Entries in news (15)

Wednesday
Oct022013

The Silk Road Unraveled

Wow, what a story!

A while back, I wrote a bit about the technology behind the online pseudonymous black-market called Silk Road. I talked a bit about the site from the perspective of a security problem. Now, it seems that the site’s security was not so good. The FBI has arrested the site’s owner, the notorious black-marketeer known as Dread Pirate Roberts, in real life as Ross William Ulbricht. Further reading here, including the formal complaint. (Edited to add: Another great analysis here.)

In the previous post, I talked about the mechanism that minimized knowledge buyers have about sellers. I didn’t really talk about the site administrator. (Though I did mention the administrator could strengthen the site against attack by minimizing the data the site holds on to. Which Ulbricht doesn’t seem to have done.) To be secure, the site administrator would want to minimize their connections with the site. They would log in from an unpredictable place, via TOR. They would communicate only over encrypted channels. They would keep their private key somewhere separate from the servers for the site. Ditto for their bitcoin wallet. Above all, they would minimize their connection to the site, and they would minimize their visibility to law enforcement.

Ulbricht didn’t do any of that, and it proved his undoing. He wasn’t just the president of the Silk Road for Criminals Club, he was also a customer! Using a clearly labeled as administrator account, no less, to buy illegal goods and services directly related to the running of the site. Including packages of physical goods (fake IDs) that could be tracked to his house, and allegedly going so far as to pay hitmen to murder a turncoat former employee (there’s a separate indictment for that one) and a potential blackmailer.

In my last post, I suggested:

Acquiring new accounts to do individual stings is too high cost for too little gain, especially since the value of “flipping” a Silk Road buyer is very low (there’s little they can do to get information on Silk Road sellers).

But failed to note that this does not apply if the buyer in question happens to host the whole site out of his basement.

(Edited to add: That’s hyperbole, of course. The site was hosted outside of the US. It wasn’t being operated from Ulbricht’s house, either. But he was signing in through a VPN gateway at an internet cafe near his home. And not via TOR, either. He also advertised the site soon after it started, and looked for employees for a bitcoin-related startup soon before it started, both under pseudonyms that could be traced to his real identity.)

Now that Silk Road has been seized, any records of sales can be traced. Any buyers and sellers whose records were compromised will be very quickly screwed if they didn’t employ additional money-laundering techniques. Bitcoin may be pseudonymous, but every transaction is intensely public, every node in the network has the complete transaction record.

(Edited to add: The Silk Road itself included a coin tumbler that protected buyers and sellers from knowing one another’s bitcoin addresses. However, it’s not clear if this will protect either buyers or sellers from the authorities now that they have control over whatever data Silk Road retained.)

As far as the value of Bitcoin as a whole goes? Depends, I think, on how much of the price is based on future versus present or past utility. I still think Silk Road is an edge case in the set of things Bitcoin could be used for. But it’s a large portion of the set of things Bitcoin has been used for.

Tuesday
Jun112013

Predicting the Present

Idea #7: The best way to accurately predict the future is to accurately predict the present.

I was listening to Democracy Now! this morning about the NSA scandal (ongoing) and the (now long-established) use of private contractors to analyze digital records, the sort of activity that would be obviously illegal if physical documents were involved instead of digital ones, when I was suddenly struck by the memory of Cory Doctorow’s comment about science fiction writers predicting the present. Because, in fact, Cory Doctorow wrote this one before, a short story called “The Things That Make Me Weak and Strange Get Engineered Away” (after the Jonathan Coulton song), published in 2008.

The story hits all the key points: Private contractors analyzing vast quantities of metadata for the surveillance state, and the sort of conflict between hired geeks and their authoritarian masters that results. Of course, in that story the private contractors are a cloistered society of lifehacking monks, but obviously a good science fiction has to push those predictions of the present a little in a future-weird direction. Doctorow’s story is a bit of a warning, too. The story at least raises the question of whether the withdrawal of the nerds into their own sousveilence society removed their effectiveness as an obstacle to the security state (in more way than one).

Well worth a read. And worth pointing out, especially since I’m not the only one thinking about fiction as warning in light of recent revelations.

Friday
Apr262013

Extremist Terrorism's False Flag

As a resident of the Boston area in the aftermath of the marathon bombings, I have to say the conspiracy theories have already gotten really annoying.  In this case, the simple hypothesis is actually very well supported, and conspiracy theorists tend to support their hypotheses with observations that are just as likely or almost as likely if they were completely incorrect.

But I do want to say a little bit about this concept of a false flag operation in the context of terrorists like the Tsarnaevs.  One of the things that’s odd about such a terrorist attack is it’s extremely unclear what sort of goals it might hope to achieve.  At least, it seems unlikely to frighten the US towards an isolationist policy, or achieve any end that directly supports the goals of (the violent extremist flavor du jour) militant Islamists.

The proliferation of this sort of tactic might be best understood under the concept of a false flag.  In a false flag operation, an attack is disguised so as to provoke a misdirected response.  In the archetypal case, this involves a government falsifying an enemy attack (or secretly facilitating a real enemy attack) to bolster public support for military action against that enemy.  But there’s an alternative scenario, in which an enemy seeks to have one of their potential allies blamed for the attack.  Even if the ally is not fooled by this ploy, the provoked counter-attack could provide the need to unite against a common enemy.

The best counter-attack against terrorism, therefore, is as restrained as it is effective.  I don’t mind that the police and military told people to stay home on April 19.  I don’t mind that they searched Watertown house by house.  Yes, it’s costly and disruptive, but having a bomber on the loose is also costly and disruptive.  Yes, the guy wasn’t found in the initial search, but there’s only so much you can do with limited information.

Ultimately, though, the town is getting back to normal.  We feel no need to buy the extremist’s implicit declaration that there’s a war on.  We can treat them as ordinary criminals.  Boston has dealt with those before.

Tuesday
Oct302012

Hurricane Downtime

This blog will likely go down for some time due to the storm.  Not that anyone is following that closely, but see you when things are back up.

Update: Or maybe not.

Friday
Mar302012

Trayvon Martin and the State of Discourse

I’ve been following the case of Trayvon Martin’s shooting at the hands of neighborhood watchman George Zimmerman.  On the left, there was a rush to accuse Zimmerman of cold-blooded murder.  On the right, there was a rush to paint Martin as a thug and double down on the racialized paranoia.  But the facts that really make or break the case (specifically, who started the fight) are currently unknown.  The unusual bits of Florida’s laws on self-defense don’t really apply to this case, they don’t excuse murder if you provoke someone into attacking you and then resort to lethal force, or if you attack first and later fear for your life when the fight doesn’t go your way.

There’s some interesting discussion to be had on the role of guns in self-defense and aggressive violence, guns win fights but also escalate the stakes awfully quick:

Statistically, incidents of guns being used successfully in self-defense are extremely rare. The following events are a lot more likely:

• Criminal gets hold of your gun and uses it against you.
• The gun gives you a psychological feeling of self-confidence that will cause you to get into bad situations you otherwise would have avoided if you did not have the gun.
• Use of a gun in an ambiguous situation will get you in prison for murder, which is worse than getting beaten up.
• Being prosecuted for murder will ruin your life even if the jury finds you not guilty.

The Zimmerman incident is a good example of the truth of the above. The video showed that Zimmerman wasn’t beaten up that bad. Without the gun, Trayvon probably would have run away after giving him a good but not life-threatening beating. And according to Zimmerman’s father, Trayvon saw the gun, which caused an escalation in the altercation.

There’s something to be said about race relations in this country, something to be said about violence, about respect and community, about culture, about the standards of criminal evidence.  But most of what I hear about this case depresses me because it seems to be overwhelmingly characterized by those that no longer hope for productive dialog on this sort of issue, from one side:

“An eye for an eye, a tooth for a tooth,” Mikhail Muhammad said at a Saturday press conference in Sanford, Fla., in which he also called on 10,000 black men to “capture” Zimmerman. “He should be fearful for his life”…

Or the other:

In the last few days I’ve repeatedly discussed blacks’ common attitude that their response to any white authority figure who asks them anything is to resist, fight, ignore, or run away. But the commenter at Half-Sigma puts it better: Non-blacks may not talk to blacks, period. To say anything to a black is to step into his territory, it is to dis him, and thus to provoke his righteous vengeance…

Seems like on some issues the state of discourse in this country is only slightly better off than Trayvon Martin.

Friday
Jan202012

Internet Blackout

If you’ve been paying attention to the internet, you probably noticed that a wide swath of website users and owners were none-too-pleased at the proposal of the PROTECT IP Act (PIPA) and the Stop Online Piracy Act (SOPA) (from the US Senate and House of Representatives, respectively).  This led to a coordinated website strike and mobilization campaign last Wednesday.

There’s a great technical analysis of the problems with the bill on the Reddit blog here.  But I think the best analysis of the issue I’ve seen comes from this TED Talk given by Clay Shirky:

His central point is that SOPA and PIPA represent the latest in a trend in entertainment industry lobbying, away from getting Congress to define the distinction between legal and illegal copying (producing, for example, the Audio Home Recording Act of 1992), towards restricting copying through technical means and making it illegal to work around those “protections”.  The DMCA lets companies sell you “broken” (for the purpose of restricting copying) devices and makes it illegal for you to fix those devices.  PIPA and SOPA let the government (at the behest of the entertainment industry) break DNS to censor “pirate” sites, and would make it illegal to work around that (which requires search engines and the like to pay to police themselves so that they aren’t indiscriminately helping users find such things).

Cory Doctorow describes this trend towards technological control systems backed by force of law (and away from legislation about what sorts of things should or shouldn’t be legal, with restrictions on liberty sitting on the other side of due process) in a recent essay titled Lockdown: The Coming War on General Purpose Computing.

The bills have been defeated for now, and in the aftermath, many activists have pointed out that similar legislation will undoubtedly reemerge (under the same name, a new name, or grafted wholesale into something politically inconvenient for legislators to oppose).  But after watching Shirky and reading Doctorow, I’m convinced it’s not sufficient to oppose, whack-a-mole-style, the latest bit of oppressive-technology-backed-by-force-of-law that comes up.  It’s necessary to oppose the idea that companies should be allowed to sell computers that can work against their users in ways that the users are prohibited from fixing.  And it’s necessary to move the copyright debate back to what sorts of copying should or shouldn’t be allowed, regardless of what sorts of copyright law the entertainment industry might be willing to buy or sell.

Friday
Dec162011

Thoughts on Occupy Versus Police

(This post is way delayed and fairly disorganized, but I’m putting aside further editing in the interest of getting it out the digital door.)

Occupy is interesting, but it’s also interesting to consider the variety of tactics police have used in opposing the movement.  On the one hand, there’s the UC Davis incident, where the message of “if you are in the way, we will hose you down with military grade pepper spray at point-blank range” was communicated by actually doing just that.  That might be legal, even in the liberal 9th circuit, but doesn’t exactly defuse the situation, and it’s unclear whether it will prevent the protesters from achieving (some of) their goals.

On the other hand, there’s the aikido tactics of the St. Louis Police.  As related in this post by Brad Hicks, after a series of fake-out maneuvers, the police acted with a combination of power and restraint:

[…] [The police] didn’t show up in riot gear and helmets, they showed up in shirt sleeves with their faces showing. They not only didn’t show up with SWAT gear, they showed up with no unusual weapons at all, and what weapons they had all securely holstered. They politely woke everybody up. They politely helped everybody who was willing to remove their property from the park to do so. They then asked, out of the 75 to 100 people down there, how many people were volunteering for being-arrested duty? Given 33 hours to think about it, and 10 hours to sweat it over, only 27 volunteered. As the police already knew, those people’s legal advisers had advised them not to even passively resist, so those 27 people lined up to be peacefully arrested, and were escorted away by a handful of cops. The rest were advised to please continue to protest, over there on the sidewalk … and what happened next was the most absolutely brilliant piece of crowd control policing I have heard of in my entire lifetime.

All of the cops who weren’t busy transporting and processing the voluntary arrestees lined up, blocking the stairs down into the plaza. They stood shoulder to shoulder. They kept calm and silent. They positioned the weapons on their belts out of sight. They crossed their hands low in front of them, in exactly the least provocative posture known to man. And they peacefully, silently, respectfully occupied the plaza, using exactly the same non-violent resistance techniques that the protesters themselves had been trained in. […]

By dawn, the protesters were licked.

(Again, read the whole thing.)

The clearing of Occupy Boston used some of the St. Louis tactics, so maybe those are catching on.  More brutal tactics may or may not be self-defeating, but I suppose that depends on exactly how far police are willing to go, as Brad points out, addressed towards police:

In case you haven’t noticed, you are not the only police officers who have been asked to use as much force as necessary, in order to crack down on trivial ordinance violations, as an excuse to shut those citizens up. Your fellow police have been asked to shut down those protests in every country in Latin America, in every country in the Middle East, in every country in North Africa, and in almost every country in Europe. In country after country, one of three things has happened: the cops obeyed orders and the kleptocrats are getting away with imposing austerity, or else the cops obeyed orders but foreign governments stepped in, citing actual or impending police atrocities, and overthrew the kleptocrats, or else they did something that you chose not to do, this last week or two.

In a few countries, the cops saw that they didn’t have the choice of defending the perfectly law abiding, saw that they were being asked to defend criminals, concluded that they could not morally justify obeying the order to shut down the protests, and went home. Few if any of the protesters even asked the police to switch sides and join the protests against kleptocracy. Most of us know that that’s an unreasonable request, we know that most of you feel that you owe it to the uniform you wear, and to the oath you took, and to your fellow officers, not to join the protesters. But in the countries where the police, asked to use force to shut down peaceful protests against kleptocracy, took off their uniforms and went home until it was all over? Not just in the Arab (Spring) world, but in places like Iceland? Freedom is on the march. Nor have those countries slid into poverty because they refused to cover the debts that the thieves owed to the dishonest bankers; those countries are recovering from the global recession faster than we are.

Charles Stross has some interesting thoughts on how the police crackdown fits into the larger economic/political situation:

Public austerity is a great cover for the expropriation of wealth by the rich (by using their accumulated capital to go on acquisition sprees for assets being sold off for cents on the dollar by the near-bankrupt state). But public austerity is a huge brake on economic growth because it undermines demand by impoverishing consumers. Consequently, we’re in for another long depression. […]

Starving poor people with guns and nothing to lose scare the rich; their presence in large numbers is one major component of a pre-revolutionary situation. […] Worse, the poor have smartphones. […]

The oligarchs are therefore pre-empting the pre-revolutionary situation by militarizing the police (as guard labour).

The rest is interesting, too, including the comments.

Tuesday
Oct252011

How Can Occupy Wall Street Win?

Occupy Wall Street continues to be very interesting.  (On the economic side, see also.)

I previously mentioned that non-violent protests can only win by being economically or politically disruptive, but there are a few ways to achieve that goal:

Consumer Siege: Cut someone off from funding by refusing to do business with them (boycott) is the typical example.  Indirect boycotts can sometimes work (for example, see Color of Change’s successful campaign against the Glenn Beck Show, which worked by convincing advertisers that being associated with Glenn Beck was not a good idea for their brand (or at least that it would be better to spend their advertising budget’s elsewhere).  Divestment can also work, since the people running an institution tend to also be investors.  Of course, that only works if equity in the institution is publicly held and the protesters have a lot of it (not usually the case).

In the case of OWS, this is why I’m interested in this story in which a bunch of protesters who were Citi Bank customers tried to close their accounts, only to be locked in by guards and arrested by police.  Bizarre.  A question:  In the actual bank runs of the 1930s, did banks ever try to get police to arrest customers who were closing their accounts?

Disruption of Business: Protesters prevent the institution from doing business with anyone.  This either involves discouraging customers or actually preventing institutional activities from happening.  The strike is an obvious (and fairly mild) example of this type.  So is the picket line, in which customers and/or replacement workers are discouraged (but not actually prevented) from entering a place of business.

Given the name “Occupy Wall Street”, I’m surprised there isn’t more action of this type.  While seeing the protesters “occupy” Times Square was impressive, it’s a far cry from actually occupying, you know, Wall Street.  There’s no indication that OWS has been at all disruptive to the business activities of anyone working on Wall Street.

Petition: In general, just expressing one’s grievances, no matter how publicly is pretty useless unless you can effectively turn that to recruiting people for one of the activities listed in this post.  Getting arrested is only great if you emerge from jail with your numbers doubled.  (The IWW was great at this, Anonymous not so much.  (That topic might be worth its own post, but in the meanwhile, read this, which also includes some very good speculation about the possible outcomes of the protests.))

There’s one exception, though.  If your grievances are expressed directly, in person, to an institution itself, then the actions the institution takes against you can effect the institution’s reputation enough to be disruptive.  That only works if the institution is considered to be in control of the action taken against protesters and the institution is perceived to have some sort of obligation to listen to protesters.  Here, that’s likely to be just government, and maybe not even that.

That tactic can also work as the political equivalent of “disruption of business”.  If hundreds of people are showing up in person to present their grievances at each congressional office every day, it does give Congress a bit more personal motivation to resolve the situation.

Elections: In a democracy, if you can mobilize enough support to actually get incumbent legislators replaced with legislators loyal to your position, then that’s one way to change things.  To do this at a large scale, you really need to establish an effective political party.  Specifically, it must be able to do two things effectively: Get candidates elected, and ensure that candidates who don’t toe the party line on important issues (the platform) are not reelected (and preferably are left with their careers in total ruin, such that they actually fear defecting).

I’ve heard suggestions that OWS needs a “non-partisan political party”, which is nonsense.  To the extent that the concept is coherent, we already have a non-partisan political party, the Democrats, which is wildly ineffective at whipping their members into going along with even the core of the party platform.  The Republicans, on the other hand, are wildly effective whips, at least on the limited platform of opposing Obama (or whatever non-Republican is in power at the time).  (They’re less effectively partisan when actually in charge, but you don’t really have to coordinate much on how to burn the place down in order to do so effectively.)

You also need a lot of political power to push around the bureaucracy, but I don’t think that’s an intractable problem in the case of OWS.  (At least not compared to the difficulty of getting legislators elected in the first place.)

Thursday
Oct062011

"Occupy" Where Now?

The Occupy Wall Street protest and related protests are interesting, but they mostly remind me of my first pithy generalization on this blog.  The protests have garnered some attention, but unless they can be economically or politically disruptive, they won’t get anything done.  As near as I can tell, the protests have not yet had a significant political effect and as far as economic effects go… well, if it’s still “business as usual” for the place allegedly occupied, the “occupation” probably isn’t doing a very effective job.

Friday
Jul222011

What's the Default?

There’s a lot of talk about the US debt ceiling and whether that will be raised or not by the August 2 deadline.  The odd thing about this is that it’s always framed in terms of an impending default, when it’s not clear that will happen at all.  Especially when that’s expressly prohibited by the US Constitution (Amendment 14, Section 4):

The validity of the public debt of the United States, authorized by law, including debts incurred for payment of pensions and bounties for services in suppressing insurrection or rebellion, shall not be questioned. But neither the United States nor any State shall assume or pay any debt or obligation incurred in aid of insurrection or rebellion against the United States, or any claim for the loss or emancipation of any slave; but all such debts, obligations and claims shall be held illegal and void.

Clearly, the amendment addresses debt in the context of the Civil War in particular, but it’s not unreasonable to read that as a blanket prohibition on a default on treasury bonds.  So on August 2, absent legislation, we’ll be in the following state:

  1. Congress has said “no more borrowing”.
  2. Congress has determined how money can be printed, and the answer is “not without more borrowing” (money is printed by the Fed and exchanged for new Treasury Bonds).
  3. Congress has specified the amount of taxes to be taken in.
  4. Congress has specified how much is to be spent and on what.  (But it’s a higher amount than the revenues provided for in 2!)
  5. Treasury Bonds specify when they need to be repaid and for how much, and the Constitution says Congress can’t just decide to not pay those.  (There are also a few other obligations the Constitution says Congress can’t decide not to pay, including judicial salaries.)

That’s an odd state, as of yet untested under US law.  Clearly, something’s got to give.  The executive department must faithfully meet conditions 1-5, which is impossible.  The Constitution gives only Congress the authority to alter 1-4, and no one the authority to alter 5.

Since the debt ceiling law and the most recent budget are in some sense contradictory, and Congress is the one with the power to alter those conditions, I think the relevant question is how to interpret the actions of Congress regarding those laws.  I can think of a two reasonable possibilities:

One: The budget implicitly raises the debt ceiling to cover the difference between revenues and expenses, since otherwise that law would be requiring the impossible.  (Bill Clinton seems to take almost this view, but it’s a way better argument to suggest that Congress implicitly loosened 4 than to say the Constitution gives the president the authority to violate 1 in order to fulfill 5.  Both are required by the Constitution, it would be quite an ass-pull to say that Am. 14 Sec. 4 gives additional emergency borrowing powers to the Executive Branch.)

Two: The debt ceiling law, unless explicitly repealed, implicitly limits spending after the debt ceiling is reached to revenues taken in.  The budget didn’t amend that restriction, so the restriction still applies.  Unfortunately, the debt ceiling law doesn’t specify what spending to cut or how that should be decided.  But a reasonable assumption might be that the Executive Branch (the Secretary of the Treasury?) would have the authority.

That puts the power in the right constitutional place:  When Congress passed the last budget, they either intended increased borrowing or decreased spending, they can’t have both.  That’s what should happen.  Of course, it’s not ideal for courts to try to interpret laws that are either overly vague or logically impossible, but it’s not the courts’ fault that Congress failed to do at least one of those in this case.

Some have suggested that the debt ceiling law is unconstitutional because they view all spending as sacrosanct under Am. 14 Sec. 4.  There’s a good take-down of that argument by Professor Lawrence Tribe, here.  His counter-argument is sort of like my second case above, except he doesn’t claim that “bend 4 to satisfy 1-3” is implicit in the budget, he just cites legal precedent.  (I like my argument a bit better, but Tribe’s argument certainly beats Clinton’s, and I’m willing to defer to his expertise.)  I also agree with the caveat on his conclusion:

I do not mean to suggest that, if it becomes necessary for the President to prioritize expenditures, the President is free to use whatever priorities he likes. First, the Constitution itself requires giving some expenditures (such as the payment of judicial salaries, Art. III, § 1, or payments on the public debt, Amdt. XIV, § 4) priority over others. Second, even if circumstances make it impossible for the President to obey the anti-line item veto rule announced in Clinton v. New York, he must do his best to honor the principles animating that rule: namely, using the line item veto to give the President unbounded power over spending would allow the Chief Executive to reward political allies and punish political adversaries. The President may not, for example, prioritize spending in blue states over spending in red states. Within those constitutional boundaries, however, it is up to the President to determine how spending must be prioritized when it becomes impossible to comply with all of the President’s legal obligations simultaneously.

I don’t know if that’s a reasonable prediction of what would actually happen if the debt ceiling failed to be raised.  Obama would have the first move, so if he did something other than prioritize spending, the courts would have to react to that instead.

And it’s not clear that such a “default” (not actually a default!) will happen.  There are still possible ways to avoid that, including congress actually raising the debt ceiling, or harebrained schemes in which Congress restores the “out of power party futilely opposes the debt limit raise” status quo by handing over the raise-the-debt-limit power to the Executive, reserving for Congress enough power to oppose Obama’s decision but not enough to actually succeed.

(Also, if all this media default hullabaloo has you thinking about fleeing to gold or some such, you should find this Moldbug piece interesting.)