Figure out who was threatened enough by a bitcoin model to want the government to step in.
Because there is no way they have this kind of time on their hands to pursue this and have such in depth technical knowledge to know what to look for, without some corporate lobbyists spoon feeding it to the prosecutor.
Not that I believe tidbit could ever be profitable or useful, but still.
"With a snippet of embedded code, Tidbit could enable websites to tap into visitors’ computers and borrow CPU cycles to mine Bitcoin."
Ads that take over the screen for a few seconds are bad enouogh. A website that takes over a computer to run computationally expensive tasks? With ads, at least their is the opportunity to run adblockers. With a javascript miner, visitors are left with the choice of disabling javascript, and essentially their access to the modern web, or risking a website abusing their computer.
The subpoena and accompanying interrogatories issued to Rubin demonstrate that the people working for New Jersey’s division of consumer affairs have made little effort to understand what Tidbit’s software actually does.
Based on how Tidbit has described their software, it sounds like New Jersey knows exactly what the software actually does: it runs a BTC miner on a website visitor's computer, potentially without their knowledge. And as the ESEA fiasco demonstrated, this could result in actual, physical damage to people's computers.
Is this overreaching? Maybe. Maybe not. That's what the purpose of the investigation is for.
The Tidbit team claims that the miner was not deployed anywhere. The purpose of the investigation is presumably to make sure this is the case.
Unfortunately, due to the antics of many other major Bitcoin players, anyone doing something Bitcoin-related is generally deemed untrustworthy unless they prove otherwise. (And from a ideological standpoint, if one believes in the free market, this is how it should be--trust must be earned, not granted.)
there's no evidence at all that Tidbit itself could be a problem.
We don't have all the evidence. We just have Tidbit's claims. Unfortunately, no entity in the Bitcoin industry has proven itself trustworthy, so Tidbit doesn't get the benefit of the doubt. It has to prove it. (Note: it's a civil case, not a criminal case, so it's not a matter of guilt and thus the presumption of innocence doesn't apply.)
Can someone with a background in law tell me if or why it wouldn't be legal to turn over bitcoin private keys, complying exactly with a request, while also using your own retained copies of those keys to sign transfer transactions sending all those bitcoins held by the previous (now compromised) keys to your new ones that are not covered by the subpoena?
It seems to me that you'd be complying exactly with their request, as furnishing a copy of data does not obligate you to delete your own.
Isn't this like suggesting that when the image of an HDD is subpoenaed, you might first copy all the data off it, then wipe it, then image that? Because that trick doesn't work.
If I post my private key to a bitcoin on pastebin and 100 people download it, who owns that bitcoin the moment before someone does a sweep transaction when 101 strangers all have the private key?
When you throw money and it's floating in the air and not in your hand, you can't spend it.
When I leak a private key and the coins remain unspent, I can still spend them.
Tossing money into the air clearly ends my ownership of it. Pastebinning bitcoin keys does not (at least until someone sweeps the coins somewhere else using that published key).
It's not strictly illegal. The government isn't asking you for your Bitcoins, its asking for your keys. It's like asking you for your account number but not the cash in the account. If the Government
wanted to prevent the movement of your bitcoin assets, they would request an order barring outbound transfers. Alternatively, they'd simply move to seize the assets under some sort of forfeiture doctrine. (Forfeiture generally only applies to drug money or money acquired through the commission of a crime, but thanks to the Silk Road and other underground marketplaces, that will be the default presumption in most courts.)
In practice you'd be hard pressed to find prosecutors or judges who understand the conceptual difference between bitcoins and keys. The DoJ has a digital currency task force that is working on a legal blueprint for dealing with these sorts of issues, but it will be months before they get anywhere.
I don't think it's subverting the intent to move the BTC out. The point of subpoenas is to get information, not resources; if you want resources the correct mechanism is a seizure. The court is probably just asking for everything it can just in case.
Have there been any cases where Bitcoin private keys have been requested?
I don't know of any, and it's not the case here.
(If law enforcement had a legal claim to the balances controlled by the keys, they'd craft their order or enforcement action to achieve that end. I think the sweep of funds to a new address, after the Ross Ulbrecht arrest, suggests they understand the key-control issues involved.)
Hysteria aside, what happens when a court subpoena demands someone hand over something they don't have? Does the person just say, "I don't have it." and that's that? What if they lie about not having it?
Ah, in Canada it's 5 years. "Punishment can range from the person being imprisoned for a period of less than five years or until the person complies with the order or fine."
If these New Jersey prosecutors fail with this one, I'm sure they can slap some felony computer fraud charges on them for violating X website's ToS agreement.
Prosecutors need to lose their immunity, then we might get some sanity back in the justice system.
"What prosecutors?"? What do you imagine the difference is between saying "prosecutors need to lose their immunity" and "we need to lose prosecutorial immunity"?
Note the caption: Rubin v. New Jersey. Rubin is the plaintiff. The AG is acting in its capacity as the government's lawyer, not in its capacity as a prosecutor. There is no prosecutor, because there is no criminal complaint. What's at issue is a civil subpoena (a request for information and materials) issued by a state consumer protection agency.
I hope they are asking for sanctions in addition to quashing the subpoena. Whoever wrote this subpoena is not only ignorant but has a massive attitude problem, for which some jail time would be therapeutic.
> ...the language in the subpoena reads much like the state’s computer fraud act, which carries some stiff penalties. Last year, New Jersey alleged that E-Sports Entertainment (ESEA) hijacked their [subscribers'] computing power to mine Bitcoins... the state believes Tidbit may similarly violate consumers’ rights.
According to the EFF:
> the New Jersey Division of Consumer Affairs issued a subpoena to Rubin, requesting he turn over Tidbit's past and current source code, as well as other documents and agreements with any third parties. It also issued 27 interrogatories -- formal written questions -- requesting additional documents and ordering Rubin to turn over information like the names and identities of all Bitcoin wallet addresses associated with Tidbit, a list of all websites running Tidbit's code and the name of anybody whose computer mined for Bitcoins through the use of Tidbit, although Tidbit's code was not configured to mine for Bitcoins.
It reads "much like" the computer fraud act, but that doesn't mean a case was brought forward. Can a subpoena really be issued without a corresponding case?
When subpoenas can be issued, by who, and when, varies from state to state (and in the federal world, agency to agency).
There are definitely administrative subpoenas, investigatory subpoenas, etc, depending on who and where.
Back in 2000 (best data i can find on short notice), at least 12 states permitted prosecutors to serve investigative subpoenas on targets, witnesses, and record keepers before they charge a person with a crime
Where the state wants to, it can press charges on its own. It's up to the prosecutors, generally. This is why there are cases like "so and so vs. New Jersey". In cases like murder and such, the state is the only viable prosecutor, which is why the prosecutor works for the state.
That said, I don't know the procedure for determining whether or not an actual crime has been committed, and without there being an actual case in hand, I have no idea if the subpoenas are valid.
This is the first I've heard of Tidbit and I have to say that it is absolutely ingenious!!!
If they do open source the code, I strongly hope that webmasters would actually replace obtrusive ads with the mining protocol and not just add it in addition to ad revenue.
It's been posted before and quite frankly, it can very easily be abused as a malicious feature. Especially if the user is unaware of their being complicit in mining.
It should be noted that their intent was to be purely opt-in. Stealing a user's CPU/GPU cycles is extremely bad form. (It's bad enough when ads/tracking code does it by accident.)
CPU bitcoin mining doesn't really do much. The idea is nice, but it would take way too long to be competitive as a form of revenue generation if all it had access to was the CPU.
I can actually see their point, although yes, they're going about it completely the wrong way.
Bitcoin mining using malicious javascript will cost people a lot of money in power bills if done without permission, and this project has good intentions, but I'd be unsurprised if it has already been forked to run without victims knowing. It's just another form of intrusive advert.
I'm all for state's rights, but, given what the article says, I cannot understand how NJ has any ability to issue the subpoena. It isn't an active product that has been used in production so no NJ resident has been "harmed". Its like the NJ prosecutor read some tech article and decided to act.
The concept could be adapted for a more productive proof-of-work currency like PrimeCoin[1]. I wonder why PrimeCoin and others don't get more exposure.
> Tidbit uses the Stratum protocol, which would enable websites to get paid based on total work contributed to the mining pool rather than total Bitcoins mined
No, that's what P2Pool, or really any pool, does. Stratum, as the link states, is just a long-poll protocol to reduce stale shares when a new block is found.
But speaking of pools, it seems like the best bang for their buck would be a scrypt profit-switching multipool, that mines the most profitable scrypt coin and exchanges for btc or dollars or whatever. This would potentially create a huge pool so p2pool is better in that respect, but it's just not profitable to mine BTC like this at all.
if you do something that is legally ambiguous and you get penalised for it then it is your own fault.
this is one reason why i am reluctant to buy any bitcoins or cryptocurrency in general - esp given the strong background of money laundering.
its a shame. i do think the future of currency lies in bitcoin or similar... its just not there yet.
sure if everyone ends up using it the legality will need resolving sooner, but to a very good approximation nobody uses it at the moment (!)
i base this on the data that there are a great deal fewer bitcoin addresses in use atm than enough to assign one of them to each out of 0.1% of the world population - given that many people use multiple addresses i don't think its unreasonable to consider it very close to non-existent in that naive sense... penalising all of the people currently involved is not out of the question yet... not by a very long way imo.
I can't stand it anymore! Why are we prosecuting these people instead of Comcast who is on a course to destroy our infrastructure? Of course I know the answer. I just can't deal with it anymore. I will just stop reading any news.
Figure out who was threatened enough by a bitcoin model to want the government to step in.
Because there is no way they have this kind of time on their hands to pursue this and have such in depth technical knowledge to know what to look for, without some corporate lobbyists spoon feeding it to the prosecutor.
Not that I believe tidbit could ever be profitable or useful, but still.