Welcome to the CoinDesk Weekly Review 6th September 2013 – a regular look at the hottest, most controversial and thought-provoking events in the world of digital currency through the eyes of skepticism and wonder. Your host … John Law.
There is a an old electrician saying about fuses. When one blows, a klutz replaces it, but an expert finds out why it blew in the first place.
So it is with computer security. It is relatively easy, once you’ve found a flaw, to fix it. It’s often much harder to find out why that flaw was there in the first place, but until you do that there’s no way to know the likelihood of further problems.
Although it’s never possible to be perfectly secure, it is possible – indeed, essential – to know what the risks are when you make a decision to do things in a certain way, or to adopt a particular technology.
That’s why the latest bitcoin vulnerabilities to be fixed are particularly troubling. They’re not by themselves devastatingly dangerous problems; one could let an attacker crash a client, another could jam a client with bad messages. It’s a bit more worrying that one of the bugs was introduced as part of a previous bug fix, indicating that the testing process prior to issuing a patch may be faulty.
But both of these bugs are more implementation flaws than protocol problems: there’s no fundamental design error behind them, just that the always-fallible process of turning specifications into computer code had a couple of oversights in it.
What is most troubling is that there’s apparently no online discussion by the people who fixed them about the process of the fixes, nor of the testing done and results found prior to release.
Bitcoin is open source, meaning that development is public, and this is one of its most profound security features. It’s easy, when you’re human, to want to minimise the significance of mistakes you make, and particularly easy in environments where company or other security means you’re not allowed to discuss details widely.
Open source doesn’t fix this particular bug in the human ego, but it does mean that others are free to find, analyse and help fix things – or raise the alarm if things are much worse than they first appear.
But that doesn’t work if parts of the development process are opaque. Nobody can tell what the shortcomings were in the testing process, nor whether they’ll carry on introducing problems.
Does this matter? You could try asking Edward Snowden. It’s come out recently that the American spooks in the NSA have previously hijacked the process of developing industry standard encryption protocols and silently introduced deliberate flaws – an old spy trick, to be sure, but far more worrying now we’re all dependent utterly on standard encryption for online security for our online lives.
Open source isn’t proof against this, but it does make it substantially harder to finesse or hide – only, though, if the thinking and processes are as open as the code.
As the NSA will learn, openness leads to better security. The powers behind bitcoin will forget that at their peril.
Some of the most powerful changes in IT have come about when just the right hardware meets just the right software at just the right time.
When the IBM PC met Microsoft’s DOS, the combination of good-enough hardware with a blue chip pedigree with barely-good-enough software driven by ruthlessly ambitious techies was dynamite. The market loved it, and the combination mutated into the Windows-Intel Wintel standard that dominated computing for two decades.
Or look at when Apple’s struggling Macintosh computer got some basic desk-top publishing software at the time that cheap-enough laser printers came along. That created a bedrock niche that sustained the Mac until mainstream acceptance caught up.
So it seems to be with cryptocurrencies and the Raspberry Pi. Once the first few projects linking the Pi and bitcoin were live and documented online, it became simpler for anyone with reasonable nous to link payment from a mobile BTC wallet to making physical things happen.
The latest example of this is Liberty Games’ pool table, where those bereft of a 50 pence piece can scan a QR code and rack ‘em up. John Law can no more hit a cue ball straight than he can write Sanskrit love poetry, but in both cases applauds those who can, and it’s a darn sight more useful getting BTC into the pool hall.
Raspberry Pi is the ideal companion for this sort of experiment. It’s very cheap and powerful, very easy to use, has enormous amounts of online support, and runs free, secure and well-understood operating systems like Linux that take care of all of the fiddly bits. Even if it’s not the absolute cheapest option, it lets you build prototypes and small production runs of your invention with minimal investment.
The evolution of a standard ‘add BTC to anything’ hardware option is tremendously important, because it hugely simplifies the invention of things that are superior to all competition.
Other options for adding electronic payment to a system come with much more overheads: merchant accounts, 24/7 access to clearing systems, rules and fees and approvals aplenty. And you have to get that right for any market you’re in.
The cost and complexity of using cash is also significant: having secure local storage in your device for the coins, having to empy the coin boxes and transport what can be large amounts of metal to the bank, being up-to-date with the many ingenious fake coin frauds.
But with BTC and Raspberry Pi – as long as you can run power to your device and there’s some sort of wireless network present, you’ve got a payment system. It costs approximately nothing to run in time, effort or cash, and can be installed somewhere in the time it takes to plug the thing in.
If – it’s tempting to say when – the idea catches on, there’s no reason the electronics required can’t be cost-reduced to a fiver or so: the total extra investment needed to let a gizmo securely collect money for you more profitably than any alternative.
And that is all you need for a revolution.
Bitcoin has nobody in charge and no central structure, which makes it very difficult to influence or shut down. Bitcoin exchanges have people in charge and live in one place: old school thinking vulnerable to old school swooping by old school feds. And indeed, that’s where most of the regulatory and legal action has focused.
So can you have a distributed, automated exchange? Exchanges do three jobs: they match buyers and sellers based on what prices can be agreed, they publish prices, and they add security to the deals in various ways, not least by verifying traders and in some cases payments.
Most of that can be and is automated. It’s not hard to set up a database that traders can register on, setting their buy and sell prices, and match up buyers and sellers on demand. Such things can be securely distributed among anonymous nodes – and at that point, you have a functioning exchange.
Not a well functioning one, as the individual users have to do the deals themselves, raising the question of fraud. If I send you a hundred quid for a bitcoin you don’t send me, or don’t send you a hundred quid for one that you did, there’s nothing to be done about it.
A new distributed exchange from secure wallet services company StrongCoin claims to fix that particular problem by adding an escrow element. When you register with it, you must also pay in bitcoin – and any deals passed by the system can only be up to the value of that deposit.
An automated exchange can do that: even robots can own bitcoin wallets. You have to register your bank details too, and the exchange says it will “vet market makers and only allow non-reversible payments”, which gets around the problem that an exchange with its own real money account is immediately vulnerable to the authorities. Instead, users transfer the fiat money directly between their own personal accounts.
John Law must admit that he’s not entirely clear how that last bit will work without humans in the middle somewhere, and indeed the exchange’s main shield against regulatory interference isn’t that there are no humans there to be locked up, but that they’re not really running an exchange according to the letter of the law – the individuals buying and selling do the deals directly between themselves.
Well, perhaps. This is another example of an as-yet unsolved internet problem of where humans can abdicate responsibility to their machines. If a newspaper prints something libelous, it’s responsible because it has an editor who controls what goes onto its pages.
But if a distributor or retailer handles a newspaper with illegal content, they’re not responsible: the law says that it’s not reasonable to expect them to vet content. So where do web sites sit that publish user-generated content without an editorial process? Are they publishers, or distributors? So far, the consensus is that Facebook, for example, isn’t responsible for the things its users post – until it is.
So, good luck to the StrongCoin plan; it’s a step along the road to making bitcoin more appealing to more people. And really, the best of luck in persuading the regulators that the rules do not apply, and no making up any sneaky new rules along the way.
But the real win will be in getting rid of anyone in the process aside from the individual buyers and sellers. Ordinary people are the most difficult blighters to regulate, especially when they decide en masse that they don’t want to be. Democracy’s really unfair on politicians that way.
John Law is an 18th century Scottish entrepreneur, financial engineer and gambler. Having reformed the French economy, invented paper currency, state banks, the Mississippi Bubble and other ideas essential to modern economics, he took three hundred years off in a small cottage outside Bude. He has returned to write for CoinDesk on the foibles of digital currency.