As stated in the note from the Sunlight Foundation′s Board Chair, as of September 2020 the Sunlight Foundation is no longer active. This site is maintained as a static archive only.

Follow Us

Was the Romney Tax Return Bitcoin Ransom Paid?

by

bitcoin illustrationOn September 4th, an anonymous poster claimed to have obtained copies of presidential candidate Mitt Romney's tax returns. They offered to either immediately release the returns or never release them, at the discretion of whomever first paid them one million dollars in the form of bitcoins (approx. 80,500 bitcoins).

It's safe to say that most people think these blackmailers' claims were a hoax: a clumsy and not-very-believable extortion effort that briefly made headlines and then disappeared. Certainly this is the prevailing opinion around the Sunlight office. But we think the bitcoin phenomenon is fascinating for both technical and social reasons (yes, there are labs staffers who have mined bitcoins). And since today is the day of the ransom, it seems like a good time to consider what, if anything, the release or lack of release could mean.

The Romney campaign has chosen not to release the returns, so it's safe to assume that they don't want the returns released by anyone. The release was scheduled to happen in the absence of a payment, so the poster seems at least slightly biased against the Romney campaign. This seems to imply that the lack of a release means that the ransom was paid (not necessarily by the Romney campaign). Yet having not received a ransom and possibly not actually in possession of the returns, a lack of a release allows our anti-Romney protagonist to cast the shadow of an assumed pay-off over the campaign. Thus a lack of a release doesn't tell us much. Ideally, we could detect whether a payoff happened -- but how?

Bitcoins are bought and sold on exchanges similar to the New York Stock Exchange. Traders advertise offers to buy and sell bitcoins at different prices. The exchange matches compatible orders. The price changes based on the exhaustion of orders at a given price. So can't we watch the exchanges for erratic volume and price fluctuations? Unfortunately it's not that simple. The volume on large exchanges like MtGox could facilitate such an exchange in 3 days and they could facilitate it without a detectable change in price or volume over the 24 days since the ransom announcement. Furthermore, bitcoin purchases don't require an exchange. Just as you can buy and sell stocks privately, bitcoin purchases can be conducted privately. Finally, we have to consider the possibility that the ransom-payer could have already had enough bit coins to satisfy the ransom. We'll have to look elsewhere for the evidence.

Unlike the banking system, the bitcoin protocol has no central authorities keeping track of how many bitcoins each participant has. Each participant has only the bitcoins the other parties can prove he has. This conservative approach is required to prevent double-spending of bitcoins. In order to achieve this, the bitcoin network relies on something called the block chain. For each transaction on the bitcoin network, the recipient asks other participants to verify the transaction by completing a zero-knowledge proof and then recording it in a cryptographically tamper-evident manner. For each transaction there needs to be multiple parties involved (the precise number being a matter of preference). This block chain is a huge database available to all bitcoin participants. If the ransom was paid, it would be forever recorded in the block chain.

There are websites dedicated to letting you watch block chain activity. The largest transactions receive quite a bit of attention. Transferring 80k bitcoins in one transaction would be noticed. Thus, to avoid detection of the transaction in the block chain, the parties would require many transactions spread across many sender and recipient addresses. If the recipient wanted to assemble their new-found funds into fewer addresses, they would have to do so through transactions between those addresses. These transactions would also be recorded.

Therefore, if this ransom has been paid or is eventually paid, the transactions would be recorded -- they're in plain sight for all the world to see. It would require a lot of high-tech detective work to find them, but if a payoff happened, it would have to be there.

Do we think it's worth investigating this? No. The odds of the Romney campaign paying a bagman a million bucks in bitcoins seem only slightly better than the Secretary of State secretly being a reptilian alien. But it's a fun exercise to think about.

Continue reading

The Physics of the Corporate Universe

by

Today we're launching 6° of Corporations, a new micro-site that provides some insight into the complicated area of corporate identity. It may sound trivial, but uniquely identifying a corporate entity is not easy. For federal contracting data (like in USASpending.gov), DUNS numbers are used to (supposedly) uniquely identify a contractor. However, there are problems in not only how DUNS numbers are issued and maintained, but also with the agency's use of DUNS numbers. To help illustrate this, we’ve created a visualization that shows the relationship between company names and company DUNS numbers in USASpending.gov.

Continue reading

CFC (Combined Federal Campaign) Today 59063

Charity Navigator