In case you missed it yesterday, the federal government took its most serious action to date against Bitcoin-related activity when it shut down money transfers between Mt. Gox and payment processing service, Dwolla. Dwolla is one of the few easy ways Americans can buy and sell Bitcoins at Mt. Gox.

On Wednesday, Ars Technica unearthed the search warrant that Homeland Security used to seize a bank account that Mt. Gox used to obtain dollars from Dwolla. The account was registered to Mutum Sigillum LLC, a Delaware subsidiary of Japan-based Mt. Gox.

In an affidavit, a federal agent states that Mt. Gox owner, Mark Karpeles, lied when opening the bank account in 2011. Specifically, Karpeles said “no” to questions asking if he would be engaged in a currency business and money transmissions.

This misrepresentation means Karpeles has apparently violated a law prohibiting unlicensed money transmission businesses. Breaking the law can result in a 5-year prison term and permits the feds, under another statute, to seize property and keep it.

So what does all this mean for Bitcoin aficionados? In short, the investigation is more bad news for Mt. Gox and Karpeles than for the currency itself. The loss of Dwolla as a payment mechanism at Mt. Gox will crimp a popular source of liquidity for speculators but more options are appear poised to come along. These include Coinbase, which recently received $5 million from Fred Wilson’s Union Square Ventures, and OpenCoin which just got backing from Google Ventures.

To hear what all the Bitcoin fuss is about, come join us on Thursday in San Jose for a GigaOM meet-up from 6 to 9 where we’ll be talking with CEO who use it as well as engineers from Facebook and Google about the currency’s perils and possibilities. The event is free (and filling up fast!) thanks to our friends at Ribbit Capital. It includes cocktails too.

Related research and analysis from GigaOM Pro:
Subscriber content. Sign up for a free trial.

• GigaOM Research highs and lows from CES 2013
• How HR can make the case for workforce analytics
• The 2013 task management tools market

Once again, the seizures came with fancy code names — “Project Monday 3″ and “Project Transatlantic” — and were touted by various federal agencies, including the Justice Department and ICE. This year’s event had a continental flavor thanks to the seizure of 31 European domain names, including those ending in .eu, .be, .dk, .fr, .ro and .uk.

The seizure of 132 sites are part of a twice-yearly ritual that the government conducts on Cyber Monday and shortly before the Super Bowl. The idea is to stand up for intellectual property owners and to protect consumers from buying bogus goods.

The law enforcement actions are by and large justified. After all, trademark law forbids selling fake Tiffany jewelry or Nike shoes on the street or in a store. Should the rules be different online?

But while the enforcement goals may be legitimate, some of the government’s tactics are questionable at best. Why, for instance, is this vested under the Department of Homeland Security? Isn’t this agency supposed to be finding Al Qaeda members rather than patrolling the internet for fake Tom Brady jerseys?

Likewise, the government’s authority to grab the domain names may rest on shaky legal ground. As we’ve reported before, the feds are relying on seizure laws intended to confiscate the property of drug dealers — and in some cases are using the seized sites to play copyright propaganda without any apparent legal right to do so.

The feds’ announcement did not identify which websites they seized but the information will come out in coming days.

Related research and analysis from GigaOM Pro:
Subscriber content. Sign up for a free trial.

• GigaOM Research highs and lows from CES 2013
• How HR can make the case for workforce analytics
• The 2013 task management tools market

Just a few months ago, internet companies and the technology community came together to protest two anti-piracy bills (SOPA and PIPA) because they would have breached free-speech protections and other social safeguards in the name of stopping copyright infringement. Now, a new bill called CISPA that just passed in the House of Representatives is getting a lot of negative attention, with some saying it is just as evil as SOPA, and others — including Facebook and Microsoft — supporting the legislation and arguing that it is much more nuanced than either of its predecessors. So which is it?

Formally known as the Cyber Intelligence Sharing and Protection Act, the bill is supposed to be aimed at “cyber-security” threats, and it gives federal authorities and law enforcement fairly broad powers to find and share data about web users, provided they believe the information is necessary to go after cyber-criminals and terrorists who are using technology as a weapon. The bill would amend the National Security Act of 1947, and allow various agencies to compel convince companies like Facebook to provide user data without even a warrant (my colleague Jeff Roberts has a FAQ on the bill here).

The proposed legislation (which is embedded below) passed the House a day earlier than expected after some last-minute amendments, and now goes to the Senate, where it will be discussed along with the Senate’s own version of the legislation, known as the SECURE IT Act. But it is facing some stiff headwinds, since the Obama administration has made it clear that it doesn’t support the bill. And while some tech companies support the legislation, others such as the Electronic Frontier Foundation are fighting hard to stop the bill, and petitions against the law have drawn close to 800,000 signatures.

Opponents say the bill would erase current privacy protections

A group of over 50 university professors, entrepreneurs and information scientists have published an open letter to Congress calling on lawmakers to oppose CISPA because they say the the bill (and its Senate counterpart) would allow companies to hand over the private date of their users to entities like the Department of Homeland Security, and the only requirement is that the information involved must somehow be associated with the vague concept of “cyber-security.”

The bills are drafted to allow entities who participate in relaying or receiving Internet traffic to freely monitor and redistribute those network communications. The bills nullify current legal protections against wiretapping and similar civil liberties violations for that kind of broad data sharing. By encouraging the transfer of users’ private communications to US Federal agencies, and lacking good public accountability or transparency, these “cybersecurity” bills unnecessarily trade our civil liberties for the promise of improved network security.

The open letter accuses the bills of:

• “using vague language to describe network security attacks, threat indicators, and countermeasures,” creating the possibility that innocuous online activities could be construed as cybersecurity threats.
• exempting cybersecurity activities “from existing laws that protect individuals’ privacy and devices, such as the Wiretap Act, the Stored Communications Act, and the Computer Fraud and Abuse Act.”
• giving “sweeping immunity from liability” to companies even if they violate individuals’ privacy, and without evidence of wrongdoing.
• allowing data originally collected through cybersecurity programs “to be used to prosecute unrelated crimes.”

Facebook says it supports the bill, and won’t infringe privacy

At the same time, however, CISPA is supported by a number of tech companies, including Microsoft and Facebook. Facebook’s VP for U.S. public policy Joel Kaplan said in a blog post that the network had no intention of sharing information with government authorities unless there was actual evidence of cybersecurity issues, and merely wanted to be able to find out about potential wrongdoing. But that wasn’t good enough for the EFF: the agency said that

Internet users don’t want promises from companies not to intercept our private communications and share that data with one another and the government. We want strong laws that make such egregious privacy violations illegal, that require the government to follow legal process (judicial oversight in most case), and that allow us or the government to sue persons who break the law.

My colleague Derrick Harris has pointed out that CISPA is better in many ways than SOPA, and that the web and various interest groups run the risk of developing a knee-jerk response to almost any legislation that involves the internet. And it’s true that CISPA doesn’t compel companies to do anything that would breach the privacy rights of their users, the way that SOPA arguably did — but for many critics, there is still too much potential for information to be shared in ways that would infringe on those rights.

Jared Polis, a Democratic representative from Colorado, said during the debate over CISPA that it would “waive every single privacy law ever enacted in the name of cybersecurity,” and that “allowing the military and NSA to spy on Americans on American soil goes against every principle this country was founded on.” The American Civil Liberties Union says points out that “CISPA gives companies the authority to share [private and sensitive] information with the National Security Agency or other elements of the Department of Defense, who could keep it forever.”

Amendments have broadened the bill’s powers even further

Not only that, but Techdirt says that CISPA was amended just before it was passed in order to expand the powers it gives the authorities to use information: before the changes, it allowed the government to use information for “cybersecurity” or “national security” purposes. The amendments added three more criteria that would allow data sharing — namely investigation and prosecution of cybersecurity crime, protection of individuals, and protection of children:

Basically this means CISPA can no longer be called a cybersecurity bill at all. The government would be able to search information it collects under CISPA for the purposes of investigating American citizens with complete immunity from all privacy protections as long as they can claim someone committed a “cybersecurity crime”. Basically it says the 4th Amendment does not apply online, at all. Moreover, the government could do whatever it wants with the data as long as it can claim that someone was in danger of bodily harm, or that children were somehow threatened—again, notwithstanding absolutely any other law that would normally limit the government’s power.

Trevor Timm at Foreign Policy magazine says that CISPA allows companies to hand over user information to the government without a warrant or any kind of oversight, which effectively over-rules or does an end-run around laws like the Wiretap Act of 1968 and the 1968 Electronic Communications Privacy Act, which restrict what companies can do to very specific circumstances, and require judicial review. CISPA, he says, runs the risk of applying similar kinds of surveillance against American citizens that the Obama administration criticizes in other countries:

According to the bill’s main author, Rep. Mike Rogers (R-Mich.), CISPA’s main purpose is to allow companies and the government to share information to prevent and defend against cyberattacks. But the bill’s language is written so broadly that it carves out a giant cybersecurity loophole in all existing privacy laws.

So is CISPA as bad as SOPA? Probably not, in the sense that SOPA required ISPs and other companies to engage in all kinds of activity that infringed on free speech and subjected even innocent users to potential seizure of their websites, etc. But the risk when designing a bill that hinges on a concept as vague as “cyber-security” is that it allows companies and government agencies fairly wide latitude to accumulate whatever information they wish — and allows them to do so without even a warrant or a judge’s order. Companies like Facebook may promise that they would never do this unless it is really important, but how can we know that for sure?

HRPT-112-HR3523HR4628

Post and thumbnail images courtesy of Flickr users Darya Sipyeykina and Bloomsberries

Related research and analysis from GigaOM Pro:
Subscriber content. Sign up for a free trial.

• 12 tech leaders’ resolutions for 2012
• Q4 Wrap-up: SOPA and the future of digital content
• How consumer media will change in 2013

Prosecutors timed the seizures to coincide with a major marketing event, Superbowl XLVI. Similar enforcement actions occurred before last year’s Superbowl and before cyber-Monday last November when the feds bagged 150 illicit sites.

Today’s haul included streaming sites with names like sports95.com and firstrowtv.com. Prosecutors are also charging 28-year-old Michigan man Yonjo Quiroa with criminal copyright for operating the sites from his house.

Meanwhile, Reuters (NYSE: TRI) reports that New England quarterback Tom Brady admitted he used an unauthorized stream to watch last year’s Super Bowl while he was in Costa Rica nursing a sore foot.

The theatrics of the enforcement action resembled previous ones. As on other occasions, today’s news featured a swarm of federal agencies, led by Homeland Security, who displayed fake merchandise and gave triumphant statements.

The website seizures are based on a legal process created in the 1970′s to let federal agents confiscate the property of drug dealers. Once seized, the sites display federal law enforcement badges.

After a number of months, the names are forfeited and become the property of the federal government. The government, in a tactic of dubious legality, has also been using some of the forfeited sites to display anti-piracy messages from Hollywood.

Las Vegas odds makers are favoring the New England Patriots to win the big game by three points over the New York Giants.

Related research and analysis from GigaOM Pro:
Subscriber content. Sign up for a free trial.

• How social discovery is transforming entertainment
• Controversy, courtrooms and the cloud in Q1
• No third act likely in Viacom vs. YouTube drama

The FBI and Homeland Security announced the latest seizures in exultant press releases lauding the eighth phase of the “Operation In Our Sites” campaign under which the federal government is seizing the names of websites that sell counterfeit merchandise. Today’s haul included discount-louisvuitton-handbag.com and googlenfljerseys.com.

There is another odd phenomenon that is coinciding with these seizures which typically take place near events like cyber-Monday or the Superbowl. Namely, some of the seized websites are no longer just displaying a US law enforcement badge but are instead redirecting users to YouTube (NSDQ: GOOG) to watch a “public service announcement” about the effects of DVD piracy on the film industry.

This is strange for a couple of reasons. First, many of the sites have nothing to do with films but instead have names like massnike.com and mygolfwholesale.com — how exactly did federal agents come to favor the movie industry over the makers of footwear or golf apparel? (The films can be found on those two sites and others seized in last year’s raid; the films start playing after approximately 10 seconds).

Second, and more importantly, it is not clear if the federal government has the authority to use the seized property this way in the first place. To get a sense of what is taking place, it is helpful to know that the feds are relying on the civil forfeiture provisions of the U.S. Code. Those provisions in turn say that the procedure for seizing property are the same as those set out in a 1970 federal drug law. Significantly, the drug law sets out specific measures about what the U.S. government can do with the property it seizes.

Legal eagles can have fun reviewing the following provisions but the long and short of it is that it appears that the feds are supposed to sell or destroy the material they seize:

(h) Disposition of property
Following the seizure of property ordered forfeited under this section, the Attorney General shall direct the disposition of the property by sale or any other commercially feasible means

[...]

(i) Authority of the Attorney General
With respect to property ordered forfeited under this section, the Attorney General is authorized to

(1) grant petitions for mitigation or remission of forfeiture, restore forfeited property to victims of a violation of this subchapter, or take any other action to protect the rights of innocent persons which is in the interest of justice and which is not inconsistent with the provisions of this section;
(2) compromise claims arising under this section;
(3) award compensation to persons providing information resulting in a forfeiture under this section;
(4) direct the disposition by the United States, in accordance with the provisions of section 881 (e) of this title, of all property ordered forfeited under this section by public sale or any other commercially feasible means,

These provisions mean it is hard to figure out the legal basis for what Homeland Security is now doing with the seized websites. The law seems to demand that the federal government sell or dispose of the domain names — not commandeer them for a public relations campaign. What the agency is doing would be akin to the FBI seizing a cocaine baron’s Lamborghini and then keeping it for a drug awareness project.

The website seizures are already receiving scrutiny from groups like the Electronic Frontier Foundation which has raised First Amendment concerns and compared the practice to wiping a place off the map. The public service announcements, which were first noted by Wired TechDirt, seem to raise even more concerns.

The fed’s cyber-Monday campaign also coincides with similar large scale seizures by private actors like Chanel which recently nuked another 200 websites through a civil lawsuit. Venkat Balasubramani, who reported the story on Eric Goldman’s blog, has noted that the legal authority for these seizures is also shaky and that, at this rate, brand owners may not even need controversial SOPA legislation to take down piracy sites.

[UPDATE: Thanks to Mike Masnick of TechDirt for sharing that the Homeland Security video is actually the property of NBC (NSDQ: CMCSA) and was initially made for a New York City anti-piracy campaign. Ironically, the feds may not have paid to license the video. See Mike's excellent reporting here.]

Related research and analysis from GigaOM Pro:
Subscriber content. Sign up for a free trial.

• How social discovery is transforming entertainment
• Controversy, courtrooms and the cloud in Q1
• No third act likely in Viacom vs. YouTube drama