
New Jersey slaps MIT Bitcoin hackers with subpoena - Kynlyn
http://venturebeat.com/2014/02/12/new-jersey-slaps-mit-bitcoin-hackers-with-subpoena-and-theyre-fighting-back/
======
ck2
Follow the lobbyists.

Figure out who was threatened enough by a bitcoin model to want the government
to step in.

Because there is no way they have this kind of time on their hands to pursue
this and have such in depth technical knowledge to know what to look for,
without some corporate lobbyists spoon feeding it to the prosecutor.

Not that I believe tidbit could ever be profitable or useful, but still.

~~~
gamblor956
No conspiracy necessary. From the article:

 _" With a snippet of embedded code, Tidbit could enable websites to tap into
visitors’ computers and borrow CPU cycles to mine Bitcoin."_

Ads that take over the screen for a few seconds are bad enouogh. A website
that takes over _a computer_ to run computationally expensive tasks? With ads,
at least their is the opportunity to run adblockers. With a javascript miner,
visitors are left with the choice of disabling javascript, and essentially
their access to the modern web, or risking a website abusing their computer.

 _The subpoena and accompanying interrogatories issued to Rubin demonstrate
that the people working for New Jersey’s division of consumer affairs have
made little effort to understand what Tidbit’s software actually does._

Based on how Tidbit has described their software, it sounds like New Jersey
knows exactly what the software actually does: it runs a BTC miner on a
website visitor's computer, potentially without their knowledge. And as the
ESEA fiasco demonstrated, this could result in actual, physical damage to
people's computers.

Is this overreaching? Maybe. Maybe not. That's what the purpose of the
investigation is for.

~~~
bhitov
The javascript miner was not deployed anywhere. At no point was anyone in New
Jersey knowingly or unknowningly served Tidbit's bitcoin mining code.

~~~
gamblor956
The Tidbit team _claims_ that the miner was not deployed anywhere. The purpose
of the investigation is presumably to make sure this is the case.

Unfortunately, due to the antics of many other major Bitcoin players, anyone
doing something Bitcoin-related is generally deemed untrustworthy unless they
prove otherwise. (And from a ideological standpoint, if one believes in the
free market, this is how it should be--trust must be earned, not granted.)

------
sneak
Can someone with a background in law tell me if or why it wouldn't be legal to
turn over bitcoin private keys, complying exactly with a request, while also
using your own retained copies of those keys to sign transfer transactions
sending all those bitcoins held by the previous (now compromised) keys to your
new ones that are not covered by the subpoena?

It seems to me that you'd be complying exactly with their request, as
furnishing a copy of data does not obligate you to delete your own.

~~~
carbocation
Subverting the intent of a ruling or law is not viewed favorably, and can
easily be fixed, if need be, by tighter wording.

~~~
vbuterin
I don't think it's subverting the intent to move the BTC out. The point of
subpoenas is to get information, not resources; if you want resources the
correct mechanism is a seizure. The court is probably just asking for
everything it can just in case.

------
diminoten
Hysteria aside, what happens when a court subpoena demands someone hand over
something they don't have? Does the person just say, "I don't have it." and
that's that? What if they lie about not having it?

~~~
dmix
Contempt of court faces up to 5yrs in jail.

~~~
ye
There's no jail limit for contempt of court.

14 years: [http://blogs.wsj.com/law/2009/07/14/man-jailed-on-civil-
cont...](http://blogs.wsj.com/law/2009/07/14/man-jailed-on-civil-contempt-
charges-freed-after-14-years/)

7 years:
[http://en.wikipedia.org/wiki/Martin_A._Armstrong](http://en.wikipedia.org/wiki/Martin_A._Armstrong)

~~~
dmix
Ah, in Canada it's 5 years. "Punishment can range from the person being
imprisoned for a period of less than five years or until the person complies
with the order or fine."

------
gopher1
If these New Jersey prosecutors fail with this one, I'm sure they can slap
some felony computer fraud charges on them for violating X website's ToS
agreement.

Prosecutors need to lose their immunity, then we might get some sanity back in
the justice system.

~~~
rayiner
What prosecutors?

~~~
gopher1
New Jersey Attorney General John Hoffman and Deputy Attorney General Glenn
Graham... since you asked.

~~~
rayiner
Note the caption: Rubin v. New Jersey. Rubin is the plaintiff. The AG is
acting in its capacity as the government's lawyer, not in its capacity as a
prosecutor. There is no prosecutor, because there is no criminal complaint.
What's at issue is a civil subpoena (a request for information and materials)
issued by a state consumer protection agency.

------
gnu8
I hope they are asking for sanctions in addition to quashing the subpoena.
Whoever wrote this subpoena is not only ignorant but has a massive attitude
problem, for which some jail time would be therapeutic.

~~~
carbocation
No. Let us, instead, wish for justice for all.

------
dreamdu5t
Umm.... what were they issued the subpoena FOR!? I read the entire article
waiting for this to be explained.

Or can you just be subpoena'd without any case?

~~~
jpwright
The article explains the case pretty well:

> ...the language in the subpoena reads much like the state’s computer fraud
> act, which carries some stiff penalties. Last year, New Jersey alleged that
> E-Sports Entertainment (ESEA) hijacked their [subscribers'] computing power
> to mine Bitcoins... the state believes Tidbit may similarly violate
> consumers’ rights.

According to the EFF:

> the New Jersey Division of Consumer Affairs issued a subpoena to Rubin,
> requesting he turn over Tidbit's past and current source code, as well as
> other documents and agreements with any third parties. It also issued 27
> interrogatories -- formal written questions -- requesting additional
> documents and ordering Rubin to turn over information like the names and
> identities of all Bitcoin wallet addresses associated with Tidbit, a list of
> all websites running Tidbit's code and the name of anybody whose computer
> mined for Bitcoins through the use of Tidbit, although Tidbit's code was not
> configured to mine for Bitcoins.

[https://www.eff.org/deeplinks/2014/02/eff-challenges-new-
jer...](https://www.eff.org/deeplinks/2014/02/eff-challenges-new-jersey-
subpoena-issued-mit-student-bitcoin-developers)

~~~
lukifer
It reads "much like" the computer fraud act, but that doesn't mean a case was
brought forward. Can a subpoena really be issued without a corresponding case?

~~~
DannyBee
When subpoenas can be issued, by who, and when, varies from state to state
(and in the federal world, agency to agency). There are definitely
administrative subpoenas, investigatory subpoenas, etc, depending on who and
where.

Back in 2000 (best data i can find on short notice), at least 12 states
permitted prosecutors to serve investigative subpoenas on targets, witnesses,
and record keepers before they charge a person with a crime

------
quackerhacker
This is the first I've heard of Tidbit and I have to say that it is absolutely
ingenious!!!

If they do open source the code, I strongly hope that webmasters would
actually replace obtrusive ads with the mining protocol and not just add it in
addition to ad revenue.

~~~
diminoten
CPU bitcoin mining doesn't really do much. The idea is nice, but it would take
way too long to be competitive as a form of revenue generation if all it had
access to was the CPU.

~~~
daenz
i'm willing to wager it's possible to write a WebGL shader to mine bitcoins.

------
blueskin_
I can actually see their point, although yes, they're going about it
completely the wrong way.

Bitcoin mining using malicious javascript will cost people a lot of money in
power bills if done without permission, and this project has good intentions,
but I'd be unsurprised if it has already been forked to run without victims
knowing. It's just another form of intrusive advert.

------
protomyth
I'm all for state's rights, but, given what the article says, I cannot
understand how NJ has any ability to issue the subpoena. It isn't an active
product that has been used in production so no NJ resident has been "harmed".
Its like the NJ prosecutor read some tech article and decided to act.

------
kaonashi
Sounds like a wonderful way to waste electricity and kill browser performance
at the same time.

~~~
hrjet
The concept could be adapted for a more productive proof-of-work currency like
PrimeCoin[1]. I wonder why PrimeCoin and others don't get more exposure.

[1] : [http://primecoin.io/](http://primecoin.io/)

------
flatline
> Tidbit uses the Stratum protocol, which would enable websites to get paid
> based on total work contributed to the mining pool rather than total
> Bitcoins mined

No, that's what P2Pool, or really any pool, does. Stratum, as the link states,
is just a long-poll protocol to reduce stale shares when a new block is found.

But speaking of pools, it seems like the best bang for their buck would be a
scrypt profit-switching multipool, that mines the most profitable scrypt coin
and exchanges for btc or dollars or whatever. This would potentially create a
huge pool so p2pool is better in that respect, but it's just not profitable to
mine BTC like this at all.

------
jliptzin
Ridiculous prosecution aside, something tells me Tidbit will be used in
addition to, not as a replacement of display ads.

(That assumes there will always be a cryptocoin worth mining with a CPU/GPU.
Right now it's silly to do so for bitcoin)

------
jheriko
if you do something that is legally ambiguous and you get penalised for it
then it is your own fault.

this is one reason why i am reluctant to buy any bitcoins or cryptocurrency in
general - esp given the strong background of money laundering.

its a shame. i do think the future of currency lies in bitcoin or similar...
its just not there yet.

sure if everyone ends up using it the legality will need resolving sooner, but
to a very good approximation nobody uses it at the moment (!)

i base this on the data that there are a great deal fewer bitcoin addresses in
use atm than enough to assign one of them to each out of 0.1% of the world
population - given that many people use multiple addresses i don't think its
unreasonable to consider it very close to non-existent in that naive sense...
penalising all of the people currently involved is not out of the question
yet... not by a very long way imo.

(source: [http://blockchain.info/charts/n-unique-
addresses?timespan=30...](http://blockchain.info/charts/n-unique-
addresses?timespan=30days))

------
amurmann
I can't stand it anymore! Why are we prosecuting these people instead of
Comcast who is on a course to destroy our infrastructure? Of course I know the
answer. I just can't deal with it anymore. I will just stop reading any news.

------
adregan
I can't make heads or tails of this—why is New Jersey, specifically, issuing
this subpoena? Do they have jurisdiction? Is the student from New Jersey?

