The staring match between The Man and bitcoin: nobody’s blinked yet

Surveillance
16 August 2013

Welcome to the CoinDesk Weekly Review 16th August 2013 — a regular look at the hottest, most controversial and thought-provoking events in the world of digital currency through the eyes of skepticism and wonder. Your host … John Law

Keeping your secrets in plain sight

If you only feel good about one thing this week, it should be this. By being interested in bitcoin, you’re at the epicentre of one of the biggest experiments in personal technology, law, money and human rights this century.

Overblown? Hardly. As part of the fall-out from revelations about the extent of state surveillance of citizens, two US-based secure email services Lavabit and Silent Circle, closed down last week.

The owners are legally forbidden from saying why, but it’s known that certain government agencies can demand user data from service providers while forbidding any disclosure that such demands have been made. If you’ve promised your users privacy, where does that leave you?

It’s fair to think that if such powers over its citizens exist in the US, with its very strong constitutional rules about due process and freedom of speech, the rest of us can expect our security services to open our emails along with their morning papers.

Some good news: if you use strong encryption like PGP, the spooks have a much harder time of it. The bad news is that most intelligence gathering comes from traffic analysis – spotting who’s talking to whom and when – rather than what’s actually being said, and by no coincidence whatsoever that’s the sort of data with the least – read no – protection under law from state surveillance.

Enter bitcoin. Or, rather, the Bitcoin protocols. As you already know, Professor, bitcoin doesn’t use servers. It has no owner to subpoena or premises to be raided. It has no lists of users or passwords. Everything it does is entirely open, relying on mathematics to keep its secrets. What if someone built an email system like that?

They have, and it’s called Bitmessage. Still experimental and far from pretty, it uses bitcoin ideas for messages, both email-like and chat-like. Everybody on the system sees all the messages – but you can only decode the ones you have the right key for.

The spooks can see all the messages and if they install snooping software at your ISP, they can tell you see all the messages too. But they can’t tell which, if any, are for or from you, nor where they’re going, nor what’s in them. No servers, no archives, no central infrastructure.

This has a couple of implications. First, it renders the entire legal and practical framework of the spooks irrelevant. That all stops mattering. Second, if it works – and it should – the obvious question is ‘why can’t more Internet services work this way?’.

A big question with big answers, and you’re already part of it.

Lawyer up

Capitol Building

It has been said, and with good reason, that the easiest way to break the law is to buy a car. However, the next easiest way seems to be to start a bitcoin company in America.

With the New York state regulator calling in 22 companies for a nice chat and the US government rattling the cages of just about every federal agency involved in stopping naughtiness, the chances of a start-up in America being left alone long enough to get any work done seem to diminish by the day.

And the dragnet does seem particularly wide. Among the 22 companies getting the tap on the shoulder are Google, who one might expect to give a feisty reply, and Butterfly Labs, who make chips and had no reason to think they’d interest a financial regulator.

If the sole qualifying attribute for inclusion is ‘might make money from bitcoin’ then John Law himself is mildly nervous. After all, these columns have been topping up his own 2013 Beer Fund: time to drink the evidence.

One company that has so far been exempt is Bloomberg, which confirmed this week that it was testing a bitcoin ticker on its internal systems. While this is another sign that the currency is establishing itself, the challenge of working out the exchange rate may be harder than it looks.

Bitcoin lends itself far more than any other currency or commodity to independent, highly flexible trades. John Law is reminded of the dual market that exists in every environment that has highly regulated official trading systems for stuff that’s easy to move about: even totalitarian states that keep an iron grip on their currencies are unable – and indeed unwilling – to shut down the black markets that more accurately reflect the true nature of things.

And while, despite the sabre-rattling from the feds, there’s no real sign that Soviet levels of regulation are going to be applied, the sheer ease of making your own arrangements for buying and selling cryptocurrencies over the Internet is going to make tracking the true state of affairs difficult indeed.

Coming up with a decent system for this may be a worthwhile project for some inventive geek – provided, of course, you fancy a trip into town to explain yourself to some highly paid government official.

The flip side of the coin

Casascius coin cracked

Bitcoin’s affinity for the digital world has a counterpoint – it’s not very happy being physical. This was demonstrated at the Defcon hackers conference, where the fundamental security of the Casascius metal-plus-hologram coin was broken. And not by some high-powered mathematical method neither: it took a syringe filled with a ‘non-polar solvent’ (read: nail varnish remover) that unstuck the hologram sticker and revealed the private key underneath.

That’s slightly less clever than the old trick of squirting graphite powder – normally used to lubricate locks – into the coin mechanisms of slot machines to get free plays.

As security expert Vladimir Marchenko told CoinDesk, attacks on physical secrets are always going to be a problem. It doesn’t matter how smart you are, the hackers will get through.

Chip makers know this; they’ve spent decades trying to hide keys and authentication secrets on slivers of silicon with all sorts of anti-tamper cleverness. To no avail: clever people equipped to take the tops off the chip packages, listen to the minute radio signals coming off the circuits, or analyse tiny clues in how the chips react to attacks, have a very good track record in breaking in.

Which is where we came in, this week – it’s the maths that keeps you safe, not the hiding. It’s a bit of a shame, as John Law suspects this might prevent BTC-style currency from ever completely replacing good old-fashioned metal coins and paper notes.

This by itself puts back his own secret project, which he hoped would kick in if the Scots voted for independence next year and the English, in a fit of pique, decided not to let them carry on using the pound sterling.

In that case, John Law wanted to be ready with Britcoin, a new cybercurrency more suited to the modern world. It would be mined by intensively playing video games or watching reality TV on your mobile, automatically peel off a small amount of its value on every transaction to make it impossible to avoid taxation, and let its owners pay on-the-spot fines just by being waved in front of CCTV cameras.

Needs more work. Its time will come.

John Law is an 18th century Scottish entrepreneur, financial engineer and gambler. Having reformed the French economy, invented paper currency, state banks, the Mississippi Bubble and other ideas essential to modern economics, he took three hundred years off in a small cottage outside Bude. He has returned to write for CoinDesk on the foibles of digital currency.