Disqus - Latest Comments for benjaminwright

Re: Dismissal Granted in Cyber Breach-Related Derivative Suit Filed Against Wyndham Officials

Benjamin Wright — Sun, 23 Apr 2017 17:17:25 -0000

I am pretty sure the plaintiff wanted the board to sue the corporate officers (the court's opinion specifically mentions the possibility of suing the corporation's General Counsel). The grounds for suing the officers would be that they had failed to secure the corporation's computers and therefore mismanaged the corporation. Presumably, if the suit against officers was successful, then insurance protecting the officers would pay.

Re: Escape from New York: Kraken & Paxful Join ‘Bit-Exodus’

Benjamin Wright — Mon, 10 Aug 2015 12:12:16 -0000

If a virtual currency business wishes to avoid New York, it might publish a disclaimer to make clear it does not fall within NY regulation. See generally http://hack-igations.blogsp...

Re: On Silos

Benjamin Wright — Mon, 05 Jan 2015 11:29:00 -0000

Vitalik: Your article inspired me. It teaches that the crypto 2.0 ecosystem is richer and is spawning more projects than I realized. In support of this ecosystem, I published stock legal terms that could help new projects cope with legal risk. http://hack-igations.blogsp... --Ben

Re: Injustice, Ethereum and the information renaissance

Benjamin Wright — Fri, 19 Dec 2014 14:33:49 -0000

popsi: I agree with you that lawyers are coders. Lawyers who write legal documents like contracts, wills and legislation are writing rules to be applied in the future. This lawyer work (coding) has been in production for many centuries.

Lawyers and software developers have long worked side-by-side.

In the digital world, it has long been common for lawyers to specify or influence the functions of software code. For example as Intuit creates code for its TurboTax software, its coders rely on lawyers (and other tax professionals like accountants) to dictate how the code will work. Lawyers read the tax laws and then analyze how software should help taxpayers comply with the law and calculate their taxes. This process can entail much intellectual work, debate and exercise of professional judgment.

Intuit can assign a team of professionals (lawyers, accountants, programmers, user interface designers) to evaluate a particular issue so that the taxpayer gets the best outcome from the software. The team might ask, “If the taxpayer inputs x, then y and then z, what should the software do next?” The team might explore/debate numerous options and scenarios, recognizing the complexity (and ambiguity) of tax law, the risk of misleading or confusing the taxpayer, the desire to make use of the software a tolerable, artful experience and so forth.

Often the final outcome will be something less than perfect. Accordingly Intuit – based on the professional advice of its lawyers -- warns taxpayers in the end-user-license-agreement that sometimes the taxpayer is wise to hire a professional to fill out the tax return rather than rely on the software.

Amendments to Software

Further, Intuit can publish a version of its software and then learn it has (as you say) a “bug,” that is, an undesired legal outcome or a confusing user experience. So then Intuit amends the software and publishes a new and better version.

Likewise, for centuries lawyers have been writing paper contracts and then writing amendments (corrections) to those contracts.

Take the US Constitution. Numerous amendments have been added to it since its original publication. After Franklin Roosevelt served four terms as President, the Constitution was amended to say a person may be elected President no more than twice.

Where should an e-commerce lawyer invest effort?

The drafting of legal documents is a learned skill (just as the coding of software is a learned skill). It is a skill that a professional can change and improve through experience. I humbly believe my drafting skills are better today than they were 20 years ago. The reason is that I have more experience, I’ve seen more cases, I have lived through more disputes and negotiations, yada, yada.

I agree with you that software programmers and lawyers can create better smart contracts by learning to work together.

For me, it has been hard to figure out where in the blockchain world to invest my time. The community generates so much noise and grandstanding that I cannot discern which projects (Ethereum, Blockstream, OpenBazaar and others) are worth the effort.

Re: Injustice, Ethereum and the information renaissance

Benjamin Wright — Thu, 18 Dec 2014 12:23:34 -0000

pospi: You and I agree successful technologies cause change.

What are the overhead and incentives in Ethereum?

May I please trouble you further and ask a question?

In a comment above you described a “will” on Ethereum. It calls for someone (I assume that someone would be called “miners”) to check for and assess some evidence every seven days for the rest of your life. The evidence to be checked is whether you have "logged on" somewhere, sometime over the past 2 years.

This check of whether you have logged on is a job. To execute this job, miners incur a cost. (In business terms, you might call the cost “overhead.”)

Question: What would motivate the miners to execute this job thousands of times? What prevents the miners from deciding after 10 years “we no longer care about pospi’s will, so we stop executing the job”?

I discuss the issues in blog post on smart contracts.

(By the way, is it correct that Ethereum calls these workers “miners” just as Bitcoin does?)

Thank you!

Re: Injustice, Ethereum and the information renaissance

Benjamin Wright — Wed, 17 Dec 2014 15:10:57 -0000

pospi: This is a productive conversation, and I am learning from it. You and I seem to agree that few people would be wise to invest a substantial part of their reputation, assets and earthly power in a single Ethereum account.

Let there be many eggs and many baskets.

Rather, people are wise to spread their eggs, as you say, among many baskets ... many accounts. One account might control, say, 3 bitcoin. Another account might control dental records (but not medical records). And so on and so on.

My intuition is that the methods for control over these many accounts (benefiting a single person, a family or the citizens of a county) can be infinitely diverse. These methods can include for example:

* printing credentials on a sheet of paper and burying the sheet in a safe in your garden

* spreading identical copies of credentials among your family members, so each member of the family has equal power to access the assets controlled by the credentials

* spreading credentials among business partners under the terms of a written partnership contract that is enforceable in a traditional “centrally-controlled” court of law

* entrusting credentials with one or more corporate trustees, under the law of trusts as it is enforced in a traditional court of law

* entrusting credentials with a government authority (such as a county land registrar) with the written stipulation that they may be used only if the authority obtains legal evidence that I approve of the use (which evidence might be a video statement by me, affirmed by 2 verifiable witnesses)

People will need advice and help.

This process of spreading a bunch of different eggs among a complex array of baskets is consistent with historical traditions. For centuries people have been spreading their assets and earthly powers in the form of many different eggs such as gold coins, jewelry, paper contracts, shareholder voting rights in corporations, the maintenance of fences on land and much, much more.

People have long invested the credentials that control those eggs in myriad different baskets, including banks, managers, corporations, governments, co-ops, communes and safety deposit boxes.

History teaches that spreading eggs and controlling eggs effectively requires much thought and expertise. Many people have learned that they can’t do it well all by themselves. Therefore, they rely on accountants and bankers and lawyers and mutual funds and government employees and even politicians(!) to study the issues and give advice and work as custodians or stewards.

Can all these people and organizations be corrupted? Yes! But my meager experience in life says that trying to live as a lone wolf is even worse than the risk of that corruption.

Hostility toward centralized organizations is wasted energy.

Ethereum is a worthy initiative, just as Bitcoin is worthy. But to me the scorn directed toward centralized authorities (in the article above) is a distraction. So is all the “violence in the streets” stuff. These distractions make it harder for noobs like me to understand the real function and value of Ethereum.

For me, centralized authorities like governments, courts, banks, hospitals, corporations, legally-married families and the like can all play roles in Ethereum, Bitcoin and other blockchain platforms. I say if Ethereum is good, then those groups should all be welcomed to the table.

Ethereum can gather more momentum if less energy is devoted to the utopian social vision above.

But what do I know? I am just a humble homo sapien. I appreciate you taking the time to talk with me.

Re: Injustice, Ethereum and the information renaissance

Benjamin Wright — Tue, 16 Dec 2014 12:24:28 -0000

Blockchain Account Authentication | Single Signature Versus Multiple Signature

Bitcoin struggles with how an owner controls his Bitcoin account. As originally designed, Bitcoin said an account is controlled by the secret credentials that create a single signature. So what did the thieves steal? They stole the credentials for the single signature and then stole the bitcoin in the account.

Now Bitcoin is evolving so account control can require multiple signatures. So what will the thieves try to steal? They will try to steal the credentials for the multiple signatures.

If a thief steals control of your bitcoin account, how much value does she get? She gets the value of your bitcoin in that account ... but nothing more.

What is the value of an Ethereum account?

The utopian manifesto above envisions that your Ethereum account will control much more than your bitcoin. The account will control your full identity, reputation and earthly power . . . including your power to transfer legal custody of your kids to your ex-spouse. So what will your ex-spouse try to steal? Answer: the credentials to your Ethereum account.

Utopia means you assume full responsibility for your security.

The author of the manifesto above says the solution to this problem is: “you must assume full responsibility for your online security. ...Your account can be kept safe Dragon Ball Z style, by dispersing fragments of your backup login across the globe.”

That solution is all well-and-good for people who have the talent and disposition to live like a Dragon Ball Z cartoon character. But few people have that talent or disposition.

Furthermore, even the Dragon Ball Z character will eventually have to rely on somebody else for his online security. When he is disabled and in the hospital, he must rely on some other people or institution(s) -- his ex-spouse? a corporation? a government? -- to gather and use on his behalf his credentials to access his medical records, his health insurance policy, his bitcoin, etc.

Thus, the utopian vision in the manifesto above seems inconsistent with the way real people live in the real world.

I am not saying the manifesto above is worthless. It is good work, and I learned much from it.

I am not saying Ethereum is worthless. It may hold a lot of promise.

I’m just saying life is more complex than a Dragon Ball Z cartoon. Therefore, I am skeptical Ethereum will give rise to a utopia that has no "centralized" institutions as argued in the good article above.

Re: Why would Chinese hackers want hospital patient data?

Benjamin Wright — Tue, 19 Aug 2014 18:38:48 -0000

According to "Agents Hunt for Fraud in Trove of Medical Data," Wall Street Journal August 15, 2014: a licensed physician is involved in most all Medicare/Medicaid billing frauds. I interpret that to mean normally a physician actually has an encounter with the patient; then a bunch of unnecessary or inflated charges are billed to patient's payer. And yes that involves organized crime.

But I'm not entirely sold on the idea that a team of criminal providers (which would include a licensed physician) would just go purchase stolen credentials on a black market run by foreign hackers. The doctor would have to be signing documents and prescriptions relative to patients s/he's never encountered. The doctor would have to worry that s/he would claim encounters with patients who have no geographic or other connection with the doctor.

Re: Why would Chinese hackers want hospital patient data?

Benjamin Wright — Tue, 19 Aug 2014 16:37:18 -0000

I agree with you, Hard Little Machine, that dishonest healthcare providers successfully file a lot of false claims, especially against Medicare/Medicaid. So it does make sense that some dishonest providers would pay hackers for stolen credentials. Still I'd like to see documented examples of this happening on a large scale. A provider is taking big risks when it purchases and tries to use stolen credentials.

But the article above does not talk about dishonest providers purchasing credentials. It talks about an individual patient purchasing stolen credentials so she can get a heart transplant.

Re: Why would Chinese hackers want hospital patient data?

Benjamin Wright — Tue, 19 Aug 2014 14:25:58 -0000

I'd really like to know how Chinese hackers can use patient data to bilk very much money out of US insurance companies or Medicaid/Medicare.

Re: Why would Chinese hackers want hospital patient data?

Benjamin Wright — Tue, 19 Aug 2014 11:29:21 -0000

I am skeptical that very many uninsured patients would pay $100 or $250 for stolen insurance credentials. How does an uninsured patient -- who wants to acquire substantial healthcare -- know that the credentials for which she is paying are good and will work at the local hospital or clinic? How does the uninsured US patient know she can trust the Chinese hacker? How does she know that her health procedure will not get cut off in mid-stream owning to the fraud?

When she goes to claim her "million-dollar heart transplant," she is exposing herself over and over and over again to being caught.

Any Bozo can go onto Craigslist and claim to possess the stolen insurance credentials. But the process of trying to market these credentials to random uninsured patients exposes the the Bozo to being caught.

John Halamka is a respected authority. But I'd like to see him document very many of these transactions, where uninsured patients pay hackers who stole patient records wholesale. Sure, anything can happen now and then. Sure hospitals have to watch for one-off transactions, where an uninsured patient steals from a neighbor or gets credentials by way of a dishonest nurse.

But the gist of this article is that there is a thriving market for general, entrepreneurial hackers to sell stolen credentials to large numbers of unsophisticated patients who then really receive substantial healthcare. Balderdash.

Re: Beyond Bitcoin - 10 - Exploring The Open Bazaar...

Benjamin Wright — Fri, 08 Aug 2014 18:19:42 -0000

I wonder how Open Bazaar will manage private key risk. If private keys can be used to sign open-ended legal contracts, the incentive to steal the keys grows large. Suppose that under Open Bazaar I could sign a contract that says, "I agree to sell Jane my Rolls Royce for .000001 BTC. If I fail to deliver the Rolls to Jane by Friday, then I grant her a 1000 BTC mortgage on my house." If a contract like that is possible in Open Bazaar, then my private key is very powerful and a big target for hackers.

Re: Where Telemedicine and Healthcare Social Media Meet

Benjamin Wright — Sat, 09 Mar 2013 12:00:26 -0000

For a physician, the possession of the patient's personally identifiable information is a liability. Such information must be secured, and breach of security can be expensive. Therefore the physician has incentive to interact with the patient, as you have described here, without knowing the patient's name or other identifying information. http://hack-igations.blogsp...

Re: 5 Top Google+ Tools and Apps for Marketing Pros

Benjamin Wright — Sun, 08 Jul 2012 08:42:42 -0000

Lisa: Have you seen any organization use Google Apps and Tools to create and manage a rich social network, supporting many different discussions among network members, akin to the networks one can create on Ning?

Re: E-Medicine and Smart Phones Manage Chronic Illness

Benjamin Wright — Fri, 09 Sep 2011 09:39:26 -0000

As e-medicine becomes more popular, I anticipate that health care providers will treat more patients without knowing their identities or locations. In certain cases, knowledge of a patient's identity increases cost and risk. http://hack-igations.blogsp... --Ben

Re: Taking a byte out of cyber crime

Benjamin Wright — Fri, 28 Jan 2011 06:44:34 -0000

Sam: On the SANS Institute's forensics blog, I have published new methods for preserving and authenticating evidence in a cyber investigation. What is your opinion? --Ben

Re: CISOs Can Find Allies at the General Counsel Office

Benjamin Wright — Wed, 05 Jan 2011 10:53:07 -0000

Lenny: There is another, increasingly-important, way in which legal and IT security intersect. More and more, IT security folks are charged with conducting internal investigations. Often these investigations need to be cloaked with legal confidentiality. For legal confidentiality to apply, the Legal Department must be intimately involved with the investigation. http://legal-beagle.typepad... --Ben

Re: Facebook’s One-Time Passwords: Why?

Benjamin Wright — Tue, 19 Oct 2010 11:42:12 -0000

Lenny: Your article generated a comment here: http://www.google.com/buzz/...
[I'm not going to repost the comment here on your blog because I don't have permission.] --Ben

Re: Singapore’s MicroKit Could Screen for H1N1 While You Wait in Airport

Benjamin Wright — Tue, 05 Oct 2010 18:02:30 -0000

When an organization deploys a public health surveillance device like this disease screening kit, it is wise to broadcast to the public information about what the device does, what records it stores, how those records could be accessed and used and what the device's legal terms of service are. For example, if the kit were deployed in an airport, the terms of use might be published on the airport's web page, via wifi and bluetooth channels inside the airport, and in paper pamphlets next to the kit. http://hack-igations.blogsp...

Re: YouTube CEO Offers “YouTube Instant” Creator a Job via Twitter

Benjamin Wright — Sat, 11 Sep 2010 10:07:45 -0000

This is an example of an executive using social media to transact substantive, legal business. The twitter messages are legally potent from the perspectives of both HR and contract law. The enterprise (youtube) has incentive to archive these messages at part of the enterprise's record retention program, just the same as the enterprise has incentive to retain copies of official, paper letters issued and signed by executives. http://legal-beagle.typepad... -Ben

Re: How PR Pros Are Using Social Media for Real Results

Benjamin Wright — Tue, 16 Mar 2010 17:28:53 -0000

The world wide web alters both public opinion and political power. As Scott Brown (newly-installed Mass. Senator) taught us, social media enable populist messages to rise like wildfire and defeat the moneyed establishment. A good example of a Web populist underdog garnering a measure of advantage over a strong opponent is Hillary Machinery Inc. This mom-and-pop firm is in a strange lawsuit with PlainsCapital Bank, a much bigger financial institution. Hillary has been using Web 2.0 tactics to whip up support for its fight against the bank.--Ben

Re: Beware the Botnets – Zombie Cyber Attacks

Benjamin Wright — Thu, 04 Mar 2010 14:15:50 -0000

What are the future weapons against botnets? Lawsuits . . . as Microsoft demonstrated last week. --Ben

Re: What’s Next: The Plaintiff’s Perspective – Law Firm Faces New Spate of Overtime Wage Cases

Benjamin Wright — Thu, 04 Mar 2010 13:40:08 -0000

Larry: This interview by Mr Lazarro is a perfect example of modern litigation publicity. Through this google-discoverable interview, Mr. Lazarro applies a degree of public pressure on the defendant, Turocy & Watson. Similar idea: Have you seen the case PlainsCapital Bank v Hillary Machinery? It is a cutting-edge Web 2.0 lawsuit that I have been following. Not only is it remarkable because a bank is suing a corporate customer from whom money was stolen; it is remarkable because the smaller customer is exploiting web PR tactics as an asymmetrical weapon against a much more powerful courtroom opponent. You seem to be following this topic of litigation publicity on the web, Larry. Have you ever seen a B2B web battle like PlainsCapital v. Hillary before? I am looking for precedent. --Ben Wright

Re: 3 Crisis Survival Lessons for the Social Media Age

Benjamin Wright — Thu, 04 Mar 2010 13:19:09 -0000

If a corporation fails to use smart social networking to manage a crisis, then someone else will impose a social message on the corporation. A small Texas outfit (Hillary Machinery Inc) is today using Web 2.0 guerrilla publicity to answer an oddball lawsuit brought by a much larger financial institution (PlainsCapital Bank). DALLAS LAWRENCE: I have been searching for previous examples of such use of web publicity. Have you ever seen any lawsuit publicity like this before? --Ben Wright

Re: Court Approves Microsoft Action Against Waledac Botnet

Benjamin Wright — Thu, 25 Feb 2010 15:25:54 -0000

Microsoft says it is taking additional technical measures to degrade the botnet. This sounds like legally-authorized hacking, which would be a pioneering step in the war against malware. --Ben