIT."

------
lettergram
I wonder who in the New Jersey legal team/government thought this was a good
idea...

~~~
diminoten
Did Jeremy Rubin forget to endorse Christie last election?

------
jordigh
There's one part of the subpoena that I don't understand. Why not turn over
the source code? Since this is partially cryptographic software and also
software that can be used to control a user's machine, it seems to me
imperative for anyone who wants to give up control of their CPU cycles to know
precisely how they're being used, or to trust the pool of smart cows who can
study it for us.

~~~
parfe
>Why not turn over the source code?

They do not want to and don't believe the state has the power to compel them
to. What more reason should they need?

>Since this is partially cryptographic software and also software that can be
used to control a user's machine, it seems to me imperative for anyone who
wants to give up control of their CPU cycles to know precisely how they're
being used, or to trust the pool of smart cows who can study it for us.

Your set includes every piece of closed source software ever installed.

~~~
jordigh
> Your set includes every piece of closed source software ever installed.

Indeed it does. My machine, my rules.

It is sheer folly to trust cryptographic software without source code. Do we
need to fall prey to another RSA fiasco again?

~~~
parfe
>It is sheer folly to trust cryptographic software without source code. Do we
need to fall prey to another RSA fiasco again?

This software does not encrypt anything and thus the user does not care about
the correctness of the implementation. User machines would be testing hashes
for bitcoin mining as compensation for access to web resources. What does the
user care if the hashing fails as long as they get credited properly for the
CPU time?

>Indeed it does. My machine, my rules.

"I choose not to run this software while it remains closed source." does not
create a reason for the government to compel the creators to release the code.
Otherwise, I don't see what your comment has to do with the story other than a
generic comment saying "People shouldn't use closed source software."

------
ck2
The really stupid part of this is cpu mining for btc could not even be
measured as a btc fraction at current difficulty.

You could probably run your cpu 100% for a year and not generate one satoshi.

That said, there are some botnets out there stealing gpu cycles and generating
massive hashrates for scrypt coins. So I could see the cause for alarm but
knowledge like that is going to get out regardless.

~~~
Buge
With a Core i7 3930k you could get 66.6 Mhash/sec.

That would give you 0.00001278 bitcoins per day or 1278 satoshis per day.

~~~
ck2
Ah I stand corrected. I was thinking scrypt Khash/sec

So you are making 1 cent a day while burning 200 watts 24/7

~~~
hayksaakian
Think about it like CPM

If you have 1000 users doing this, is it better than a 1-5$ CPM banner ad?

~~~
ck2
um, for the 1 minute they are on your site? using only part of their cpu?

see the above example for 1 cent per day going at full tilt all day

------
siculars
Thought crimes are not far behind.

------
mannykannot
First they came after climate scientists (
[http://en.wikipedia.org/wiki/Attorney_General_of_Virginia's_...](http://en.wikipedia.org/wiki/Attorney_General_of_Virginia's_climate_science_investigation)
), but I am not a climate scientist...

------
moron4hire
Seems like so many times these days, people's actions are defined by a process
of:

I don't understand this -> I don't like this -> I'll research reasons to not
like this -> You may never be permitted to do this.

Never, "Let's weigh the pros and cons and figure out what we will do about
it." It's decision first, then rationalization.

------
bigfoot13442
I built something similar to this at a hackathon in 2011. The source is has
been on github ever since. No one has come after me yet. Don't understand what
the big deal is.

------
CatMtKing
I was joking with my friends when WebGL came out, that we could mine for
bitcoins on the GPU instead of displaying advertising.

