This weekly roundup thread is intended for all culture war posts. 'Culture war' is vaguely defined, but it basically means controversial issues that fall along set tribal lines. Arguments over culture war issues generate a lot of heat and little light, and few deeply entrenched people ever change their minds. This thread is for voicing opinions and analyzing the state of the discussion while trying to optimize for light over heat.
Optimistically, we think that engaging with people you disagree with is worth your time, and so is being nice! Pessimistically, there are many dynamics that can lead discussions on Culture War topics to become unproductive. There's a human tendency to divide along tribal lines, praising your ingroup and vilifying your outgroup - and if you think you find it easy to criticize your ingroup, then it may be that your outgroup is not who you think it is. Extremists with opposing positions can feed off each other, highlighting each other's worst points to justify their own angry rhetoric, which becomes in turn a new example of bad behavior for the other side to highlight.
We would like to avoid these negative dynamics. Accordingly, we ask that you do not use this thread for waging the Culture War. Examples of waging the Culture War:
-
Shaming.
-
Attempting to 'build consensus' or enforce ideological conformity.
-
Making sweeping generalizations to vilify a group you dislike.
-
Recruiting for a cause.
-
Posting links that could be summarized as 'Boo outgroup!' Basically, if your content is 'Can you believe what Those People did this week?' then you should either refrain from posting, or do some very patient work to contextualize and/or steel-man the relevant viewpoint.
In general, you should argue to understand, not to win. This thread is not territory to be claimed by one group or another; indeed, the aim is to have many different viewpoints represented here. Thus, we also ask that you follow some guidelines:
-
Speak plainly. Avoid sarcasm and mockery. When disagreeing with someone, state your objections explicitly.
-
Be as precise and charitable as you can. Don't paraphrase unflatteringly.
-
Don't imply that someone said something they did not say, even if you think it follows from what they said.
-
Write like everyone is reading and you want them to be included in the discussion.
On an ad hoc basis, the mods will try to compile a list of the best posts/comments from the previous week, posted in Quality Contribution threads and archived at /r/TheThread. You may nominate a comment for this list by clicking on 'report' at the bottom of the post and typing 'Actually a quality contribution' as the report reason.
Jump in the discussion.
No email address required.
Notes -
Update on the "Code is Speech" Front
Organizations like FFTF/EFF have long argued from a principle that "Code is Speech". Most recently, they applied their reasoning to maximum extent on behalf of Tornado Cash. I have long argued that while they are pointing at the barest kernel of a Motte (there is one case where pseudocode was being used in a textbook to provide an example in order to illustrate the ideas contained in the text, and that was deemed protected speech), examples like Tornado Cash are the Bailey, with the argument seeming to be something along the lines of, "Anything that you choose to do with code (...something, something, maybe as long as you open source it... something...) is protected speech." Ergo things like: Tornado Cash was open source code, therefore protected speech.
Matthew Green, a prof at Johns Hopkins, notable for being part of the Keys Under Doormats group and partnering with the EFF on Tornado Cash, joined with Andrew Huang, an inventor/engineer, to apply this principle in challenging the DMCA. They wanted to write code to bypass digital content restrictions, disseminate the ideas/methods of that code, and create/sell a device that implements it and allows the purchaser to just use that code to bypass said restrictions. They knew that there was a good chance of getting dinged by the gov't on DMCA grounds, so they filed a pre-enforcement challenge to see if the courts would bless their "Code is Speech" position and give them an assurance that they could not be prosecuted for those actions. This week, the DC Circuit weighed in.
The court split the case pretty much exactly between the Motte and the Bailey. That is, instead of treating the pair of individuals (and their respective proposed actions) as one in the same, the court recognized that the two individuals were proposing different actions - Green wanted to publish a book that describes ideas/methods for circumventing digital content restrictions (with example code), while Huang wanted to build/sell a device that actually implements that code and performs the actual action of bypassing such restrictions in the real world. The government had already conceded that Green's publishing of a book would not violate the DMCA, and so they could simply peel his part of the challenge off and ignore it (he's effectively already protected by the government's concession, so there's nothing else the court need do). Separately, Huang's device does not communicate any speech/expressive content. People would be buying it to use it, not to learn about how algorithms work. Therefore, Huang would not receive First Amendment protection.
I think this line is in about the right place, both as a theoretical matter and as a practical one. Practically-speaking, most people aren't going to be buying Green's book, then sitting down and coding up their own implementation to bypass content restrictions. So, to the extent that one thinks that reducing copyright violations is a worthwhile goal, this line probably does most of the job. I can already hear the rejoinder coming, "But isn't that pointless, because some people can still just go implement that code!? Once it's out there, it's pointless!" But it's not. Practically, there's still a big barrier to implementing it; the vast majority of people won't bother. No other law ever has ever been judged by its ability to 100% stop 100% of possible violations; that would be absurd; but it's somehow still commonly thrown out there in tech law arguments. Instead, if we embrace this speech/implementation divide, these cases are easy, and they usually come out the right way as a practical matter.
Tornado Cash: sure, it's fine for people to abstractly know how to use code to launder money; most people won't do it; maybe some small number will somewhere; if you actually do it, especially if you actually do it in a way designed to make law-breaking maximally-convenient for the masses (and you actually help the North Koreans launder money when you do it), you're going to get sanctioned.
Apple v. FBI: Recall, the FBI attempted to force Apple to help it break into the San Bernadino shooter's phone. Some tried to claim that writing code for the FBI to use would have been compelled speech. This case is another indication that if a follow-on to Apple v. FBI actually worked its way through the courts, 'compelled speech' would not likely be the grounds on which the gov't would lose.
I've posted about this idea before, but it's still relevant: someone should create a code-to-book encoder/decoder. Imagine if you had the following Python code:
You could rewrite it in a human-readable, deterministic and rigorous way as something like:
You could then publish it in .epub format and (hopefully) gain First Amendment protections because it's human-readable instructions. Someone else could download it and pass it to a program that knows "Create a new function named" translates to "def" and all the rest.
I think similar trick was already used to bypass US export limitations for strong cryptography
Export control bypass was done with printouts for long code and a t-shirt for short.
DVD decryption was the code that was most memorably made human readable and published in song form. It's weird that I can't find the song on YouTube, though. I presume that's just because it is (and I am...) too old, but I wonder if DVD manufacturers are actually still trying to fight that lost battle.
More options
Context Copy link
More options
Context Copy link
I think this argument gets more fuzzy as AI like ChatGPT gets better at writing code from English text. (I asked ChatGPT to do exactly as written above and attached the output as an img here). As it Chat-bots like this get better, the clever hacks as you call them will get much more intertwined with general sit down and read coding books. Cause a simple translation into the Chat-bot will generate you the code you want to see.
/images/1670737778046671.webp
More options
Context Copy link
Here's a very trivial and absolutely unclear case: literate programming.
Consider the style of Jupyter notebook in which one produces a document, intended for human consumption (i.e. full of explanatory markdown cells) but which also has executable code cells.
If you publish the notebook under the belief that people will execute it, then you would not be protected. Intent doesn't really care about how direct or indirect you make the implementation; all that changes is the difficulty of proving it.
More options
Context Copy link
There's no bright line here at all. Give the right programmer a bunch of machine code (just hex numbers), and they can read it and tell you what it does. Perhaps laboriously, but the same is true of Ancient Greek.
More options
Context Copy link
Literate programming is also executable.
Take any jupyter notebook, click "restart run all" and it re-executes the code cells.
More options
Context Copy link
More options
Context Copy link
More options
Context Copy link
I agree with you that the line is about in the right place. The pearl clutching about North Korea in that twitter thread is pretty unconvincing, unless they have been using crypto to keep their country afloat since 1948.
More options
Context Copy link
This seems pretty uncharitable to me. As far as I know, there is zero proof that Tornado Cash was made "to use code to launder money" as opposed to using code to allow the anonymization of funds. (I have personally anonymized my own crypto many times for no malicious purpose nor to launder anything, just to avoid certain accounts from being easily linked to my broader crypto net worth.)
Can that be used to launder money? Sure. But there's still a huge difference between making a mixer and a money launderer, same as there's a huge difference between making Tor and making the Child Porn and Drugs Transfer Protocol (CPDTP), between making a gun and a Mass Shooting Delivery Device, etc.
To me healthy societies have some bar that technology must cross beyond "Somebody used it to do something bad." before it's prohibited (especially since a lot of technologies that have been used for worse are allowed in spite of this supposed standard, usually because the actors behind them have connections).
But the lesson from Tornado Cash is clear: You need not only cryptography, but also steganography. Don't let the bad actors who are against privacy even know you're exercising your right to it and you won't have to worry how they feel about it.
Does this reasoning apply to regular people/businesses, too, or just wiz-bang "crypto"? Like, suppose a boring, regular organization like HSBC decided that they just simply wanted to make a system (probably involving code somewhere) that allowed for anonymization of funds, so they created a new line of "Mixer Accounts". KYC? Anti-ML laws? Nah. Those things would obviously have to just be ignored, lest they break the principle of anonymity.
Does a healthy society say, "Eh, they couldn't possibly help it if someone bad used this product that is obviously designed to facilitate money laundering... to launder money"?
EDIT: I realized that it could be useful to just finish my argument through instead of waiting for a response (I'm probably going to be busy a lot later today). If (your response might not, and if not, then this may not apply) you embrace that argument for boring, regular organizations, then you don't need any wiz-bang "crypto"! Instead, all you need to do is convince enough people in the rest of the world of your position that you can simply repeal anti-money laundering laws. That'll do the trick just fine. Then, Switzerland... or Burmuda... or Panama... or hell, even just HSBC will be more than happy to step up and offer exactly the product that you want to be legal. We simply roll back the clock to a world before such laws, and no one will be surprised that those products are used by criminals to launder vast quantities of ill-gotten gains and by the rich/powerful to evade taxation. And if you succeed in rolling us back to that world, it seems quite plausible that many of the people who come after will start to see exactly the same problems that people in the past saw and think, "Hmmmm, I wonder if there is a way that we can fix these obvious problems?" I feel like this is one of those moments where my favorite distillation of the Fundamental Conservative Insight is extremely relevant: "You are not smarter than the entirety of history."
Yes, I think people should be allowed to transact in fiat cash as much as they want and don't support a "cashless society". Have we forgotten that's anonymous too? What's wrong with making digital cash, as it has always proclaimed to be, more cashy?
Again, you have zero proof of this. Based on my knowledge of the community it's far more likely that the author is just a dedicated cryptography fan and privacy freak as opposed to having any interest in money laundering. These people are nerds. They don't do anything that they'd need to launder the proceeds of.
So, the theme of my OP is that practical limits are important. Actual, physical cash presents a similar practical limit. If you're transacting in flat cash for 99.9% of the regular, legal transactions that most people do, there is zero practical difficulty. But, if you're trying to move $100M of ill-gotten gains internationally, it's hard to do it with physical cash.
As an example, folks like Nick Weaver argue that the only reason ransomware was ever a thing was because of crypto; if it didn't provide a relatively easy way to send huge quantities of money overseas to criminal gangs, there basically wouldn't have ever been any point. I mean, play this scenario out. Some digital thugs in Russia attack your business' network, demand $50M for the decryption key. You start negotiating how to pay it. Literally all of the methods that involve regular digital cash are non-viable ("Yeah, we'd love to do that, but that's 100% going to get rejected by the banks who are trying to comply with anti-ML and other criminal laws. Sorry. Any other options?"). If you're going down the route of, "Whelp, just gather up $50M in physical cash and physically transport it over to a mutually-agreed-upon non-extradition-treaty country..." that's going to be a practical no-go for most companies. If the the Russian digital thugs literally could not figure out how to practically receive such payments from Regular American Corp., there'd be no real money in ransomware, and it would dry up to be just the background nuisance that computer viruses used to be.
What's the difference between this and a "Mixer Account" at HSBC or in the Bahamas or whatever? Regular bank accounts are already "digital money". This is probably the biggest thing that causes misunderstanding; yes, we've had "digital money" for decades - it's called a "bank account" most of the time. It's money that is kept in the form of ones and zeros in a spreadsheet with a trusted intermediary, rather than crypto, which is money that is kept in the form of ones and zeros in a ..."not spreadsheet" (which is basically a spreadsheet; unless it was with FTX, in which case, it wasn't even in a spreadsheet) with a different form of trusted intermediaries (some would point to how there are actually only a few really big players in crypto mining, others would generalize trust like Vitalik). What's wrong with making the digital money that we already have "more cashy"?
Well, the obvious thing that's wrong with it is the massive money laundering problem! That's why we've spent significant quantities of hard and soft geopolitical power on setting up wide international collaborations to counter regular digital money laundering efforts.
People still have regular digital money, and they still use it for the 99.9% of regular, ordinary, legitimate transactions. And they still use cash, too. I'm not arguing for or against a "cashless society". I think cash is pretty fine; I use it. I think cash will live and die on its own merits, particularly whether it has benefits in terms of things like ease of use, low transactions costs, and such that continue to outstrip the alternatives. I think that letting cash continue to thrive but continuing to enforce money laundering laws for digital cash (whether regular digital cash or wiz-bang digital cash) provides a nice practical balance of interests.
I almost didn't respond to this, because I didn't see how it was relevant. I think you're implying that I've somehow claimed that the people who made tornado cash did so because they wanted to launder money for themselves? Is that right? Because if so, I haven't actually claimed that. Whether they're nerds who are just trying to fill a (black) market need or businessmen at HSBC, what's the difference? Because one group thinks that it's "neat"? They think it's "wiz-bang"? Like, who cares? Either way, I'm just looking at the outcome. Are they creating a system that is basically designed so that it's primary use is going to be massive money laundering? Yeah, that's gonna be a problem.
Hey, look, if you could devise a scheme that was like Tornado Cash... but wasn't primarily useful for massive money laundering, I think most people wouldn't care all that much. Like, for example, if your technological product made it pretty easy for people transact like, a few thousand bucks anonymously or whatever, but somehow presented real, practical difficulties to just smashing it like an "easy button" to launder hundreds of millions or billions, people probably wouldn't care. This might be technologically easy/difficult to do; I don't think I care (I mean, I do kinda care, because I'm also a nerd, and it would be "neat" and "wiz-bang" to think about how to do this); I mostly just care about what the actual, practical effects of your product are in the real world.
Am I supposed to agree that privacy should be degraded in traditional banking contexts? If HSBC could feasibly create mixer accounts, then I'd support that too. They just can't. So that's why I support crypto instead. It being "wiz-bang [sic]" has nothing to do with it. What's philosophically correct or not is the issue.
If globohomo's blood money raising initiatives aren't compatible with modern technology, that's on them. Given the relative value of each, I would much rather they be castrated than privacy or technology. And whatever bad actors are doing has zero to do with invalidating my right to financial privacy or not wanting every random customer service Indian at where I cash my crypto out sometimes to know how much I have overall. (As, after all, that's me quite potentially protecting myself against those same bad actors. I'll take using my own right to my privacy to protect myself over the "benevolence" of established authorities any day.)
Most ransomware targets individuals in bulk and plenty of it has requested non-crypto forms of payment like gift cards, prepaid cards, Ukash, MoneyPak, YooMoney, etc. So "folks like Nick Weaver" are factually wrong.
I think we've hit the crux; you just don't care about the money laundering problem that 95% of the rest of the population cares about a lot. I don't think there's anything more to say here other than, "Just try to convince enough voters to repeal anti-ML laws and see if you're smarter than all of history."
If it's an empirical question, please provide some empirical data. Or at least a made-up estimate. What percentage of ransomware payment flows do you think is crypto vs. non-crypto?
Proof? I'm going to bet that a frighteningly large portion of the population doesn't even know what the literal phrase "money laundering" means at all. In any case as a someone who is not a (small d) democrat this means very little to me.
I have no idea but the answer is mostly irrelevant. If I pointed out that 95% of people currently use highway A over highway B, that still wouldn't be a justification to say that 95% of highway travel would disappear without highway A; the hypothetical carrying capacity of highway B (including any expansions that might inevitably be made to it in a world without highway A) in that case is the real determinant, not what it carries now versus highway A.
I think without crypto you probably wouldn't see big money heists targeting governments and corporations as you mentioned, but then again these are all entities that deserve the most to be targeted and I would much rather see WokeCorp lose 500 billion over a week due to a targeted ransomware attack than any granny lose her family's baby photos. So I guess crypto existing proves itself to be a good thing again.
The obscene quantities of hard and soft geopolitical power spent to build international coalitions to rein in the problem. Whether or not you're a small d democrat, this effort has been led by small d democratic nations, because the vast majority of those populations oppose corruption, criminal activities, and money laundering. So I guess you have two options: 1) Convince enough folks to just knock it off with the whole anti-ML thing, or 2) Build the power of your authoritarian country enough that you can flaunt the international anti-ML order. No wiz-bang required.
We've pretty much known the carrying capacity of gift cards, prepaid cards, etc., because these things have been used in money laundering efforts for decades. That large international coalition I mentioned went to a lot of work to massively restrict the carrying capacity of these methods. Let's put a number estimate on it again. Suppose all of crypto died tomorrow. By what factor do you think these other methods would increase in scope? 2X? 10X?
More options
Context Copy link
The boo in this section makes a bit of my soul die, despite how much as tales of corporate malfeasance disgust me, and despite how much megacorps believe they should oppose me in the Culture War.
Feeding criminal enterprises gives them resources to commit more crimes. Crime does pay like drugs do make you feel good.
More options
Context Copy link
More options
Context Copy link
More options
Context Copy link
More options
Context Copy link
More options
Context Copy link
More options
Context Copy link
More options
Context Copy link
More options
Context Copy link
More options
Context Copy link