Nextgov/FCW - Authors - Catherine Hollander

New York Might Be First to Regulate Bitcoin

Catherine Hollander, National Journal — Fri, 21 Feb 2014 10:41:30 -0500

Bitcoin may be emerging from a few weeks of negative headlines, but one of the most outspoken financial regulators says he still sees promise in the virtual currency.

"I do think it holds a lot of promise (if money laundering can be adequately addressed), both on its own and in terms of causing existing payments system technologies to up their game," Benjamin Lawsky, New York's superintendent of financial services, wrote Thursday in a two-hour question-and-answer session on social news site Reddit.

Lawsky has spoken publicly about the future of bitcoin, a decentralized currency created in 2008 by a person or people under the pseudonym Satoshi Nakamoto, and its peers before. Earlier this month, he said there could be a "kernel of something here that will have a profound impact on the future of payments technology and our financial system," even as he cited recent problems with the bitcoin exchange Mt. Gox and acknowledged regulators are not the experts, necessarily, on cryptocurrency.

On Thursday, he wrote of his personal evolution on the subject, citing a not-quite "Rocky-IV-final-scene about-face," but saying he and his colleagues had become more supportive as they learned more about cryptocurrencies.

If Lawsky thinks virtual currency holds promise, he's also made it clear that it's not going to develop free of regulation, as some bitcoin advocates have urged. His state might be the first to develop bitcoin-specific regulation, and that could be a boon to business if firms that deal with virtual currency decide to locate where there's more certainty on the regulatory front. It wouldn't necessarily mean that other states would use New York's framework as a template for their own.

"It's possible we'll go first," Lawsky said in an interview after his Reddit session. He then pointed to an announcement Thursday morning from the Conference of State Bank Supervisors that it was forming an Emerging Payments Task Force—which Lawsky will be part of—to study virtual currencies and other new payment systems as evidence his was not the only state preparing to offer guidance.

"But, again, it's not about going first. It's much more important that we get it right," Lawsky said. His office will draft a framework "for the next months," he said. He declined to say when that framework would be issued.

So far, Lawsky has only offered broad outlines of potential virtual-currency regulations. Last week, he said New York was considering a special "BitLicense" for firms, although the precise requirements the license would involve are unknown. Asked whether his department would regulate bitcoin ATMs, Lawsky wrote Thursday that he didn't yet know. He has emphasized the need to find the right balance—to set the guardrails, in regulatorspeak—that will allow innovation but not permit money-laundering or leave consumers at risk.

"That's the million-dollar question we wrestle with every day," he said Thursday.

The Reddit "Ask Me Anything" session was part of Lawsky's push to write "open-source" regulation. Last month, the New York Financial Services Department held a public hearing on virtual currency regulation that drew 14,000 participants online, Lawsky said.

The idea for the Reddit session came from one of Lawsky's roughly 1,850 Twitter followers, Matt Anderson, deputy superintendent for public affairs, confirmed. Lawsky said it was sold as a "productive way to, in one fell swoop, get a lot of questions and a lot of comments and a lot of dialogue." And it did garner far more questions and comments than Lawsky answered in the two-hour period Thursday afternoon. Now comes the internal rule-writing process.

(Image via Tomas Daliman / Shutterstock.com )

]]>

How Is Bitcoin Taxed? The IRS Doesn't Know

Catherine Hollander, National Journal — Mon, 27 Jan 2014 10:32:31 -0500

How do you tax bitcoins? Apparently, not even the IRS knows.

Internet forums like Reddit and bitcointalk.org are exploding with questions about how users of the increasingly popular virtual currency should fill out their tax forms this year.

"Some of us have sold some for fiat [money]. Some of us want to pay taxes on that but don't know how," wrote one user.

"If they want us to pay our taxes they should tell us how so I can get an accountant!" said another.

The Taxpayer Advocate Service, which is an independent office within the IRS, pointed to those types of Internet comments and the advice they garnered from purported experts in a 2013 report to Congress. "Some of this speculation is incorrect, incomplete, or misleading," the report said. "It is the government's responsibility to inform taxpayers about the rules they are required to follow."

The heart of the issue is whether the IRS will view bitcoins as a currency or a commodity.

But the government remains mum: "The IRS is aware of the potential tax-compliance risks posed by virtual currencies," the agency said in an emailed statement. "The IRS continues to study virtual currencies and intends to provide some guidance on the tax consequences of virtual-currency transactions."

They'd better study quickly. Bitcoin usage increased by more than 75 percent between July and December 2013 as the market value of bitcoins in circulation climbed to $12.6 billion from $1.1 billion. The climbing price has attracted investors and led businesses in the United States, including online discount retailer Overstock.com, to say they will accept the digital payment.

Bitcoin supporters don't understand why the IRS is waiting to weigh in. "It shouldn't be as magical as they're making it," said Daniel Morris, senior partner at Morris + D'Angelo, a Silicon Valley-based CPA firm. He said bitcoins should be treated like any other nondollar denominated transaction in tax filings.

For now, so long as bitcoin users make some attempt to pay the government what they think they owe, they probably—maybe—won't get in trouble.

"If you made a best effort, added and documented your process, that if the IRS were to question it, it most likely would be allowable," said Janet Lee Krochman, a CPA in Southern California who bought her 21- and 22-year-old sons a bitcoin each for Christmas this year to familiarize them with the world of investing.

She said she will recommend that they report any gains as capital on their tax returns.

This article appears in the January 27, 2014, edition of NJ Daily.

]]>

Is it Illegal to Impersonate the Boston Marathon Bombing Suspects (or Anyone Else) on Twitter?

Catherine Hollander, National Journal — Fri, 19 Apr 2013 17:02:43 -0400

After video of the Boston Marathon bombing suspects was released, journalists and citizen-sleuths turned to social media to find their digital footprint. They were greeted with a wealth of information. Not all of it was true.

By mid-day Friday, there were a number of Twitter accounts registered under the name of one of the suspects, Dzhokar Tsarnaev, who remained at large. Some featured photos released by the Federal Bureau of Investigation as the account’s profile picture.

News outlets including Quartz (which, like National Journal, is part of Atlantic Media) and Slate did some sleuthing and reported that one account that was receiving a lot of attention was a fake; later, ABC News reported that a different account belonged to Tsarnaev.

It’s not yet clear what Tsarnaev’s social media presence has been. But it seems implausible that he owns all of the accounts now registered in his name. Some must be impersonations (at least one is explicitly so). But can the people who created those fake accounts get in trouble?

Depends on what they say.

The clearest-cut example of a person who could face legal trouble for their Tsarnaev account is the person with the account by the name of @Dzhokar_A that features a widely-distributed photo of Tsaernaev. The owner of this account tweeted at the Boston Police’s official Twitter feed: “I will kill you all as you killed my brother.” The real Tsarnaev’s brother was killed in a firefight with police early Friday morning. Making threats against the lives of police officers is a crime, whether online or off.

But not all of the accounts under Tsarnaev’s name are making threats. Other Tweets ranged from, “am I famous yet ?” (@Dzhokharr) to “#ImSoTiredOf hearing people butcher my name. Come on everyone, sound it out!” (@dzhokartsarnae). The legal implications of those tweets are less clear. In 2012, the Supreme Court ruled that lying about military honors is not a crime. Is lying about being someone else not always a crime?

Part of it depends where you are, although due to the vast scope of the internet, it’s not clear whether whoever is behind the accounts would be subject to state or federal law or both. Twitter accounts that are less oriented toward parody and more toward impersonation could be prosecuted under federal laws criminalizing false information and threats, or hoaxes. Trying to get a laugh out of your roomate is different than trying to persuade investors to snap up a stock.

And several states have laws prohibiting online impersonation. Although they vary, generally, to be a crime, impersonation must be committed with the intention of gaining a benefit, such as money, or defrauding someone. In California, for example, “Any person who knowingly and without consent credibly impersonates another actual person through or on an Internet Web site or by other electronic means for purposes of harming, intimidating, threatening, or defrauding another person is guilty of a public offense punishable pursuant to subdivision (d).” In Massachusetts, the goal must be “to obtain or to attempt to obtain money, credit, goods, services, anything of value.”

No wonder, Poynter, a journalism website, warned reporters not to be hoodwinked by fake accounts as they raced to provide information about the now-named suspects. If false information posted on Twitter distracts the police from their work, it could be conceivably be considered an obstruction of the investigation.

Even if, say, a district attorney wanted to prosecute a Twitter faker they would "have to literally put the person in the place at the time of the criminal activity. Just because something happened or something appears to be from someone’s account doesn’t mean the person whose account it’s from actually created the content,” said Bradley Shear, a social media law expert.

Twitter, for what it’s worth, has its own impersonation policy. “Impersonation is a violation of the Twitter Rules. Twitter accounts portraying another person in a confusing or deceptive manner may be permanently suspended under the Twitter Impersonation Policy,” the social-media site says. However, “Twitter users are allowed to create parody, commentary, or fan accounts (including role-playing)… In order to avoid impersonation, an account's profile information should make it clear that the creator of the account is not actually the same person or entity as the subject of the parody/commentary.” But of course clearly labeling something a joke--say, FakeJenniferLawrence--isn't that funny. So fake sites are going to keep popping up.

(Image via Flickr user eldh)

]]>

Crowdsourcing the Boston Marathon Bomber

Catherine Hollander, National Journal — Wed, 17 Apr 2013 17:29:10 -0400

What does it take to catch the Boston Marathon bomber?

A number of news outlets have reported that a suspect has been identified in Monday's Boston Marathon bombing and they say the break came in the form of department store surveillance footage, assisted by a Boston television station, according to CNN.

It doesn’t, at this point, seem to be the work of the crowd, which, through user-generated sites like Reddit and 4chan, analyzed hundreds of photos in the aftermath of Monday's bombing and traded theories about who within them appeared suspicious, based on the backpacks they are wearing, the direction they are facing, or just a more general feeling ("I just feel like if you had to pick one person who really stands out of all pictures taken, this guy takes the cake and it's not even close," said one user).

Users were partly answering a call put out by the FBI special agent in charge of the investigation, Richard DesLauriers. DesLauriers asked the public to alert the FBI to any individuals who expressed a desire to target a marathon or were interested in researching how to create an explosive device; if they saw someone carrying a heavy, dark bag around the time of the blasts; and if they heard explosions (possible test runs) in remote areas before Monday. "Cooperation from the community will play a crucial role in this investigation," he said.

Asking the public for help identifying the country's most dangerous criminals is not a new practice. In 1950, the FBI launched its Ten Most Wanted Fugitives list in conjunction with the media. According to the agency, 154 of the 498 fugitives on the list since its inception have been located “as a direct result of citizen cooperation.” America’s Most Wanted, a television program featuring criminals on the run, has assisted in 1,149 captures since it began in 1988, host and producer John Walsh told The New York Times in 2011.

The difference with the Reddit and 4chan crowd-sourcing is that the flow of information is not limited to the individual with information and the feds who receive the tip. Speculation is now published widely, for all to see—a dangerous idea, writes The Atlantic's Alexis Madrigal. "They are not real cops. They are well-meaning people who have not considered the moral weight of what they're doing," he said. "This is vigilantism, and it's only the illusion that what we do online is not as significant as what we do offline that allows this to go on."

Reddit users discussed this problem. “I didn't create this subreddit to post any personal information, and we in no way condone any vigilante justice. If any personal information is posted that can identify someone it will be immediately deleted,” wrote user oops777, who is identified as a moderator of the findbostonbombers subreddit.

“The worst-case scenario here is that we waste our time, the best is that we send something to the FBI that they missed. If somebody looks suspicious, it's sent to the FBI, we don't try to find anything out other than their movements,” oops777 said.

Speculation on the website centered on a number of men seen carrying backpacks near the site of the explosion. The users conduct their own analysis of the photos. “We need someone with a backpack and dumbells [sic] (ranging 20-50 lbs) and try to replicate blue robe guy's stance," one user said. ("Blue robe guy," a middle-aged man wearing a blue jacket and photographed with a backpack dangling off his forearm, has a whole thread dedicated to him). Some said it was suspicious that the bag was slung over his forearm, rather than on his back. Others pointed out that is common in crowds, to prevent pickpocketing.

"Who knows really," writes user thugl1fe.

]]>

Super Bowl blackout could energize a debate on power grid

Catherine Hollander and Niraj Chokshi, National Journal — Tue, 05 Feb 2013 08:57:20 -0500

Questions remain over what caused the half-hour power outage during Sunday’s Super Bowl in New Orleans. What is clear is that advocates of improving the nation’s energy infrastructure see it as a metaphor.

“I think any of you who watched the Super Bowl last night know that energy is not only good, it's necessary. And whether it's keeping the lights on so that we can enjoy the game or whether it's keeping the lights on so that we can work, this is — this is essential to who we are as a prosperous nation,” Sen. Lisa Murkowski, the ranking member on the Senate Energy and Natural Resources Committee, said at a press conference to unveil an energy proposal on Monday.

If there's a silver lining to be found to the partial blackout, it's this: the way the stadium's electrical system worked, at least according to an early official statement, shows how improvements to energy infrastructure can contain damage.

“Power outages cost our country over $70 billion a year,” said Richard Caperton, an energy expert at the Center for American Progress. “Anything that draws attention to that problem and helps motivate people to deal with it is helpful.”

Minutes into the second half of the game, an electrical-load monitor sensed an “abnormality in the system," according to a joint statement from the management company of the Mercedes-Benz Superdome and the stadium’s energy supplier. The monitor then opened a breaker, cutting power to part of the Superdome "in order to isolate the issue.” That kind of fast response is a sign of things to come if and when the nation upgrades its energy infrastructure.

“I mean, in the past, there haven't been that many sensors out there, there haven't been that many ways to redirect things and control things and there also haven't been that many different resources, so if one power plant were to run into a problem, that was a major problem,” said Dan Delurey, the president of the Demand Response and Smart Grid Coalition, a trade association for providers of smart grid technologies.

The game, which drew an average of 108.4 million viewers, was another in a series of high-profile power outages during the last year. During Hurricane Sandy in late October, thousands up and down the Eastern Seaboard (and beyond) lost power for periods stretching from days to weeks. Lawmakers in Washington, D.C., found themselves hamstrung during this summer’s fast-moving “derecho” storm, which knocked out power throughout the Washington region.

The American Society of Civil Engineers gave the country’s energy infrastructure a D+ in an infrastructure report card released in 2009. The U.S. “quality of electricity supply” is ranked 33rd globally by the World Economic Forum’s 2012-2013 Global Competitiveness Report. Proponents say improvements to the nation’s infrastructure will create jobs.

Last year, President Obama called for repairing the nation’s infrastructure in his State of the Union address. “Building this new energy future should be just one part of a broader agenda to repair America’s infrastructure. So much of America needs to be rebuilt,” he said. The president’s next State of the Union address, set for Feb. 12, will set the agenda for the next four years. Obama's a big football fan; perhaps the Super Bowl outage will spur him to take renewed action on infrastructure.

]]>

New report shows sweeping cyber-spying

Catherine Hollander — Wed, 03 Aug 2011 00:00:00 -0400

A new report reveals that over 70 corporations and government organizations, including the Associated Press, United Nations secretariat, and International Olympic Committee, were hacked over the course of many months, the Washington Post reports.

The hacking probably originated in China, according to experts familiar with the analysis carried out by the computer security firm McAfee. McAfee dubbed the intrusions "Operation Shady RAT," an acronym for "remote access tool."

Forty-nine of the 72 compromised organizations were located in the United States, including a lab at the Department of Energy and a dozen defense firms. The intruders were looking for data on sensitive U.S. military systems, and material from satellite communications, electronics, and natural gas companies, among other information, the Post reports.

The emphasis of the target list on Taiwan and Olympic organizations around the time of the 2008 Beijing Games points to China, as has the country's history of hacking, cybersecurity expert James A. Lewis told the Post. He was backed up by another computer expert who wished to remain anonymous out of reluctance to publicly blame the country.

McAfee recently discovered that the hackers made an error in configuring the "command and control" server that controlled malware deployed on their targets' computers. The intruders had accidentally set the server to generate logs of every Internet protocol address the server controlled since 2006, according to The Post.

]]>

Senators seek 'gold standard' in cybersecurity

Catherine Hollander — Fri, 08 Jul 2011 00:00:00 -0400

The United States needs a "gold standard" in cyber-defenses, Sens. Joe Lieberman, I-Conn., Susan Collins, R-Maine., and Tom Carper, D-Del., said in a Washington Post op-ed. The alternative to better cybersecurity measures, they wrote, "could be a digital Pearl Harbor."

The authors, who serve respectively as chairman, ranking member, and member of the Senate Homeland Security and Governmental Affairs Committee, proposed legislation to give the Homeland Security Department statutory authority to work with industry to identify potential risks to the country's critical cyber-infrastructure.

That infrastructure includes power plants, electric grids, and pipelines. After potential trouble spots are identified, owners and operators can propose security measures, which would be reviewed by DHS cybersecurity experts before implementation.

The senators expressed hope that the more secure techniques, implementation, and products would spread to commercial markets. The framework would produce "best practices" that the private sector could, but would not be required to, use as a model, and the federal government's purchasing power would encourage the market to produce more secure products for nongovernment consumers, the senators wrote.

The bill would also give DHS a statutory responsibility to ensure the federal government shares cybersecurity protection responsibilities with the private sector.

"There is no such thing as 100 percent security, on- or offline, but we must strive to strengthen our defenses against those who are constantly working to do us harm," the senators said.

]]>