Category Archives: Cryptography

Checking In With Bitcoin (2)

Posted on September 5, 2012 by Michael Froomkin

Hacker steals $250k in Bitcoins from online exchange Bitfloor | Ars Technica

The future of the up-and-coming Bitcoin exchange Bitfloor was thrown into question Tuesday when the company’s founder reported that someone had compromised his servers and made off with about 24,000 Bitcoins, worth almost a quarter-million dollars. The exchange no longer has enough cash to cover all of its deposits, and it has suspended its operations while it considers its options.

This comes on the heels of news of the collapse of what’s been called a giant Bitcoin Ponzi scheme. See Official: Bitcoin Loan Shark ‘pirateat40’ Defaults for details:

A mountain of problems have been growing the past several weeks surrounding the recent drama around massive Bitcoin lender, pirateat40, as reports of fund inaccessibility came out of the wood work.

Purported to have had somewhere around 500,000 BTC in Bitcoin Savings & Trust, his fund that was offering deposit account holders up to 7% weekly interest on their holdings. The lending service provider announced a default on borrowed assets just a short while ago; the estimated value for the defaulted assets is $5,000,000 USD.

Actually, the amazing part is that Bitcoin isn’t totally dead.

Previously: Bitcoin & Gresham’s Law & Botnets (2/22/12); Checking In With Bitcoin (10/25/11) and Why Bitcoin Isn’t As Exciting as it May Sound (6/11/11).

Posted in Cryptography, Econ & Money | Comments Off on Checking In With Bitcoin (2)

Key Cryptography Concept Explained

Posted on May 9, 2012 by Michael Froomkin

I thought this video explanation of Public Key Cryptography: Diffie-Hellman Key Exchange [or, if you prefer, Diffie-Hellman-Merkle key exchange] was unusually clear. Secure key exchange is really important, because exchanging keys securely with someone is an essential prerequisite to creating a secure communications channel with them.

This video is great for people who want an intro to one of the central ideas in modern cryptography:

OK, there was a little math in there, but not so much.

Posted in Cryptography | 1 Comment

EFF Announces Coders’ Rights List

Posted on April 27, 2012 by Michael Froomkin

EFF has a new mailing list devoted to “the latest news on computer security law, upcoming events with EFF lawyers, discounts on infosec conferences like BlackHat, SOURCE, HOPE, and open source software events.” Sign me up.

There’s a wacky promo which I think someone had too much fun making:

Disclosure: I am on the EFF Advisory Board.

Posted in Civil Liberties, Cryptography, Internet | Comments Off on EFF Announces Coders’ Rights List

Another Blow to Free Speech

Posted on April 19, 2012 by Michael Froomkin

David Cole, 39 Ways to Limit Free Speech.

Seventeen and a half years for translating a document? Granted, it’s an extremist text. Among the “39 ways” it advocates include “Truthfully Ask Allah for Martyrdom,” “Go for Jihad Yourself,” “Giving Shelter to the Mujahedin,” and “Have Enmity Towards the Disbelievers.” (Other “ways to serve,” however, include, “Learn to Swim and Ride Horses,” “Get Physically Fit,” “Stand in Opposition to the Disbelievers,” and “Expose the Hypocrites and Traitors.”) But surely we have not come to the point where we lock people up for nearly two decades for translating a widely available document? After all, news organizations and scholars routinely translate and publicize jihadist texts; think, for example, of the many reports about messages from Osama bin Laden.

In 2009, Tarek Mehanna, who has no prior criminal record, was arrested and placed in maximum security confinement on “terrorism” charges. The case against him rested on allegations that as a 21-year old he had traveled with friends to Yemen in 2004 in an unsuccessful search for a jihadist training camp in order to fight in Iraq, and that he had translated several jihadist tracts and videos into English for distribution on the Internet, allegedly to spur readers on to jihad. After a two-month trial, he was convicted of conspiring to provide material support to a terrorist organization. The jury did not specify whether it found him guilty for his aborted trip to Yemen—which resulted in no known contacts with jihadists—or for his translations, so under established law, the conviction cannot stand unless it’s permissible to penalize him for his speech. Mehanna is appealing.

Under traditional (read “pre-9/11”) First Amendment doctrine, Mehanna could not have been convicted even if he had written “39 Ways” himself, unless the government could shoulder the heavy burden of demonstrating that the document was “intended and likely to incite imminent lawless action,” a standard virtually impossible to meet for written texts. In 1969, in Brandenburg v. Ohio, the Supreme Court established that standard in ruling that the First Amendment protected a Ku Klux Klansman who made a speech to a Klan gathering advocating “revengeance” against “niggers” and “Jews.” It did so only after years of experience with federal and state governments using laws prohibiting advocacy of crime as a tool to target political dissidents (anarchists, anti-war protesters, and Communists, to name a few).

But in Mehanna’s case, the government never tried to satisfy that standard. It didn’t show that any violent act was caused by the document or its translation, much less that Mehanna intended to incite imminent criminal conduct and was likely, through the translation, to do so. In fact, it accused Mehanna of no violent act of any kind. Instead, the prosecutor successfully argued that Mehanna’s translation was intended to aid al-Qaeda, by inspiring readers to pursue jihad themselves, and therefore constituted “material support” to a “terrorist organization.”

The government provided no evidence that Mehanna ever met or communicated with anyone from al-Qaeda. Nor did it demonstrate that the translation was sent to al-Qaeda. (It was posted by an online publisher , Al-Tibyan Publications, that has not been designated as a part of or a front for al-Qaeda). It did not even claim that the “39 Ways” was written by al-Qaeda. The prosecution offered plenty of evidence that in Internet chat rooms Mehanna expressed admiration for the group’s ideology, and for Osama bin Laden in particular. But can one provide “material support” to a group with which one has never communicated?

If this had been the rule back then, I could imagine some people wanting to extend the logic to shut down domestic writing about cryptography back in the early 90s. Because that is what some of them were saying — that spreading crypto around was a way to aid the Four Horsemen of the Infocopalypse: drug dealers, pornographers, pedophiles and terrorists. At the time the terrorists were the tail, not the dog, but times change quickly.

(When I grow up, I want to write for the New York Review of Books.)

Posted in Civil Liberties, Cryptography | 1 Comment

The App that Ate the Plastic Card

Posted on March 13, 2012 by Michael Froomkin

There’s a lot of smart stuff about why the mobile Starbucks phone app caught on and the Mondex digital cash card failed in Dave Birch’s latest at ‘Consult Hyperion’. If you are into e-payments, you should read it, but then if you are into e-payments you’ve probably been reading him for a long time.

All this is partly an excuse to repost this paragraph, that made me laugh:

Incidentally, I got an e-mail from Starbucks telling me that from now on if I use my Starbucks app to buy in-store then the staff can call me by my name. I had to go and log in to my Starbucks account to find out what name I’d used when I set it up. Naturally, I hadn’t used my “real name”, which in this case is pretty handy. When they call out “Latte with extra shot for Dave” there might be many Daves and so confusion, but when they call out “Latte with extra shot for Theogenes de Montford” I’m pretty sure I’ll be the only one up at the counter. But I digress.

I so get that. But somehow I never do it.

Posted in Cryptography, ID Cards and Identification | 2 Comments

11th Circuit Rules that Full Immunity Is Required for Compelled Decryption

Posted on February 24, 2012 by Michael Froomkin

The 11th Circuit just decided In re Grand Jury Subpoena Duces Tecum March 25, 2011, USA v. John Doe.

Doe was ordered to decrypt his hard drive, and given limited immunity (use immunity) regarding the act of production of the unencrypted contents. He refused, claiming that the immunity was insufficient, and also that he was not in fact able to decrypt the hard drives.

We turn now to the merits of Doe’s appeal. In compelling Doe to produce the unencrypted contents of the hard drives and then in holding him in contempt for failing to do so, the district court concluded that the Government’s use of the unencrypted contents in a prosecution against Doe would not constitute the derivative use of compelled testimony protected by the Fifth Amendment privilege against self-incrimination. This is so, the court thought,because Doe’s decryption and production of the hard drives would not constitute “testimony.” And although that was the Government’s view as well, the Government nonetheless requested act-of-production immunity.13 The district court granted this request.

For the reasons that follow, we hold that Doe’s decryption and production of the hard drives’ contents would trigger Fifth Amendment protection because it would be testimonial, and that such protection would extend to the Government’s use of the drives’ contents. The district court therefore erred in two respects. First, it erred in concluding that Doe’s act of decryption and production would not constitute testimony. Second, in granting Doe immunity, it erred in limiting his immunity, under 18 U.S.C. §§ 6002 and 6003, to the Government’s use of his act of decryption and production, but allowing the Government derivative use of the evidence such act disclosed.

It’s a well-argued opinion and could be influential.

Posted in Cryptography, Law: Criminal Law, Law: Internet Law | 1 Comment