Subject: Urgent Inquiry: Ethical and Legal Concerns Regarding Yale's Handling of the EJMR Hack Dear Yale IRB, legal counsel, provost, president, and deans, I am sure you are already aware that 3 professors from your institution, Dr. Paul Goldsmith-Pinkham, Dr. Florian Ederer, and Dr. Kyle Jensen (all cc'd on this email) recently hacked the website "www.econjobrumors.com" and stole millions of IP addresses. For full context,I have written 8 articles about this hack (1, 2, 3, 4, 5, 6, 7, 8). The analogy I use to describe this hack is with a bike lock -- imagine you were walking down the street one day and saw a bike lock protecting a bike, and you tried out several quadrillion combinations on that bike lock using thousands of hours of compute time costing many thousands of dollars in University resources, until you eventually cracked it and rode away with the bike. This hack is especially egregious because there's a reasonable expectation of privacy for users of the site because the ToS for this site stated that IPs were properly encrypted. So if there's a reasonable expectation of privacy, Yale is open to lawsuits. An ethical white-hacker should notify the site owner when they see a cybersecurity vulnerability, not exploit it to steal millions of IPs. These Yale hackers style themselves as "white hat hackers", but in reality they are grey-hat at the very least, and probably even black-hat. A black-hat hacker is a computer hacker who violates laws or typical ethical standards for nefarious purposes, such as cybercrime, cyberwarfare or malice. The owner of EJMR agrees that this is a hack, according to an interview he gave to one mainstream outlet. He used ChatGPT as a neutral arbiter of truth: Asked for comment, EJMR's owner sent an email saying, "you may wish to consider what a neutral actor (ChatGPT) thinks about the study." EJMR's email then includes a question to that artificial intelligence program: "Would reverse engineering partial hash codes of thousands of website users to get their IPs with brute force be considered hacking?" ChatGPT, according to the email, replied "Yes, that activity would certainly be considered hacking, and more specifically, it would be illegal and unethical." Dr. Tyler Cowen, an economics professor at George Mason University, also agrees it was a hack. He wrote two blogposts (here and here) arguing as much. "So — and I do not say this lightly — I believe the authors of the paper under consideration are behaving unethically, and I hope they will retract their work and then destroy it." concludes Cowen. The author's defence of this hack is, as per Goldsmith-Pinkham's tweet, by brute forcing the website, they were only using "math" so they didn't do anything wrong by exploiting it. Goldsmith-Pinkham says as much in a tweet: "There has been a lot of speculation about how we geolocated millions of EJMR posts. The truth is rather mundane—it's just public data and some math." https://x.com/paulgp/status/1681348157567909899?s=20 I would like to counter this "it's just innocent public data and math" argument by using an example of the hacker group known as "Goatse Security" that exposed a flaw in AT&T security in 2010 using the exact same brute-force methodology, which allowed the e-mail addresses of millions iPad users to be revealed. The flaw was part of a publicly-accessible URL, which allowed the group to collect millions of e-mails. The FBI opened an investigation into the incident in 2011 under the Computer Fraud and Abuse Act, and charged the hacker with one count of conspiracy to access a computer without authorization and one count of fraud. The hacker was found guilty and sentenced to 41 months in federal prison. Before his sentencing hearing, the Goatse hacker told reporters, "I'm going to jail for doing arithmetic". As such, I will be giving a 90-minute speech at Stanford University on October 26th about the hack, where I will issue a full-throated call for these 3 Yale professors to be arrested and criminally charged, just like the Goatse hacker was. I will also be calling for lawsuits to be brought against Yale directly. I am writing to you in advance to notify all parties of my call for charges and lawsuits, and to give you a chance to rebut it. Do you have a statement to offer? I still don't understand why the Yale IRB is doing nothing, and in fact it seems like Yale is happily promoting, supporting, and funding this hack. I would be remiss if I did not also point out that Goldsmith-Pinkham has a penchant for hoarding blackmail data -- this is a trend with him. While working on this story, I discovered that in addition to hacking EJMR, he also owns the "EconTwitter" mastodon server, which is where leftist economists fled upon Elon Musk buying Twitter. He pays to operate that server straight from his Yale research funds, which effectively makes any economist who uses Mastoton his research subject, thus opening up Yale's Institutional Review Board to further legal liability. As part of owning that server, he owns the IP address of any economist who has ever posted there. So, he owns the EJMR IPs, and he owns the Mastodon IPs, and by linking them with like 2 simple lines of code, he can see who said what on EJMR, attached directly to their real name. He says that he will never link them, but I do not believe him, and nor should any rational economist who posted on Mastodon. All economists on Mastodon are now at risk. I believe that notifying you of this hack is for your own best interest -- Yale is now open to significant legal liability, and it's worth pointing out that at least one person has publicly indicated that the doxxing threats resulting from the hack have already resulted in sufficient psychological distress to require medical attention. Matt Wimble, cc'd on this email, is an economist with a PhD from Michigan State University. I recently published a statement from Wimble on Substack, which I will re-print here for convenience: "I'm Matt Wimble. I discussed suicide on EJMR. I was included in the study without my approval or knowledge. Florian Ederer, AEA, NBER, Yale IRB, Yale, and all signatories have refused to provide me the human subjects paperwork which I asked for weeks ago. This triggered an episode which landed me in the hospital and broke up my family. I am an Eagle Scout and a good guy. You people [on EJMR], in your weird way, helped me to recover from a tenure denial and subsequent suicide attempt. I count 5 violations of the Nuremberg Code in their "exempt" study. My PhD is from Michigan State. I stand up for suicidal people. Sue me. I live in north Brookline (next to Boston University, where Florian Ederer now works) and offered to meet Ederer to discuss the hack. He is a coward… I'm from Detroit. Not a coward. My email is matt.wimble@gmail.com. I should be out of the hospital in a few days and needed the healing. Zero responses from the authors. I'm moving back to Michigan to be with family, hopefully save my 17 year marriage, and heal my 8yo daughter who has a tremor now. Douchebags. All of them. Excuse my language. I am from Detroit and pissed off. Nice use of my tax dollars, and I bet a few of the authors have national security clearances. This is bad." Why did you not respond to Matt Wimble when he asked you for human subjects paperwork? Once alerted of non-compliance IRB protocol, I believe your institution is now obligated to investigate. Question marks about whether this suicide attempt could easily have been avoided if the Yale IRB followed its own policies for responding to complaints. I know there are many people in Matt's position right now but they are too afraid to speak up. What if the doxxing pushes yet another mentally fragile person to attempt suicide? Is Yale okay with that? It's a serious question. In addition to mentally fragile people, I am also concerned about e.g. Chinese and Turkish dissidents who posted criticism of Xi Jinping and Recep Erdogan on EJMR. Many of them are worried they will now be arrested, or put to death, for what they wrote on EJMR, since Ederer, Goldsmith-Pinkham, and Jensen's methodology can easily be reverse-engineered (especially because Yale produced 3 YouTube videos explaining how to do it!) by these authoritarian regimes to identify and persecute dissidents. Again: If harm comes to someone else and it turns out that it could have been prevented by the IRB, Yale is open to further legal liability. I look forward to your response. The most important question is: Why did you not respond to Matt Wimble when he asked you for human subjects paperwork? Thanks, Christopher Brunet Contributing Editor, The American Conservative https://www.theamericanconservative.com/author/christopher-brunet/ Substack: www.karlstack.com |
Sunday, September 24, 2023
criminals on the Yale faculty: email to Yale irb, legal counsel, provost, president and deans
----- Forwarded Message -----
From: Christopher Brunet from Karlstack <karlstack+karlstack-academia@substack.com>
To: "add1dda@aol.com" <add1dda@aol.com>
Sent: Sunday, September 24, 2023 at 03:56:58 PM EDT
Subject: My email to Yale IRB, legal counsel, provost, president, and deans
College wars--not my bailiwick.Though I'm sure Yale will respond promptly to any questions(lol)from the American Conservative
ReplyDelete--GRA
-
Here's the paper:
ReplyDeletehttps://www.insidehighered.com/sites/default/files/2023-07/ejmr_paper_nber(1).pdf
Here's an article about the "hack".
https://www.insidehighered.com/news/faculty-issues/diversity-equity/2023/07/20/study-says-it-found-ip-addresses-anonymous-ejmr
So what motivated the hack? This is apparently the issue that caused these esteemed academics to jump into action and hack the message board:
[While EJMR is an academic jobs forum, it “also includes much content that is abusive, defamatory, racist, misogynistic or otherwise ‘toxic,’” the paper says.]
One of those behind, or at least approving, of the hack:
https://nitter.net/paulgp
With a name like Goldsmith-Pinkham, he's gotta be a Jew. He has pronouns in his Twitter profile: "He/him/his".
His wife is also an academic and she has pronouns in her Twitter profile too: "she/her"
https://nitter.net/sgil1122
Here's a tweet from the nice prof Goldsmith-Pinkham:
https://nitter.net/paulgp/status/1681348157567909899
[Looking forward to Florian’s presentation this Thursday about an important topic: toxic speech in economics.
There has been a lot of speculation about how we geolocated millions of EJMR posts.]
So to this pronoun faggot, "toxic speech" is the problem, and I think there can be no question that this was an attempt to promote censorship. Or even cause some people to lose their jobs.
Note this reply tweet from another academic:
https://nitter.net/EdFuller_PSU/status/1681467249503137792
[Please connect names to toxic messages and publicize. It is the right thing to do.]
Why is it the "right thing to do"?
These people have to be reigned in somehow.
"College wars"
ReplyDeleteIt's not a "college war", whatever that is.
It's about an attempt by academics to promote censorship, or even get people fired, by hacking a forum, maybe using computing resources of their university, in order to determine the IP addresses of anonymous people they thought to be posting "hate speech"or "toxic speech". An IP address can usually eventually be tied to a specific person, a name.
"I’m Matt Wimble. I discussed suicide on EJMR. ... You people [on EJMR], in your weird way, helped me to recover from a tenure denial and subsequent suicide attempt."
ReplyDeleteYeah, but what's helping a suicidal guy compared to "hate speech"?
Did Wimble attempt suicide (assuming he did, who knows) b/c he was denied tenure? Denial of tenure is basically a shove out the door, a hint that you ought to look for another job. Without tenure you can be fired, for example to make room for someone else seen as academically more promising, or maybe not white?
Wimble is white:
https://www.researchgate.net/profile/Matt-Wimble
Tenure can be denied for a number of reasons, the most usual reason in the past was lack of adequate scholarship = publications, or the prospect of that. Maybe also poor teaching evaluations. But scholarship is more important. A classroom teacher who gets poor evaluations but produces acclaimed and cited research publications will still be given tenure. No doubt about that.
But today being white is also probably a reason tenure is denied. While a department may grow via hiring, they don't grow that fast. So granting a professor tenure is zero sum in that if a white guy is granted tenure, there is one less spot for a "professor of color". Tenured professors cannot be fired. Or only with great difficulty, and after some kind of bad misconduct.
This probably happens quietly all around the country, white academics denied tenure b/c they need more "professors of color".