[setgree]

My theory is that Binance execs were having these chats in an encrypted medium (e.g. WA or Signal) but didn't secure themselves against a defector.

I think someone on the inside took screenshots and went to the feds (or started cooperating under legal pressure). There's even a leading candidate [0].

What's funny about this is it's a fine metaphor for what ails crypto as a whole. The technology is cryptographically secure, but not at all robust to much simpler betrayals, hacks, etc. If you trust overmuch in the tech and don't focus on less technically interesting but more fundamental threats, you're apt to get rekt.

[0]https://decrypt.co/124999/ex-binance-us-ceo-catherine-coley-...

[PheonixPharts]

> but didn't secure themselves against a defector

Still a surprisingly amateur move. Once worked for the Federal Government where literally everything you write is potentially subject to a FOIA request. The message all new hires were told was, very clearly: "Never put anything into writing you wouldn't be happy to be see published on the front page of the Washington Post"

Anything that was even vaguely close to failing this test was handled exclusively by a private phone call or, preferably, in person conversation.

And this was for an org that was doing nothing sneaky or underhanded in the slightest. Still if something could be misunderstood in a negative way, don't put it in text.

I'm still surprised when I see coworkers say things in slack, which is clearly able to be monitors by admins, that don't pass this test. Far more surprised when people knowingly engage in criminal activity and keep any kind of unnecessary record.

[notahacker]

Not writing down anything youd be upset another person read is a pretty standard instruction for people doing interactions with ordinary business clients anywhere that data protection legislation theoretically allows them to make a statutory request the company send records you hold about them (Probably other jurisdictions too, if their lawsuits have a discovery process)

And that's "dear junior sales team members, please don't put your opinion of the client in writing, in the unlikely event they ask for a data dump they might be a bit miffed", not "dear compliance chief, please don't write confessions to breaking laws our lawyers might be able to argue we attempted to comply with when we inevitably have to defend ourselves in court..."

[JumpCrisscross]

> that's "dear junior sales team members, please don't put your opinion of the client in writing, in the unlikely event they ask for a data dump they might be a bit miffed"

One of my first moves running a trading team is reducing or eliminating internal chat. I don’t think I’ve gone a week without at least one client receiving an inappropriate nickname. It’s harmless. But it’s not something you want showing up in discovery or a regulatory inquiry.

[kasey_junk]

I was _shocked_ when I moved from finance to tech and chat retentions (if they weren’t infinite) were set in months.

I was used to low single digit days retention. I still think that’s a good policy even without compliance issues. Keeping chat from becoming a de facto document management system.

[dogmayor]

So true. Been on both sides of this coin. Lawyers, judges, jurors will jump on any language that gives the slightest impression of bad acting.

[ABeeSea]

I’ve heard this referred to as the “green eggs and ham test” for written communication. [0]

>Would you like this in the press?

>Would you like this at Brand X?

>Like to read it on the stand?

>Like it in the government's hand?

[0]: https://www.legalethicsforum.com/blog/2006/12/over_at_white_...

[wombatpm]

Do you want it to be your word against your employer?

Will you employer visit you in jail?

Will they pony up and pay your bail?

[dragonwriter]

> The message all new hires were told was, very clearly: "Never put anything into writing you wouldn't be happy to be see published on the front page of the Washington Post"

> And this was for an org that was doing nothing sneaky or underhanded in the slightest

I disagree. That culture is one of routinely doing sneaky and underhanded things.

If it wasn’t, the rule would be “don’t do anything you wouldn't be happy to be see published on the front page of the Washington Post.”

(Outside of things that are legally cobfidential, but those are generally protected from FOIA even if in writing.)

If you are actively preventing evidence of your actions from being created, that is itself evidence of consciousness of wrongdoing.

[refurb]

Disagree.

Plenty of examples of companies that did nothing wrong, but some written comment, by some employee is enough to convince a jury that "something probably happened".

I remember one pharmaceutical company was on trial for a drug that was suspected to have a bad side effect (later analysis show it didn't). They had done nothing wrong, all data was provided to the FDA, they diligently collected post-marking data, shared with the FDA, etc.

A civil suit was brought and during discovery they found a comment that said "maybe our dose was too high?". The person who made the comment had nothing to do with the trials, didn't have the skills to interpret the data, didn't even have a medical background.

Once that was found? Boom, the company settled because that was enough to convince a jury that "they probably knew it was wrong".

It's very easy to put something in writing now that has no impact, but in a few years time is a smoking gun. It doesn't matter if you testify that around the circumstances when you wrote it ("oh, I didn't mean that"), the jury won't believe you, the prosecution will just flash that one sentence up and say "see, it obvious the company was hiding the problem".

[idopmstuff]

There are plenty of cases where you wouldn't want something perfectly reasonable to be published in the Post. The key is context - some things are complicated and require background and relevant information; if taken without that context, they'll seem bad.

Seeing as we live in a world in which people in the other political party are highly motivated to take whatever they can of their opponents (and their opponents' appointees, etc.) and make them sound bad, it's understandable that folks would be cautious of what they write down. If someone emails you a question whose answer is potentially politically sensitive, you might not want to provide a brief answer to that email that you know could be misconstrued. That isn't "evidence of consciousness of wrongdoing" - it's just understanding the reality of politics.

[legaljeopardy]

> There are plenty of cases where you wouldn't want something perfectly reasonable to be published in the Post. The key is context - some things are complicated and require background and relevant information; if taken without that context, they'll seem bad.

I agree with GP. It is a shadowy culture. The Washington Post bit is the clue when you walk in. You are working for the United States government. It is not the Washington Post you should care about, it is the Justice Department and the legal system.

If you say that politics trumps laws then you are implying extra-legal forces dominate legal forces in our system. One way such hidden power centers are created is via shadowy bureaucracies. For example, FBI should write down everything they discuss and decide. We should be able to shine a light into any government institution in our land. If everything is legally done, there is nothing to be worried about, Washington Post be damned.

[emodendroket]

> If you say that politics trumps laws then you are implying extra-legal forces dominate legal forces in our system.

OK. I guess they do because it’s common for people to get fired or programs to be killed for completely political reasons.

[Rebelgecko]

Hard disagree- the appearance of wrongdoing can be nearly as harmful for the accused and cause as much trouble as actual wrongdoing. Both should be avoided.

[wombatpm]

Another Hard Disagree. I put everything thing in writing. If it’s not written down it didn’t happen.

Want access to prod? Sure give me a ticket. I don’t trust any place that doesn’t want things written down.

And the example of a drug trial comment being taken out of context? If it looks bad in a few years maybe it should also look bad now? And maybe steps should be taken to make it better now.

Writing things down, keeping copies of emails is the only way to hold management accountable.

[tsimionescu]

In my country, there were some major anti-government protests a few years ago that pro-government media claimed were paid for by Sorosz and other such figures. My colleagues and I attended these protests and often talked about them. We also often joked about these claims by asking each other if the checks had arrived, how much they had made last night etc.

Of course, if our internal chats were subject to [the local equivalent of] FOIA requests, this would have been incredibly risky, since without the context of how much we laughed about them, the texts themselves would have looked like smoking guns. Government media would have had a field day.

This is the benign sort of thing you want to avoid putting in writing if your writing can be audited by motivated outside parties.

[nl]

> Want access to prod? Sure give me a ticket. I don’t trust any place that doesn’t want things written down.

And this is a great example of the difference between an operational role that runs on tickets and management responsibilities.

Management is all about trade-offs and compromises. By their very nature trade-offs can almost always be presented as a bad thing.

[speakfreely]

> Want access to prod? Sure give me a ticket. I don’t trust any place that doesn’t want things written down.

Being a sysadmin is very different than being part of the executive team that develops strategy.

[emodendroket]

Might there be a difference between an access request and an extemporaneous conversation?

[dragonwriter]

You seem to be providing a reason (CYA) for being sneaky and underhanded, not arguing against it being sneaky and underhanded.

[emodendroket]

This is basically the “if you have nothing to hide, what’s the problem if the police can read all your correspondence?” argument applied to an organization.

[dragonwriter]

Sure, if you view government agencies as equivalent to individual citizens and the public as equivalent to the police.

But some people view that the government is properly subordinate to the citizenry and not vice versa, such that inverting the government and public roles materially changes the scenario.

[genmud]

> If you are actively preventing evidence of your actions from being created, that is itself evidence of consciousness of wrongdoing.

Government people are humans too, not just nameless bureaucrats. Imagine working somewhere that you would never be able to make a joke, speculate on a topic, ask a question, because it could be taken out of context due to everything being documented/written down.

It is fine to desire that, but realize that there needs to be a significant pay increase and/or a significant realignment of expectations, since nobody would want to independently take responsibility or action on anything. I have worked in a culture like that and let me tell you, it was extremely difficult to have every move under a microscope 24/7 and I would never do it again.

[dragonwriter]

> Government people are humans too

Yeah, I’ve worked in government for more than twenty years.

> Imagine working somewhere that you would never be able to make a joke, speculate on a topic, ask a question, because it could be taken out of context due to everything being documented/written down.

Everything being written down makes things being taken out of contexr less of a risk. People with the attitude “don’t write things down if you don’t want to see it in the Washington Post” are, in my experience, without exception concerned primarily about things that would be problematic taken in context.

> It is fine to desire that, but realize that there needs to be a significant pay increase and/or a significant realignment of expectations, since nobody would want to independently take responsibility or action on anything

The attitude at issue is one of avoiding, not taking responsibility. People with it are the people who refuse to take responsibility even if they enjoy exercising authority.

But, yes, you need to pay people in government significantly more, no argument there.

[emodendroket]

Seems like naive reasoning in a world where such messages can easily be taken out of context. Imagine a lawsuit about a car malfunction leading to death and someone digs up some source code with a kill_child_process method. What does it matter whether that was relevant at all to the case at hand? It looks bad anyway. Anyway, such policies are similarly common in the corporate world.

[wpietri]

> I'm still surprised when I see coworkers say things in slack

I was recently talking with a friend who recently left government. They mentioned that they has a special slack emoji, "JK FOIA", so they could clearly mark things as "just kidding" to future FOIA readers.

[WeylandYutani]

In person conversation doesn't work because Zhao doesn't want to enter the US.

[krageon]

> And this was for an org that was doing nothing sneaky or underhanded in the slightest

If public scrutiny is such an issue, it is absolutely doing sneaky and underhanded things. Perhaps you have not seen them, that could be true.

[theGnuMe]

Right but in court the failure to keep adequate records may mean that the judge may rule that the absence of records is evidence of guilt. I think Google is facing this issue specifically.

[civilitty]

How does one FOIA request for the written communications of government officials like that? Asking for a friend

[PheonixPharts]

The government has done a pretty good job of making the process very easy: https://www.foia.gov/

But, just like with ChatGPT, you'll likely have to do a bit of "prompt engineering" to get a specific document. "Give me all the stuff you guys got on UFOS1!!" will likely be less fruitful then "I am requesting the email correspondence between X and Y related to the documented observation of an atmospheric event occurring on ..."

In my experience these requests are taken quite seriously.

[civilitty]

How broad can the request get? Can I ask for any communications that are related to a decision made or drafting of something that goes into the CFR?

How much should I expect to pay for these requests, especially while figuring out the prompt engineering?

[sbierwagen]

https://www.foia.gov/faq.html

>For a typical requester the agency can charge for the time it takes to search for records and for duplication of those records. There is usually no charge for the first two hours of search time or for the first 100 pages of duplication.

>You may always include in your request letter a specific statement limiting the amount that you are willing to pay in fees. If an agency estimates that the total fees for processing your request will exceed $25, it will notify you in writing of the estimate and offer you an opportunity to narrow your request in order to reduce the fees. If you agree to pay fees for a records search, you may be required to pay such fees even if the search does not locate any releasable records.

For requests that the receiving agency doesn't like, they will either ask for a lot of money or just sit on the request for years/decades: https://nsarchive.gwu.edu/foia-audit/foia/2019-03-08/25-year...

[cavanasm]

The cost of the request is often based on how many man hours it will take to fulfill. Different agencies have different rates / different capabilities for performing the document search itself. Some agencies may also reflexively deny requests, which would require a lawyer to sue them to get resolution if you believe the denial doesn't legitimately meet legal exception requirements.

[dragonwriter]

> Can I ask for any communications that are related to a decision made or drafting of something that goes into the CFR?

The broader the request, the more expensive it is and the lower the likely signal-to-noise ratio of the response is.

Also, on your specific example, there is a broad exemption to FOIA for internal deliberative process-related opinions, conclusions, and recommendations, etc.

[mrguyorama]

The "API" so to speak is the relevant laws in your jurisdiction. You may be looking for a lawyer

[scheme271]

There's about 9 exemptions that can be used to exclude information from a FOIA request ( https://www.faa.gov/foia/media/exemptions.pdf ). Primarily things regarding law enforcement, national security and privacy although there is one for wells and geological info.

[mytailorisrich]

The main purpose of not to put things in writing and instead to discuss face to face has always been not to create incriminating evidence rather than avoiding and "unsecured channel".

When you're using Signal or WhatsApp or whatever you're still putting things in writing to someone else and the risk, as we see again and again, is that this is leaked by the receipient(s). Plus ça change...

This is almost the raison-d'être of posh private members clubs.

[nl]

I think "defector" is the wrong terminology here, since it's likely that most - if not all - the US based execs who weren't charged handed over these chats to the SEC.

It is noteworthy how often this happens. Many of the people found guilty of sedition after the DC riot had the same thing happen when the majority (or a large minority) of people in their encrypted chat groups handed over them over to the FBI.

Is there an E2E encrypted chat app that does disappearing messages and doesn't cache them on the client?

[rodgerd]

Work from home is great for preventing financial crimes because the criminals know not to write things down; the people who want you back in the office are the crooks: https://onlinelibrary.wiley.com/doi/full/10.1111/eufm.12426

On edit: another example of the crypto world re-learning the rules of finance.

[Dalewyn]

>The technology is cryptographically secure, but not at all robust to much simpler betrayals, hacks, etc. If you trust overmuch in the tech and don't focus on less technically interesting but more fundamental threats, you're apt to get rekt.

Isn't this the case with anything to do with cryptography, encryption, and digital security overall?

Because let's face it: Who seriously cares if your password is cryptographically hashed with 40960-bit SHA-9001 encryption transmitted over TLS8.11 For Workgroups?

Just call up the call center and convince the scriptmonkey you really are John Dickus the Fifth and get them to reset the password for you. Easy. Done. No quantum computer required to crack the code.

[EGreg]

Also gun laws and drug laws. Trivial to get around. So what's the point of having them?

[TheDudeMan]

> "a fine metaphor for what ails crypto as a whole. The technology is cryptographically secure, but not at all robust to much simpler betrayals, hacks, etc."

I think you mean "crypto exchanges". Cryptocurrency itself is not subject to betrayals/hacks, for the most part (depending on how dumb you are at key management). And depending on how badly you selected your cryptocurrency (pro tip: just pick Bitcoin).

[tsimionescu]

Bitcoin is actually a perfect example, since it's impossible to do anything with it except moving it from one account to another without requiring trust of the other party.

[TheDudeMan]

Sending it is kinda the main point of it.

Also, you can mine fresh bitcoin without trusting another party.

[tsimionescu]

Normally, the main point of money is to exchange it for goods. But you can't securely and trustlessly exchange bitcoin for goods, since goods are not on-chain. So all the fancy cryptography is not solving the main problem that it would have been useful to solve.

[TheDudeMan]

You can buy lots of things with bitcoin. Why would the goods need to be on-chain?

[dangerlibrary]

I believe the parent was elaborating on their point here:

> it's impossible to do anything with it except moving it from one account to another without requiring trust of the other party.

Goods may need to be shipped, they could be counterfeit, etc. Bitcoin provides no facility for escrow or refunds - just moving tokens from one wallet to another. So you need to trust your counter party even more than you would with e.g. a credit card in order to transact.

[davidgerard]

A lot of this stuff was also in the CFTC complaint.

I wonder if they snagged a backup of an insider's phone.

[Melting_Harps]

> What's funny about this is it's a fine metaphor for what ails crypto as a whole. The technology is cryptographically secure, but not at all robust to much simpler betrayals, hacks, etc. If you trust overmuch in the tech and don't focus on less technically interesting but more fundamental threats, you're apt to get rekt.

That applies to all things within technology, OPSEC/INFOSEC is the very study of how to mitigate those very leaky channels, which are impossible tasks to accomplish entirely because of Human nature. I recall a post here some time ago that says that most non-leak related hacks are mainly due to social engineering, as that is the most viable way to take down an asset/target.

Honestly, CZ will likely brush this off; the US is being incredibly hostile to all things that threaten the USD; it make sense, and those that thought the USD and BTC could co-exist in the US were disillusion because of things like this.

Even that scrub Armstrong is starting to see why his pursuits to cozy up to the VC crowds and US regulators only prolonged the inevitable wherein this will return to a regulatory nightmare that favours other nations; mainland China under the CCP will continue to ban it (for nth time) in order to stifle the immense amount of capital flight out of China but it will remain legal in Hong Kong with favourable and relaxed regulations. Once again favouring the afflurent and political;ly connected who can incorporate in an absurdly HCL safe-haven like HK and excluding the poors from utilizing financial services that could help them from the exposure to the collapsing banking sector.

And thus proving again that unless its a situation like El Salvador where it becomes a national currency there is nothing to indicate that politicians have the will or ability to actually put clear regulation in place for Capital and innovation to progress in Fintech.

Which would be obvious if you have any semblance of why Cypherpunks and renowned economist like Hayek considered a free-floating, non-state issued currency the most critical thing for a free Society.

National Fiat currencies have a limited life-span, typically 35-40 years, and this always leads to economic turmoil and inevitably war; which always favours nations who can impose their neo-bondage via entities like the IMF and World Bank when the dust settles and then gain access to cheap resources, and Human capital.

Anyhow, I'm not surprised this happened, but it's a nothing-burger that will be good for those DCA there way back into this market (myself included).

[0]: https://cointelegraph.com/news/china-gains-from-strict-us-cr...

[TheDudeMan]

This does not apply to cryptocurrencies (the good ones), but it definitely does apply to cryptocurrency exchanges.

[yieldcrv]

bounty program

[whiskeytuesday]

insert XKCD five dollar wrench comic here

[max_hammer]

https://xkcd.com/538/

[arcticbull]

Ahh yes Coley! So we finally find out where she's been stashed for the last two years.