People make lots of fun and crazy things at hackathons, and they usually don’t attract the attention of law enforcement. But after four MIT students created a bitcoin-mining tool, New Jersey authorities issued a subpoena demanding the source code and a list of websites that could have run it.
Nineteen-year-old Jeremy Rubin and three other MIT students created Tidbit in 2013 during the Node Knockout hackathon, and it won the competition’s innovation award. Rubin is the only person named on the subpoena because he registered Tidbit’s domain name, but presumably the other three people referred to are Oliver Song, Kevin King and Carolyn Zhang, who worked on Tidbit with him during the hackathon.
The New Jersey attorney general says that Rubin and the other students violated the state’s computer crime laws by Tidbit, which was an exploration of alternative revenue streams for websites. Instead of viewing ads, Tidbit would allow users to offer their computer’s processing power to a site for its bitcoin mining. The process of mining bitcoins usually requires absurdly powerful computers and a lot of electricity, but by distributing that load across visitors, a site might be able to actually raise bitcoin funds over time.
The Electronic Frontier Foundation is representing the students in an effort to resist complying with the subpoena. As Wired points out, there are parallels between this situation and Aaron Swartz’s. After being arrested by MIT police, Swartz faced charges for computer fraud and abuse because he downloaded millions of journal articles from the database JSTOR; he later committed suicide.*
Currently no criminal charges have been brought against Rubin or the others, but the subpoena seems to be part of a trend to aggressively use state law in investigating Internet experimentation. EFF attorney Hanni Fakhoury told Wired, “It’s a very broad subpoena that hints at criminal liability and civil liability. … For a bunch of college kids who put something together for a hackathon—they didn’t make any money, the project never got off the ground and now is completely disbanded—there are some very serious implications.”
When the subpoena arrived a few weeks after the hackathon, Rubin and his teammates had simply finished the proof of concept from the hackathon. The tool wasn't even actually functional, though a few people did embed it and unsuccessfully try to use it.
On Monday the EFF argued in court that New Jersey doesn’t have jurisdiction over Rubin and his peers, who built the tool in Massachusetts. The state is arguing that it does because Tibit code showed up on websites that were hosted and run in New Jersey. EFF also suggested that the students receive immunity if they hand over the code, because otherwise they could be incriminating themselves under federal laws.
An EFF spokesperson said that the judge hopes to issue a decision in 30 days. “While the state certainly has a right to investigate consumer fraud, threatening out of state college students with subpoenas isn’t the way to do it,” Fakhoury said.
*Correction, Sept. 25, 2014: This post originally stated that Aaron Swartz faced charges for downloading and sharing millions of journal articles. He downloaded them but did not share them.