Hacktivism & Mistakes

I know that much ink has already been spilled over Aaron Swartz‘s indictment. If you haven’t read any of it, this New York Times article is a good start.

a photograph of Aaron SwartzKevin Driscoll, posting on the Students for Free Culture blog notes that:

“News coverage and online reaction to Swartz’s arrest reveal a painful failure to produce accurate, meaningful analogies for his massive duplication of academic articles.”

Driscoll cites a slew of analogies comparing the bulk download of JSTOR articles to checking books out of a library, or looking up journals. These analogies make Swartz’s actions seem reasonable and dignified, and they’re right. The problem isn’t that we have analogies which make him seem reasonable, it’s that we have no analogies which show just how reasonable he was. All our physical analogies are tied to a world filled with scarcity: we have no means to express just how little cost there is when someone copies academic data. Worse still, our language is lost on the prosecutor, and may well be lost on judges and a jury too.

Swartz’s actions were noble, and foolhardy. If you’re trying to make a backup of JSTOR, this isn’t the right approach. Either take security precautions so that you don’t get caught, or act so brazenly that you’re in good faith. By concealing his face with a bike helmet, using pseudonyms engineered to give him the username “ghost”, and fleeing from police, he’s failed the punk test before this gets anywhere near the court.

Hopefully, he won’t have to spend any time in jail. Still, if there’s one case that puts Guerrilla Open Access in the spotlight, this is it. Perhaps these events will draw much-needed attention to the tragedy our locked-up academic record, and allow for a transition to more open  academic publishing and access.

Posted in Commentary, News | Leave a comment

The Punk Test

Predicting the results of important technology, copyright and patent cases is almost impossible. Experts who are intimately familiar with the subject matter and precedents are only slightly better than a coin toss at guessing outcomes. Even cases which seem simple often have completely unexpected conclusions. Why is this? Isn’t the point of law that people understand what it says so that they can avoid doing things it prohibits?

When the judicial system lacks the resources necessary to objectively evaluate a case on the merits, a different decision-making procedure dominates: The Punk Test, takes over.

When a judge can’t conclusively decide which party is in the right, the party that looks like the biggest punk looses, and the opinion is written to justify this decision.

Civil (& some criminal) legislation can be incredibly complex, with multiple actors pursuing convoluted agendas via sophisticated technical means. Even the best lawyers and judges on all sides may have difficulty comprehending the details of the situation before them. Much of what they are examining is innovation by individuals who have spent years becoming experts. It should come as no surprise that this is hard stuff to get your head around.

Judges are expected to interpret statute to justify their decisions, and — worse — they have to assume that the statute was carefully and sensibly written by a sane author. Given the dysfunctional, incomprehensible, I-don’t-think-you-mean-what-you-think-you-mean nature of some statutes, especially modern copyright and information technology laws, this is a daunting task. Try to apply a schizophrenic act to an incomprehensible situation, and it’s no surprise that judges need some help.

In the shadow of this, a secondary form of decision-making takes over: the sort of judicial discretion which hails from early days of common law. If one party looks like they’re acting in bad faith, or trying to game the system, or fudging the facts, or otherwise doesn’t endear themselves to the court, they’re the punk. The punk always looses. It doesn’t matter whether it’s a pair of dueling multinationals, an individual versus a corporation, or a subtle matter of administrative law: if you look like a punk, you lose the case.

Of course, judges can’t admit that this is what they’re doing, so they need to draft an opinion which explains the decision. This results in tortured logic, arcane explanations, and legislative parsing which would make an eighth-grade teacher cringe. Future judges inherit incomprehensible opinions to complement inscrutable statutes, and are placed in an irreconcilable position. So they apply the punk test, write double-think opinions, and perpetuate the cycle.

Next time you’re reading about a litigation matter, think about the punk test. You may be surprised how much it improves your predictions.

Posted in Commentary, Essays, Features | Tagged , , , , , , , , , , , , , | 1 Comment

Bitcoin: More Covert than it Looks

A man wearing a suit and an "Anonymous" Guy-Fawkes mask, using an old-fashioned green-screen text computer.

Anonymity; and the Internet, CC BY NC SA by Sitan Eikeland on Flickr

There’s been a lot of discussion in the past few weeks about how anonymous Bitcoin actually is. If you’re new to Bitcoin, you can check my short introduction to the cryptocurrency over at Ars Technica.

Bitcoin is often incorrectly touted as a completely anonymous currency, which is not quite correct. Bitcoin uses a distributed transaction register, which is completely public. In fact, it depends on this open ledger to allow coins to be signed over from one owner to another. This sounds like it might completely defy any measure of anonymity. After all, if every coin can be tracked from transaction to transaction, it should be no trouble to keep tabs on the whole network. This is the point that a lot of insightful commentators have been making in the past weeks. Tim Lee‘s post over on Forbes distills this criticism concisely, and expresses the mechanism by which Bitcoin de-anonymization might happen. Tim’s article is well worth a read, but I think that he misses some of the ways that Bitcoin-users can — and do — remain effectively anonymous with the currency. In particular, I think that he misses just how much of an advantage it is that operations with Bitcoin can be automated, and abstracted away from the user.

If I have one Bitcoin account, and I use that for all incoming and outgoing payments, it’s very easy to keep track of my transactions. Anyone who has ever given me coins can now see exactly where I send how much money, forever. However, this is not the way that anyone really does or ever should use Bitcoin. It’s standard practice to use a new address for each incoming payment. This way, there’s no link between different inbound transactions. When making an outgoing payment, pick a selection of addresses whose balances add up to only slightly more than the sum you wish to pay. Pool those into a new address (with a little left-over in one of the original accounts), and send the whole payment from that new address. Over time, you accumulate little remainders, which can help fill in the gaps with other payments. This approach keeps transactions largely separate, and makes it very tough to associate more than a couple of transactions. With this approach, it’s mind-bogglingly tough to track a particular person, because there isn’t any particular identifier for “them”. They don’t make and receive payments from any distinct account or unique login: they just keep a wallet full of private keys that own some coins.

Right now, the Bitcoin client is fairly simple. It has all the low-level technical details set up, and it’s meant to be used by savvy users who understand the underlying technology, and know the implications of their behavior. Currently this sort of account-balancing is done manually, by users who know what they’re doing. However, it’s a very simple practice to automate, and we should expect future Bitcoin clients to implement this sort of obfuscations natively, without exposing the user to the technical details. The interface is for this can be simple, and uncluttered: a user just sees their balance, summing over all the addresses they own. Whenever you need to receive a payment, the program generates a new incoming address, and perhaps shows it as a QRcode; whenever you need to pay out, tell it the address and the amount and it’ll take care of the details. As long as the user’s connection to the Bitcoin network is relatively anonymous, minimal information is spilled. Even using heavy-duty anonymity software like Tor has minimal inconvenience because the Bitcoin network already has a fair bit of lag time before confirming transactions.

Tim also plays down the importance of money-laundering services, suggesting that they’re too much trouble for most users. Again: while current interfaces are simplistic, these sort of services can be highly automated, and present very simple interfaces for users. We could imagine a simple Bitcoin-laundering service as follows. Users (through a client) ask the laundry service for an address to pay into, and they specify an address to pay out to, as well as how quickly they want the payout. The service specifies an address and the users pays some money in. At a regular rate, perhaps every minute, or ten minutes depending on the number of users, the service makes a whole load of transactions, paying all the users who requested payouts at about that time. It randomly picks which addresses to make transactions from, so there’s no easy way to link an incoming payment with an outgoing payment. Because the outgoing transactions all happen at the same time, the laundry service acts like a medium-latency mix network, making it very difficult to use timing to associate a user’s inbound and outbound address. Of course, the laundry service takes a small cut from all these transactions. This sort of laundry doesn’t have to be interactive: in fact, it’s the sort of activity which would be well suited to occurring silently and slowly in the background of a Bitcoin client. Users pick certain parameters, like how fast they want all their coins to turn over, or how much to spend, and the client negotiates all the details with a selection of laundry services approved by the user. Other tweaks could include prioritizing certain transactions for laundry, or using a number of laundry services chained together to reduce the amount of information that any one of them has.

There may not be many dedicated laundry services right now, but if people start using Bitcoin for more personal activities, and big brother starts paying closer attention, demand for these sorts of services may well increase. Conveniently, users don’t have to place much trust in a laundry service. If I want to clean a large quantity of money, instead of depositing it all at once, I can deposit it one chunk at a time, and wait for the payback to be confirmed before putting in my next piece. Depending on the size and reputation of a service, it might use chunks ranging from pennies to a few dollars in size, and a user would be free to pay multiple chunks at once if they trust the service and require some speed. This sort of thing should be more and more expected if Bitcoin extends to wider use.

These are just some examples of the techniques that can be used to retain privacy when using Bitcoin. Many of them are complex in structure, but can be automated and represented to even un-savvy users with a very simple interface. All of these strategies could probably be used with traditional currencies too, however it would actually require the user to manually perform all the steps involved. With Bitcoin — like web browsing, instant messaging, or any other complex and protocol-driven activity — users don’t have to understand every detail of the interactions to use the system effectively. The strength of Bitcoin isn’t that it’s anonymous per se — it isn’t — it’s that it makes automation easy and keeps transactions secure. The underlying protocol is already in place, now we can innovate on the techniques and processes that make it convenient and anonymous, or give the system any other properties which we can design for.

Posted in Essays, Features, Responses | Tagged , , , , , , , | 13 Comments

On the CR-48, a Sonnet

Most curious: an online computer,
Missing the keys that I use all the time.
Though it takes only seconds to book her,
For lost functionality, all of us pine.
All of my data is saved in the cloud,
No docs or crypto-keys stored locally,
And coding or debugging is not allowed:
Would Richard Stallman find Chrome-OS free?
But all of my files are safe far from here,
No steamroller’s crush can take them away:
With Google’s web-apps they are always near
To the systems I use for my day-to-day.
I might even get used to all this web-browsing,
For I am attracted to its sleek, black housing.

Posted in Gear, Literature | 1 Comment

Overheard Confabulation

Nate will make a great soldier, possibly the best we’ve ever seen. Four-star general Nathan Plough’s 2032 stand against the Pan-Asian Alliance’s death-drones will give the president just enough time to escape before Washington DC is wiped off the map. Of course, in an ironic twist of fate, his name will go down in infamy when the ESS Plough, flagship of the United Earth Protectorate Fleet, is captained by the traitor Elinor McCarthy, and sides with the Tle’k-nar armada at the second battle of Titan, plunging the human race into a century of grueling war.

Aside | Posted on by | Leave a comment

How can you tell the difference between a police officer and a vampire? Neither can come into a home without being invited. But, if they ask to come in, one resident says yes, and the other says no then a police officer can’t enter, but a vampire can.

Posted on by | Leave a comment

BitTorrent is ThoughtCrime

I Love P2P

CC by blogpocket on flickr

Use of BitTorrent is stigmatised, and poses potential administrative cost and liability risk for anyone who uses it. Since BitTorrent is the most effective ways to distribute large files – especially by individuals, and small businesses who can’t afford much infrastructure – this limits technical options that many people have. Academic analysis of copyright infringement and the surrounding ecosystem may even require such direct data analysis.

This taboo ties the hands of many, even when the protocol is used for legitimate purposes. If an academic wants to conduct investigations which have strong fair use defences, these costs and risks may result in personal or institutional aversion to such research. This has the effect of chilling discussion and investigation of P2P technology, and the related public policy issue of copyright infringement.

***

Earlier this week, some friends and I were academically musing about when the new Harry Potter movie would make into the publicly available torrents. We decided to imagine that there were no internal leaks, and that nobody untrustworthy would get access to it until the night that it was shown.Spoiler alert: it actually dropped 16th, before the premier, completely scuppering our guesses.

We imagined that various scene projectionists would then strike. A projectionist is the ultimate outside insider. They’re not part of the hard core of the chain of movie custody, and don’t face a lot of vetting. However, a line-out cable and a camera mounted next to the projector make for a very convincing analogue copy.

We imagined the camera’s storage being handed off at the end of the first midnight showing. Some quick cuts, and the video is perfect. Allow an hour or two to encode the video to the desired quality, and we imagined Potter’s latest antics would hit a topsite no later than 4am on the release date. Over the next few hours, it’s propagated about the scene, and posted to some private BitTorrent trackers. Someone downloads it there, and posts it to a public tracker. 10am was our guess.

Naturally, we wanted to verify these estimates, so we headed to a public torrent search engine and indexing site (BtJunkie.org, in our case) to see whether anything had been posted. We discovered a selection of torrents, posted at different times, with various different community ratings of authenticity.

One of those we looked at was this one, which at the time had no helpful comments. We were initially a little puzzled: the community ratings indicated authenticity, but the only media file was an iso disk image: a rather strange format for a freshly encoded movie. As the comments currently indicate, this is probably a copy of the tie-in video game, not the original movie, but we didn’t have this helpful information at the time.

The obvious way to find out what sort of file this is is to read the nfo: an accompanying text file from the releaser which explains the torrent, provides attribution to scene groups &c. Nfo files are essentially the human-readable metadata for a torrent. However, we realised that there’s no “safe” way to read the nfo file. In order to get the file, one needs to download the torrent file, and start it in a BitTorrent client.

All modern BitTorrent clients have the ability to prioritise parts of a torrent, and select which of the contained files to download, and which not to. In our case, we only wanted the nfo file, which would not be copyright infringement, since that file is freely distributed by its original author. However, attempting to download it would have been fraught with hazards. Even if we only connected for the seconds or minutes needed to get that tiny 3KB file, or IP address would have been listed with the tracker, and on the DHT, and many other peers would learn it. Worse still, some well-meaning peer might try to send us a piece of the file that we didn’t want, resulting in real, copyrighted material stored in our cache until it was discarded.

The copyright enforcement/investigation agents lurking in the swarm may well have been able to find our address, and – thanks to their typically rather lax procedures for verifying that suspecs are actually infringing, we could have faced some inconvenient consequences. If we lived under a regime with three-strikes “graduated response”, such an accusation might have severed our connection. At the very leat, we might have to engage in some discussion with our netowrk services provider, explaining what was going on.

To me, this seems a little crazy. It’s quite reasonable to talk about, and investigate copyright infringement, without participating in it. In this case, the pertinent information needed to understand the situation could only be obtained by connecting to an partially infringing torrent, in order to get the non-infringing metadata. While this act is totally acceptable on its own, it presents a very real administrative cost and liability risk for anyone who does it.

Why is this? Copyright enforcers are negligently lax in their practices, employing techniques which they know will sweep innocents up in their dragnet. Network service providers are often (though, with many notable exceptions) quick to assume that the word of such agents is reliable. Networks, including the underlying IPv4 architecture, and the BitTorrent applications that run on top of it, are poor at preserving individual anonymity.

Bottom line: connecting to a BitTorrent swarm is dangerous per se, and this fact results in the prior restraint of legitimate discussion and investigation oregarding such systems.

Posted in Commentary, Features | Tagged , , , , , , , , , , , , , , , | Leave a comment

All Ends Cold and Wild

A fairytale by the Oneiroi, translated.

They have travelled far and wide, the lonely man of many faces and his faithful follower. They’ve heard the hints of the dark dog begotten of time’s storm; won the battle at the falls of Stheno’s youngest, cursed sister; and each escaped Anesidora’s entrapping tomb.

They travel together in an ancient, stolen vessel, inadequately maintained, and insufficiently repaired. The interior is spacious, filled with the technical apparatus needed to pilot such a complex craft. The workmanship is arcane: once beautiful and elegant, now extensively jury-rigged, a half-working relic of the majestic civilization which constructed it. There were once fleets of these, each piloted by six skilled crew; now the lonely man may be the only being left who can even come close to manning the helm.

Today, however, is not his day. Without ill-wind or storm, obstacle or shoal, the craft flies wild through dark skies, cartwheeling back and forth without rhyme or reason, before careering to a full stop. The engines groan and whine, steam issues from a broken vent, and the console’s warning lights inform any other sufficiently unobservant viewer that all is not well. The open window in the middle of the room shows the golden light of a young star. Through the window, its fusion throws a warm glow in all directions through the cockpit. The tall handrail that runs all the way around the window casts long shadows.

All else around the craft is inky blackness, unilluminated by the weak glow of the star which dwarfs our heroes’ craft. The pale blue hull is indistinct against the starred sky, it’s lettering only visible when the starlight shines on it just so.

***

The lonely man is not unaccustomed to such setbacks: such are the risks when one captains so ancient a vessel. He darts manically back and forth, closing this valve, and adjusting that setting. The noise of the engines falls to a low, comforting hum, and the steam ceases. The console is still alive with warnings, glistening angrily.

The follower, dazed, asks the lonely man what happened: was that his usual, clumsy flying, or is there more amiss? The lonely man ignores this interruption, and looks back and forth about the console, tweaking this lever and that knob, trying to understand the problem. His eyes are wild as he learns more about the causes of our present chaos. One of his jury-rigs has overridden the signs that the engines are running low on some important supplement. They need careful, regular feeding, or else, well, you see what happens.

The follower does not want to feed the craft some lump of metal. The lonely man should do it, or else the craft should feed itself. Is it not old enough yet that it knows what it wants? The lonely man relents. He has discovered the problem, and concocted a solution, so his attentions seep back out of the heart of the machine an into the here and now. He will fix the machine, but feeding is not all it needs. It has run so low that another part is broken, but not to worry, there is an automated system full of spares.

The automated system is not full of spares. In fact, the automated system is completely devoid of spares, or anything like them. The lonely man cycles it backwards and forwards; every slot is empty: the tipsy rig is quite out of comfort zones. The follower is somewhat concerned at this development, but the lonely man seems un-phased. A manic glint in his eye, he concludes aloud that he will have to produce the replacement valve from other parts, and replace it himself. The follower – face all unease and worry – does not share his easy confidence. The follower suggests that perhaps another of the lonely man’s faces would be better suited to this task, perhaps the one which he most recently wore? The lonely man dismisses these concerns out of hand: there is no reason for anxiety, he assures, for he has the situation under control.

As the lonely man darts back and forth, purloining this widget and that for his abomination of a spare, the follower enumerates other concerns, urging caution. Won’t there be dangerous energies that deep in the heart of the machine – the follower questions – though the answer is well-known: the readout of the spare-less fix-machine says as much. The lonely man replies that such petty rontgens might power a risk to the follower, but not to him. The follower urges the lonely man to reconsider the use of his last face: he would be much more skilled at this task with it on. The lonely man completes his replacement valve, and ducks through a door quipping something witty. The follower barely hears it.

***

The lonely man has been gone a long while, and the follower does not enjoy the wait. Since his flashy departure, things do not seem to have been fixed. The lights grow dim, leaving the cockpit in a gentle pallor, lit mainly by the young star at the window. The follower’s concern for the lonely man’s plan has not subsided, but – unable to operate the console – there is little that can be done even to check the status of the repairs. The follower paces, but as the hours drip by grows tired, and cold. The young star is the only source of warmth. Lying down next to the window, the follower rests in its yellow, watery glow.

Gradually, the console ceases to twinkle as all the lights blink off. Eventually, there is just on light left: a red warning light, spinning silently, though there is no one left to see it. At length, it too goes out. Dark figures move in the hollow cockpit. Figments of the faces that lonely man once wore drift into being one by one. At first, the traipse silently. The most recent speaks first, lamenting. Look how this ship dies just like every other. The last of its kind and the last of his kind, a fitting coffin. This is how it ends, cold and alone, teetering on the edge between emptiness and the dark.

The follower stirs, roused by these words. For a while these speeches make sense, but after a moment she realises their contrariness: these are not the words of the lonely man she knows. With a shout, she challenges the weeping spectres. “This is how you end it, without a fight?” she shouts, hot tears of rage running down her face. “You’re the man who makes people well, fix this, fix me! You promised to keep me safe, so don’t mope, save the day, hero. Am I your friend, or just another person you’ve acquired?” With this diatribe, she breaks down, weeping, and falls to her knees before the lonely man’s latest incarnation, the spectre of the man he most recently was.

The phantom is moved by this outpouring, and surprised, as if he had not expected anyone else in the room. He capitulates, muttering something in French, but it is not heartfelt – more habit than sentiment. He sets to work, examining the console, searching for clues. He has none of the lonely man’s passion or vigour, he moves slowly, but purposefully, examining this or that dial, moving levers with grace and care.

It seems that the lonely man is trapped, but unharmed, in an eddy of the ship’s core. Time is passing so slowly for him that it would take an eternity to draw breath, let alone complete the repairs. The spectre looks up at the follower, face un-moved, like a dog expecting punishment. The follower ignores this gesture, and flies to the lonely man’s aid, opening the door that releases him from his mire. He looks to the follower for a moment, surprised by her sudden appearance, and even more surprised at her thankful embrace.

The repairs are completed swiftly.

***

The cockpit is warm, and well-lit, but devoid of apparitions. The young star is quite far-off in the sold window, bubbling and boiling as young stars do. The follower asks the lonely man what becomes of the faces he casts off, then tells her fable. “Time lords don’t believe in ghosts,” the lonely man of many faces says, before throwing the lever home, flinging his stolen vessel sideways through the future, and slingshotting it back into the depths of history.

The young star is gone from the window. The day’s events are meaningless to it.

Posted in Literature | Tagged , , , , , , , , , , , | Leave a comment

Do Not Track means Do Not Track

I’ve been giving some thought to proposed “Do Not Track” legislation. The proposals, currently being considered by the FTC and the legislature, seek to protect user privacy by empowering us to tell online services not to track us in a way that has teeth. The adopted approach would express some way for users to communicate their preference not to be tracked, and oblige service providers to honour that instruction.

Do Not Track

CC-NC by Peter_Schauer on Flickr

Although the name evokes the FTC’s Do Not Call list, the appropriate implementation would be somewhat different. It is difficult or impossible to implement a list like Do Not Call, since there is no fundamental, persistent online identifier like a phone number. The best candidate – IP addresses – change frequently, and are often shared between several users. There have been various suggestions, but a commonly accepted approach is the x-do-not-track HTTP header. Without too much detail: when a browser accesses a website, it sends certain headers, letting the site know what language it wants, what sort of encoding to use, and so on. x-do-not-track would just be another optional header that some browsers communicate, indicating a binding request not to be tracked.

This is actually a pretty robust approach to this problem, though there remain a few unanswered concerns. Other commentators like Harlan Yu at Freedom to Tinker, and Arvind Narayanan at 33bits have suggested that this would result in a two-tiered web. That is: some services would refuse to provide users with content unless they disable x-do-not-track. I don’t find this to be the most compelling of possible concerns, since it can be solved legislatively with a provision like:

It shall be an offence under this act to refuse service on the basis of the instruction not to track. Any service, or part thereof, which can be provided to an untracked user, and is provided to trackable users, must be provided to an untracked user on the same terms as it is provided to trackable users.

I see a greater issue in the provision itself, that is: Do Not Track. My concern is reminiscent of Justice Black’s famous statement that “‘no law’ means no law“. If there are some users which one cannot track, then one cannot keep any meaningful record of their use of the service. That means no accurate count of how many users access a service, nor even an estimation of what fraction of users request not to be tracked. For non-interactive content sites, this presents something of a concern. The New York Times, for instance does not need to track users in order to show them articles. How then, should the Grey Lady, bill its advertisers, since it can certainly no longer user the number of impressions?

The above paragraph does make one slight assumption. Although it may not be possible to determine what fraction of a site’s visitors are untrackable through automated means, it is still possible to get this information other ways – such as by asking nicely. It only takes one daring social scientist or market research firm to survey users, in order to produce reliable data about various demographics’ use of x-do-not-track. Then it just takes a little statistical analysis for a service to infer its untrackable users on the basis of its tracked population.

This actually has the potential to be good news for such services. If users can now use their sites confident in their anonymity, they are less likely to block their number one source of tracking: advertising. Surely a world where the privacy-conscious see and click on ads is better than their current habit of disabling them altogether?

Posted in Commentary, Essays, Responses | Tagged , , , , , , , , | 2 Comments

The BBC just released two previously cut scenes of the Eleventh Doctor and Amy Pond, which feature some of the best one-liners from the whole season, such as:

Every time the TARDIS materialises in a new location, within the first nano-second of landing it analyses its surroundings, calculates a twelve dimension data map of everything within a thousand mile radius and determines which outer-shell would blend in best with the environment….and then it disguises itself as a Police Telephone Box from 1963.

Check it out: [link] [link]

Posted on by | Tagged , , , , , , , , , , , , , , , | 1 Comment