Topic: Another take at intellectual property - what about bitcoin private keys? (Read 7084 times)

Precisely.

It is your property to use and consume as you wish, absolutely. However, there are limits to the actions you can take without infringing on others' property rights. These limitations have nothing to do with your own property rights, and in fact it doesn't matter whether your property is involved at all. Hitting someone over the head with someone else's brick is just as off-limits as shooting them with your own gun. It's your action and the impact to their property which matter. You have an absolute right to use your own property. You don't have any right to use theirs without their permission. Any action which would infringe on the property rights of multiple individuals requires the unanimous consent of all involved.

Intent also plays into things. If you obtain a key and you don't know it was unlawfully obtained, that's different from if you knew that it was.

The issue also isn't ownership of the private key but what you do with it. Remember when credit cards were recorded by swiping with duplicate paper and there was no ccv code? Someone who you made a payment to "owned" all the information he needed to access your funds. It's only the misuse of it which breaks the law.

And wrt to the property argument, I own my gun. Is it therefore OK to start pointing it in arbitrary directions and pull the trigger? No? Is it not my own property to do with as I wish?

You can type that all you want. If it actually does that, though, you're accessing my computer. That's the problem, not what you do with your computer, but what you do with mine.

Buying the key after the fact is effectively the same as commissioning the theft, so you're just as liable, there. Now... obtaining the key from a bitter spouse, that's a rough one. It would probably depend on how she got it.

Still, you are telling me that I may not type, on my own keyboard, something like (pseudocode): "copy from: myrkulsPC:/dirs/wallet.dat to: myPC:"  Do I own my property or not?


This is what I'm trying to get at. If you foolishly leave your records where an unscrupulous person can get them, then it's your own damn fault. What if you leave them on an old Win98 computer full of hackable bugs? Where does it cross the line? Let's try something else, suppose you leave your private keys written on your desk. And I look in the window with a pair of binoculars and write it down?  Now suppose your keys are in the same place, but covered by another sheet of paper. So I walk up to the (open) window and blow in - the sheet moves, and I copy the key. Is that ok? Is blowing in the window an act of trespass?

In any case, this thread seems to conclude that hacking is equivalent to trespass. This is something I would largely agree with, so I'm willing to leave it at that, particularly since no strong anti-IPR pro-bitcoin person rose to the occasion. However, I have to say that the forum's defence is only this: "it is not permitted to hack someone's computer to obtain a private key; anyone doing so should be fully responsible for the results of that act of trespass, including loss of value to the victim". This is not what I wanted to address in this thread, but I wanted to address whether the key itself is protected; not whether obtaining a copy of the key is some form of crime or not.

So, in alternative, let me hypothesize this. Suppose I can get a copy of your private key without trespassing?  E.g., your estranged and embittered wife/husband gives me a copy. It is now utterly unnecessary for me to interact at all with your property. May I now openly and legally transfer the associated bitcoins to my account or is use of the private key somehow protected?

I can see that if I pay a thief to steal your key, then I would be largely responsible. But suppose a thief steals your key on his own initiative, then tries to sell it to me? The thief is responsible for the trespass and "loss of value" to you. I would be merely copying a number from him and doing some stuff with that number, need I say, with only my computer.

In that case, I accept hacking as trespass to chattels.

It originally meant all personal items. Yes, even your pen example. Technically, that's trespass to chattels. It's also petty theft of ink. It's not worth prosecuting, because of the miniscule amount of financial loss, but it is, technically, a crime, even though most people wouldn't mind. Unless, of course, the pen is owned by the company, and for use of employees, in which case it's perfectly within the proper use of that pen.

Yeah and i want to say that what i write here are mostly generalisations to make a point.
Even the simple case of a pen can lead to a whole essay...

No, but that happens inside an office that is not owned by you.
If your pen happens to be in your house then that is tresspassing.
If the pen is a sequence of unique information living on your computer then that is tresspassing too.
And that is besides the point that this is also theft.

So legally it is the case. At least by precedence in the jurisdiction of those courts. It's not clear from that snippet if they expanded trespass to include all personal items (cf pen example), whether it already applied to those items and they expanded it to include computers  or  if it only means computers and not other personal items or what.

I think it's also important to bear in mind Lincoln's famous quote about dogs and legs.

https://en.wikipedia.org/wiki/Trespass_to_chattels

True. But that's not sufficient. If someone comes to the desk where you work and picks up your pen and writes down a phone number, that's not trespass.

It's not that physical presence is relevant to computers or not. Only that it is relevant to literal trespassing. If you're going to link the two, you'll need to use a qualifier like "virtual" or "effectively". Legally, it's not even close (though politicians could choose to make it so of course)

It has in common that someone is using your stuff without you agreeing to it.
It's that simple.

I don't agree with your definition of hacking. There are many ambiguous forms of hacking. A hacker could have gained access to the bootsector of the computer (again, through different means). Hacking is about getting some form of control, not about getting your code to run per se. You could be running code that was already there. You could not run code at all.

Why do you expect to be able to take responsibility of the stuff happening on your computer all the time?
Do you also think that if you own a car you are responsible for what someone else does with that car all the time?
Do you stand by your car all night to make sure noone steals it and commits a crime with it?

A modern pc does tens of billions of things per second. A mobile device not that much less.
Because of this speed we have no direct sight over it (even you).
I don't see most people inspecting every packet going in and out. They simply trust a tool or a service. They have to because otherwise everyone has to be a computer technician to protect their computer well. It's not practical given the nature of computers.
But then again, as a software developer you must know that it's incredibly hard to make something reasonably complex and bugfree. Bugs that lead to security issues can happen at multiple levels, from conceptual to implementation and everything inbetween.
The tools used for protection are flawed so how much responsibility can you realistically expect people to take?

So altho i agree that the owner of the device has some responsibility, this responsibility is shared with the manufacturer and society in general (laws and opinions).

And i'm not sure what you mean by your analogy.
If the person asking the questions does this with criminal intentions then it is certainly not legal.

That physical presence is not relevant to the computer. I no more have to be local to the processor to use it legitimately than does the hacker, to use it illicitly.

I understand your point (that physical presence is not relevant to computers, therefor hacking is not trespassing since you need to be physically present to trespass), which is essentially the same as mine (that physical presence is not relevant to computers, therefor hacking is trespassing since you do not need to be physically present to trespass), but the fact remains that the hacker is using your property without your permission, which is functionally identical to trespassing.

Yes. I don't see your point.

A lock can still be bypassed without using a key. One does not blame the house owner for purchasing a lock with "vulnerabilities" that allow it to be picked, nor the manufacturer for producing it. One blames the man with the set of lock picks.


From the point of view of the processor, I am no more physically present than a hacker. A processor simply runs whatever instructions are presented to it, regardless of where it comes from.

Lack of physical presence.

Thanks for the vote of confidence, but I really do know how system breaking works. I'm a software engineer with a focus on real-time operating systems and device drivers, not a computer novice. I'm familiar with the techniques from a theoretical / defensive perspective, though I've never been inclined to put them into practice against someone else's system.

Your description of arbitrary code execution vulnerabilities is reasonably accurate. However, what you're overlooking is the fact that it is the software already on the computer which takes the data supplied by the hacker and reinterprets it as code. The code came from the hacker, but the software already on your computer ran it. This happens all the time without any harm or fault attached; most web pages include executable code that your computer downloads and runs, for example. Even bitcoin transactions include executable scripts. Most of the time the computer's owner is not even aware of the code. In many cases (e.g. ads and tracking code in web pages) it is even true that the owner would not approve of running the code if he or she was made aware of it.

The question is whether it is sufficient that the computer accepted the code and ran it, or if the owner must be expected to approve of running it given the choice. I would argue that when you own a machine that is designed to receive and process messages, and connect it to the Internet, it is your responsibility to make sure it processes them safely (or accept the consequences), even in the case of malformed or maliciously crafted messages. If that places an unacceptable burden on the participants, I've already suggested a system of contracts which would suffice to enforce some basic etiquette while remaining consistent with the natural rights of everyone involved.

Consider this: What we have here is basically a case where you have some information you don't want to give to anyone else. Forget the computers; if this was simply information in your head, and someone else, by asking the right questions, managed to get you to reveal it despite your attempts at concealment (by observing your involuntary body language, for example), that would not make them an aggressor. Like I said before, of course, all analogies are false to some extent, including this one. I'm not basing any conclusions on it. However, I think it makes a decent illustration.