What the developer has created actually sounds rather ingenious.
Personally, I think that's pretty absurd, but I can understand how a non-technical attorney reading about a MIT student developing something that lets websites mine bitcoins on consumer computers might get the wrong idea. As usual, the hard-headed nature of american prosecutors does us all a disservice.
Edit: rayiner points out that no one is being prosecuted, so I should probably rein in my rhetoric about prosecutors. Still seems like an extreme reaction.
Some of the things they are asking for seem to be beyond the capability of anyone to provide, other than a Supreme Deity.
I would guess you are looking at thousands of dollars at a minimum and easily much more.
Sigh. This is why we need more judges and lawyers who have at least knee-deep knowledge of technical details about the subjects they regularly rule on. This absurd language would not have been put into the subpoena if they even had a basic understanding of how client-side scripting works on the web, and by extension if they had a rudimentary understanding of how the web works at all.
Of course, I don't think Tidbit was actually being spread as malware -- but it's easy to imagine a similar system that does.
Is this "beyond what is authorized"? What was authorized to begin with?
You can't just subpoena people for a list of crimes that they have committed, surely the 5th amendment prevents that. (For instance, you cannot legally compel felons to register firearms that they are not legally allowed to have). You couldn't subpoena a suspected bank robber for a list of robberies that they committed.
They do not want to and don't believe the state has the power to compel them to. What more reason should they need?
>Since this is partially cryptographic software and also software that can be used to control a user's machine, it seems to me imperative for anyone who wants to give up control of their CPU cycles to know precisely how they're being used, or to trust the pool of smart cows who can study it for us.
Your set includes every piece of closed source software ever installed.
Indeed it does. My machine, my rules.
It is sheer folly to trust cryptographic software without source code. Do we need to fall prey to another RSA fiasco again?
This software does not encrypt anything and thus the user does not care about the correctness of the implementation. User machines would be testing hashes for bitcoin mining as compensation for access to web resources. What does the user care if the hashing fails as long as they get credited properly for the CPU time?
>Indeed it does. My machine, my rules.
"I choose not to run this software while it remains closed source." does not create a reason for the government to compel the creators to release the code. Otherwise, I don't see what your comment has to do with the story other than a generic comment saying "People shouldn't use closed source software."
Other than a reflexive, blind compliance with capricious government demands, why would they? If you want it to be open sourced, it's of course fine to ask for that, but using the government's threat of force to accomplish it is just sinister.
Our legal system exists to resolve these claims. Ideally, when an absurd claim is made, the courts toss it. But crucially, that doesn't prevent the victim having to waste time and resources on a defense or response.
What's the solution to this problem? Usually, it's to create some disincentive against outrageous or frivolous legal actions. Sometimes, this can take the form of sanctions, which can involve a monetary penalty. But what happens when a state government is the one initiating the action? Theoretically, sanctions might be possible in some scenarios. But I'd imagine that in practice, governments get sanctioned only once in a blue moon, if that.
That's actually the whole point of subpoenas. They're a step up from a simple letter demanding information. In the latter case, the recipient may choose to respond in the hopes of placating the sender, or s/he may choose to ignore it. You can see why that would be a problem. Sometimes litigants genuinely need to force the other party to produce information. There has to be some method of doing so, and there has to be some way to enforce compliance. Thus the subpoena: A request you're not allowed to simply ignore.
Obviously, if you create a procedural right like this, there's room for abuse. The courts theoretically serve as a check on such abuse. The court may reject a litigant's application for a subpoena outright. Alternatively, the recipient may file a motion to quash, explaining to the court why s/he shouldn't have to comply with the subpoena. Subpoenas that are abusive, oppressive, overly burdensome, unreasonable, or downright outrageous will likely be quashed.
Even with these checks in place, the system is imperfect. Recipients of defective subpoenas are still burdened with, at the very least, filing a motion to quash. Practically speaking, anyone who receives a subpoena will have to pay for a lawyer or find one to represent him/her for free.
This problem is not unique to subpoenas. The same argument could be made about nearly any legal process. If I sue you frivolously, you still have to get a lawyer. If the state arrests you for no reason, you still have to get a lawyer. Et cetera. Is there a solution? There may be a partial solution available to our society: We could increase the penalties for abuse of legal process, and make those penalties applicable in a broader range of circumstances. Of course, this approach increases the risk to those who would make legitimate use of legal processes, so it's not without downsides. It's a difficult balance to strike.
I strongly suspect that one of the reasons for using a subpoena here is that it transfers the effort and cost of performing an investigation to the respondents, who have been put in the position of proving their innocence, or rather that no crime has actually occurred.
The interrogatories show that the attorney-general's office has made no effort to understand what this software does, and has made no investigation into whether anything suspicious has actually happened. They are on a fishing trip, with the subpoena as the dynamite.
Why does NJ think they have any jurisdiction here? Frankly, this is just as absurd as another country issuing demands for legal docs from someone in the US for them doing something that's perfectly legal in the US, but illegal in that country.
But a prominent digital rights group has stepped in and it is likely a reasonable resolution will come of it.
I don't understand this -> I don't like this -> I'll research reasons to not like this -> You may never be permitted to do this.
Never, "Let's weigh the pros and cons and figure out what we will do about it." It's decision first, then rationalization.
You could probably run your cpu 100% for a year and not generate one satoshi.
That said, there are some botnets out there stealing gpu cycles and generating massive hashrates for scrypt coins. So I could see the cause for alarm but knowledge like that is going to get out regardless.
That would give you 0.00001278 bitcoins per day or 1278 satoshis per day.
So you are making 1 cent a day while burning 200 watts 24/7
If you have 1000 users doing this, is it better than a 1-5$ CPM banner ad?
see the above example for 1 cent per day going at full tilt all day