Pages:
Author

Topic: Another take at intellectual property - what about bitcoin private keys? (Read 7054 times)

legendary
Activity: 2576
Merit: 2267
1RichyTrEwPYjZSeAYxeiFBNnKC9UjC5k
And wrt to the property argument, I own my gun. Is it therefore OK to start pointing it in arbitrary directions and pull the trigger? No? Is it not my own property to do with as I wish?

It is your property to use and consume as you wish, absolutely. However, there are limits to the actions you can take without infringing on others' property rights. These limitations have nothing to do with your own property rights, and in fact it doesn't matter whether your property is involved at all. Hitting someone over the head with someone else's brick is just as off-limits as shooting them with your own gun. It's your action and the impact to their property which matter. You have an absolute right to use your own property. You don't have any right to use theirs without their permission. Any action which would infringe on the property rights of multiple individuals requires the unanimous consent of all involved.

Precisely.
full member
Activity: 152
Merit: 100
And wrt to the property argument, I own my gun. Is it therefore OK to start pointing it in arbitrary directions and pull the trigger? No? Is it not my own property to do with as I wish?

It is your property to use and consume as you wish, absolutely. However, there are limits to the actions you can take without infringing on others' property rights. These limitations have nothing to do with your own property rights, and in fact it doesn't matter whether your property is involved at all. Hitting someone over the head with someone else's brick is just as off-limits as shooting them with your own gun. It's your action and the impact to their property which matter. You have an absolute right to use your own property. You don't have any right to use theirs without their permission. Any action which would infringe on the property rights of multiple individuals requires the unanimous consent of all involved.
legendary
Activity: 2576
Merit: 2267
1RichyTrEwPYjZSeAYxeiFBNnKC9UjC5k
Intent also plays into things. If you obtain a key and you don't know it was unlawfully obtained, that's different from if you knew that it was.

The issue also isn't ownership of the private key but what you do with it. Remember when credit cards were recorded by swiping with duplicate paper and there was no ccv code? Someone who you made a payment to "owned" all the information he needed to access your funds. It's only the misuse of it which breaks the law.

And wrt to the property argument, I own my gun. Is it therefore OK to start pointing it in arbitrary directions and pull the trigger? No? Is it not my own property to do with as I wish?
hero member
Activity: 532
Merit: 500
FIAT LIBERTAS RVAT CAELVM
Still, you are telling me that I may not type, on my own keyboard, something like (pseudocode): "copy from: myrkulsPC:/dirs/wallet.dat to: myPC:"  Do I own my property or not?
You can type that all you want. If it actually does that, though, you're accessing my computer. That's the problem, not what you do with your computer, but what you do with mine.


So, in alternative, let me hypothesize this. Suppose I can get a copy of your private key without trespassing?  E.g., your estranged and embittered wife/husband gives me a copy. It is now utterly unnecessary for me to interact at all with your property. May I now openly and legally transfer the associated bitcoins to my account or is use of the private key somehow protected?

I can see that if I pay a thief to steal your key, then I would be largely responsible. But suppose a thief steals your key on his own initiative, then tries to sell it to me? The thief is responsible for the trespass and "loss of value" to you. I would be merely copying a number from him and doing some stuff with that number, need I say, with only my computer.
Buying the key after the fact is effectively the same as commissioning the theft, so you're just as liable, there. Now... obtaining the key from a bitter spouse, that's a rough one. It would probably depend on how she got it.
sr. member
Activity: 440
Merit: 250
"Telling me what I can and cannot do with my computer is equivalent to claiming ownership of my computer, which amounts to little more than theft, hence a violation of NAP".

That's pretty close. I would say that you're using my property (the computer) without my permission, or even knowledge, which, while there is no damage done to that property, does result in a financial loss to me, the same as if you had picked the lock on my front door, and used the access to my house thus acquired to rifle through my financial records and gain access to my bank account information.
Still, you are telling me that I may not type, on my own keyboard, something like (pseudocode): "copy from: myrkulsPC:/dirs/wallet.dat to: myPC:"  Do I own my property or not?

If I foolishly posted my private key down there in my sig, or nailed my banking records to my front door, then the end result of that is my own damn fault, and I'd have a hard time prosecuting you for using the data that is so freely available. On the other hand, if you had to trespass to get that data, then the data is clearly illicit, and what you do with it (such as steal my money) may further compound your crimes.

This is what I'm trying to get at. If you foolishly leave your records where an unscrupulous person can get them, then it's your own damn fault. What if you leave them on an old Win98 computer full of hackable bugs? Where does it cross the line? Let's try something else, suppose you leave your private keys written on your desk. And I look in the window with a pair of binoculars and write it down?  Now suppose your keys are in the same place, but covered by another sheet of paper. So I walk up to the (open) window and blow in - the sheet moves, and I copy the key. Is that ok? Is blowing in the window an act of trespass?

In any case, this thread seems to conclude that hacking is equivalent to trespass. This is something I would largely agree with, so I'm willing to leave it at that, particularly since no strong anti-IPR pro-bitcoin person rose to the occasion. However, I have to say that the forum's defence is only this: "it is not permitted to hack someone's computer to obtain a private key; anyone doing so should be fully responsible for the results of that act of trespass, including loss of value to the victim". This is not what I wanted to address in this thread, but I wanted to address whether the key itself is protected; not whether obtaining a copy of the key is some form of crime or not.

So, in alternative, let me hypothesize this. Suppose I can get a copy of your private key without trespassing?  E.g., your estranged and embittered wife/husband gives me a copy. It is now utterly unnecessary for me to interact at all with your property. May I now openly and legally transfer the associated bitcoins to my account or is use of the private key somehow protected?

I can see that if I pay a thief to steal your key, then I would be largely responsible. But suppose a thief steals your key on his own initiative, then tries to sell it to me? The thief is responsible for the trespass and "loss of value" to you. I would be merely copying a number from him and doing some stuff with that number, need I say, with only my computer.
legendary
Activity: 2576
Merit: 2267
1RichyTrEwPYjZSeAYxeiFBNnKC9UjC5k
So legally it is the case. At least by precedence in the jurisdiction of those courts. It's not clear from that snippet if they expanded trespass to include all personal items (cf pen example), whether it already applied to those items and they expanded it to include computers  or  if it only means computers and not other personal items or what.

It originally meant all personal items. Yes, even your pen example. Technically, that's trespass to chattels. It's also petty theft of ink. It's not worth prosecuting, because of the miniscule amount of financial loss, but it is, technically, a crime, even though most people wouldn't mind. Unless, of course, the pen is owned by the company, and for use of employees, in which case it's perfectly within the proper use of that pen.

In that case, I accept hacking as trespass to chattels.
hero member
Activity: 532
Merit: 500
FIAT LIBERTAS RVAT CAELVM
So legally it is the case. At least by precedence in the jurisdiction of those courts. It's not clear from that snippet if they expanded trespass to include all personal items (cf pen example), whether it already applied to those items and they expanded it to include computers  or  if it only means computers and not other personal items or what.

It originally meant all personal items. Yes, even your pen example. Technically, that's trespass to chattels. It's also petty theft of ink. It's not worth prosecuting, because of the miniscule amount of financial loss, but it is, technically, a crime, even though most people wouldn't mind. Unless, of course, the pen is owned by the company, and for use of employees, in which case it's perfectly within the proper use of that pen.
hero member
Activity: 840
Merit: 1000
https://en.wikipedia.org/wiki/Trespass_to_chattels

Quote
The trespass to chattels tort punishes anyone who substantially interferes with the use of another's personal property, or chattels. Plaintiffs must show that the offender had intentional physical contact with the chattel and that the contact caused some substantial interference or damage. The courts that imported this common law doctrine into the digital world reasoned that electrical signals traveling across networks and through proprietary servers may constitute the contact necessary to support a trespass claim. Applying this common law action to computer networks, plaintiffs must first prove that they received some type of electronic communication (typically bulk e-mail or spam) that the defendant intentionally sent to interfere with the plaintiff's interest in his or her property and second that this communication caused a quantifiable harm to their tangible property, such as impaired functioning of the computer, network or server.
[eBay v. Bidder's Edge, 100 F.Supp.2d 1058 (N.D. Cal. 2000)]

So legally it is the case. At least by precedence in the jurisdiction of those courts. It's not clear from that snippet if they expanded trespass to include all personal items (cf pen example), whether it already applied to those items and they expanded it to include computers  or  if it only means computers and not other personal items or what.

I think it's also important to bear in mind Lincoln's famous quote about dogs and legs.

Yeah and i want to say that what i write here are mostly generalisations to make a point.
Even the simple case of a pen can lead to a whole essay... Smiley
hero member
Activity: 840
Merit: 1000
Just to say, I've lost interest in the private key aspect of this argument but I agree that the hacking of a computer is not the same as trespass. Though it does have some aspects in common, it is still a different thing.

It has in common that someone is using your stuff without you agreeing to it.
It's that simple.

True. But that's not sufficient. If someone comes to the desk where you work and picks up your pen and writes down a phone number, that's not trespass.
No, but that happens inside an office that is not owned by you.
If your pen happens to be in your house then that is tresspassing.
If the pen is a sequence of unique information living on your computer then that is tresspassing too.
And that is besides the point that this is also theft.

legendary
Activity: 2576
Merit: 2267
1RichyTrEwPYjZSeAYxeiFBNnKC9UjC5k
https://en.wikipedia.org/wiki/Trespass_to_chattels

Quote
The trespass to chattels tort punishes anyone who substantially interferes with the use of another's personal property, or chattels. Plaintiffs must show that the offender had intentional physical contact with the chattel and that the contact caused some substantial interference or damage. The courts that imported this common law doctrine into the digital world reasoned that electrical signals traveling across networks and through proprietary servers may constitute the contact necessary to support a trespass claim. Applying this common law action to computer networks, plaintiffs must first prove that they received some type of electronic communication (typically bulk e-mail or spam) that the defendant intentionally sent to interfere with the plaintiff's interest in his or her property and second that this communication caused a quantifiable harm to their tangible property, such as impaired functioning of the computer, network or server.
[eBay v. Bidder's Edge, 100 F.Supp.2d 1058 (N.D. Cal. 2000)]

So legally it is the case. At least by precedence in the jurisdiction of those courts. It's not clear from that snippet if they expanded trespass to include all personal items (cf pen example), whether it already applied to those items and they expanded it to include computers  or  if it only means computers and not other personal items or what.

I think it's also important to bear in mind Lincoln's famous quote about dogs and legs.
hero member
Activity: 532
Merit: 500
FIAT LIBERTAS RVAT CAELVM
https://en.wikipedia.org/wiki/Trespass_to_chattels

Quote
The trespass to chattels tort punishes anyone who substantially interferes with the use of another's personal property, or chattels. Plaintiffs must show that the offender had intentional physical contact with the chattel and that the contact caused some substantial interference or damage. The courts that imported this common law doctrine into the digital world reasoned that electrical signals traveling across networks and through proprietary servers may constitute the contact necessary to support a trespass claim. Applying this common law action to computer networks, plaintiffs must first prove that they received some type of electronic communication (typically bulk e-mail or spam) that the defendant intentionally sent to interfere with the plaintiff's interest in his or her property and second that this communication caused a quantifiable harm to their tangible property, such as impaired functioning of the computer, network or server.
[eBay v. Bidder's Edge, 100 F.Supp.2d 1058 (N.D. Cal. 2000)]
legendary
Activity: 2576
Merit: 2267
1RichyTrEwPYjZSeAYxeiFBNnKC9UjC5k
Just to say, I've lost interest in the private key aspect of this argument but I agree that the hacking of a computer is not the same as trespass. Though it does have some aspects in common, it is still a different thing.

It has in common that someone is using your stuff without you agreeing to it.
It's that simple.

True. But that's not sufficient. If someone comes to the desk where you work and picks up your pen and writes down a phone number, that's not trespass.
legendary
Activity: 2576
Merit: 2267
1RichyTrEwPYjZSeAYxeiFBNnKC9UjC5k
What is the key difference?
Lack of physical presence.
From the point of view of the processor, I am no more physically present than a hacker. A processor simply runs whatever instructions are presented to it, regardless of where it comes from.
Yes. I don't see your point.

That physical presence is not relevant to the computer. I no more have to be local to the processor to use it legitimately than does the hacker, to use it illicitly.

I understand your point (that physical presence is not relevant to computers, therefor hacking is not trespassing since you need to be physically present to trespass), which is essentially the same as mine (that physical presence is not relevant to computers, therefor hacking is trespassing since you do not need to be physically present to trespass), but the fact remains that the hacker is using your property without your permission, which is functionally identical to trespassing.

It's not that physical presence is relevant to computers or not. Only that it is relevant to literal trespassing. If you're going to link the two, you'll need to use a qualifier like "virtual" or "effectively". Legally, it's not even close (though politicians could choose to make it so of course)
hero member
Activity: 840
Merit: 1000
Just to say, I've lost interest in the private key aspect of this argument but I agree that the hacking of a computer is not the same as trespass. Though it does have some aspects in common, it is still a different thing.

It has in common that someone is using your stuff without you agreeing to it.
It's that simple.
hero member
Activity: 840
Merit: 1000
Your description of arbitrary code execution vulnerabilities is reasonably accurate. However, what you're overlooking is the fact that it is the software already on the computer which takes the data supplied by the hacker and reinterprets it as code. The code came from the hacker, but the software already on your computer ran it. This happens all the time without any harm or fault attached; most web pages include executable code that your computer downloads and runs, for example. Even bitcoin transactions include executable scripts. Most of the time the computer's owner is not even aware of the code. In many cases (e.g. ads and tracking code in web pages) it is even true that the owner would not approve of running the code if he or she was made aware of it.

The question is whether it is sufficient that the computer accepted the code and ran it, or if the owner must be expected to approve of running it given the choice. I would argue that when you own a machine that is designed to receive and process messages, and connect it to the Internet, it is your responsibility to make sure it processes them safely (or accept the consequences), even in the case of malformed or maliciously crafted messages. If that places an unacceptable burden on the participants, I've already suggested a system of contracts which would suffice to enforce some basic etiquette while remaining consistent with the natural rights of everyone involved.

Consider this: What we have here is basically a case where you have some information you don't want to give to anyone else. Forget the computers; if this was simply information in your head, and someone else, by asking the right questions, managed to get you to reveal it despite your attempts at concealment (by observing your involuntary body language, for example), that would not make them an aggressor. Like I said before, of course, all analogies are false to some extent, including this one. I'm not basing any conclusions on it. However, I think it makes a decent illustration.
I don't agree with your definition of hacking. There are many ambiguous forms of hacking. A hacker could have gained access to the bootsector of the computer (again, through different means). Hacking is about getting some form of control, not about getting your code to run per se. You could be running code that was already there. You could not run code at all.

Why do you expect to be able to take responsibility of the stuff happening on your computer all the time?
Do you also think that if you own a car you are responsible for what someone else does with that car all the time?
Do you stand by your car all night to make sure noone steals it and commits a crime with it?

A modern pc does tens of billions of things per second. A mobile device not that much less.
Because of this speed we have no direct sight over it (even you).
I don't see most people inspecting every packet going in and out. They simply trust a tool or a service. They have to because otherwise everyone has to be a computer technician to protect their computer well. It's not practical given the nature of computers.
But then again, as a software developer you must know that it's incredibly hard to make something reasonably complex and bugfree. Bugs that lead to security issues can happen at multiple levels, from conceptual to implementation and everything inbetween.
The tools used for protection are flawed so how much responsibility can you realistically expect people to take?

So altho i agree that the owner of the device has some responsibility, this responsibility is shared with the manufacturer and society in general (laws and opinions).

And i'm not sure what you mean by your analogy.
If the person asking the questions does this with criminal intentions then it is certainly not legal.
hero member
Activity: 532
Merit: 500
FIAT LIBERTAS RVAT CAELVM
What is the key difference?
Lack of physical presence.
From the point of view of the processor, I am no more physically present than a hacker. A processor simply runs whatever instructions are presented to it, regardless of where it comes from.
Yes. I don't see your point.

That physical presence is not relevant to the computer. I no more have to be local to the processor to use it legitimately than does the hacker, to use it illicitly.

I understand your point (that physical presence is not relevant to computers, therefor hacking is not trespassing since you need to be physically present to trespass), which is essentially the same as mine (that physical presence is not relevant to computers, therefor hacking is trespassing since you do not need to be physically present to trespass), but the fact remains that the hacker is using your property without your permission, which is functionally identical to trespassing.
legendary
Activity: 2576
Merit: 2267
1RichyTrEwPYjZSeAYxeiFBNnKC9UjC5k
A lock can still be bypassed without using a key. One does not blame the house owner for purchasing a lock with "vulnerabilities" that allow it to be picked, nor the manufacturer for producing it. One blames the man with the set of lock picks.

What is the key difference?
Lack of physical presence.

From the point of view of the processor, I am no more physically present than a hacker. A processor simply runs whatever instructions are presented to it, regardless of where it comes from.

Yes. I don't see your point.
hero member
Activity: 532
Merit: 500
FIAT LIBERTAS RVAT CAELVM
A lock can still be bypassed without using a key. One does not blame the house owner for purchasing a lock with "vulnerabilities" that allow it to be picked, nor the manufacturer for producing it. One blames the man with the set of lock picks.

What is the key difference?
Lack of physical presence.

From the point of view of the processor, I am no more physically present than a hacker. A processor simply runs whatever instructions are presented to it, regardless of where it comes from.
legendary
Activity: 2576
Merit: 2267
1RichyTrEwPYjZSeAYxeiFBNnKC9UjC5k
Just to say, I've lost interest in the private key aspect of this argument but I agree that the hacking of a computer is not the same as trespass. Though it does have some aspects in common, it is still a different thing.

What is the key difference?

Lack of physical presence.
full member
Activity: 152
Merit: 100
I don't think you understand how hacking works. In most cases a flaw in one or another software package allows data in the message (which should always be treated as data, never instructions) to be run as instructions. This is known as a remote code execution or arbitrary code execution bug. The hacker then maliciously crafts a message which includes the instructions that he wants to run on your machine at the appropriate location in the data. When you receive this message, your computer runs those instructions, and the hacker gains access to your computer.

So, no. The owner didn't put those instructions there. The hacker did. And that is equivalent, at minimum, to trespass.

Thanks for the vote of confidence, but I really do know how system breaking works. I'm a software engineer with a focus on real-time operating systems and device drivers, not a computer novice. I'm familiar with the techniques from a theoretical / defensive perspective, though I've never been inclined to put them into practice against someone else's system.

Your description of arbitrary code execution vulnerabilities is reasonably accurate. However, what you're overlooking is the fact that it is the software already on the computer which takes the data supplied by the hacker and reinterprets it as code. The code came from the hacker, but the software already on your computer ran it. This happens all the time without any harm or fault attached; most web pages include executable code that your computer downloads and runs, for example. Even bitcoin transactions include executable scripts. Most of the time the computer's owner is not even aware of the code. In many cases (e.g. ads and tracking code in web pages) it is even true that the owner would not approve of running the code if he or she was made aware of it.

The question is whether it is sufficient that the computer accepted the code and ran it, or if the owner must be expected to approve of running it given the choice. I would argue that when you own a machine that is designed to receive and process messages, and connect it to the Internet, it is your responsibility to make sure it processes them safely (or accept the consequences), even in the case of malformed or maliciously crafted messages. If that places an unacceptable burden on the participants, I've already suggested a system of contracts which would suffice to enforce some basic etiquette while remaining consistent with the natural rights of everyone involved.

Consider this: What we have here is basically a case where you have some information you don't want to give to anyone else. Forget the computers; if this was simply information in your head, and someone else, by asking the right questions, managed to get you to reveal it despite your attempts at concealment (by observing your involuntary body language, for example), that would not make them an aggressor. Like I said before, of course, all analogies are false to some extent, including this one. I'm not basing any conclusions on it. However, I think it makes a decent illustration.
Pages:
Jump to: