Review: Alex Winter's "Deep Web" about Silk Road's Ross Ulbricht

Going in to see the movie Deep Web, which played yesterday and today at the Montclair Film Festival, I was most interested in the question "Who is Ross Ulbricht?" Is he the libertarian idealist who created Silk Road to let people do what the government doesn't want them to do? Or is he the scheming drug lord who put out contracts on associates who had betrayed him, as alleged by the government? Though the movie was fascinating, I left with my question unanswered.

This is no fault of the filmmaker, whose challenge was to make a documentary about someone he had little access to. Despite interviews with family, friends and business associates, Ross Ulbricht appears as a shadow in this movie. We see him in a few home movies, we see his LinkedIn profile, but we never really see or hear Ross Ulbricht talk about the subject at hand.

We hear more from Dread Pirate Roberts, a pseudonym that was at least partly Ross Ulbricht. We see many of his posts on Silk Road forums, with highlights to show the complexity of his motivations. DPR seems more interested in ideals than money, he wants to make the world a freer and safer place. But he's a businessman who values loyalty and doesn't tolerate people who don't make good on their promises.

The central voice of the film is that of Wired Senior Reporter Andy Greenberg, listed as "Consulting Producer" of Deep Web. Because much of the film surrounds Silk Road forum postings and the legal case against Ulbricht, it relies heavily on Greenberg to boil down and assess voluminous posts and complicated proceedings. Greenberg doesn't quite have the screen presence the film needs from him, but hey, that's not his job. But so we don't miss the point, there's always a poster of Edward Snowden behind Greenberg in his office.

The film has at least two narratives that make for a sometimes conflicted message. One narrative is the libertarian argument in favor of online drug markets, another is that the government has prosecuted Ulbricht unfairly, perhaps illegally.

The moral argument in favor of Silk Road is particularly resonant in this post-Ferguson post-Baltimore era, and I wish the film had followed this thread further. The gist of it is that real-life drug markets are violent scourges that ruin communities, and moving them online removes most of the violence associated with the illegal transactions. Silk Road succeeded by bringing accountability to these transactions; a transaction gone bad would result in a seller losing reputation instead of someone getting killed. In a sense, Silk Road functioned as a government beyond the reach of domestic law. By contrast, the War on Drugs results in police inflicting violence and punishment  on people and communities causing harm out of proportion to the benefit of extending the rule of law.

In the context of this war, it's small wonder Ulbricht doesn't get the benefit of the legal doubt. It's hard not to compare Deep Web with the film I saw last year at Montclair Film Festival, Brian Knappenberger's The Internet's Own Boy. Both films recount the story of a bright young man turned entrepreneur, who is driven by idealism to do something to which the legal system reacts with brutality. Both films prominently feature analysis by the eminently reasonable Cindy Cohn and the starker views of Chris Soghoian. Despite the emotional power of Knappenberger's film, Popehat's Ken White criticized it for its naive view of the legal system. White's cynical view is that we shouldn't be so outraged that Aaron Swartz was singled out for extreme prosecution, because that's what our legal system does to most people it turns its attention to today. This point would go double for Ross Ulbricht. The prosecution of Ulbricht was unfair, but that's exactly how most drug-related cases are prosecuted. "Drug kingpins" who complain about the feds hacking their computers can't expect much forbearance from judges who advance in the system by being "tough on crime", and rich white folks shouldn't expect to be treated differently.

Unfortunately for Winter, the most shocking revelation in the Ulbricht case came after most of the current film was shot, and is only mentioned briefly at the end - two of the agents investigating Silk Road were indicted for stealing over a million dollars worth of bitcoin from the site after they had infiltrated and taken control of the site. It's hard to imagine that this won't play a major role on appeal.

As far as I can tell, Deep Web get its facts right. It manages to avoid many of the silly characterizations of Bitcoin in the popular media (for example, bitcoin enables anonymity but it's not automatic). The only quibble I have is the title. "Dark Web" would have been more accurate, as well as more dramatic.

Over all, I found Deep Web an extremely engaging telling of an important story. But it ends in an unsatisfying place, with a shoe dropping. See don't miss it when it airs on May 31; you'll be able to enjoy what happens next.

Trivia note: Both Ross Ulbricht and I, in our past lives, published scientific articles on the incredibly obscure topic of adsorption-controlled molecular beam epitaxy of oxides. Yep.

• "Adsorption-controlled growth of EuO by molecular-beam epitaxy", Appl. Phys. Lett. 93, 102105 (2008); http://dx.doi.org/10.1063/1.2973180
• "Adsorption controlled molecular beam epitaxy of rubidium barium bismuth oxide", J. Vac. Sci. Technol. B 8, 332 (1990); http://dx.doi.org/10.1116/1.585064

Deep Web premieres on May 31 at 8PM EST on EPIX.

Here's the Trailer:

Review: The Internet's Own Boy

Aaron Swartz locks his eyes right onto you at the start of The Internet's Own Boy, the documentary by Brian Knappenberger now on the film festival circuit. I saw it last night at the Montclair Film Festival, where it was received enthusiastically.

The Aaron Swartz story says so much about the times we live in (and in the smallish world of techies I've inhabited for the last 20 years). I'm happy that the story has found such an effective telling.

Knappenberger's film invites you to look into a lot of eyes, to swim in a variety of gazes. You can't help but to try to understand and assess these people, face to face. Knappenberger's friendly camera work lets you look at people as you never would in real life; the people and the eyes speak for themselves.

Swartz's family are the beams and girders of this film. Starting with the home video of Aaron and his brothers as children, we are invited into the Swartz home as old friends. Aaron's brothers, Noah and Ben, provide the voice and tone of the film, which is surprisingly upbeat and full of love. But the ice in Aaron's eyes is alive in both brothers and it's easy to hear Aaron in their voices.

The eyes of Aaron's lawyer are soft and weary, his father's eyes are sad. Cory Doctorow, Brewster Kahle, Tim Berners-Lee and Carl Malamud provide twinkles of outrage. Lawrence Lessig never quite looks at us. The eyes of three women in Aaron's life provide the most memorable moments of the film. At one moment Quinn Norton's eyes become round with a fury you've never seen outside a comic book. Taren Stinebrickner-Kauffman's slightly asymmetrical eyes convey wisdom and compel action. And Susan Swartz's teary eyes, on a face with such a strong resemblance to Aaron's, just break your heart.

The technical narrative of the film is deft and accurate. A non-techy friend I saw the movie with found the issues easy to understand. I found it interesting that the audience gasped occasionally at things I knew, for example, plugging the laptop into router in the networking closet. And at Aaron's download of Westlaw when he was a student at Stanford.

And if you pay attention, I'm on screen for ALMOST TWO SECONDS.

The film gets to theaters and Streaming sites on June 27rd. There will also be a Creative Commons licensed version (CC BY-NC-SA). Not the theatrical version though, presumably because of video and/or music clips that can't be released into the commons for licensing reasons. You won't have an excuse not to see that one. And when you see it, Aaron will be staring at you. And then what will you do?

Here's the trailer:

The Four Crimes of Aaron Swartz (#aaronswnyc part 2)

The law is such an idiot when it comes to the internet. You can hardly expect better, since it was written in prehistoric times and is being maintained by people who lack many clues. And so to discuss crime and Aaron Swartz, it's useful to distance ourselves from definitions of crime that involve legality. There's a lot happening on the internet that's completely legal and very criminal, and there's also rampant illegality that should't be considered a crime.

Crime is really about upsetting or undermining a social construct. Stealing violates our social construct of property. Assault, murder, or hurting people in any way violates our mutual compact to live and let live. Social constructs vary in their utility and their generality. The most broadly useful get codified into laws. Some of the others do, too. When circumstances change, some of the social constructs need to be set aside and new ones constructed.

We're left with moral calculus. Here's my definition of moral calculus: it's anything you can't explain to an 8 year old about right and wrong, because the 8 year old isn't corrupt enough to believe it. It's an adult's set of excuses for doing or not doing the right thing. We need these excuses because our world is imperfect.

My first conversation with Aaron Swartz had me playing a "good cop" role. I needed to explain to Aaron how some of his mass-downloading was getting people really upset and could have negative consequences for the things he was trying to accomplish. If he would just ask, I told him, he could have an account for an API that DIDN'T crash to smithereens when asked for millions of records. And people were working really hard to make the information he wanted free, it just needed some years to make sure the machinery wouldn't collapse. Aaron sounded embarrassed. I sounded embarrassed.

I told him stories about I had once crashed Harvard's library system while doing some tiny little tests. Was that a crime? It wasn't MY bug. Maybe Harvard lost use of its catalog for a few hours in the middle of the night was that such a big deal?

I've also fixed crashes in the middle of the night. Believe me, you don't feel very charitable about the idiots who attack your system. The IP addresses usually say they're from Russia or India or China, but 99% of the time they're bots looking for something you don't have, so you make sure your system is robust enough to deal with some nasty tickles, and you go home and sleep soundly.

And apparently that's what happened to the folks at JSTOR when Aaron started his systematic downloading aimed at them.

So let me tell you a bit about JSTOR. JSTOR is a non-profit organization whose mission is to make scholarly information available in digital form, not just today, but into the future. And they do what they do very well. Almost too well. I had a business developing hyperlinking technology for libraries. The links to JSTOR worked quite well. There was no crashing of THEIR system when I reverse-engineered it. But they also took a legal stance that in order to link to them you had to have a legal agreement. I thought it was dumb, but they insisted on rigorous testing of my links before officially letting my system link to theirs. The result was better linking that benefitted everyone.

JSTOR's business model is to charge subscription fees to libraries to enable access to the articles they've digitized. Part of the fees are passed to their journal-publishing partners. And they make assurances to the partners that the intellectual property rights in these journals will be not be compromised. Their nightmare is that some third-world hacker will download all the technical articles and make them available in regions where it might be difficult for JSTOR and their publishing partners to assert their copyrights.

So of course JSTOR noticed Aaron's downloading articles and blocked the IP address he was using. Most likely that block affected lots of other people. And they contacted the MIT library to find the source of the mass downloading. Dealing with this kind of thing would have been a routine matter for both JSTOR and MIT Library. It's a common occurrence that someone acquires a proxy-server password from a friend and proceeds to download some journal they need for their research someplace that can't afford its own deluxe JSTOR subscription. So Aaron's first crime in the JSTOR affair was that his actions resulted in the loss of access to JSTOR for some part of the MIT community and loss of productivity at JSTOR and MIT Library. That's inconsiderate, but not illegal. Both MIT and JSTOR had legal obligations to do what they did. Aaron was just using guest access at MIT, so he wasn't bound by any institutional terms of service. And his robot wasn't reading JSTOR's website terms and condition.

Aaron didn't stop his downloading when MIT and JSTOR cut him off, alas. I think he was having too much fun eluding his pursuers. He didn't have to do anything terribly sophisticated, but it would have driven the network administrators crazy. There's nothing worse than having a hidden agent on your computer or on your network. Because even if it's not going anywhere it's not allowed to go, if you don't know where it is or what it's doing, you suspect the worst. You start doubting everything, and everyone, and you can lose your sanity. So that was Aaron's second crime. Diving people crazy via self-doubt is a crime in my book. But not illegal.

But why the reasonably good non-profit JSTOR? Why not attack Elsevier or some other for-alotta-profit publisher? My guess that Aaron's interest in JSTOR was its trove of public-domain articles. Once he had possession of the public domain articles, Aaron could commit a perfectly legal crime. He could distribute the digitized public-domain articles on the internet, for free. Executing a hack of the legal code was in character for Aaron, he had done it successfully with PACER.

While it's most likely legal, "liberating" JSTOR's public domain collection would be Aaron's crime number three, because it undermines an accepted social construct. It doesn't seem wrong to me for JSTOR to recover its digitization and distribution costs by charging willing customers for access. But there's an opposing argument that this information is part of our heritage and that it's immoral to deny people access to information they need, just because you're poor or you don't have connections to a fancy institution of higher learning, or you live in a country that struggles with subsistence or because you're only 13 years old. Those who build on the public domain have a special obligation to respect Tim O'Reilly's "create more value than you capture" rule.

It seems that JSTOR has accepted to moral burden of this argument. It's taken important steps to make its public domain corpus available to everyone. The great thing about moral calculus is that you can change it.

The fourth and final crime of Aaron Swartz was to commit suicide. That's the crime we're most angry about.

My last conversation with Aaron Swartz was at the SOPA protest in Manhattan a year ago. I congratulated him on the fruits of his activism. I told him about Unglue.it and our plans to make ebooks free to the world with crowdfunding. He loved the idea, and made me promise to let him know how it went. It's going ok, Aaron, but we could really use some help.

OK Go's @damienkulash sings at #aaronswnyc
CC BY-NC-SA by Schwartzray

Edward Tufte was a Proto-Phreaker (#aaronswnyc Part 1)

In December of 1962, Edward Tufte, who we now know as the Display of Quantitative Information guy, was an undergraduate at Stanford. He and a friend, an electrical engineer, had figured out how to trick AT&T's telephone system into allowing them free long-distance phone calls. Their "blue box" had vacuum tubes, capacitors, resistors and switches in a plug board, but it made the multifrequency tones used by the telephone switching network to control long distance calls.

Tufte and his friend decided that they would make the longest long distance phone call in history. They called New York "Time of Day" via Hawaii, and left the call open for about two months. (For those of you youngsters who don't know what "Time of Day" was, it was a number you called, and a Bell System female voice would say "The time is now ____ and ___ seconds". And would repeat every 10 seconds.)

A couple of months later, Tufte got a phone call from a security executive at AT&T. "I think I know what you're calling about" said Tufte. The caller was a bit of a techy, and expressed admiration for the pair. Some graduate students at other universities had done similar things, but Tufte and his friend were the first undergraduates. And he complained their system was of poor quality. The amount of noise in their oscillator made it hard to for the AT&T security people to figure out what they were doing.

But why did they shut off the call? the AT&T guy asked. "Once we had set the record, we were done" said Tufte.

AT&T could have ruined Tufte's life by bringing in the police, but they didn't. They made sure that Tufte and his friend told no one, didn't try to sell their system to the Mafia, and didn't cause anyone harm.

Edward Tufte on January 20, 2013
CC BY-NC-SA by Schwartzray

Except for a few late-night cocktail parties, Tufte never told anyone the story, until tonight, at the New York City memorial gathering for Aaron Swartz. Tufte had gotten to know Aaron at Stanford, where Swartz was briefly a student. As Tufte tells it, Swartz had been faced with a dilemma- a final exam conflicted with a Tufte lecture. Somehow Swartz made it to both.

After Swartz's brush with the law when he was caught downloading JSTOR articles at MIT, Swartz gave his friend Tufte a call. "Would you happen to know Bill Bowen?" Of course Tufte did, dating to his early career as a professor at Princeton when Bill Bowen was serving as its President. Apparently Bowen had been asked by the Mellon Foundation to help JSTOR figure out what to do about the Aaron Swartz situation. As President of the Mellon Foundation, Bowen, now retired, had helped create JSTOR.

So Tufte decided it was time to out himself as an ex-phone phreaker. He wrote Bowen an email. If AT&T could decline to ruin Tufte's life, maybe JSTOR could find the courage to make sure that Swartz's abilities would not be wasted. Tufte was phreaking before Captain Crunch, before Steves Wozniak and Jobs. Those guys turned out to have lots more to contribute.

JSTOR did the right thing. Not only did it tell the Federal prosecutors that it had come to a satisfactory arrangement with Swartz, but it took significant steps to advance Swartz's (and JSTOR's!) agenda af making information more accessible to everyone. (more on this in Part 2, tomorrow)

But apparently MIT wasn't quite as happy about the situation. And Stephen Heymann, a prosecutor in a US Attorney's office that's been described as one of the nation's most immoral, wanted Swartz's conviction for his resumé and wouldn't let go. They let loose a superseding indictment containing 13 felonies, and threatened Swartz with 35 years in prison if he didn't plead guilty to felonies and serve jail time.

Under the pressure of prosecution, and in the stupidity of a no-win situation, Aaron Swartz committed suicide a week ago. We'll never know what he might have contributed in his next 26 years.

But the relentless and disproportionate prosecution of young, computer-adept disruptors continues.

Sitting just behind me at the memorial was a fellow known as "Weev". Weev looked a lot better than his mug-shot, but he's been convicted of a felony and faces 10 years in prison for "identity theft" which is all that's left of a prosecution stemming from his exposure of a security hole in AT&T's implementation of iPad signups. That's right, AT&T screws up their security, and Weev gets prosecuted because because he's acted inconsiderately and used IRC without thinking how it might sound to a prosecutor.

The outrage that simmered at the memorial service tonight will probably explode and ruin Stephen Heymann's life; the career of Carmen Ortiz, the head of the Massachussets Prosecutors office, is officially toast. It's mean, but I'll probably enjoy reading about how sad that is. But there are still real people feeling the boot of a system that doesn't want to change itself to apply justice to a changing world. Maybe we should help them.

Update (1/20/13): @dancow has posted a transcript of Tufte's remarks.
Update (1/22/13): corrected description of signaling network based on contributed comment
Update (7/29/13): somehow I missed the publication of Phil Lapsley's Exploding the Phone. Oh, and don't miss the episode of Radiolab from a year ago on Joybubbles.