The first Bitcoin was mined early in 2009, practically yesterday! A myriad of other cryptocurrencies have followed in its wake, and the underlying Blockchain technology has been applied to many non-currency domains. It can seem as though Bitcoin came out of nowhere, particularly given the anonymity of its creator.
Looking back, it now seems obvious that the world-wide culture and infrastructure for video gaming had a great deal to do with the rapid acceptance and spread of the digital currency:
In the gaming world, there's always someone in charge. Bitcoin is a digital currency that operates without any one person or group in charge. How it accomplishes this through the use of miners that are incented to maintain the integrity of the system is a real innovation. Here is what is novel and technically new about Bitcoin:
I think most people would be surprised to realize that Bitcoin didn't invent the idea of a digital currency. Currencies in the video gaming world are digital, but perhaps more surprising to many is the fact that the vast majority of US dollars are completely digital, no less so than Bitcoin! This is explained in my most popular post on Forbes explaining how the US dollar is already digital and how a central bank digital currency would add nothing:
The common impression is that blockchain is a wonderful new technology that can solve all sorts of problems involving distributed data. Sadly this is not the case. Blockchain is an excellent solution for the purpose for which it was invented, and not much else:
Here's an example of a real-world problem of exactly the kind blockchain is supposed to solve -- that is already solved well with existing technologies.:
Here’s how the WSJ says that blockchain will solve the problem of stock transfers and why it can’t, mostly because blockchain has nothing to do with the hard part of the problem:
Blockchains are increasingly run on cloud computing services, a “private blockchain.” If you understand why Bitcoin was novel by running with no one in charge, you can see why having someone in charge makes no sense for blockchain, and why conventional DBMS systems are vastly superior:
A well-publicized event at the time was the missing emails of an official at the IRS. Everyone thinks they know how email works. Email is indeed simple compared to crypto. But nearly everyone, including all relevant officials, clearly were clueless about how email actually works! So how is it going to work out for something that is much more technically deep like crypto/blockchain?
There has been a live roll-out in a group of countries of government versions of crypto-currency (CBDC, Central Bank Digital Currency). It hasn't worked out too well, and the people who tried to use it were hurt.
There have been quite a number of crypto crashes, including some in which large numbers of people lost lots of money. Perhaps the most famous of these was the demise of crypto exchange FTX, with criminal charges being brought against its founder, SBF. Here is an explanation of how the "wallet" provided to FTX customers that held all their funds was constructed, and how that meant that crypto that customers thought they owned was actually owned by FTX. This deception had a major role in FTX's crash.
The wonderful "distributed immutable ledger" couldn't protect people from the fact that they didn't understand that the crypto held in their FTX "wallets" wasn't theirs, in any sense of the word!
For more detail on cryptocurrency, see the book authored by Oonagh McDonald on the subject. I was her technical advisor:
Has your computer system been hit with a ransomware attack? It means your computer systems and security management is incompetent. Did you pay the ransom or did it take over half a day to completely recover from the attack and become fully functional? It means your computer systems administration is incompetent.
An easy way to understand this is to think about what would happen if your laptop computer got locked up by ransomware. While not something most consumers know, it’s possible to do a special reboot of such a computer that restores it to factory settings. Once you’ve got a clean computer, you restore everything (programs and data) from the most recent backup you’ve taken and you’re back in business. You don't have a backup? Shame on you. With a service like Dropbox, older versions of your files are stored and kept, so you should be able to restore from there as well.
If you’ve got a major business with many services and databases, it is of course more complex – but the principles are the same. First, do a better job of protecting against the ransomware attack in the first place – and detecting it early if it gets in. Second, execute your disaster recovery plan, wipe your computers and restore them from backups. Even better, if you’re running a well-administered active-active system, the downtime should be no more than minutes.
Ransomware
Ransomware is a rogue program that gains access to all your programs and data, maybe sends all the data offsite, encrypts all the data so that nothing works. A ransom note is sent demanding so many Bitcoin to be sent; if the ransom is paid, supposedly the data will remain secret and get unencrypted to be available for normal use. Otherwise, your systems will remain unavailable.
Most of the organizations that are hit with ransomware have computer administrators that are run by experienced professionals. Most of them follow the standards of their field, and most are regularly audited to assure that they conform to the applicable security regulations. But ransomware keeps happening!
How we can understand this? The answer is pretty simple: the attackers are using the latest methods of attack, while the defenders and regulators continue to spend lots of money and time following long-since obsolete procedures.
Ransomware actions and defense
The rogue program may enter your computers because of inadequate security or through a phishing (email) attack. Sadly, the vast majority of computer systems lack internal systems security systems; i.e., they try to guard the walls and doors of the computer castle, but have nothing monitoring the behavior of people and programs that are inside.
Because of this massive gap in security regulation and practice, the rogue program often does its evil thing for days before the data lockup is detected, and by then it’s too late.
Once the problem is detected or announced, competent disaster recovery techniques, which are supposed to be standard practice, should enable rapid restoration of service complete with all data, normally within hours when properly done. For the last couple of decades, a more modern form of always-on computing has been practiced by many companies, in which there are multiple copies of all the required hardware, software and data operating at multiple locations, each of them servicing some of the load and all of them containing all of the data. Ransomware is helpless against this widely proven method of computing. The incredible “success” rate of ransomware is testimony to how few institutions use this proven method.
Ransomware is terrible, one of the major consequences of the much-lauded cryptocurrency technology. Its numerous victims every day demonstrates how bad standard computer security and regulations are.The fact that an institution can be locked for days and all too often pays the ransom demonstrates how bad standard computer systems administration and disaster recovery systems are. The usual methods to make things better don't work.
There are many examples of companies large and small that are well-protected and that recover quickly should an attack succeed. The answers are out there. But because software is invisible, the vast majority of management can't see it.
While new dollars are printed under the control of the US federal government, bitcoin is made through “mining,” which isn’t under the control of any government or company. How is that possible? Let’s break down what that means.
Bitcoins are sent from one person to another in transactions. People run specialized computers called miners that verify bitcoin transactions and create new blocks of transactions to add to the older blocks stored by each miner. Every miner validates every new proposed transaction. Once there are enough transactions to fill a block, all the miners work on the new block to make sure it and all its transactions are valid. Once they’ve agreed that a new block is good, it’s added to the older ones in what’s called the Bitcoin blockchain. This process is called “mining” bitcoin. A transaction is not complete and confirmed until a majority of the bitcoin mining machines, all over the world, have verified it.
In bitcoin’s case, this mining process is called “proof of work,” referring to the the huge number of guesses that need to be made to find a “hash code” that meets bitcoin’s exacting criteria. This requires lots of electricity and specialized hardware.
Bitcoin Mining is a Decentralized Ecosystem
There are hundreds of crypto mining companies around the world operating these verification machines. There is no central power that approves bitcoin miners or their operators.
Miners are volunteers. No one selects them – they just step up, get their hardware and software together, and start mining. All on their own – without permission and without even an invitation! They do it because mining bitcoin makes money, in the form of newly-issued Bitcoin. The formula and the rules are built into the open source Bitcoin Core software that everyone uses. The more you mine, the more you can make.
If, as a miner, you’re ever tempted to think about fiddling with the software, cheating and just taking a bunch of money (bitcoin), you immediately think of the huge investment you’ve already made in mining equipment, which isn’t good for much of anything except mining. Trying to thwart the integrity of the bitcoin mining system would harm your future earning potential and devalue all that equipment.
If people started thinking that miners were self-dealing corruptocrats, the value of bitcoin would immediately plummet. Then the miner’s investment, both the machines and the digital assets accumulated, would be worthless. So, as a miner, you continue being a trustworthy transaction verifier– and, by the way, watching the other miners closely to make sure none of THEM cheat. If the other miners cheated it did it would hurt you, too. Badly. That’s how the incentives in the bitcoin mining ecosystem make transparency and integrity mutually beneficial.
Open source money is only as valuable as the trust users have in network participants. In short, while there are trade associations and groups for professional crypto mining operations, miners are independent groups who put up their own money and time to make bitcoin.
Proof-Of-Work
What the miners actually do is solve computationally intensive problems – all using standard software on juiced-up hardware – with two important functions:
First, the computing assures each new transaction that someone tries to put in the ledger follows the rules. Simple rules that are essential to virtual currency working. Things like you can only spend money you have. You can only spend it once. Stuff like that, things you don’t even think about when your money is physical and sits in a wallet — but when it’s digital, it has to be enforced with software.
Second, the computing puts a lock on the new transaction, a special fancy lock that links to all the earlier locks on all the prior transactions. For ease of computing, the transactions are grouped into blocks, and it’s actually the blocks that are locked up tight and chained together with hard-to-break software locks. Thus the name “blockchain.”
The rules built into the Bitcoin Core software used by all the miners are the key to everything. Since all the miners run the same software, everyone follows the same rules. These rules enforce the fact that, at any given moment, there is a known supply of bitcoin, with the ledger tracking who owns how much. The number of bitcoin is fixed – until a miner earns some as a result of the mining work. In that case, brand-new bitcoin is created – according to an established formula – and deposited in the miner’s own account in the ledger.
Finally,the bitcoin miners see each and every transaction. Each transaction is vetted to assure that the rules are followed. The owner is identified only by a VERY long string of letters, a public key. This is the capstone of the Bitcoin network’s solution to the problem of government-issued currency. No snooping!
Bitcoin’s Supply Cap
There is a publicly known amount of bitcoin in the world, which slowly grows as it is created to pay the miners who earn it by running the system. The Bitcoin protocol states that there will never be more than 21 million bitcoin. Once miners produce that many, unless there’s a consensus change to Bitcoin Core software, no more can be created. The limit won’t be hit until roughly a century from now.
It gets harder for bitcoin miners to earn bitcoin rewards as the supply increases. This is called the difficulty adjustment, which means that the more bitcoin exists in the world the harder it is for miners to earn bitcoin rewards. This makes the mining industry more competitive as the value of bitcoin rises.
Despite the expensive hardware, large numbers of volunteer miners keep transactions flowing, safe and secure, without the network depending on any of them as a single point of failure. Competition keeps bitcoin mining diversified. Bitcoin miners generally create a new Bitcoin block every ten minutes. Because of thousands of volunteer miners crunching away, around the world, there is no single entity in charge of verifying bitcoin transactions. No one’s in charge. Just a variety of different miners, all incentivized to be honest. No governments, no bureaucracies, no politics, no one snooping on you. Problem solved!
That’s why the Bitcoin blockchain is innovative and deserves the attention and the credit it’s gotten.
As the world now knows, FTX was a corrupt mess. The misuse of customer funds by SBF and his cronies has been widely reported. What isn’t reported is the way that what are called customer “wallets” inside FTX and possibly other crypto exchanges typically work and how it facilitated the crime. Using the metaphor “wallet” to describe how customer funds are held gives a feeling of security that is completely unjustified by the technical implementation of customer accounts inside FTX. This technology practice enabled the mis-use of customer funds and made it effectively invisible to the outside world.
Was FTX an Exchange?
FTX described itself as an “Exchange,” specifically a “cryptocurrency exchange.” However, it was sadly lacking as an “exchange” as the term is used outside the world of cryptocurrency. Real exchanges like NYSE and NASDAQ do NOT support direct customer accounts – go to them and see if you can sign up – you can’t! Each stock you can buy and sell is listed on one exchange, and all the traders who interact with the stock must be members of that exchange. Among other things, this guarantees an open and transparent market; by listing shares for sale on an exchange, ALL the people who may want to buy or sell your shares go to that exchange. This guarantees the best price to both buyer and seller.
SBF, the FTX founder, knew all about how crypto exchanges break all the ethical rules of real-world exchanges. One of his early efforts was leveraging the price differences of crypto assets listed on multiple exchanges. He would buy a given crypto coin on one exchange, for example, and sell it for 30% more on a different exchange! Worked well for him! For the ignorant but trusting people buying and selling on those exchanges, not so much…
Who owns your cryptocurrency?
At the core of cryptocurrency is a unique data and transaction structure that has fueled its rapid rise in utilization and value. I’ll describe how BitcoinBTC works, since it’s the first and by far the largest cryptocurrency.
As we all know, banks don’t publish lists of their customers, and keep private the account values and transactions of those customers. What’s amazing about Bitcoin is that every single Bitcoin owner is publicly known by its “public key,” a string of numbers unique to the owner. Nothing else about the owner is public knowledge in the Bitcoin world. It’s as though everyone were invisible but owned a house with a normal address. You can visit the house, see it’s there, but only the owner has the key, called a “private key,” to go into the house. The house is built in such a way that it can’t be broken into – only the key affords entry.
Another fascinating thing about Bitcoin is that you can see automated vehicles leaving the house with gold bars completely visible in the open trunk. There can be multiple groups of bars, each wrapped with a cord that gives the address of where it’s going. Each vehicle, instead of a license, has the address of the sender emblazoned on it. The vehicle may be used often or not appear for months. When it finishes making its one or multiple deliveries, it returns to its house.
Each house has a special place to receive deliveries from vehicles. When a vehicle shows up, it backs up the driveway to the garage and a special little door opens. The package of gold bars addressed to that house goes into the little door, which then closes and the vehicle drives off.
There is lots of room to build houses in Bitcoin world, but the roads don’t have much capacity and the speed limit is low. In addition, there is a network of vehicle schedulers, kind of like air traffic control towers at airports, who are in constant communication with each other. Just like when an airplane wants to take off it has to get permission from its control tower, a vehicle can’t be assigned to a house that wants to make a gold shipment without permission from traffic control. Traffic control takes account of congestion and makes sure there isn’t too much crowding on the roads.
The same way airlines pay fees that pay for the controllers, Bitcoin owners pay fees to the vehicle controllers that manage all the deliveries. The fees are the same whether there is just one or multiple packages in the delivery, and you can pay more money to get preferential treatment. In Bitcoin world the controllers who manage the deliveries and collect the fees are called “miners.” In addition to their central work, the miners collaborate and assure accuracy of a public record of all the vehicle deliveries that have been made. The record includes the address of the sender and the amounts of gold (Bitcoin) dropped off at each address. This record is usually called a blockchain. Literally anyone in the world can see it, but no one can change it. For this reason, it’s called an “immutable ledger” of all the transactions. Because all the transactions are public, it’s not hard to run through all the transactions of what’s been sent and received to figure out the exact total of Bitcoin that resides at each address. In fact, the miners do this all the time, to make sure that no one is being tricked by trying to send more Bitcoin than they actually own!
All this should make it clear that each owner of a house address (public key) in Bitcoin world is the owner of all the Bitcoin that has been sent to that house – and that only the owner who possesses the private key for that house can access the Bitcoin in it to send it out.
Technically, a Bitcoin owner can download and run software on their PC that manages their “house.” No one else need be involved. Even if the PC is lost or damaged, the owner can download the software on a new computer and, with the private key that’s been written on paper, access everything without loss – because the public blockchain holds the record of what you own!
The FTX exchange “wallet”
When customers signed up with FTX, they were assigned a “wallet,” owned by them but managed by FTX. Much easier than downloading and running software on your computer! The wallet was your account and securely held all your crypto assets, including Bitcoin. Supposedly. It seemed to be true: you could login to your FTX account and see your current assets and transactions. They’re yours! Safe and secure in your “wallet.”
Now let’s turn to the way Bitcoin (and the others) actually work. As we know, in order to truly own Bitcoin, you must have an address (public key) used for receiving Bitcoin. In order to send Bitcoin, you MUST have the private key that matches the public key address – otherwise, the controllers (miners) will refuse to process your request. But people with wallets/accounts at FTX didn’t have such private keys! All they had was a way to access their accounts. So where was the Bitcoin that the FTX software told you was in your wallet? The answer is simple and terrifying: FTX held all its Bitcoin in the FTX address (public key) with the private key that enabled its use under its exclusive and secret control!
Where did the amount that you supposedly owned and held at FTX come from? Simple: FTX kept two set of books: one for itself and one for its customers. When FTX showed you the amount of Bitcoin you “owned” in your “wallet,” it was just showing you the number from a second set of books it maintained internally for its customers.
In Bitcoin world, it’s as though there were a giant house that held huge amounts of Bitcoin. As FTX grew, many more of its customers would buy Bitcoin than would sell it. So FTX would go outside its walls, make big Bitcoin purchases for its corporate account; it would then update its customer-facing books to make it seem as though they really owned the Bitcoin. As the Bitcoin in FTX’s own account grew, it became increasingly able to satisfy customer trades just by making changes to its customer-facing books without anyone in the broader world of Bitcoin being involved. Unless someone got suspicious and carefully examined the blockchain for the transactions, no one would know that no such transactions in the real world of Bitcoin ever took place! In FTX world, FTX actually owned ALL OF its customers’ Bitcoin. It could do whatever it wanted with them with no one being the wiser!
Keeping Bitcoin transactions off the completely public Bitcoin blockchain was a nice additional source of revenue for FTX. No one knew that most trades did NOT get the best price, because FTX was highly incented to only do buys and sells among its customers. And FTX didn’t have to bother with miners, paying fees, waiting when there’s congestion or any of those pesky and expensive things.
None of this was truly secret! There have been multiple crashes of exchanges that have taken place, with huge losses. The losses were always when the customers didn’t actually own what they thought they owned – the exchange owned it. Without a personal miner and private key that only you know, the Bitcoin isn’t yours!
Conclusion
The FTX “wallet” was a mirage, a sales tool to make customers feel comfortable that they actually owned what FTX told them they owned. Even though there is a public record of all Bitcoin ownership and transactions on the public blockchain, FTX customers went with the flow, lulled by all the publicity and famous people. The two sets of books were there from the start, and the absence of transactions on the public blockchain was visible for anyone who cared to see. For all the supposed computer literacy and general savvy in the crypto world, this scam wasn’t secret like Bernie Madoff’s was, who kept the real books a big secret. What’s amazing with FTX is that the scam was operating in the full light of day – but in a large bunch of computer data that is completely accessible to the public but ignored by “savvy” investors and public regulators alike. What’s needed to prevent this kind of thing from happening is not new laws; it’s savvy, paranoid, nerdy public snoops who care about details and know what they’re doing. Not to mention more people heeding the advice: “not your keys, not your coins.”
Cryptocurrency (Bitcoin, Ethereum and the rest) is fueling a new kind of crime wave. Computers and networking are the lawless continent on which criminals go wherever they want, going into factories, stores and homes, stealing data in massive amounts to sell and use to enable more crime. That crime continues to grow. Bitcoin, the software built on computers and networks, has added the element of anonymous payments to and between criminals. Criminals world-wide have been inspired by this near-instant, secret way to pay and accept money to ratchet up existing crimes and invent new ones.
Why do big, important people continue to deny a problems exists? As discussed in a recent WSJ article, this crime-enabling menace needs to be confronted head-on.
Burglary
Burglary is when a criminal steals something without a confrontation with the owner, for example breaking into your house when you’re away and taking your valuables. A great deal of cyber-crime has been burglary, things like hacking your computer system and stealing data. But then how do you sell the data? More important, how will you collect your money from the criminals who buy it?
Enter Bitcoin. The buyer can be anywhere in the world. They can be of any nationality, used to using any currency. Once an agreement has been made, payment is simple, fast and untraceable. The buyer and seller don’t need any direct contact. Any currency can be converted to Bitcoin to send, and converted to any currency on receipt. Or left in Bitcoin to use in other criminal enterprises. Bitcoin hasn’t transformed the huge field of criminal data, but it sure has greased the wheels.
Robbery/Ransomware
Robbery is worse than burglary. It’s when a criminal confronts you on the street, points a gun at you and says something like “your wallet and jewels or your life.” Most people do what the robber says and hope to live another day. The new wave of cybercrime is robbery a.k.a ransomware: not just sneaking into your computer but encrypting everything and “tying your computer up” until you pay the ransom.
Ransom attacks on computers have always existed, but they were fairly rare, because there was no way the robber could collect the victim’s money without revealing himself. Then Bitcoin came along. Bitcoin enables anyone to buy it from an exchange like Coinbase and then send it to the criminal’s anonymous Bitcoin address. The criminal, who could be anywhere, then has your money and may, if he feels like it, release your computers from their electronic shackles.
“eCrime – a broad category of malicious activity that includes all types of cybercrime attacks, including malware, banking trojans, ransomware, mineware (cryptojacking) and crimeware – seized the monetization opportunity that Bitcoin created. This resulted in a substantial proliferation of ransomware beginning in 2012...
Bitcoin exchanges provided adversaries the means of receiving instant payments while maintaining anonymity, all transacted outside the strictures of traditional financial institutions.”
Then came a new generation of locking technology, 2048 bit private key. This led to a shift away from spraying malware to millions of little computers to infecting, locking and ransoming big institutions, Big Game Hunting.
The criminals evolve quickly. They are generations ahead of the largely inept bureaucrats with huge budgets following security regulations that are typically obsolete by the time they are issued.
Illegal national and international weapons trafficking has always existed. So has human trafficking. Likewise importing and selling addictive drugs like heroin. These are all human horrors.
For some strange reason, the people who import and sell innocent young girls want to be paid in cash. Lots of it. Same thing with fentanyl. It’s inconvenient and dangerous, carrying around huge stacks of hundred dollar bills! Bitcoin changes the game. Bitcoin is like Venmo for the criminal class only better. No records. No annoying banking regulations and reports sent by banks to snoopy government agencies. Computer-to-computer transfer. Yes there’s a record that a transfer of Bitcoin took place – but ZERO record of from whom or to whom.
On the other hand...
Cryptocurrency utilization is exploding, most of it unrelated to criminal activity. It is certainly true that crypto-related crime has grown; one respected vendor reports it nearly doubled from 2020 to 2021, reaching an all-time high of $14 billion. That same vendor reports even more dramatic growth of overall cryptocurrency transactions, which was more than five times in the same period. As the vendor says: “Transactions involving illicit addresses represented just 0.15% of cryptocurrency transaction volume in 2021 despite the raw value of illicit transaction volume reaching its highest level ever. As always, we have to caveat this figure and say that it is likely to rise as Chainalysis identifies more addresses associated with illicit activity and incorporates their transaction activity into our historical volumes. For instance, we found in our last Crypto Crime Report that 0.34% of 2020’s cryptocurrency transaction volume was associated with illicit activity — we’ve now raised that figure to 0.62%.”
Supporters or crypto are also quick to point out that fiat currency is also used by criminals, so no one should be surprised that crypto is used by them.
Conclusion
Cryptocurrencies are widely discussed. "Bitcoin Billionaires" are in the news; hosts of ordinary people hope to be like them. The crypto industry sponsors reports and generally promotes the idea that the criminal use of crypto is minimal and going down. Which it is, as a share of all crypto transactions. As we know from the growth of ransomware attacks, the use of crypto by criminals is in fact increasing.
It should be illegal for any regulated exchange to enable sending to or receiving from any address that fails to have full KYC and other identity disclosure with it. There are lots of exchanges that operate internationally for the criminals to continue using, as they will.
Cryptocurrencies are an amazing technical achievement. Computers and networking already provide rich ground for criminal activity; Bitcoin added a safe-for-criminals international payment method that has fueled computer-based crime.
Bitcoin and other cryptocurrencies are in the news. NFT’s (non-fungible tokens) have exploded onto the scene, with people spending large amounts of money to acquire unique rights to digital images. The explosion of invention and innovation is amazing, isn’t it?
Except that it's all just minor variations of things that were created decades ago, grew into huge markets with the participation of a good part of the world's population, and continue to grow today. Invention? Creativity? How about minor variations of proven ideas, giving them a new name and slightly different context, and getting super-rich?
From Drawing to Cartoons to Video Games
Drawing, sculpting and otherwise creating artificial images of the reality we experience has a long history.
Drawings that suggest reality but are purposely different from real things are called cartoons, and go back hundreds of years, becoming more widespread in the 1800’s in print media.
Then there was a breakthrough: animation. Leveraging early movie technology, artists worked enormously hard to create a fast-changing sequence of images to create the illusion of motion. Along with sound, you could now go to a theater and watch and hear a whole cartoon movie, filled with characters and actions that could never happen in real life. Characters like Mickey Mouse and Bugs Bunny became part of modern culture.
The next big step took place after computers were invented and got video screens. Of course the computers transformed the process of creating animation. But animation was always like watching a movie: the human could only watch and listen. With computers, the possibility first arose for actions of the person to directly and immediately change what happened on the screen. The video game was born.
The video game has gone through an extensive evolution from the primitive, simple Space War to immersive MMORPG's (massively multiplayer online role-playing games), enabling players to interact with each other in evolving shared animated worlds, often with fighting but also including other activities.
Similar to other MMORPGs, the game allows players to create a characteravatar and explore an open game world in third- or first-person view, exploring the landscape, fighting various monsters, completing quests, and interacting with non-player characters (NPCs) or other players. The game encourages players to work together to complete quests, enter dungeons and engage in player versus player (PvP) combat, however the game can also be played solo without interacting with others. The game primarily focuses on character progression, in which players earn experience points to level up their character to make them more powerful and buy and sell items using in-game currency to acquire better equipment, among other game systems.
World of Warcraft was a major critical and commercial success upon its original release in 2004 and quickly became the most popular MMORPG of all time, reaching a peak of 12 million subscribers in 2010.[4] The game had over one hundred million registered accounts by 2014[5] and by 2017, had grossed over $9.23 billion in revenue, making it one of the highest-grossing video game franchises of all time. The game has been cited by gaming journalists as the greatest MMORPG of all time and one of the greatest video games of all time
The industries creating hardware and software for these artificial worlds has grown to be huge. In 2020 video gaming generated over $179 billion in global revenue, having surpassed the film industry years before.
Video games aren’t just for kids. There are an estimated 3.24 billion gamers across the globe.
In the US the numbers are huge. “Three out of every four, or 244 million, people in the U.S. play video games, an increase of 32 million people since 2018." Gamers spend lots of time on their games: “... gamers average 14 hours per week playing video games.”
Game World and Virtual Economies
Huge numbers of people go to a screen or put on a headset and "enter" the world of a video game, where they often spend hours at a time. While in that world, they can move from place to place as an observer, or as the controller of their personal avatar. They can interact with others, as shown by this scene from the virtual world of Second Life in 2003.
The currency used in a game world can be called different things. For example in World of Warcraft it's called -- big shock coming up here -- Gold. Gold can be earned by players accomplishing things in the game world, and can be spent for skills or in-game objects. Players can buy and sell items among themselves using such currencies. Many games enable players to buy in-game currencies using real money. In some cases, in-game virtual "land" is also for sale.
Long before Bitcoin, markets arose to enable in-game currencies to be traded (exchanged) for real-world currencies. It is now a multi-billion dollar industry. "In 2001, EverQuest players Brock Pierce and Alan Debonneville founded Internet Gaming Entertainment Ltd (IGE), a company that offered not only the virtual commodities in exchange for real money but also provided professional customer service." The company was the largest such on-line exchange and accounted for hundreds of millions of dollars of transactions.
Video Games, Bitcoin and NFT's
The first Bitcoin was sent in 2009. It wasn't much used or valued until 2013. Ethereum first went live in 2014. By this time there were already MMORPG's with many hundreds of millions of players earning, spending and exchanging digital currencies involving virtual objects in their game worlds.
Let's see how the things used by literally billions of gamers compares to Bitcoin (and other crypto-currencies) and NFT's.
Games have digital currencies with no real-world value.
Sounds like Bitcoin and other crypto-currencies
In-game virtual objects can be bought and sold using in-game currencies
Sounds like buying crypto-world NFT's with Bitcoin
New units of the digital currency are created by the game software
New crypto is created by Bitcoin mining software
Game currencies can be used and exchanged among gamers
Same with Bitcoin
Game currencies can be exchanged for and bought with real-world money
Same with Bitcoin
There are exchanges outside the game that enable buying/selling
Same with Bitcoin
The exchange price can vary greatly
Same with Bitcoin
Teams create new games with currencies and virtual objects
Teams create new crypto-currencies and NFT's
Still think there's no relationship between gaming and crypto? How about, as mentioned above, the fact that Brock Pierce and a partner founded the game currency exchange IGE in 2001, and the same Mr. Pierce was active in crypto-currency by 2013 and became a "Bitcoin billionaire" by 2018.
Of course, the new worlds of crypto and NFT's are different in some important ways from the gaming worlds. Games along with the objects and currencies are created and managed by the game company. While there's more control than is generally recognized, crypto-currencies have a large degree of self-management with their built-in miners. Similarly, NFT's are created independently
Conclusion
First Bitcoin came seemingly out of nowhere in 2009. A few years later, variations of Bitcoin appeared on the market. An astounding explosion of crypto followed, along with digital objects that "live" in the crypto world.
Like many other "brand new" things, the worlds of crypto and NFT's have remarkably close relations to the world of gaming, from which they appear to have evolved. Compared to the gaming world, the number of people invested in crypto is truly tiny, hundredths of a percent. But the inflation and amount of real-world currency that has been converted to crypto dwarfs the amounts in the gaming world.
As with many other tech trends, the history and evolution of the elements of the trend reward study.
DCash, the Digital Currency issued by the ECCB (Eastern Caribbean Central Bank) Is a pioneering effort with good intentions. Here is the background, covering how it was studied carefully, piloted in March 2019, had its first live transaction in February 2021, rolled out in March 2021, expanded in July 2021 and then, on January 14, 2022, went dead. Not just down for a few hours ... or days ... or weeks ... but long enough for any sensible person to completely give up on it. Then the ECCB announced that DCash would be back soon, and then announced that it was alive and well. The ECCB is lah-dee-dah, yes we had an "interruption" in service, but we're back better than ever!
What if someone stole your wallet and kept it from you for nearly two months? Why would any sane person convert real money to DCash if it can suddenly be stolen and held hostage for months? And not by criminals, but by the bank!
A couple days before they resumed service, ECCB announced that DCash was coming back. To regain trust and for the sake of transparency, you would think they would tell us what actually happened. Nope.
Here's their explanation:
In January 2022, the DCash system experienced its first interruption since its launch in March 2021. As a result, the processing of new transactions on the DCash network was halted. This interruption was not caused by any external intervention. The security and integrity of all DCash data, applications and architecture, including all central bank, financial institutions, merchant and wallet apps remain secure and intact.
Following the interruption, the ECCB took the opportunity to undertake several upgrades to the DCash platform including enhancing the system’s certificate management processes – the initial cause of the interruption, and updating the version of Hyperledger Fabric, the foundation of the DCash platform. These upgrades have further strengthened the robust security mechanisms, which ultimately underpin the DCash technology, resulting in a more resilient product.
It "experienced its first interruption." Passive voice. Where did the "interruption" come from? Who did it? Why?
"As a result, the processing of new transactions on the DCash network was halted." As a result of what?? The processing "was halted" by whom?? The ECCB?
"This interruption was not caused by any external intervention." This implies no hacking. It was internal. Either a bad insider or something awful with the software that had (presumably) been running for months.
So they went about several "upgrades" -- not bug fixes or corrections. Then we get to "enhancing the system's certificate management process." Certificates are NOT about digital currency, they are standard web things, as I explained. And they "updated the version of Hyperledger Fabric," a standard library for blockchain. Updating to latest versions should be part of normal systems maintenance. It's not something that takes weeks! You do the upgrade, test it, run it in parallel with your current production system to assure it works, and then you seamlessly switch over. Groups large and small do this all the time. It's standard practice. Only creaky old organizations firmly anchored in the past would take a system down for hours to perform maintenance. Even they wouldn't dare take a system down for even a week!
What's the result? ECCB has now "further strengthened the robust security mechanisms ... resulting in a more resilient product." Wow. The security mechanisms either had a fault or they didn't. The claim is that it took nearly two months to create a "more resilient product." A product that had been running live for nearly a year.
Announcing the Resumption
Next ECCB declared as promised that DCash was back. They provided no further explanation:
As part of the restoration, the platform now benefits from several upgrades including an enhanced certificate management process and an updated version of the software which provides the foundation for the DCash system. Extensive testing and assurance exercises were conducted prior to restoration of the platform to ensure full functionality of the service in accordance with quality assurance specifications.
Certificate management is standard internet stuff. It has nothing to do with crypto. Why wouldn’t they already have had the latest version working as part of their system? No excuse! If they just needed to upgrade, why not do it the way everyone does? They claim to “enhance” the certificate management process. Something unique for ECCB? Bad idea.
Hyperledger fabric. Similar claims, same response.
They claim DCash is now “more resilient.” But there were no crashes during many months of operation. Therefore (according to them) DCash was already perfectly resilient.
They're hiding something. What is it??
Apps for Digital Transfer
You don't need a CBDC like DCash to quickly, easily, safely, cheaply and electronically move money around. In fact, we're all better off if central banks just ignored the whole issue. Here's my analysis of the situation, talking about a potential CBDC for the US that no one needs and describing how Venmo and CashApp work and are broadly accepted.
The ECCB made strong claims about the benefits DCash was going to bring. All benefits that are in production and use by over 100 million people, operated by private companies without a CBDC. Nonetheless they went ahead. And crashed. And clearly lie about it. What's going on??
The DCash App
As a brand-new currency, DCash needs an app. It's something the ECCB largely ignores on their self-promotional website. I wonder if there's anything to learn by digging into the DCash app? It turns out there is! Following is what I discovered.
I figured they must have a wallet app for Android. I went to the Google Play store and found the app:
Sure enough, that's the wallet. But look over there on the upper right. 40 reviews, 2 stars out of 5. That's awful!
Let's look at some of them. Sadly, Google won't give them in time order.
The first review wasn't until March 27, 5 stars.
On Aug 15 we get 1 star with the comment "Bad." No response from ECCB. Aug 31 there is 3 stars with "*yu" as the comment. No response from ECCB. Mostly it's 1 star reviews, one after the other, many with thumbs-up ratings for the badness of the review.
Months later, Dec 12, we get 2 stars and "Efgy." And a response from ECCB!
Look more closely. The review was posted Dec 12 and the response was posted nearly a month later!! Really staying on top of things, aren't they?
I see they've got a special domain for feedback. This is the first I've seen of it. You would think it would be on the main site, wouldn't you? Let's check it out. I put the support site URL in my browser and this is the result:
No, I didn't type it wrong. Even though DCash is supposedly up and running just fine, the support site isn't just broken -- it's not there! The domain doesn't exist!!
Things are clearly just awful for the Android app. I wonder how it is for iPhone -- maybe it's wonderful? Here's the preview of the DCash app on the Apple App store:
Only 5 ratings vs. the 40 ratings for Android. What's clear is that Apple users are MUCH more generous than Android. The review by Waps7777 in Dec 2021 gave it 3 stars even though "DCrash not DCash. The app crashes every time is send a payment."
Conclusion
We still have no idea what happened with DCash. But it's pretty clear from the App store comments that the currency should be called DCrash. The announcements of ECCB say nothing about the apps. The people in charge are, as usual with people in charge, going to great length to hide problems and declare wonderfulness. But with the evidence on the table to date, DCrash is a disaster and should be shut down. If the authorities cared about real human beings other than themselves, they would apologize, shut down DCash, and make a deal with Zelle, Venmo, CashApp or someone who has a track record of real success to improve the lives of the people in the EC nations.
The United States is seriously planning to issue FedCoin, a CBDC (Central Bank Digital Currency), following the lead of the Chinese government and others around the world. I have previously spelled out why we don’t need Fedcoin, basically because the currency of the United States is already largely digital. In this article I argue that not only don’t we need FedCoin, but that issuing such a CBDC has a strong potential for disaster. For a perspective that is broad and deep on this subject, see Oonagh McDonald’s recent book Cryptocurrencies: Money, Trust and Regulation.
The Eastern Caribbean Central Bank
Did you know that in 1983 eight countries in the eastern Caribbean banded together to create a central bank with a common currency? The ECCB resembles the Federal Reserve in the US for Anguilla, Antigua and Barbuda, Commonwealth of Dominica, Grenada, Montserrat, St Kitts and Nevis, Saint Lucia, and St Vincent and the Grenadines.
The ECCB’s experiment with a Digital Currency
After considerable planning, the ECCB kicked off a pilot for a digital currency in 2019. According to their website:
The Eastern Caribbean Central Bank (ECCB) launched its historic DXCDCaribe pilot, on 12 March 2019. ‘D’, representing digital, is prefixed to ‘XCD’ - the international currency code for the EC dollar.
The pilot involves a securely minted and issued digital version of the EC dollar - DCash. The objective of this pilot is to assess the potential efficiency and welfare gains that could be achieved: deeper financial inclusion, economic growth, resilience and competitiveness in the ECCU - from the introduction of a digital sovereign currency.
DCash will be issued by the ECCB, and distributed by licensed bank and non-bank financial institutions in the Eastern Caribbean Currency Union (ECCU). It will be used for financial transactions between consumers and merchants, people-to-people (P2P) transactions, all using smart devices.
The pilot was declared a success. The phase 2 rollout of DCash started March 31, 2021.
The ECCB provides a detailed description of the excellence of the implementation and security of the DCash system. For example:
The DCash platform is being developed through security-by-design principles. Applications are subject to rigorous quality assurance, and independent security testing, prior to live deployment. Hyperledger Fabric is being utilized to create an enterprise-grade, private-permissioned, distributed ledger (blockchain). Modular and configurable architecture is used to facilitate DCash transfer, payment processing, and settlement across authenticated and authorized API’s. Additionally, all DCash users must be authenticated and authorized.
The application framework was designed with built-in mitigations against common web application vulnerabilities, and goes through a quality assurance process that includes rigorous security testing. Multi-factor authentication is required for financial institutions, all APIs are authenticated and authorized, and all participants are vetted. In addition, secure hardware elements are being used on mobile devices.
More details were provided to demonstrate the security and high quality of the system. In addition to unspecified data centers, the website states:
Google Cloud is the current service provider. With the exception of the minting system, all system services are hosted in Google Cloud. Connections between different system layers is secure (SSL/HTTPS) and permissioned (IP Address restrictions, username/ passwords, and JWT tokens).
There’s a Problem
So what happened to this wonderful, highly secure digital currency? It went down!
The ECCB announced on January 14, 2022 that there was a system-wide outage.
This break in service has been caused by a technical issue and the subsequent necessity for additional upgrades. Therefore, DCash transactions are not being processed at this time.
There were lots of words about how things would be OK.
Did it go down for an hour? Bad. A day? REALLY bad. A week or more? A complete, unmitigated, no-excuses disaster.
What if you were a user of DCash and you couldn’t use it? It would be like having money in your bank account, but the bank claims it’s unable to give you any! What are you supposed to do? To whom can you appeal? No one!
It’s worse than that. As this writing at the end of February, a full six weeks after DCash D-Crashed, it’s still down.
The Eastern Caribbean Central Bank has revealed that an expired certificate caused its pilot central bank digital currency (CBDC), DCash, to go offline from January 14. Karina Johnson, the ECCB project manager for the DCash pilot, told Central Banking that “the version of Hyperledger Fabric (HLF)”, the network that hosts DCash’s distributed ledger, “had a certificate expire”. To install an up-to-date certificate, the currency’s operators are undertaking “a version change of HLF and associated...
This is really strange. If the language used is correct, a “certificate expiration” has nothing to do with digital currency or blockchain. An expired certificate is something that is issued by a “certificate authority” It’s used all over the web. For example, most web addresses start with https://www. Etc. The “s” means secure, which means that the traffic between your browser and the website is encrypted. When a browser sees the https, it goes to the site, which sends a certificate issued by a CA (certificate authority) that says that the public/private key pair used by the site is legit.
There are NO certificate authorities in Bitcoin or other cryptos! There are just public/private key pairs, with the private key being used to “sign” a transaction sending Bitcoin from the corresponding public key – which assures that it really is the owner of the public key sending the BTC.
So what's going on and how could a "certificate expiration" have caused this? No one is saying. By the way, a expiration of this kind can normally be fixed very quickly, less than a day.
The next (and most recent as of this writing) thing that was publicly announced was this on Facebook on February 14:
Why did DCash go down? Why is it still down after all this time? How are the consumers and merchants being helped with their funds being locked and inaccessible? No one is talking.
Conclusion
ECCB seems to have done everything right. They carefully studied. They worked with an experienced vendor, who had experience doing CBDC. They used the leading blockchain fabric. They used Google for hosting. They did a limited trial, released it in one of their regions, and then made it more widely available. And then something went wrong. Very wrong. What it could possibly be that involves "certificates expiring" is mysterious. How they could have built something that could be dead for over six weeks is extremely rare in software.
CBDC's are a terrible idea. We don't need them. They add nothing in terms of cost or speed to the digital fiat currency and associated software that we already have. How can any government guarantee that they won't have a DCash disaster when their own CBDC rolls out? So governments are suddenly wonderful bringing out great software that works? I've got this bridge, by the way, and I can let you have it for a limited-time-only bargain price...
A book has been published about cryptocurrency that stands out from the many books available on the market: it's written by a person with experience and true expertise in financial markets, institutions and regulation both in government and the private sector, Oonagh McDonald. Disclosure: I was her technical advisor for the book. We connected as a result of my article in Forbes on Central Bank Digital Currencies.
Dr. McDonald's prior books are impressive because of her amazing perspective and knowledge. Here's her background:
Dr. Oonagh McDonald CBE is an international expert in financial regulation, having advised regulatory authorities in a wide range of countries, including Indonesia, Sri Lanka and Ukraine. She was formerly a British Member of Parliament, then a board member of the Financial Services Authority, the Investors Compensation Scheme, the General Insurance Standards Council, the Board for Actuarial Standards and the Gibraltar Financial Services Commission. She was also a director of Scottish Provident and the international board of Skandia Insurance Company and the British Portfolio Trust. She is currently Senior Adviser to Crito Capital LLC. She was awarded a CBE in 1998 for services to financial regulation and business. Her books include Fannie Mae and Freddie Mac: Turning the American Dream into a Nightmare (2013), Lehman Brothers: A Crisis of Value (2015) and Holding Bankers to Account (2019). She now lives in Washington DC, having been granted permanent residence on the grounds of "exceptional ability".
Read the comments at the link about her books on Lehman Brothers, Fannie Mae, bankers and markets and others.
Here are examples of what others have said:
Oonagh McDonald has done it again. In this ambitious book, she helps the rest of the world catch up with her on the opportunities and risks associated with stable coins. Even if one may disagree with her about the future of stable coins (and I do a bit), this book is an invaluable resource, especially as a teaching tool, because of McDonald’s ability to synthesize and interpret a vast amount of information about complex and novel practices. -- Charles Calomiris, Henry Kaufman Professor of Financial Institutions, Columbia Business School
McDonald’s rigorously researched analysis of the development of cryptocurrencies is a must-read for anyone who has a stake in the future of money. It is an historical tour de force that painstakingly teases out of every corner of the cryptocurrency world the critical issues that governments, policy makers, and consumers must consider before abandoning government fiat money. -- Thomas P. Vartanian, executive director and professor of law, Program on Financial Regulation and Technology, George Mason University
Everyone fascinated by how the cryptocurrency phenomenon has created a whole sector of ventures to furnish ‘alternative currencies’, while the dollar price of a Bitcoin boomed from 8 cents to a high of more than $60,000, must wonder whether all this will really bring about a revolution in the nature of money. Will Bitcoin’s libertarian dream to displace central bank fiat currency be achieved? Or ironically, will central banks take over digital currencies and make themselves even more dominant monetary monopolies than before? Oonagh McDonald, always a voice of financial reason, provides a thorough consideration of these questions and of cryptocurrency ideas and reality in general, with the intertwined issues of technology, regulation, trust, and government monetary power. This is a very insightful and instructive guide for the intrigued. -- Alex J. Pollock, Distinguished Senior Fellow Emeritus, R Street Institute, and former Principal Deputy Director, Office of Financial Research, US Treasury
It's a different perspective from the many books on the subject of cryptocurrencies that have been published. Whether or not you agree with her conclusions, you will read facts and perspective here that are not available elsewhere.
Many people believe, for good reason, that the cryptocurrency Bitcoin is widely used by criminals. The growing number of firms looking to profit from the use of Bitcoin as a legal investment don’t like being associated with crime. So they decided to form an organization and pay an ex-CIA director to lend his prestige and credibility to a report that distorts the truth and whitewashes the huge and ongoing use of Bitcoin and other cryptocurrencies as key parts of criminal enterprises.
The Crypto Council for Innovation
The IPO of crypto firm Coinbase at a valuation of about $100 billion shines a bright light on the main asset it manages, Bitcoin. Coinbase, along with other crypto firms and major financial firms such as Fidelity, have formed a trade group called Crypto Council for Innovation whose purpose is to promote the benefits and general wonders of crypto and to “encourage the responsible regulation of crypto in a way that unlocks potential and improves lives.” They also will be “…addressing misperceptions and misinformation…”
To that end, the group has sponsored a paper. Here’s their description:
In An Analysis of Bitcoin's Use in Illicit Finance, a study authored by Michael Morell, former Acting Director, Deputy Director and Director of Intelligence at the Central Intelligence Agency (CIA) examines the general assertion that the Bitcoin market is rife with illicit activity. Morell concludes that Bitcoin's use in illicit finance activity is limited and orders of magnitude lower than what has been cited by government officials. Morell's analysis also reveals that the blockchain ledger is a highly effective crime-fighting and intelligence-gathering tool.
The group is already meeting its goal of influencing public opinion. The headlines of articles include:
Like all propaganda of its kind, the Morell report is all about starting with the conclusion you want – Bitcoin is great, criminals are fleeing from it! – and marshaling an impressive-sounding array of name-brand institutions and experts to say what you want. In this case, since the facts diverge from the desired conclusion so drastically, a good deal of work is required to reach that goal. Here are some of the major things the report did to whitewash the truth.
The report is self-serving
First and foremost, the people who wrote the report were bought and paid to do the job they did. Of course the report included words about how it was “objective.”
Think about it this way: suppose a governor of a state were accused of sexual harassment by multiple women and further accused of hiding actions leading to the deaths of thousands of seniors during the pandemic; how credible would a report be that was commissioned and paid for by that same governor? That’s what we have here.
The “experts” are nearly all anonymous
The report references experts from a wide variety of name-brand institutions who are said to support the report’s conclusions. This is an important subject. Don’t you think the report’s authors could get more than one such expert to go on the record? The one expert they got on the record has been retired for years.
Bitcoin technology is difficult for most people to understand
None of the report authors have any technical expertise. The ex-CIA man spent his early years on energy and East Asia, and then became a manager and communicator – which is what you would expect of someone who now spends lots of time working for media outlets like CBS.
The report shows little understanding of Bitcoin technology
The words used in the second conclusion are one example among many: “The blockchain ledger on which Bitcoin transactions are recorded…” The way this is worded shows a lack of the most basic knowledge of how Bitcoin works, implying that Bitcoin is somehow not part and parcel of what some call the “blockchain ledger,” a phrase made up to describe one of the inextricable parts of the Bitcoin code base. In the normal world, transactions like buying a hose at a hardware store take place; some of those real-world transactions may later be recorded in a ledger; in Bitcoin, there is no difference between the transaction, the Bitcoin and the ledger.
Why do criminals like Bitcoin?
The report claims that criminals are fleeing from Bitcoin. Let’s step back and see what it is about Bitcoin that criminals like. The reason why criminals like Bitcoin and other cryptocurrencies is simple: it’s easy for them to avoid getting caught! It’s even better than wearing a mask when robbing a bank! It’s as anonymous as cash except that it enables the transacting parties to be an ocean away from each other.
How does Bitcoin enable criminals to exchange money secretly?
It is true, as the whitewashing report claims, that the Bitcoin ledger contains a complete record of Bitcoin transactions and is open for viewing to anyone. A knowledgeable person can look at any current Bitcoin holding and trace it back to the prior owner, the owner before, and so on to the transaction that created the Bitcoin. It’s totally transparent!
There’s a little wrinkle, though, that’s the key to everything: the buyer and seller of each Bitcoin transaction are identified solely by the public side of the encryption keys controlled by the transactors. The physical-world identity of the sender and receiver of Bitcoin is not recorded in any way, shape or form! In terms of the Bitcoin ledger itself, everything is 100% anonymous.
The report mostly disputes claims few people make
In the introduction they talk about “…public statements from officials on both sides of the Atlantic who have suggested that Bitcoin is used primarily for illicit activities.” In fact the argument most often made is NOT about the fraction of Bitcoin used for criminal purposes, but about the fact that the nature of Bitcoin makes it DESIRABLE for criminals to use, and that criminals in fact make use of it. At no point do the authors argue against the fact of criminals’ preference for Bitcoin. The authors’ first major conclusion is “The broad generalizations about the use of Bitcoin in illicit finance are significantly overstated.”
The first major section of the report is “Bitcoin’s Use in Illicit Activity is Relatively Limited” The authors don’t deny that criminals like to use Bitcoin. They even admit that it is the currency most often found in Dark Net Markets, i.e., places where illegal substances and objects are bought and sold.
They argue that the fraction of Bitcoin activity performed by criminals is decreasing
As the speculative frenzy for Bitcoin buying and selling continues to grow, this is plausible, but irrelevant to the core observation that criminals like using Bitcoin and that it enables their activity.
Suppose a city suffers 100 murders per year. Then the population of the city greatly increases, but 100 people a year are still murdered. Is the fact that a decreasing fraction of the population is murdered every year something to be celebrated? Would you want to proclaim that your city’s murder rate is going down?
The report they rely on does not support their conclusion
The Chainalysis report they quote does not claim that criminal use is decreasing, but that overall use is growing: “One reason the percentage of criminal activity fell is because overall economic activity nearly tripled between 2019 and 2020”
The also report states: “However, as always, cryptocurrency remains appealing for criminals as well due primarily to its pseudonymous nature and the ease with which it allows users to send funds anywhere in the world instantly, despite its transparent and traceable design.”
The uncertainty of the Chainalysis data about criminal use is ignored
Because of the difficulty of identifying the participants in Bitcoin transactions outside of highly regulated exchanges that enforce standard bank KYC provisions, identifying which are criminal is mostly guesswork.
For example, the 2020 report identified 1.1% of 2019’s transactions to be criminal activity. In the latest 2021 report that number was revised to 2.1%, nearly double! They admit the same uncertainty about their numbers for 2020 saying “we should expect 2020’s reported criminal activity numbers to rise over time as well.”
The authors minimize the extent of the use of Bitcoin by criminals
The revised Chainalysis 2019 number shows “$21.4 billion worth of transfers” by criminals. This is no small amount! It is about the same as the worldwide total amount of money lost to credit card fraud by banks! Vastly more people use credit cards than hold Bitcoin, and the yet the total amount of crime is about the same!
The supposed use of blockchain analysis for fighting crime
The report’s second conclusion finishes with: “Put simply, blockchain analysis is a highly effective crime fighting and intelligence gathering tool.” If this is true, don’t you think the report would have included some juicy examples of crimes that had been foiled or intelligence that was gathered from Bitcoin? The authors fail to give a single example – not one of a crime that has been solved by using “blockchain analysis.” And not one example of intelligence that has been gathered. Do you think this might have something to do with the fact that exactly zero personal identity information is contained in the blockchain? You know, the reason criminals like it?
On the other hand...
Criminals are everywhere. Criminals like money. Criminals have been finding ways to exchange and launder money as long as there has been money. Fully regulated banks that enforce KYC (Know Your Customer) identification standards are still used for criminal purposes. The most recent report (from 2015) from the US Treasury estimates that about $300 billion is laundered every year in the United States. This is in spite of the massive AML (anti-money-laundering) regulations imposed on banks that cause them to produce a flood of required AML reports to the feds, who proceed to catch and stop only a small fraction of the crime. Only this year, after years of increasing regulations and costs with ongoing ineffectiveness, has the relevant agency started to take steps towards measuring effectiveness instead of just requiring “churning out more data that proves to be less than helpful” in actually catching the bad guys.
Conclusion
Bitcoin promoters are anxious to upgrade the reputation of their currency. The report they sponsored for that purpose marshals an impressive array of classic propaganda techniques to convey its misinformation. Why not just state the facts?
The facts in this case are simple. Criminals make extensive use of our existing financial institutions. They manage to do so in spite of huge, costly efforts of banks, regulators and enforcement agencies, who end up catching only a small fraction of the crime. Criminals were early to jump on the Bitcoin bandwagon because of the anonymous, instant transactions it enabled. Criminals use Bitcoin today and are highly likely to continuing doing so, just as they continue to use existing banking mechanisms and largely escape capture. There is nothing about the “transparency” of Bitcoin that makes it easier to catch bad guys than existing systems.
I hope that the relevant organizations abandon the time-wasting report generation approach they’ve taken to finding financial crime in most areas other than credit card fraud and shift to a more entrepreneurial, results-oriented model with proper incentives to the participants. Here is the idea of the approach in general, and here’s an example of how it’s worked out in credit card fraud.
There’s little new about the Colonial pipeline security disaster; nearly everything was business as usual: expensive but ineffective cyber-security systems and people; penetration and massive data stolen secretly; learning about the breach when ransomware popped up and said “pay me;” shutting everything down; taking days to recover; and the government, which is incapable of protecting itself, making solemn statements about “helping” more.
Colonial did manage to stand out from its fellow victims in a couple of ways: unlike many victims, they paid the big ransom; and their shutdown hurt millions of normal people in significant ways.
The other way Colonial stood out is remarkable: it was big news in the media for days, while the many “successful” ransomware attacks that take place each and every day on businesses, governments, schools and hospitals are rarely made public, much less make the news. Cars being unable to get gas in multiple states, even at inflated prices, may have had something to do with it...
Colonial Pipeline in Context
As usual in disasters of this kind, many important details of the attack and the response to it are closely-guarded secrets.
Let's step back and put what we do know about the disaster in context.
Ransomware has been around for a couple decades. It was usually sent to consumer emails with threats of various kinds if a ransom wasn’t paid. The ransom amount was usually under $1,000 and was paid to prepaid cards and other places. Because of the ability to trace the payment, the scam became less profitable and more dangerous for the criminals involved.
Then bitcoin came along. By 2013 exchanges appeared that enabled criminals to receive instant payments while remaining anonymous and untraceable. Why attack consumers for small amounts when you can get into a large institution and demand large amounts that you can receive instantly and anonymously anywhere on the globe? The threat evolved as well. The attacking software, after gaining entry into the target’s internal computer network, would encrypt all the data, making the organization’s computers nonfunctional until the data was unencrypted using a key known only to the criminals. The victim would be stalled in place, unable to function until the ransom was paid or the computers were otherwise restored. The use of ransomware exploded.
While the well-paid but ineffective defenders sloppily applied what they were taught in school and followed the thousands of pages of security-related regulations, the criminals evolved on multiple fronts. Ransomware evolved rapidly during 2020. The criminal attackers started to take a copy of the target’s data (exfiltrate it) before locking it up. The threat evolved to: if you don’t pay us we’ll make all your data public and you’ll be locked up.
Industry expert EMSISoft tells us: “As the year progressed, more and more groups started to exfiltrate data, using the threat of releasing the stolen information as additional leverage to extort payment. At the beginning of 2020, only the Maze group used this tactic. By the end of the year, at least 17 others had adopted it and were publishing stolen data on so-called leak sites.”
Oh, expose the data — how bad can that be? Pretty bad. “The data that was published included Protected Health Information (PHI), sensitive information related to school children, and police records related to ongoing investigations.”
What? These sound like highly regulated hospitals and government organizations, even law enforcement. Isn't the government, which creates and sometimes enforces all these cyber-security regulations able to protect itself? I guess not: “Unfortunately the barrage continued into 2020 with at least 2,254 US governments, healthcare facilities and schools being impacted. The impacted organizations included 113 federal, state and municipal governments and agencies, 560 healthcare facilities, 1,681 schools, colleges and universities.”
Colleges and universities? Aren't these the places that train all these cyber-security people and create the theory and practice they all learn and put into practice, with their fancy degrees? How is it possible that the security experts can't keep themselves secure? And just look at those numbers: more than four per day were hit and hurt!
On the other hand, it's just people's data getting exposed and ransoms being paid, right? Sadly it’s more than embarrassment: “The attacks caused significant, and sometimes life-threatening, disruption: ambulances carrying emergency patients had to be redirected, cancer treatments were delayed, lab test results were inaccessible, hospital employees were furloughed and 911 services were interrupted.”
More than an attack a day took place at healthcare facilities! Have you seen any headlines about that?
Alright, alright, this is all about governments and similar institutions. Commercial companies want to protect their profits and their reputations. They probably handle things much better — they must, because you almost never hear about them. Ummmm, maybe not; again from EMSISoft: “The private sector was hit hard too. Globally, more than 1,300 companies, many US-based, lost data including intellectual property and other sensitive information. Note, this is simply the number of companies which had data published on leak sites and takes no account of the companies which paid to prevent publication. Multiple companies in the US Defense Industrial Base sector also had data stolen, including a contractor which supports the Minuteman III nuclear missile program.”
Read that last sentence again, please. The bad guys are successful in stealing even from defense contractors. And the number above is the tip of the iceberg, because it's just the ones where someone was able to find their data for sale — it doesn't count all the ones who paid up, hushed it up, etc. Somebody did a survey to find out just how widespread the problem was in commercial businesses. Here's the bad news: “according to a study by security firm Sophos, 51 percent of all surveyed businesses were hit by ransomware in 2020.”
The iceberg is indeed huge. We're talking serious money given to criminals. From Pentest Magazine: “By the end of 2019, cybercriminals using ransomware had made off with a reported $11.5 billion in ransom payments. By the end of 2020, that number is projected to reach $20 billion.”
That's "just" the ransom money — much more money is spent recovering from the attack, even if the ransom is paid.
With all that bad stuff going on and the FBI and other agencies devoting huge resources to it, at least some of the bad guys are being caught and punished, right? No. According to EMSISoft “the effective enforcement rate for cybercrime in the US is estimated at only about 0.05%.”
In case you're not feeling math-y, let me help. This means that out of each 2,000 cybercrimes, only one is prosecuted.
Conclusion
The Colonial Pipeline event was extremely rare — not that it happened, since about half of all businesses get hit with ransomware every year — but because it made the news and was widely covered.
The reality is that, largely invisible to the public, there are gangs of criminals roving secretly and largely unchecked through our computer systems and networks stealing valuables and extorting money in huge volumes. Business and government spend increasing amounts of money with ever-growing staffs of highly educated, certified professionals to prevent the on-going pillaging. They are failing. Horribly. The vast majority of the "cures" that are batted about will definitely cause everyone involved to spend more money, and will equally certainly make little difference.
I have discussed the issues and illustrated the problems and solutions but it won't make a difference — all the power and prestige go, as usual, to people who are proven ponderous pontificators to whom the entire realm of software is invisible.
The cryptocurrency enthusiasts are at it again, with a new name and even more ambitious goals than before: now they want a “national digital currency.” Hurry! The Chinese will beat us to it, and we’ll be left behind!
Somehow, no one in the debate acknowledges the obvious fact that we already HAVE a national digital currency. It’s fast, cheap and secure! It has no issue with regulators, and it’s accepted everywhere. Who knew? It’s called … the US dollar. The wild-eyed “national digital currency” groupies prefer to ignore the fact – yes, it’s a fact – that the US dollar is a digital currency. Instead, they’re convinced it can’t possibly be a good thing, because it’s not based on brand-new, cool, “immutable distributed ledger” blockchain-based cryptocurrency technology. Bzzzt! Wrong.
The national digital currency of the USA
The people who talk about “national digital currency” are obsessively focused on cryptocurrencies. They make believe digital currencies are a recent invention, and that only things that have evolved from Bitcoin meet the description. Nonetheless, by any reasonable definition, here in the good old USA we already have a digital currency. It’s called the US dollar. It’s managed by the Federal Reserve Bank. But that’s not digital, you might say – what about that green stuff in my wallet, and those coins jangling in my pocket or purse?
I agree, we have cash. As of Feb 12, 2020 there was $1.75 trillion worth of paper cash in various denominations in circulation. That’s quite a bit. But it’s far from the whole story. For the rest of the story, we turn to the money supply, the total amount of which is one of the chief responsibilities of the Fed to maintain – and grow and shrink, as needed. There are two main measures of the money supply, M1 and M2. See this for the Fed’s definition. Basically, M2 includes checking and savings bank deposits, money market funds, and similar cash-equivalents. As of December 2019, M2 was $15.434 trillion dollars.
What this means is simple: almost 90% of US dollars have no physical existence – they are purely digital. But this isn’t just for the USA; world-wide, only 8% of currency exists as physical cash!
The US dollar took many steps over more than a century to evolve from physical cash to today’s largely digital currency. First, paper currency wasn’t “real” money – it was a promise by a bank to trade the paper for the equivalent in gold. For example, here’s a $5,000 bill from 1882 that’s a promise to exchange for $5,000 in gold coin on demand:
In practice, no one exchanged these large-dollar notes for gold; they were mostly used by banks and the government to move funds between themselves, a practice which stopped in 1934.
Long before the advent of computers, the gold exchange promise was dropped. Here’s a bill as printed in 1928 that simply declares that it’s $5,000:
The last high-denomination bills were printed in 1945. Large inter-bank transfers were done without the exchange of cash; tightly controlled procedures were used to transfer “money” between bank ledgers before the advent of computers. In 1969 the large bills were officially discontinued, and the government started destroying them. In 1975, the government started depositing social security payments into recipient’s accounts electronically. By 1990, all money transfers between commercial and central banks were done electronically.
There is no single date when you can say that the dollar became digital. The process of transformation took place step by step, each leading to the next. The early steps took place long before computers; the principle was established and in universal use among banks and the federal reserve already in 1945! The invention and use of computers simply enabled further automation of the digitization of the US dollar, and enabled fully real-time transfers to take place.
What all this adds up to is that the US dollar is a national digital currency, by any reasonable definition, and has been for years. The vast majority of currency value is fully and completely digital, and all large-dollar transactions are completely digital. We also have cards, which are smaller, lighter and more convenient than smartphones, with the added convenience that they don’t crash or run out of power. In addition, we have the added convenience of physical cash, 100% interchangeable with its digital currency equivalent, as we see with ATM’s every day. Cash is convenient for small transactions and for people who don’t have working, powered and connected small computers on their person. The US dollar is indeed a national digital currency, with the added convenience of cards and cash.
What’s a national digital currency?
The vast majority of people know through everyday experience that the US dollar is a national digital currency. But almost no one talks in those terms. When people use that recently-coined term, they usually means something brand-new, a form of cryptocurrency. For example, a recent WSJ article describes a push towards a “national digital currency.” One of the quoted authors waxes eloquent about its virtues, but never really says what it is.
The only way to understand “national digital currency” is to back up and look at the history of where the concept came from. While no one likes to talk about it, the undisputed origin of the concept is a brilliant, well-implemented and widely used body of software called Bitcoin. The concept and every major feature of Bitcoin was designed to operate with no central authority of any kind in charge. Amazing. How can it be that anyone anywhere could declare themselves to be a Bitcoin “bank” (they call them “miners”) and the system works? See this for an explanation. Bitcoin was also designed to give total anonymity to the people who deposit, send and receive Bitcoin, making it a favorite of international criminals around the world.
Before long, Bitcoin competitors appeared, each claiming to add or correct something important in Bitcoin; for example, Ethereum introducing the so-called “smart contract.” Next, people started talking about “blockchain” and the “distributed immutable ledger,” taking out the concept of currency. Supposedly, these technologies would solve long-standing problems involving data that was in many locations. This led to loads of blockchain start-ups and service companies, with giant corporations infected with bad cases of FOMO funding pilots and proofs-of-concept. Major companies like Microsoft and IBM now offer blockchain-as-a-service in their cloud products.
More recently, we have seen highly publicized efforts to legitimize something like an enhanced Ethereum-like currency, most prominently Facebook’s Libra, which has the backing of a large number of name-brand financial institutions.
All this leads up to the newly “coined” notion of a “national digital currency” – let’s have the US government implement it instead of Facebook and its consortium partners!
This is all-too-typical technology mania. We’ve seen it many times. The true believers ignore evidence, ignore existing practice and fervently believe in the world-transforming new technology. Loads of highly-paid executives and government leaders pay obeisance, effectively paying insurance against the remote possibility that the cult delivers real value. There’s a strong lemming effect: don’t be left behind!
Inconvenient facts
People who advocate for a “national digital currency” like to ignore the one we already have, in favor of some variation of the currency beloved by human smugglers, drug lords and international illegal arms traffickers. Like the people at the Digital Currency Initiative at the much-revered Media Lab at MIT. In a recent WSJ article, the director of the lab immediately conceded that with direct deposit of salary and Venmo to split the cost of dinner with friends, it seems like we already have a digital currency. But this isn’t good enough! After all, there are fees, and big banks are involved and sometimes transactions can take days. Ugh. With a real national digital currency, a federal cryptocurrency, payments would be “faster, cheaper and more secure.”
There are just a couple little problems. Here are some highlights:
Cryptocurrency is slow
Crypto-groupies love to talk about the slowest transactions in the multi-trillion dollar US digital dollar system. While large parts of the US digital dollar system execute huge numbers of transfers in seconds, Bitcoin takes on average ten minutes to execute a single transfer. And that’s only if you pay an above-average fee – if you don’t pay much, you could wait for hours for your transaction to process.
Cryptocurrency can’t scale
Depending on the transaction size, Bitcoin can only process between 3 and 7 transactions per second. If there were always transactions waiting to be processed, 24 by 7, at 5 transactions per second Bitcoin could handle at most 158 million transactions per year. By contrast, over 10 billion transactions are performed at just ATM machines every year in the US alone. There were over 110 billion card transactions in the US in 2016. The growth in transactions from 2015 was over 7 billion; the growth in card transactions was about 50 times greater than the maximum capacity of Bitcoin.
Cryptocurrency is expensive for users
Crypto-groupies love to talk about the high fees for doing certain dollar transactions, ignoring the immense transaction flow of cheap and easy transactions like direct deposit and ACH, which operate at huge volumes. They don’t talk much about the costs of running cryptocurrency. They’re smart to ignore the subject. Today’s Bitcoin transactions are costly, and the second you try to correct the various problems (speed, scalability, security), the costs skyrocket.
Cryptocurrency is expensive to operate
Hardly anyone uses Bitcoin, and the volumes are tiny compared to the dollar. Nonetheless, Bitcoin is incredibly, mind-blowingly expensive to operate. Even at today’s minuscule volumes, Bitcoin computer processing consumes about the same amount of electricity as the whole country of Switzerland!
Cryptocurrency loss is permanent
If you lose your checkbook, your credit or bank card or anything else, you’re OK; you contact the bank and they fix it. By contrast, if you lose your cryptocurrency key (a string of numbers), there is literally no way to recover your money. About 20% of all Bitcoin are believed to be lost, something like $20 billion!! If you lose your key, whoever gets it can take all your Bitcoin, unlike with for example a lost card, where you call the bank, report the lost card, and avoid losing any money.
No proposed crypto alternative to Bitcoin solves the problems
To the outside, crypto people are all about ignoring the problems and promoting wonderfulness. Among themselves, the relatively sane advocates recognize the problems and try to solve them, with endless variations being rolled out. In doing so, they either make the problems worse or destroy what little value there is in cryptocurrency. One of the leading ideas is to make a private blockchain, which is a pathetic joke. For example, Microsoft and Intel spell out many problems by way of selling their ineffective solution, and the Facebook Libra coalition takes the “solve it by making it worse” approach to new lows.
The strengths of the US dollar digital currency
The whiners will whine about what’s wrong with today’s US dollar. Is it really chock-full of problems, as the crypto-groupies like to say? Let’s do something rare: focus on the positive. First and foremost, let’s remember that the dollar has worked for a couple centuries now, and along the way transformed itself from physical to about 90% digital, all without breaking! In addition, it has benefited from tremendous private-sector innovation. Here are some highlights of the fastest, cheapest and most secure currency ever created:
Physical cash is great. When I’m in the city and someone gets my car for me from the garage, I like to give a tip. It’s easy: I pull out my wallet and hand over bills. Anything fully digital would require electronics and would be a pain.
Cards are great. When I pull into a gas station in New Jersey, where gas is pumped for you, I open the window, say “fill with regular, please” and hand over a card. When it’s done, I get the card and a receipt and drive off. Easier than cash because no change. This is fully digital. Today. And, at my great local gas station, they often clean my windows, so I get to hand the guy a couple bucks as a tip. Painless.
Cardless is great. I call for an Uber from the app. When the car arrives, we each check each other’s identities and away we go. On arrival, I get out. That’s it!
Wiring money for a house closing is great. I call USAA, my bank, who verifies my identity and gets it done in minutes. No going to a branch, certified checks, etc. The phone call is a good thing – it reduces the chance of fraud to near-zero, unlike the fraud-riven crypto world.
P2P apps are great. There are zero-cost, instant transfer apps like Venmo, CashApp and Zelle. These are used by over a hundred million of people, and they work. Today. How could crypto in any form be better? Actually, it would be worse. See this.
What about those awful transactions that supposedly take days? Yup, there are some. It’s called a step-by-step, no errors or crashes permitted transition to real-time. Transactions are already 100% digital, and with ACH (like electronic checks) very low cost. The version of ACH in the UK is already same-day, and ACH in the US is in the middle of a transition to same-day and real-time.
What about international payments? I guess the crypto-groupies are out of touch with what’s going on here in the real world. For personal use, credit cards are already accepted nearly everywhere, with everyone involved getting or paying in their own currency. The big complaint of the crypto people is international business transactions, involving lots of time, transfers and fees. That was true. Which is why a handful of amazing new companies have emerged and are addressing the issue. A couple of them are operating at scale and in production today.
Currency Cloud, for example, has a brilliant solution. A company that has suppliers in many countries gets the suppliers to give Currency Cloud their preferred local bank accounts. Currency Cloud itself maintains local accounts for itself in all the countries it supports. The buyer sends a payment directive to Currency Cloud, who then does a local transfer of the requested amount from its account in the target country to the vendor in that country. As the network grows, each supported country has a larger number of companies both sending and receiving payments, so that a growing number of transfers can be done completely locally – only the net payment imbalance between countries needs to be settled by Currency Cloud between its own accounts, which it optimizes for minimum cost. This is 100% digital, low cost, real-time, and operating at scale. Today.
For smaller business and individuals there are services exploding onto the scene for international payments. For example, Rapyd (disclosure: my VC fund is an investor) enables people without bank accounts to buy, sell and get paid for work in over 100 countries at over 2 million access points, where they either get or give local currency to complete international digital transactions. For example, you could be a driver for Uber and get paid, even though you have no card or bank account.
Conclusion
Get over it, crypto-fanatics and blockchain groupies. Yes, the Bitcoin technology is an impressive achievement, and highly useful to the criminal class. But it makes any real-world currency problem you can think of worse, and completely ignores the patent reality, which is that the wonderful “future” of a national digital currency is something we have today – the US dollar!
My car was safely parked in my driveway. A large branch broke off of a tree that had recently been checked by an arborist and declared healthy. Ignoring the arborist’s expert opinion, the branch broke off and fell anyway. My formerly sound, two-year-old car was towed to a repair shop, an estimate for repairs made, and my insurance company declared it not worth fixing. Totaled.
But this shocking event had a couple good outcomes. The first was that I ended up leasing a nice new car. The second outcome was some education that is hard to come by, and has serious implications – I learned how valuable Blockchain technology would be in helping to coordinate the information and efforts of my car insurance company, the repair shop, and the car rental company that supplied me with a car until I could get a new one.
Blockchain is the immutable distributed ledger technology, a kind of distributed database that powers Bitcoin and other cryptocurrencies, whose promise is actively being pursued in many industries. What Blockchain is all about is enabling countless independent parties with independent computer systems to interact with each other in a fast, secure way, sharing information to reach a mutually desired outcome. That’s exactly what we have here, with loads of insurance companies, a number of car rental chains, and untold thousands of car repair shops – all of whom need to share information and coordinate their efforts to help the consumer with the damaged car. Perfect for Blockchain!
Think about the situation. Insurance companies are all about long documents with fine print, and long times on hold waiting to talk with someone who often can’t, in the end, do much but promise to send a form in the mail. You’ve probably driven by loads of auto repair shops. Which can handle the repair your car needs? How much will they charge? Will insurance pay for it? And then I’ll be without a car. Renting a car at the airport is one thing, but locally? How do I pick a company and get there. At the end I’ve got to deal with picking up my repaired car and returning the rental. Will insurance pay? It’s all yuck, yuck, yuck. Getting my car smashed is one thing, but this makes a bad situation worse.
Imagine what a Blockchain-fueled application could do – it could eliminate the paperwork and calls, get the insurance company talking with the repair shops and car rental companies. Blockchain would enable electronic “paperwork” to be exchanged safely and securely. The insurance company could arrange for a local repair shop that can handle my car to do the repair – and pay them directly! They could dig up a local car rental company, and arrange for me to be picked up and dropped off at the end – and pay for the car directly! If things took longer than planned, all parties could communicate directly and just get it done. It would be a true distributed transaction application, minus the Bitcoin but with the transactions I care about now – getting my car fixed!
I know I’ve expressed doubt about blockchain and cryptocurrencies in the past, while admiring their power. This could be the inflection point for me – a real, practical, everyday nightmare that would be transformed by Blockchain! Maybe I could even dive in and lead making it happen; wouldn’t that be ironic?
Enough of living in fantasy-land – I’ve got a car that needs fixing. With dreams of a future Blockchain-fueled revolution in the back of my mind, imagine my shock as I went through the process, and found that everybody seemed to know everything! My insurance company knew a local repair shop to use, and contacted them for me. They also contacted a local branch of Enterprise Rent-A-Car, who sent someone out to pick me up. Then I found out that Enterprise knew where my car had been towed, and was ready to pick up their car from there when I went for it. Then I found out that my insurance company was paying the car repair shop directly, and paying Enterprise directly. Then when the estimate came in and my car was declared a total loss, things were taken care of until I could get a new car – which my insurance company also helped with.
What’s going on here? Have they already implemented Blockchain?!
I started asking some questions. It turns out that the nightmare of coordination and paperwork flying around was noticed decades ago. In 1994, Enterprise created the Automated Rental Management System (ARMS®) “to help insurance companies simplify the cumbersome process of managing replacement rental cars for policyholders.” By the early 2000’s, it was already widely used.
Things progressed over the years. As of 2017, “hundreds of insurance companies and thousands of collision repair centers use Enterprise’s value-added system, which processes millions of transactions every year.”
This sounds good, but there must be a catch. This could be some centralized, expensive enterprise system that locks everyone in. Well, maybe not:
Central control? “ABS’ approach, on the other hand, enables collision repair centers, insurance companies and fleet owners to remain in control of their data for the long term – a high priority since vehicle technology and associated repair processes are changing rapidly.”
What about data format standards, the tough thing for Blockchain? “The ABS system helps protect insurance companies, collision repair centers and fleet owners by converting their information from EMS (Estimate Management Standard) to a more secure protocol, BMS (Business Message Suite).”
I’ve learned important things about Blockchain from this experience. I’ve learned that a huge problem in car repair, insurance and rental involving many disparate parties, has already been solved and is in production, used by industry giants and thousands of local businesses. This is just the kind of problem whose solution “everyone” says Blockchain “enables.” It’s in production today. It has evolved with technology, No Blockchain needed. So why is it exactly that Blockchain is the key missing ingredient for solving distributed data, sharing and interaction problems of this kind?
“Everyone” says that Facebook’s Libra is a cryptocurrency. Long before Libra had been imagined, Bitcoin pioneered and established the brand new world of cryptocurrency. Bitcoin created the category, and has always been its leading exemplar. The white paper by the still-unknown Bitcoin creator and inventor spelled out his design goals and the main aspects of Bitcoin that supported those goals. Once you read and understand what cryptocurrency is, it becomes very clear that, whatever Libra may be, it is NOT a cryptocurrency. To claim that it’s a cryptocurrency is like claiming that a locked desk drawer is a bank vault – yes they both have keys and are supposed to keep things safe, but other than that…
Satoshi, the brilliant creator of Bitcoin, designed a currency that involves cryptography. If you want to be extremely loose, you could say that Libra is the same thing, because it’s also a currency that somehow involves cryptography. But that’s like saying that the thing you use to “buy” properties and hotels in the board game Monopoly is “money.” Try depositing some of it at an ATM and see how far you get. Let’s explore the basics of what makes a cryptocurrency the way Bitcoin is a cryptocurrency.
First and foremost, there’s the concept that in Bitcoin, no one is in charge. How can you possibly make a computer system that works, does lots of computing, keeping lots of financial transactions and makes sure everyone’s account balance is correct … without anyone being in charge?? These things are hard to do when someone IS in charge! There’s quite a bit involved in making this happen, as I illustrate here, but here are some of the key points:
Anyone who wants to can sign up to be a “miner,” who are the folks that make Bitcoin work.
A miner has to put money into buying fast computers, running the mining software, and connecting with all the other miners to share work.
Miners get new transactions that Bitcoin users want to perform and “make them happen.”
This means that miners race each other to solve complex problems involving cryptography, the net result of which is a new page (block) of transactions that have been vetted, and “locked” by crypto-key.
Every piece of work a miner does is paid for by newly-minted Bitcoin – the miners are paid with Bitcoin!
Miners are highly incented to do the work and do it right, because they want to get lots of Bitcoin, and they want Bitcoin to continue to be viable.
Miners come and go as they see fit – no one “approves” them, literally no one’s in charge.
Miners can be anywhere, in any country.
Big corporations and regulators don’t like the unsupervised free-for-all of Bitcoin. They like to control things. And that’s exactly why Bitcoin was invented – to escape the control of a central authority but still have a system that works. It’s a brilliant concept, and Bitcoin’s success shows that it works.
Along comes Facebook and Libra. Facebook is ambitious. They keep trying to invent new things. They mostly fail when they build things themselves, so they buy companies instead. Facebook would LOVE to buy Bitcoin – but it’s not for sale, because no one owns it – darn! They’re forced to try to build it. But being a big corporation, they just can’t stop themselves from building their version of Bitcoin in a style that makes them comfortable – violating every single core principle of Bitcoin – the original cryptocurrency – along the way!
Here’s what Facebook is doing with Libra:
In Bitcoin, literally no one is in charge. With Libra, Facebook is designing and building it. Facebook is in charge and owns it.
Facebook has gone to considerable lengths to create the illusion that it’s not in charge with this fake Swiss-based consortium of prestigious companies that supposedly control things. Either way, some combination of big name-brand companies are in charge, which is pretty far from Bitcoin’s really-truly NO ONE is in charge.
Just like Facebook owns and controls all the computers that run Facebook, Libra will own and control all the computers that run Libra in a private data center. To all the corporate computer types, this is a good thing, but it totally and completely violates a core principle of Bitcoin, leaving it open to the same kind of insider corruption that all such places are rife with. It’s also a silly idea, as explained here. Microsoft and Intel explain the issues here.
One of the less pleasant side effects of Bitcoin’s miners and what they do with cryptography is the fact that “proof of work” takes time. It’s a cornerstone of getting all these strangers to play nice and do good things, but it takes a number of minutes to complete a transaction. To Facebook, this is unacceptable. So they’ve blithely discarded the key cryptographic cornerstone of Bitcoin, and replaced it with some light-weight encryption, so they can still say they’re a “cryptocurrency,” even though they’re not.
There’s more to be said, but that should be sufficient to make the basic point that Libra is a cryptocurrency the same way my cousin, who is sometimes allowed to sing in bars, is an opera singer. My cousin likes to think she is, and I’m nice to her. But she’s never so much as attended a performance at the Metropolitan Opera in New York, much less appeared on stage in front of an audience. Similarly, Facebook’s Libra likes to think it’s a cryptocurrency even better than the original, Bitcoin, but it swore off the core principles of Bitcoin from the start, and doesn’t deserve to be called by the same terminology.
Both Microsoft and Intel are big supporters of blockchain. They think it's going to be "bigger than the internet," contributing trillions of dollars to the economy before long. At the same time, they spell out the overwhelming obstacles blockchain must overcome to reach this pinnacle of achievement. Guess what, surprise surprise, the special version of blockchain created by Intel and Microsoft is indispensable to solving the problems and achieving success!
You can see their deep thinking here and here. Before diving in, I'd like to point out that the custom, private blockchain they advocate is a contradiction in terms, as I illustrate here -- even if they implement what they claim perfectly, it will still be a joke.
Here are a few of the little obstacles that blockchain has to overcome before becoming acceptable for enterprise use, according to Microsoft and/or Intel:
Performance: Normal blockchain performance is a few transactions per second. "Reed said the trusted execution environment of Intel SGX enables Coco to deliver a novel consensus mechanism that can deliver up to 1600 transactions per second..."
Confidentiality:Normally, everything on a blockchain is public information. "Microsoft uses Intel Software Guard Extensions (Intel SGX) to protect the Coco Framework. Reed said the trusted execution environment of Intel SGX ... helps Coco transactions remain confidential among blockchain participants."
Governance: With a normal public blockchain, no one is in charge. This doesn't come close to meeting enterprise requirements. Microsoft's private blockchain enables classic management, access controls and all the rest.
Processing power:Intel says "Public cryptocurrency blockchains require huge amounts of energy to verify transactions through node consensus. Analysts have estimated a single bitcoin transaction can require as much energy as the average American home uses in a week."
The other big vendors, like IBM with its team of 1,500 people working on its Blockchain effort, have similar stories about what's wrong with Blockchain and why you should use theirs. When you add it all up, it does make you wonder about this revolutionary new technology, and exactly why important new initiatives should depend on this brand-new, largely untested code that obviously was not built with practical, enterprise use in mind.
Facebook is working hard on building a brand-new cryptocurrency system called Libra, sort of like Bitcoin and Ethereum, except it will be much better, at least according to Facebook.
With all the talk about Libra, cryptocurrency, regulation and the rest, no one seems to wonder about what existing solutions normal people will be using to solve the problems for which Libra is suited. This isn’t strange at all actually – in all you’ve read about Facebook’s Libra, how much have you read about the pressing problems it will solve, the unmet needs it will address – right? Mostly what you read about is how Libra will solve all sorts of problems that today’s crypto-currency systems have, how many partners they have and how wonderful it will be.
Libra will be an infrastructure “out there” somewhere, with lots of important people and organizations making sure it’s wonderful. But in practical terms, most people will use it via an e-wallet, an app that they install on their smart phones. That’s where a name that hasn’t appeared a great deal pops up: Calibra. Calibra is a newly-formed Facebook subsidiary that will be the e-wallet for Libra. It will “integrate with” Facebook’s WhatApp and Messenger, giving it incredible consumer reach.
You can read all about what it will do, but it’s basically an e-wallet for holding e-cash and providing basic functions like sending and receiving e-cash to and from another e-wallet. Except for the little “detail” that instead of sending real money, you’re sending the Libra cryptocurrency, and will have to go to an additional step to move dollars in a bank account to and from your Calibra wallet, converting to or from dollars along the way.
Putting aside the fancy new terms of cryptocurrency and the rest, does using a phone to make person-to-person payments remind you of anything? How about Venmo, the P2P e-wallet used by over 51 million people, which is now part of PayPal? How about Cash App, the rapidly growing P2P e-wallet installed in about 60 million phones?
These are proven consumer applications which have already gone through numerous upgrades and feature additions, used at least weekly by tens of millions of people.
Facebook has incredible reach, and billions of cash in the bank gotten by selling your private information to advertisers. They will certainly make a lot of noise. How does Facebook's proposed system compare to Venmo and Cash App?
Venmo and Cash App just use dollars. Simple. Facebook will use the newly invented Libra, which needs to “work,” something Facebookisn’t goodat doing.
If you split a bill and need to send $7.30 to your friend, you just do it with Venmo and Cash App. With Facebook, you’ll have to convert it to Libra, send that, and have it be converted back. Hopefully the exchange rate won’t move too much.
Venmo and Cash App support free P2P payments. The Calibra website claims it will be “low cost,” but they have yet to say what the cost will be; after all, there is a HUGE cryptocurrency infrastructure to support, none of which is needed by the existing cash apps.
It’s easy to imagine Facebook will find a way to sell the information about your transactions to the highest bidder, or somehow find a way to "monetize" what you do with your money. It’s what they do!
Libra and Calibra will work for international payments! With exchanges from local to Libra to foreign currency, two exchanges instead of one. That’s certainly something Cash App and Venmo don’t do today, and will appeal to some fraction of a hundredths of a percent of the market. Except for the proven massive cryptocurrency uses for money laundering and international crime, who will have yet another channel to support their illicit activities.
Facebook's Libra is getting all the attention any giant corporation could want, including some attention I suspect they'd rather not have, from regulators. But in the end, will they be able to make this massive software effort work? Will it do anything consumers want better than existing apps like Venmo and Cash App that are in widespread use? There is good reason to be skeptical.
Facebook’s Libra faces the daunting task of pulling off the flawless world-wide launch sometime next year of a new cryptocurrency based on new code. In taking on this task, they are hoping to pull off a first in software history: a major body of new code that works out of the gate. I assess the odds of this working here. At the same time, they have upped the stakes by also introducing a brand-new smart contract framework based on a brand-new language. Good luck!
Smart contracts are a way of extending and customizing a blockchain. Outsiders might imagine that the Bitcoin competitor Ethereum emerged from the pack because its name is somehow cooler than Bitcoin, but insiders know that an important factor was its pioneering incorporation of the first widely known implementation of smart contracts. Here is my explanation of smart contracts.
There’s just one little problem: however cool Ethereum’s smart contracts may be, in practice a majority of smart contracts have bugs and security holes, as a study of tens of thousands of them has shown. Even worse, smart contracts are part of the “immutable ledger” that is supposed to make things secure. Except when there are bugs and security holes, it doesn’t.
Facebook has quietly recognized that smart contracts are needed to make the primitive blockchain database even marginally practical, but that most smart contracts aren’t even modestly intelligent. How are they going to fix this problem?
One of the wonderful things about the steady stream of blockchain and cryptocurrency initiatives by internet and corporate giants is that they tend to tell us, in plain and simple language, the fatal flaws of the whole block-whoey business. Of course, they don’t put it that way. They know that they’ve created a dramatically improved system of blockchain (or whatever) – and as soon as you fully appreciate how bad the standard-issue stuff is, you’ll insist on buying their new, dramatically improved version. Microsoft and Intel have done us all this favor in explaining the wonders of their proprietary version of blockchain, as I described here.
Facebook has followed in this clear pattern. They actually spell out, in no uncertain terms, that existing smart contract implementations are dangerous things, riddled with bugs and filled with security holes. But it’s nearly impossible to build a marginally usable cryptocurrency system of the kind Facebook wants without them.
Facebook is proud of its solution: a new software language called Move. Yes, a language called “Move.”
I’ve spent a little time checking out the new language. The developers are generally right about the deficiencies they are addressing, effectively endorsing the view that existing smart contracts are hopelessly flawed. They are smart and have put forward credible solutions to the problems. It’s just possible that, after a few years and after the software has gone open-source, the new system will turn out to be an improvement on the old one. But before deciding that, let’s do something programmers avoid doing: take a quick look at history.
Software history is chock full of programming languages, each of which was invented to improve on or fix problems with earlier languages. Most new languages are supposed to make programming faster and more flexible, with fewer errors of any kind. After more than half a century of effort with thousands of new languages, how has that worked out? See this for details. Sorry, humans are creative types, and are capable of making mistakes in any medium at all. While Germans may be deeply certain that the German language is more clear and precise and superior for expressing truths than French, citizens of France are remarkably articulate about how this is not the case – while at the same time demonstrating that the French language is no better.
The team at Facebook has done us all the great service of making widely known the otherwise ignored deep flaws in Smart Contracts, while almost certainly increasing the chances of things going horribly wrong with Libra while introducing a well-intentioned but, well, new language, claiming against decades of experience with thousands of languages that this one will really bring human programmers to the land of perfection.
There is a great deal of buzz about Facebook’s new cryptocurrency Libra. There is even a trickle of technical information about it surfacing. No one seems to be talking about the deep-seated technical reasons the new system will crash and burn. Sadly for Libra, there isn’t just one such fatal flaw! Here I’ll describe one of them.
The core reasons that FB’s Libra will fail are:
it’s a large body of new code
new code is always riddled with bugs, no matter how hard the developers try
Unlike the code big companies like FB are used to, bugs are really hard to hide in this application
It’s a large body of new code
The hype machine for crypto, Bitcoin, Ethereum, ICO’s, Blockchain and the rest has been running at full speed for a few years now. Leaders in every industry are infected with intense FOMO (fear of missing out), and are committing to projects left and right. With all the blockchain projects going on for years now, it’s understandable that most people would think that this code must be solid and tested by now. There’s just one little problem: there are thousands of bodies of code, with new ones emerging all the time as groups get excited about fixing the glaring problems in older implementation of the concepts; little groups like Microsoft and Intel. These aren’t just tweaks – we’re talking major new bodies of code here.
Think about transportation machines as diverse as propeller planes and powered skateboards. Yes, they both get you from point A to point B, but they’re quite a bit different from each other. The code that Libra plans to use is brand new in every way – even the central concepts of how blocks are built and chained are radically different than the proven-in-production methods used by Bitcoin. That’s like saying “we’re using proven engine technology to build our new car – except that its engine won’t use gas, diesel or electricity for power – it will be better!”
New code is riddled with bugs
People who write code make mistakes. Lots of them. All the time. There are a host of methods in varying degrees of use to prevent or catch such mistakes, things ranging from test-driven-development to extensive code reviews. None of them work. No, they don't work for Facebook either.
Yes, there are some bodies of code that are remarkably reliable. Linux is a great example – it powers over half of all the web servers in the world! Linux performs a function that was thoroughly understood when it was written, and is an open-source project written in a solid language – C – and led by a true coding genius. Its quality was achieved over years of top-notch leadership with thousands of talented contributing programmers and millions of installations. Libra is at the opposite end of the spectrum. It’s brand new, and it’s supposed to work flawlessly keeping track of financial assets from day one. The chances it will perform without flaws from the beginning are essentially nil.
What’s worse, the internet giants have an unbroken track record of releasing code that’s riddled with errors. Yes, Facebook is partnering with lots of corporate giants – and those giants are equally accomplished at releasing an unbroken stream of software horror shows.
Facebook ignores the issue of its inability to produce software that works and satisfies users, much less have a solution for it that it will apply to Libra.
The tech giants usually hide their bugs
The much-lauded software geniuses at Facebook, Twitter, Google and the rest are convinced that they are as good as programmers get. But their efforts have a track record of failure. More important than the actual failures is the fact that their applications are ones in which hiding errors is built into the applications! When you enter a search query, how do you know whether the results are accurate, so long as you get a list of vaguely relevant results? When you pull up Facebook and see the newsfeed, are the entries always the right ones? Are all the entries that should be there in fact there? How would you know when they’re not?
Contrast this with your credit card. You get a statement. You can be sure the bank has included every transaction you’ve made, so they can make you pay for it. Most people at least scan the transactions to see if there’s one you didn’t make, so you can call the card company and get it removed, so you don’t have to pay for whatever the criminal bought using your card! The typical internet method of hiding errors just isn’t going to work here – and Facebook doesn’t even acknowledge the issue, much less have a way to solve it.
Conclusion
Facebook, like the other internet giants, is incapable of building code that works, even after extensive testing and use by millions of users. Corporate giants and the government are no better. Facebook’s usual method of tricking users into not seeing its errors won’t work here. Facebook and its partners are rushing to somehow leverage Bitcoin’s “success” at funding the international illegal drug and human trafficking trade, flouting anti-money-laundering regulations and providing a platform for what amounts to massive illegal gambling. Of course, they talk about being charitable to the "unbanked" and other noble goals, while continuing to enrich themselves in a way the so-called "robber barons" could only envy. They are likely to fail at this mission because of their inability to write software that works.
Final note: the standard pronunciation “Libra” is Lee-brah, like the astrological sign. Because of its deeply flawed design, which Facebook and its partners try to cover up, I prefer to pronounce Libra as “lie-brah” – because it’s based on lies.
Blockchain promoters and enthusiasts continue to blithely stroll along the yellow blockchain road to the golden city where immutable distributed ledgers make decades-long technology problems fade away, like the wicked witch. None them publicly acknowledges or seems to notice the hurricanes and earthquakes that are increasing in frequency and intensity.
In total, hackers have stolen nearly $2 billion worth of cryptocurrency since the beginning of 2017, mostly from exchanges, and that’s just what has been revealed publicly.
That’s no big deal, I guess. I describe these little security problems here and here.
Someone who’s technically sophisticated could argue, following the logic I described here, that the security problem wasn’t in Blockchain itself. The problem was in wallets and exchanges, which are software that sits “on top of” blockchain, making it easier to use. It’s the same kind of security breach that can happen with any software, and has little to do with the inherent security of the software itself, but is mostly due to the layers of software built on top. This is true! One does wonder why Blockchain is so wonderful, then, if in practical use, its supposed greater security is so easily circumvented.
Is it really more secure than a regular DBMS, putting aside all those flaky higher layers of software? That’s what everyone involved declares. The most open and honest of the Blockchain-ista’s will grudgingly admit that a nearly impossible 51% attack could cause a bit of a problem with the heart of the system, the keep of the blockchain castle.
Sadly, the nearly impossible attack has happened. And not with some obscure little crypto-currency no one has ever heard of, but with Ethereum Classic, one of the premier systems, and the home of that transformative invention, the Smart Contract.
An attacker had somehow gained control of more than half of the network’s computing power and was using it to rewrite the transaction history. That made it possible to spend the same cryptocurrency more than once—known as “double spends.” The attacker was spotted pulling this off to the tune of $1.1 million.
To anyone with a shred of common sense, this is a fatal event. It demonstrates that Blockchain’s security has a fatal flaw, even when running in its optimal environment, with public miners.
The big companies promoting private blockchains, should they deign to pay attention, will immediately come back with strong statements about how that kind of attack could only take place in a public blockchain, and couldn’t possible happen with a highly secure, controlled environment they provide with their private blockchain. Sure. That’s like saying that those guys who stole lots of money in the open, in a big public space where everyone could see them, couldn’t possibly get into the single secret room and rob the bank vault in complete privacy. Security in closed computer system managed by big companies who follow all the security regulations and pass audits is abysmal. Ever hear of Edward Snowden? Chelsea Manning? Others? Check out the facts a bit, and then come back to me and explain how it is that the unbroken stream of security breaches of the best systems run by the best military and corporate bureaucracies is going to suddenly stop when the software at the core is Blockchain.
The sad fact is, libraries are more secure than computer systems. Including when Blockchain is involved.
First there was Bitcoin, friend of criminals, speculators and tech geeks everywhere. It’s grown amazingly. Then there were alternatives to Bitcoin, often sharing much of the same code, but with different and incompatible tokens. One of those Bitcoin alternatives, Ethereum, introduced the concept of Smart Contracts, which I discuss here. Now, increasing attention is being paid to “blockchain,” said to be the foundation on which crypto-currencies like Bitcoin and Ethereum are built. Large corporations are taking up the charge, places like IBM and Microsoft, and leaders in various industries have projects going to prove out the technology. While the terminology isn’t uniform, it’s easy to see that earlier terms with unsavory associations are being abandoned in favor of more generic terminology, names like blockchain, “Immutable Distributed Ledger” technology, or just “distributed ledger.”
Once you start talking about the technology in generic terms, what are the chances of this actually working? At scale? In practical reality? Lots of people in the community of blockchain enthusiasts have expressed concern about this. Legitimate concern. The question naturally arises, but appears not to have been asked, has something like this been built before? Something that could legitimately be called an immutable distributed ledger?
The answer is a simple “yes.”
This amazing system, which is one of several in production today, has over 2 billion accounts and over 40 million participating agents. It moves over $10 trillion per year, processing over 150 million transactions a day, and can handle over 50,000 transaction messages per second.
Let’s dive into the technology a bit:
It’s immutable. Once a transaction gets in the system, it can’t be altered or removed. Despite the volumes mentioned above, spread over more than 200 countries, there are no instances of processed transactions being altered.
It’s distributed. Computers all over the world are involved. It doesn’t matter where you are: this system enables you to send or receive currency. Even better, currency conversions are built into the system! The distribution has been built in part to enable reliability. While any one computer in the system can fail, the system as a whole has never gone down, and transactions have never been lost.
It’s a ledger. It’s a gigantic ledger of currency going into and out of accounts. The ledger balances to the penny every single day.
Consumers don’t lose their money! In spite of all the volume, When bad stuff somehow happens, consumers lose nothing. Nada.
OK, OK, I’ll stop the charade. As you’ve probably guessed, the Distributed Ledger technology I’m describing here is in fact VISA. I’m playing this game because reading about how enthusiasts talk about blockchain, I wonder how many of them know about credit card internals? If they did, they would see that all the goals they have for blockchain have already been achieved in credit cards. And more!
The key assumption at the core of the blockchain craze is that blockchain is an amazing new technology, a breakthrough that enables all sorts of long-intractable problems to be solved. These virtues are primarily the fact that it’s immutable, it’s distributed and it’s a ledger. Sorry, guys, you don’t need blockchain to build a system that has those attributes. It’s already been built using plain old database technology and secure networking.
Yes, I played a game when describing the immutable distributed ledger technology that’s already in massive production, knowing everyone would think I was talking about blockchain. But the blockchain groupies are playing a more serious game, convincing themselves and others that blockchain is uniquely able to do things that haven’t been done before, and could never be done without this amazing new invention. Just to be clear, I’m not saying that VISA technology can be applied to the many problems to which blockchain is being applied. I’m simply saying that if you think you have a problem for which an immutable distributed ledger technology is the best solution – that problem can be solved without blockchain, more quickly and with a lot less effort. VISA is just one of many full-scale, in-production examples.
It's sad that the Blockchain mania is so powerful that no self-respecting executive can risk ignoring it. So all the big banks and even, yes, VISA itself have blockchain based projects underway, nearly all of them involving widespread use of the future tense. I am open to the possibility that some of them may even be deployed in some way, once the people implementing them get realistic and relegate the blockchain technology itself to a tiny, marginal aspect of the project's code base, and realize that everything they're doing could be done better and faster without the distraction of largely irrelevant blockchain. But meanwhile, it's great for reputational enhancement and attention-getting!
As I’ve described, cryptocurrency losses started long ago and have kept on mounting over the years. Most recently, the largest cryptocurrency exchange in Canada, QuadrigaCX, has experienced a little problem that has resulted in what appears to be a permanent loss of over $130 million for its many customers.
The losses don’t seem to make any sense. My account is stored in a ledger that’s immutable – it can’t be changed because it’s locked down by unbreakable cryptography. It can’t be lost because the ledger is distributed, so even if a few computers are lost, there are still loads of computers with a copy of my unchangeable account balances in them. So how can it be that I can lose my money? To further increase security, Bitcoin and the other crypto-currencies don’t identify me by my name, but by a really loooong string of letters and numbers. And that’s just the name – to make any changes, someone would need access to my private key. Remember, “private key” isn’t just some password that’s easy to remember and maybe someone could guess – it’s a long number that's part of a proven-unbreakable cryptography scheme, totally guaranteeing that no one but me can access my accounts? It’s impossible for anyone to break through these layers of security, that math guys everywhere calmly assert just can’t be cracked. So what are these losses about???
The only reason this is mysterious is because the vast majority of stuff we read about Bitcoin, blockchain, distributed ledger technology and the rest is produced by adherents to the new cult. They’re promoters, not evaluators. Let’s start with encryption. Loads of things are encrypted – it’s hardly something that started with Bitcoin. Most sessions with websites are encrypted, as you can see by the https in the URL bar in the browser. I hope you only use encrypted WiFi. Email is encrypted. All databases run by moderately competent professionals are encrypted. And so on. Are websites, email systems and corporate servers hacked in spite of it? You know the answer. People can wave their arms and babble with passion about the power of unbreakable encryption all day long, but bad things happen in spite of it. Is it because encryption is in fact breakable? Nope! It’s because even the biggest castle with the most unbreakable walls has to have doors that are easy to open and close, though which properly authorized people and goods go in and out. Bad guys waltz right into the castle with unbreakable walls through the same easy-to-open doors that all the residents and servants of the castle use! How are those doors locked and guarded? Using absolutely proven, tested, tried-and-true methods such as … user names and passwords! And sometimes even PIN codes on top of it!!
Oh, no, everyone but everyone talks about how safe and immutable the distributed ledger is – how is it possible for it to be broken, and why are ancient, obsolete things like usernames and passwords involved? It’s simple, really. Say you’re an experienced break-and-entry person. You walk down a block at night. Most of the houses you see have fences, big locked doors and lights on. One of the houses is dark, and its front door is swinging free. Which house do you pick? Everyone scans for opportunities and goes for the weakest point. So no one even tries to break the cryptography – it really IS secure. But what about the place where the long ID and the no-way-can-I-remember-it private key are held? AHA! We’ve gotten to the weak point of the system: the wallet.
Wallets are just pieces of software that run on your phone, your computer or even online. There are dozens of wallets available. They all claim to store your Bitcoin securely, and maybe they do – except they need to allow a normal human being to actually use them, so they need to be opened by someone a normal human being can handle, like a user name and password! The super-secret but impossible-to-remember private key is stored in the wallet, among other things. Without the private key, you have nothing. If you lose or break the phone that has the wallet, you are screwed. And of course if your phone or computer is hacked, someone else will immediately transfer your Bitcoin out of your account into theirs. There is no recourse. None. Think that never happens? It’s been going on for years, see this. A 20-year-old college kid was just sentenced to 10 years in prison for stealing more than $5 million by phone hacking, see this. That was a first-ever case – usually, no one is caught.
Some people, concerned about the security of their wallets, have turned to professionally-managed exchanges, which both store crypto-currency and enable it to be converted and transferred in and out. An example of such a company is Quadriga, which was the largest such exchange in Canada last year. Now it has made various court filings, and is unable to return its customer’s roughly $200 million in assets, see this. Why? Because those assets were held in a wallet on the now-deceased founder’s laptop computer, and no one can get into the computer – its contents are encrypted and the access information was last seen somewhere in what was the founder’s brain.
Yes, the distributed ledger is secure and immutable. Yes, the cryptography used is in fact unbreakable. Most descriptions stop there, leading you to think you’re protected against loss or theft. As I hope is now clear, Bitcoin and its numerous offshoots do indeed involve some amazing technology, as I’ve described here. But that doesn’t mean that it’s any more secure or protected against loss than any other software. Because of its immaturity, it is proving to be more vulnerable to loss and theft than “normal” money. And the non-monetary blockchain solutions are just as vulnerable.
Bitcoin is an amazing technology. I admire it. The central idea of how to implement a virtual currency with no one in charge, but where the “bank vault” is nonetheless pretty safe, is clever, as I explained here. However, the second you take this clever idea and apply it to situations for which it was not designed, it quickly becomes ridiculous – inferior by factors of thousands compared to existing solutions. It’s as though you liked hiking and camping in a tent -- and went back to your home on your suburban block, knocked your house down, disconnected from electricity, municipal water and sewer, stopped garbage collection, sold your car and bicycle, and gloried in your new, improved way of living during cold winter nights. Good idea, but wrong place, and there's probably a reason few people choose to live that way.
As a start for understanding why private blockchain is a ridiculous notion, let’s imagine that we all live in buildings with municipal water supply, and that suddenly someone decided it would be cool to live “off the grid” in a dry area where it does rain, but infrequently. How are you going to get and store the water you need to live? Obviously, you have to somehow make maximum use of the rare rainfall that happens. You construct as wide and varied a system of rain-catchers as you can. If you have a house with a roof, you arrange the gutters to go to downspouts to rain barrels. You carefully construct the rain barrels so they don’t leak, since water is precious, after all – the rain barrels have to be “immutable.” You also stretch out any canvas or anything else you can scrounge up to capture the rain before it hits the ground, and route it to barrels. You construct a set of pipes to connect the barrels, to make sure that all the barrels have water, and none has too much. You end up with a distributed set of barrels, each containing the precious water you need to collect and preserve. The system is even more impressive when it supplies a small encampment of people, with pipes distributing the water among the barrels, assuring that everyone has enough water.
Anyone wandering in the wilderness who encountered this maze of connected, distributed, immutable barrels and rain catchers would be impressed at what a good solution it was to the problem of having enough water when there’s no municipal water supply. Someone might come out to the place, take lots of pictures and blog about it. It might catch on, and some homeowners with regular water supply might be attracted to the notion of being ready to survive when civilization collapses and everyone will be forced to live off the grid. Most people, of course, will be happy to continue enjoying normal hot and cold running water, available by turning the faucet.
The Bitcoin solution was specifically designed when you really don’t want a municipal currency authority. Like the distributed water catchers and barrels, it’s a clever solution for exactly that problem. What happens when you decide it’s OK after all to have someone in charge – you’re not in the desert, you’re not a survivalist, and you just want a convenient water supply? What kind of sense does it make to somehow get a private corporation to be completely in charge of the system of water catchers, pipes and barrels in a place where connection to central water is readily available? Do you think the new system would be less expensive, more convenient and less obtrusive? Do you think the privately run immutable distributed water system, with all its barrels, catchers and pipes would be able to handle sudden demands like filling your pool or even a few houses running their lawn sprinkling systems at the same time?
That’s exactly what’s happening with private blockchain implementations. Every single vendor that so enthusiastically promotes its private blockchain tells you quietly what’s wrong, things like the transaction rate is worse by factors of thousands compared to normal DBMS’s (of course they don’t put it that way), and a host of other deficiencies that they’re overcoming … by step-by-step adapting standard database techniques first deployed decades ago and by now standard methods, and making an “improved” private blockchain. Improved, but still dramatically worse by all measures compared to standard technology.
Blockchain is a pile of new software that was designed to solve a very special problem that does not occur in normal life. Private blockchain is an attempt to take that highly unique solution, designed for wilderness living with no central authority in charge, and apply it to normal urban/suburban life with a central authority. The amazing, cool and different things about blockchain were invented specifically to solve the problem of having no central authority. The second you introduce a central authority, i.e., make it a private blockchain, all those special things that make blockchain unique suddenly become huge impediments, obstacles with no redeeming virtues. It makes as much sense as camping out in your suburban back yard -- OK if you're a kid or want to give your tent a dry run, but nothing any sane person would think is an improved way of living.
Smart contracts are all the rage in the blockchain world these days. They are the key feature that has pushed Ethereum to prominence. They’re everywhere!
There are just a few little problems. They’re not smart. They’re not contracts. They’re rife with security issues. And they violate the core principles that are supposed to make blockchain wonderful. Other than that, they’re great!
There is a huge amount of rhetoric and propaganda about what Smart Contracts are supposed to be. Here’s the reality: A smart contract is a software program. It’s written in one of a variety of mostly brand-new languages, chief among them Solidity. A smart contract is the exact equivalent in the blockchain world of a “stored procedure” in the database world; this means that it’s embedded in the blockchain and has access to its internal functions.
At first glance, smart contracts can seem like a clever idea that enables endless extensions to the underlying “immutable distributed ledger” technology in which they’re embedded, greatly extending their flexibility and fields of application. Let’s take a look at how this first glance holds up under scrutiny.
“Here’s a very reductive way of establishing a smart contract: let’s say you and I have agreed that if I write you a history of bitcoin, you’ll send me $10 on my birthday this year. We can do that via a legally enforceable contract, which involves lawyers, notaries, and so on — or we can do it via Ethereum. In the latter case, you put $10 worth of smart coins in escrow, and when the terms of the contract are met, those coins are released to me. If I don’t meet the terms of our agreement, the coins are released back to you.”
The key, innocent-sounding phrase in the above description is “when the terms of the contract are met.” When I write you a history of bitcoin, will you accept it if it’s a piece of crap? Probably not. Here’s what has to happen with the deal:
We have to agree on the terms of the deal
This happens verbally, no matter what mechanism is used.
We have to express the deal terms in a mutually acceptable way.
In the land of normalcy, either our verbal agreement would be OK, or we’d have an email or paper exchange.
In smart-contract-land, someone would have to write a program in an acceptable language such as Solidity. We would both have to have wallets and accounts in the same crypto-currency among the hundreds that are out there. We would have to agree that the Solidity program expressed our mutual agreement. How good are your Solidity reading and writing skills? You would also have to deposit $10 in your account.
I would write up my history and send it to you
In real life, I’d get it to you using paper or email.
In smart-contract-land, there is no good way to send an email – and putting an email address into a smart contract would make it available to the public! There are some clever hacks involving external services that monitor accounts in the blockchain, but there’s no direct solution. So I’d have to get my history to you using plain old real-life methods.
A decision would be made about whether the history I send satisfied the contract.
This would be done in real life by you reading the history and making a judgment.
Smart-contracts would remain blissfully unaware of this crucial step, unless and until an amazing advance in AI/NLP is somehow embodied in them.
If the terms of the contract are met, the money would be sent to me.
In real life, you’d hand me the $10, mail it to me, or electronically transfer it to me via one of the widely available methods, for example Venmo, which handled over $12 billion in transactions in 2018.
In smart-contract land, you’ve had $10 tied up in your crypto account since the contract was agreed to and the program – oops, I meant the “smart contract” – was created by one or both of us. You would then send a transaction to the contract to transfer the money to my account, after which I could convert it to normal money, with fees taken out along the way.
Someone please explain to me how using a smart contract to embody and execute our agreement is an improvement on normalcy?
In addition to the problems mentioned along the way, we’ve got these:
If you love my history but want to cheat and not pay me, how does the smart contract help?
If I’m worried about you paying me and want an enforceable contract, how does the smart contract help?
If we make a written agreement, even a simple email one, at least we can probably both understand it. What are the chances that we are both fluent in Solidity?
Assuming we somehow manage to write the code in some language, what if we’re less than perfect and have a bug in the code? The teensy weensy little problem with smart contracts is … they’re immutable (i.e., can’t be changed), along with the blockchain in which they’re stored!
The key part of any agreement of this kind is the characterization of the history I’m supposed to write and the acceptance criteria. How can that be expressed or evaluated in lines of code?
In terms of just moving the money quick and easy with minimal overhead, how is anything in crypto-land easier or better in any way than Venmo?
Smart contracts are a really cool idea. The best way to use them is in a sandbox where really smart, unemployed people can play games and make experiments, keeping them out of trouble and far away from real life and real problems that need to be solved.
Apple’s had a rough time recently, with bugs, security problems and sales issues. The recent Facetime bug is particularly embarrassing. It’s made the news! There are stories about it all over. Apple is scrambling to fix the issue and end the pain and embarrassment, pronto.
Blockchain has also had a rough time, with recent cavernous losses that extend a years-long pattern. Blockchain enthusiasts march on, seemingly oblivious to the intractable problems that cripple their beloved technology. So far as anyone can tell, no one is scrambling to fix the problems.
Comparing the two situations is interesting and educational.
Most blockchain problems are discovered sometime after a substantial loss has taken place, when you go to check your account and are shocked to find it has a whole lot less value than it had last time you checked.
The boy and his mom were frustrated by how hard it was to get through to anyone at Apple to report the bug. They were doing the right thing, while Apple was being a typical lumbering, unresponsive bureaucracy.
You discover the loss in your crypto account. You’re upset. Who do you call? Where’s the 800 number for customer support? If you didn’t know it already, you quickly discover that there’s no number, no one to call. There’s no organization in charge at all! And in those cases where there sort of is, they refuse to fix the problem.
In less than a week, Apple officials woke up to the fact that they had a problem. A big, ugly, embarrassing one. To their credit, they did two things.
In some of the most important cases, such as Bitcoin, there is literally no one in charge – that’s the whole point of Bitcoin – it’s a system that was designed to have no one in charge. It’s brilliant, as I describe here. But it’s also fatal when the system is hacked.
In other cases, such as exchanges, there is someone in charge. But their typical response is to claim, with good justification, that “fixing” the problem would destroy the fabric of blockchain. And after all, in many important cases, the funds have long since been converted to cash and are long gone – how can that be “fixed” without catching the bad guys? And as I’ve described, while bad guys in normal banking are often caught, in the crypto-currency world, they almost never are. So your money is gone. Gone!
The first thing Apple did was shut down their servers so that group Facetime was no longer possible. This didn’t happen all at once, but rolled through the system pretty quickly.
Immediate action to fix the problem in blockchain? Doesn’t happen.
The second thing Apple did was announce that the bug would be fixed and released in about a week.
Here’s where it gets really bad for blockchain: where’s the bug that can be fixed to solve the underlying problem? No one can say! So far as all the blockchain “experts” are concerned, there is no problem to be fixed. The silence is deafening. When have you ever read about any kind of crypto-currency loss, after which someone “in charge” said something like: “the loss was due to [this bug}, which we’ve found and fixed and will be effective on [this date]”? Anyone?
When the responsible problem is in a so-called smart contract, it’s even worse. Smart contracts are stored in the immutable blockchain itself, and so, unlike normal programs, can’t be fixed or changed in any way. The geniuses who invented and support smart contracts consider this fatal flaw to be one of their great advantages. Go figure.
The net effect of the Apple bug is that the privacy of certain Facetime users was compromised. Embarrassing. Bad. But your wallet is unaffected. But at least the news got out quickly, people can avoid the feature for a bit and then go back to using it, should they choose.
The net effect of the myriad of Crypto and blockchain bugs and hacks is loss of the equivalent of real money, sometimes to the tune of tens of millions of dollars. The only way to avoid the problem is to get out of crypto. Totally. And never go back.
The contrast between the Apple Facetime bug and the various crypto/blockchain bugs and hacks couldn’t be more stark. With Apple, there’s someone in charge; the someone wakes up to the problem within days, and moves decisively to first block the problem and then fix it. In blockchain, there’s no one in charge (by design!); the affected people wake up to their problem, whine about their often substantial financial loss, but are largely ignored by the community of experts and operators, who soldier on, promoting the wonders of the amazing immutable distributed ledger technology.
Here’s my prediction: the blockchain mania will continue to spread for a while, but then will slowly fade away, with few of the promoters admitting their lapse in judgment. As with most technology fads, everyone’s attention will simply shift to something shinier and newer as the problems grow too large to be ignored. There's a long shot there will be some shining successes with blockchain -- but I predict that when you look under the covers, it won't really be blockchain doing most of the work.
(Disclosure: While I’ve read API’s and source code, I’ve never owned cryptocurrency of any kind, and don’t plan to any time soon.)
Insiders most like to describe Blockchain as Immutable Distributed Ledger technology. They love that it’s distributed, and a “ledger” rather than a database. But most of all, they seem to like that it’s “immutable.” To enthusiasts, this means that the unbreakable cryptography and other techno-nerd elements result in impregnable, hack-proof software. In a world filled with crappy software that’s thoroughly “mutable,” hackable, breakable and a smorgasbord of other criminal, consumer-hurting things, this is a wonderful thing. No wonder so many people and corporations are jumping on the Blockchain Bandwagon. The smell of FOMO (Fear Of Missing Out) fills the air.
The FOMO is really strong on Blockchain. So strong that it appears to prevent enthusiasts from paying attention to the fact that has been established over the last few years: Blockchain may indeed be Distributed and a Ledger (more on those in subsequent posts), but it’s hardly immutable. In fact, it’s just as hackable as any other piece of software – even more so because no one’s in charge of keeping it safe!
The latest loss is small by comparison to some of the earlier ones. The one announced on January 8, 2019 amounts to “just” $200,000 worth of ethereum classic. What’s worse is that the attack was at the core of the blockchain. Apparently the attack was carried out by miners, the servers that are at the core of blockchain’s operations and security, the ones that perform the magic cryptography that supposedly prevents bad things from happening. The hack itself involved the absolutely worst thing that can happen to a crypto-currency – about 40,000 ETC was double-spent.
If this were the first loss, I would understand the blockchain folks minimizing its importance. It’s hardly the first loss. Who talks about the Mt. Gox hack, in which nearly half a BILLION dollars was lost? That happened about 5 years ago! Mt. Gox has been followed by an un-ending stream of other successful (for the criminals) attacks and losses. One of the more famous was the $50 million lost in the DAO hack. Less famous hacks resulting in losses over $10 million took place in 2018. The pattern of criminal success shows no signs of slowing down.
How can any sane person continue to back blockchain as a transforming technology due (in part) to its immutability and implied greater security in the face of this evidence? Obviously, what’s happening is that people are simply ignoring the evidence. That’s it!
Let’s put this in context. What would the stories be if anything comparable took place with plain old banks, with their supposedly obsolete software and security that’s primitive by comparison? While lots of normal banks are robbed every year, these are small-scale occurrences, and many of the perpetrators are caught. For example, here is the FBI’s latest news about bank robberies. You’ll see that there are loads of convictions and prison sentences. Here is a story from December 2018 about a man who robbed a local bank of $536 in order to pay his rent. He has just been sentenced to 46 months in prison.
Are there bank robberies in which large amounts are stolen? Check out the list of them in Wikipedia. The list goes back more than a century. The largest robberies don’t come close to the criminals of the blockchain world. The most recent one listed was 20 years ago, when the Bank of America was robbed of less than $2 million. Peanuts!
OK, you might say, but what about cyber-crime? There’s actually quite a bit of it. But digging into the exact nature of the crimes and how they’re committed is quite interesting. It may exist, but I couldn’t find ANY cases of the core bank systems being hacked. And NONE of the central database (the equivalent of blockchain)! In every case I’ve seen, it was plain old systems network hacking and/or criminal employees that were the problem. Yes, some large amounts were involved, for example in the Bangladesh robbery. But in that case as in many others, corrupted insiders were involved. It had nothing to do with the security of the banking software itself!
If normal banks had been hacked the way blockchain has been hacked, you’d find that the core banking system itself was breached, or the central database itself. In no case that I can find has this happened. What this means is that blockchain, in its short existence and with its relatively tiny fraction of money, has been hacked more successfully and more deeply than any normal banking software has been. “Immutable,” huh? Explain that again, please. But stick to the facts this time.
The conclusions we can draw from these facts are simple, clear, and hard to dispute:
Blockchain is highly susceptible to being hacked in a wide variety of ways.
This has been demonstrated by events for more than 5 years; the hacks are on-going.
Large amounts of money are lost in the hacks.
The hackers aren't caught, much less punished.
While there are lots of physical robberies of old-style banks, the amounts involved are small, the perpetrators are often caught, and consumers are not hurt.
While there are hacks on old-style banks, they have had little success in US banks, and the same kind of cyber-security breaches that occur everywhere are involved.
In no case have the hacks been as deep in the software as many attacks on blockchain have been.
There's lots more that could be said about this, but here's the bottom line: if you want to keep your money safe, put it in a traditional bank, whose software systems are indeed immutable. Any blockchain storage is more susceptible to attack and loss than the software used by traditional banks.
There aren’t many true and surprising new things in software technology, in spite of all the gushing about new stuff. At the center of Bitcoin is a tech advance. Not a minor step forward. Not an enhancement fueled by faster chips. An amazing idea that is the engine that has fueled its explosive growth. It’s not something people talk much about, sadly. They should. The core of the idea is the miners that are the heart of the Bitcoin engine.
If you’ve heard anything about Bitcoin, you’ve probably heard that it’s a crypto-currency. You’ve heard it’s totally secure because lots of computing locks the data in an air-tight vault secured by the latest cryptology algorithms. You’ve heard that it’s a ledger of transactions, and that the ledger is distributed, which somehow makes it better. All these things that you’ve heard are correct – and it’s the miners at the heart of every one of those true things.
First, let’s step back a minute and understand the problem that Bitcoin solves. Bitcoin isn’t cool in the abstract – it’s cool because it’s a creative solution to a really hard problem. The problem, in a nutshell, is to create a currency, like US dollars or Euros, that isn’t controlled by any central authority. That’s a HARD problem. How can you have a currency that people accept with no one to issue it? If it’s somehow issued, who’s going to do the work of creating and managing it?
Long ago, currency consisted of fairly scarce, valuable objects, like sea shells. Then, precious metals were used. Since it was hard to judge how valuable a piece of metal was, people in authority created standard sizes, shapes and values – today’s coins. Then paper money was issued by early banks, with the precious metals in the banks backing it up. Central government authorities then replaced the banks, and currency became a per-country thing. Finally, it became detached from the coins, a.k.a. “the gold standard.” That’s where we are today, with huge government authorities issuing and controlling abstract and paper currency at will, manipulating it to meet political goals. The problem at the heart of Bitcoin is, how can you create an abstract currency that people can trust without a central authority of any kind, much less a government? I trust you’ll agree, that’s a truly hard problem.
Before diving into the solution to this problem, it’s worth understanding why it’s a problem. The core issue is the money supply, and how central authorities manipulate it to implement monetary policy in various ways, shifting with the political winds. Central bankers can print more money, take money out of circulation, raise and lower interest rates and do other things on a whim. Other branches of the government closely monitor who does what with their money via extensive, ever-growing, onerous regulations that make everything harder, slower and more expensive. How can we get out of this? How can we escape the armies of faceless bureaucrats who control the money and watch what we do with it?
The solution has to somehow make everything work with no one in charge. Get people to do lots of work and spend lots of normal money to create and maintain a robust system of virtual currency, and somehow get those people to be absolutely incorruptible?! They’ll be in charge, but not tempted even a little to use their power to enrich themselves? How is THAT supposed to happen??
That, my friends, is the genius of Bitcoin. The genius is embodied in the design of the miners.
Miners are volunteers. No one selects them – they just step up, get their hardware and software together, and start mining. All on their own – without permission and without even an invitation! Here’s the key part: when you mine, you make money, in the form of newly-issued Bitcoin. The formula and the rules are built into the software that everyone uses. When you mine, you make money. The more you mine, the more you make. If you’re ever tempted to think about fiddling with the software, cheating and just taking a bunch of money (Bitcoin), you immediately think of the huge investment you’ve made in mining equipment, which isn’t good for much of anything except mining. If people started thinking that miners were self-dealing corruptocrats, the value of Bitcoin would immediately plummet, and the miner’s investment would be worthless. Your thought of cheating, just a little, quickly flies out of your head, and you go back to being a straight-up miner – and, by the way, watching the other miners closely to make sure none of THEM cheat; if they did it would hurt you. Badly.
The miners are un-recruited, unmanaged groups who put up their own money and time to make money, and are thoroughly incented to play it straight, without cheating.
What the miners actually do is solve computationally intensive problems – all using standard software on juiced-up hardware – that does two important things.
First, the computing assures that each new transaction that someone tries to put in the ledger follows the rules. Simple rules that are essential to virtual currency working. Things like you can only spend money you have. You can only spend it once. Stuff like that, things you don’t even think about when your money is physical and sits in a wallet -- but when it’s digital, has to be enforced.
Second, the computing puts a lock on the new transaction, a special fancy lock that links to all the earlier locks on all the prior transactions. For ease of computing, the transactions are grouped into blocks, and it’s actually the blocks that are locked up tight and chained together with cryptology. Thus the name “blockchain.”
The rules built into the Bitcoin/blockchain software used by all the miners are the key to everything. Since all the miners run the same software, everyone follows the same rules. These rules enforce the fact that, at any given moment, there are a known amount of Bitcoin, with the ledger tracking who owns how much. The number of Bitcoin is fixed – until a miner earns some as a result of the mining work. In that case, brand-new Bitcoin are created – according to an established formula – and deposited in the miner’s own account in the ledger. Once the miner has the earned Bitcoin, he can do anything he likes with it, like any normal owner of Bitcoin.
Finally, it’s true that the Bitcoin miners see each and every transaction. Each transaction is vetted to assure that the rules are followed. But the owner is identified only by a VERY long string of letters, a key, so no one knows who the owner of Bitcoin is in physical life. This is the capstone of Bitcoin’s solution to the problem of government-issued currency. No snooping!
Net-net: There is a publicly known amount of Bitcoin in the world, which slowly grows as it is created to pay the miners who earn it by running the system. There are a large number of volunteer miners keeping transactions flowing, safe and secure, without depending on any of them. Bitcoin buying and selling is easy, inexpensive and private. Because of thousands of volunteer miners crunching away. No one’s in charge. Miners want to work and are incented to be honest. No governments, no bureaucracies, no politics, no one snooping on you. Problem solved!
That’s why Bitcoin/blockchain is new and deserves the attention and credit it’s gotten.
If you haven't already seen the classic movie "The Wizard of Oz," I highly recommend it. It's entertaining and instructive. Its lessons remain applicable today -- they can even teach us about the amazing Blockchain technology that is poised to transform so many industries, solve so many long-intractable problems, and that is attracting such massive attention and investment.
The Movie
Dorothy, along with her dog Toto, you may recall, is swept up from her home in Kansas by a tornado, and eventually comes to earth in the land of Oz.(Credit.)
It's quite a place, populated by witches and munchkins, among others. The good witch of the North, Glinda, tells Dorothy that the wonderful wizard of Oz may be able to help her get home, so she sets out on the yellow brick road to the Emerald City, where he presides. Along the way she meets the Scarecrow who needs a brain, the Tin Woodman who desires a heart and the Cowardly Lion who needs courage. The four of them join forces to ask the wonderful Wizard's help.
The Wizard promises to help them all -- but only if they bring him the broomstick of the Wicked Witch of the West. So off they go and confront the Witch.
Eventually they defeat the Witch and bring her Broomstick back to the Wizard's palace. They walk down the intimidating hall
Until they reach the Wizard's throne.
Gathering up their courage, they present the broomstick to the terrifying Wizard...
and ask that he fulfill his promise to them.
The Wizard stalls. Meanwhile, Toto the dog, noticing something, pulls aside a curtain and reveals a man talking into a microphone. It's the real Wizard: the Great and Awful Wizard of Oz is just an ordinary man!
Dorothy confronts him. He admits he's just an ordinary man, and a humbug at that.
He gives the Scarecrow a diploma, the Lion a medal and the Tin Man a heart-shaped ticking watch, helping them see that the attributes they sought were already within them. He offers to take Dorothy and Toto home in his hot air balloon. Then there's a mishap, and he leaves without her!
The story ends happily, because the good witch intervenes, and shows Dorothy how to return home under her own power, repeating three times "There's no place like home."
Blockchain
What can the Wizard of Oz possibly have to do with the marvelous emerging technology of Blockchain, which is set fo transform so many domains that are badly in need of help?
The movie has amazing lessons for us. I can't spell them all out in a single blog post. Here's a start:
Dorothy is stranded in a strange place and doesn't know how to get home. People who run financial systems have problems like lengthy settlement times that aren't getting solved.
Dorothy meets other people in the strange place who also have serious problems. People in other domains, like healthcare, have long-standing problems like EMR interchange that aren't getting solved.
The Good Witch tells Dorothy that the Wizard of Oz can help her get home. Authoritative people tell us that Blockchain can solve those problems.
Dorothy travels a long way to the Emerald City with her friends to ask the Wizard's help. After lots of work, people commit to the money and effort of a Blockchain trial.
The Wizard tells Dorothy that she has to bring the Wicked Witch's broomstick before he'll help them. Blockchain experts explain all the work we have to go through to get a test that has a reasonable chance of success.
Dorothy and her friends go through battles to get the broomstick, finally killing the Wicked Witch to get it. After lots of money and time and experts, a trial is finally underway.
Dorothy and her friends approach the Wizard and ask him to do what he promised. The sponsors of the blockchain project insist on results.
Toto pulls back the curtain, and reveals that, far from having amazing powers, the great and awful Wizard is just an ordinary man, and a humbug at that. The sponsors finally see that Blockchain solves no problems and is worse in every way than a normal DBMS.
The Wizard makes nice words that make her friends feel better, and after promising to solve Dorothy's problem, abandons her. Blockchain can't do much of anything, outside the context of Bitcoin, and when it appears to "work," the results are awful.
Glinda the Witch tells Dorothy to close her eyes, tap her heels and say the words three times. She wakes up in her bed in Kansas. Her relatives think she's had a dream. The Blockchain executives quietly let the project fade away. They do their best to calm their minds, refuse to admit defeat, and go back to their normal lives.
Conclusion
The world of Blockchain is indeed like the Wizard of Oz. While you're "in" the movie, you're convinced it's real, and so is everyone around you. When you wake up, you're back in normal life and understandably reluctant to think the amazing experiences you've had were "just a dream." But everyone else knows that's all it was. A dream that seemed good at the time, but turned out to be, yes, a bad dream. See this for a fact-based dissection of the bad dream.
The post explains some of the most basic things about Blockchain. For more detail and analysis, see this and the links therein. For a basic definition, see the one at the end of this post.
Blockchain
“Blockchain” refers to widely varying bodies of code ripped from the Bitcoin source code, always leaving out the currency, and usually varying other key aspects of the code. These subsets of the base code are typically described as an "Immutable distributed ledger" or some such. Blockchain implementations are often created to respond to some crucial defect of the base system for a particular application. Such implementations wander far from the features that Blockchain is supposed to have in the minds of most people.
Ledger
Blockchain is most often described as a distributed ledger. The fact that it’s a “ledger” refers to the fact that blockchain is an extremely primitive DBMS that lacks a query language. As a “ledger,” about all it can do is support data writing and reading. Not only does it lack a query language, but it’s effectively a key-value store. This means that you better know the key of the ledger entry you want to read or update; without this, you are totally without recourse. Some anguished early investors in Bitcoin discovered this when they saw that their original investments had grown into the equivalent of millions of dollars, but they couldn’t access the Bitcoin because they have lost their key. Many others have lost their investments due to other security disasters.
As a result of this glaring deficiency, a couple resourceful people I have met who are building blockchain applications use a relational DBMS such as Postgres side-by-side with the Blockchain, copying all the data put into the Blockchain into the DBMS, along with the additional information required to make it a practical system. Why keep the Blockchain? Simple: who would invest if the venture didn't incorporate the hot new solves-all-problems miracle technology?
Distributed
Many Blockchain applications depend on the fact that it’s a “distributed” ledger to justify using the technology. Unfortunately, as implemented for Bitcoin, the fact that the ledger is distributed is a painful but necessary consequence of the design goal of having no one in charge of the system. It's a necessary evil! The distribution is due to an unknown number of “miners” who enforce the simple but computationally intense rules of the system; there may be over tens of thousands of miners, maybe even more than 100,000, no one knows. In the Bitcoin implementation, distributing the ledger in this way leads directly to the ten minute time typically needed to complete a transaction, and an unsatisfactory implementation of standard database ACID properties and the problematic CAP theorem for distributed databases.
Many Blockchain implementations attempt to overcome these problems by using common-sense measures that effectively eliminate the key features of Bitcoin. The most typical compromise puts the Blockchain under the control of a single organization; that opens it to the same kind of insider hacking that has broadly affected large commercial and government organizations. See this, for example.
Many users seem to think that being “distributed” is an advantage that makes Blockchain applicable to solving long-intractable problems involving related data in different locations managed by different organizations and systems. The fact that Blockchain can be implemented as a distributed ledger is completely irrelevant to solving problems of this kind. Blockchain's implementation of data distribution is vastly less effective and efficient than proven methods, and its general deficiencies make it far less useful than standard DBMS’s in such applications.
Immutable
Blockchain gets sold based on the notion that it’s “immutable,” implying highly secure. In the context of Bitcoin, it’s true that the only way an outsider could come in and change the ledger would be to organize a conspiracy of the miners. However, even with the incredible security provided by an army of miners, people have still lost their investments in Bitcoin by a variety of prosaic means, such as corruption or dysfunction in the wallet or system that represents you for holding or buying/selling bitcoin. There have been a number of such incidents that have been publicized, and more that have not.
The second you move from Bitcoin to Blockchain, the level of immutability plummets to little more than rhetoric. This is because the main security in Bitcoin is provided by miners, who are incented to keep the system secure. Once the miners are gone or under the control of a central organization, the usual methods for subverting software come into play, only without the layers of security that have prevented central bank systems from being hacked, at least so far. The typical Blockchain implementation is less immutable than a properly managed RDBMS with an appropriately replicated and secured log.
Given the widespread computer security breaches that have taken place, and will continue to happen, it's comforting to imagine that having an "immutable" distributed ledger would solve the problem. However, what the Blockchain does is replace the database in a normal system. So the question is, is the pervasive lack of security in today's enterprise systems due to vulnerable databases, or some other reason? The answer is clear: the database is the MOST secure aspect of today's systems, and security in it is rarely breached, and in no case of a properly administered one of which I'm aware. The security breaches are always "top down," i.e., the hacker gets into the system as though he were a legitimate user by one of a wide variety of means, and sometimes is an authorized but crooked user. Then he sucks data out of the system. The DBMS has NOT been breached in this kind of attack, and Blockchain is equally vulnerable to such exploits. And that's not even getting into the ultimate attack, which is an insider modifying source code, which has been the source of some of the most inventive banking attacks. SInce the database is not the problem, Blockchain is not the solution.
Smart contract
A “smart contract” is a key feature of the Etherium cryptocurrency and several Blockchain implementations, and is the foundation of many of the proposed applications of Blockchain. A “smart contract” is the exact equivalent of a DBMS stored procedure. In other words, it’s a body of code buried inside the blockchain (DBMS) that goes beyond storing and retrieving, implementing any logic the creator chooses. Most “smart contracts” today are written in newly created software languages; for example, Solidity is the one used in Etherium. These languages and systems are relatively new, and have flaws that have already been exploited by hackers. Using the name “smart contract” is effective rhetoric, but that’s all it is. It’s an immature programming language running inside a seriously deficient database.
If the version of Blockchain is run like a typical DBMS, with master/slave – in other words, going against all the principles that are supposed to distinguish Blockchain – then a Smart Contract could work like a stored procedure, though crippled by lack of functionality in the DBMS. Worse, there are serious unaddressed issues maintaining the basic ACID properties that any normal person would expect – things like either the money is removed from account 1 AND added to account 2, an absolute guarantee that BOTH happen or NEITHER happens, even in the face of machine failure. If it’s run like a “distributed ledger,” then you’ve got even worse problems.
Computer History and Context
Blockchain is experiencing a huge uptick in interest, involvement and investment. Many people and organizations are convinced that it is the key to solving many long-standing problems in various industries. Generally, the fact that there are huge problems of long standing and no clear path to solving them is correct. The thought is that, with so many obviously smart and hard-working people involved with software, the solution must be elusive because of a fundamental technology barrier. The solution must hinge on the arrival of some transformative new technology that will change the game. Blockchain!
Sadly, the long-standing barriers have nothing to do with technical break-throughs, and everything to do with incentives and standard industry practices that inevitably yield such results. A study of computer history and the way things work in various industries -- something that is rarely done -- would make this clear. While it's a huge subject, here are some posts (including the many embedded links) that can provide a starting point:
In spite of all the above, there's a way that Blockchain can be a big win in certain applications, when applied in smart ways by top-notch teams. There's a clear historical pattern to follow. Here's how.
The interest and investment in blockchain continues its exponential growth. It seems there's no end to the long-intransigent problems it will solve!
There are just a couple little issues. First and foremost is that the virtues of blockchain, such as they are, have little to do with the problems it is supposed to solve. Second is that other technologies are better than blockchain, often by a factor of 1,000 or more. Finally, the most-discussed blockchain virtues solve problems that don't happen to exist in the real world. Other than that, blockchain is great!
Why then all the interest in blockchain, you might reasonably ask? You might as well ask lemmings why they are following the lead lemmings as they run off a cliff -- it's what everyone is doing!
Let's dig into just one aspect of this widespread delusion.
What does everyone say blockchain is? Some combination of the following:
A distributed, immutable ledger
The foundation of Bitcoin, only without the currency
We all think we know that Bitcoin involves cryptography, somehow making it safe, and that it electronically transfers data and value between distant parties. It's kind of like email in that regard, only so solid and safe that it works for money as well as a bank. Since blockchain is the "foundation" of Bitcoin, let's get blockchain to solve the many problems that involve getting data between places, and getting information exchanged. Let's go!
The widespread picture is that Bitcoin is just an application built on top of blockchain, kind of like how Oracle Financials is just one of many applications that are built on top of the Oracle DBMS. The idea is that blockchain is a platform on which applications can be built, like an operating system, DBMS, etc. That's what everyone is pushing, but it's a bogus idea!
The reality is that what we call "blockchain" is an artificial slice of an amazing piece of software that was artfully designed to solve a VERY hard problem -- and each piece of it depends on the others in order to work properly. Once you take the currency away, the whole thing falls apart. "Blockchain" is part of a whole, just like legs are great transport mechanisms, but only work as an integral part of a whole body.
The sailboat is like Bitcoin. It's got a hull, rudder, masts and sails. It's moving. It's an amazing invention. All the parts are designed with the others in mind.
Here is the same boat at the dock:
The sailboat at the dock would be like blockchain if you removed the mast, the furled sail and all related ropes. There is no doubt that the sailboat is "built on" the hull.
But what a ridiculous thing! What good is a sailboat without its mast and sail? There's no motor. It isn't even set up to be rowed with oars!
The reason is simple: the hull of the sailboat wasn't designed in isolation. It was designed as an integral part of a sailboat. You know, one of those things with sails. And without those sails it's nearly useless!
That's blockchain. A sailboat without the part that makes it useful.
The currency is what drives the blockchain forward.
Let's start by reviewing the capabilities banks have for normal currency. Let's remember that banks do DDA's (the thing we draw checks on and deposit checks into) just fine.
While we often hear people complain about not having enough money, we never hear it's because the bank has somehow lost it -- that their ledger has been falsified, so that money we deposited and thought we had disappeared. Bank ledgers are already "immutable." It's just not a problem.
Paper checks can take a couple days to clear. But certified checks can be turned into cash immediately, and you can get cash from any ATM. You can also use a PIN debit card to instantly access or transfer money. Fast access to and transfer of money is widely available. That's not a problem.
Banks have their electronic ledgers in multiple places, so that nothing is lost when there's a computer failure. Money can be moved between accounts in a bank in seconds. Banks already have distributed ledgers, and every modern DBMS supports replication of various kinds.
So what about Bitcoin? Has it invented things that aren't needed or already exist? Bitcoin represents an amazing way of implementing the following:
A virtual currency
which no single entity controls
which incents "miners" to do the hard work of assuring that transactions are consistent and secure by rewarding them with newly-issued Bitcoin
It is not an advantage that Bitcoin has a "distributed ledger" for much of anything: it's got a "distributed ledger" so that no one entity is in control of Bitcoin. That's it! The "mining" is an extremely clever mechanism to pay groups to keep the ledger, stored in thousands of copies in many locations, up to date and consistent. That's why there's a consensus mechanism in Bitcoin, so that new transactions go into the ledger only when most of the miners agree they should.
In a normal bank DBMS, money is moved from one account to another in a fraction of a second. The transfer conforms to the traditional ACID properties of a DBMS, which assure for example, that the money is taken from one account and added to the other -- either both transactions take place or neither takes place. Any widely-used DBMS can do this many thousands of times a second. In Bitcoin, it takes on average 10 minutes for a single transfer to take place, with total throughput a tiny fraction of any modern DBMS. This is the cost of having a "distributed ledger," which is required to meet the key design goal of Bitcoin of having no single entity controlling the currency.
If you take away the Bitcoin, you take away the reward mechanism, and all you're left with is an insecure ledger that performs worse than a database on 50 year old computers. Worse.
The fact that the ledger is "distributed" is supposed by blockchain advocates to solve the problem of resolving data in different places, like between stock trade systems and hospital EMR's. Ridiculous. Blockchain is distributed only to meet the requirement of having no one in control. Any modern DBMS supports replication, which can keep remote DBMS's in sync while performing thousands of transactions a second. This works today. Blockchain is not an advance in this regard. In the end, all parties to a transaction have to get their data to a single place, and then have a couple copies of that single place for fault tolerance. DBMS technology is optimized for this use case. Blockchain accomplishes the same thing ...eventually.
Each case in which blockchain supposedly solves long-standing problems can be proven false, which is why you always hear about the wonders of blockchain:
using the future tense, or
in a proof-of-concept, or
in an application that could have been built faster, cheaper and with better performance using modern DBMS technology.
I realize I haven't covered all the issues here, but when you're confronted by an entire mental hospital's worth of insanity, covering a single floor's worth of problems feels like a lot.
More cynical definitions in the series introduced here, for Deep Learning and Blockchain.
Ambrose Bierce
A couple definitions from his book:
Stan Kelly-Bootle
Mr. Kelly-Bootle sometimes provided extended explanations of the words he defined:
Sometimes he even needed illustrations. See the two definitions below, followed by illustrations:
Definitions for 21st Century Computing
A couple more from the student:
Deep Learning
Deep learning is an evolution of shallow neural networks, in which the neural networks are stacked in many layers, making them “deep.”
Decades after the 1959 biological model introduced by Nobel Prize-winning scientists Hubel and Wiesel inspired artificial intelligence pioneers at MIT and elsewhere to invent neural network technology, someone noticed that biological neurons are connected in many layers, unlike the single-layer neural networks that AI researchers had been touting for years as the basis for recreating human intelligence inside a machine. Since everyone knows that prestigious artificial intelligence researchers don’t commit errors, or at least simple ones, “deep learning” was introduced as a brand-new idea that would finally crack the code of making machines as smart as the average fifth grader. Someday. Maybe.
Blockchain
A hot new technology that is sweeping through the world of finance,healthcare and elsewhere, whose greatest practical success to date has been the secret transfer of funds between cooperating parties in a criminal enterprise.
A newly discovered database that has recently been freed from the nearly unbreakable bonds of its cryptocurrency prison; however, as a new kind of database, it stubbornly refuses to be classified as a “database,” preferring to be known as a “distributed ledger,” of which it is apparently the only known exemplar. A cynic might point out that that the stubborn refusal to agree to be part of genus database-imus may be due to the wholly inadequate functionality and performance of blockchain on generally accepted measures of database value, but this is almost certainly unfair to such a widely hailed future solution to problems that undoubtedly are pressing, and have resisted solution for many years.
Conclusion
I apologize in advance: there could be more to come.
My daughter's cat taught me a major lesson about healthcare as I described here. Pretty amazing. But Jack the cat also thought I should learn about the advanced databases that providers and insurers maintain about each other. While not as brilliant as the inter-provider EMR interchange breakthrough I've described, the databases have a similar effect to the brilliant gamification strategies for wellness implemented by leading hospitals, but take a whole different approach. The depth and extent of innovation in this industry never fails to amaze me.
Jack's learning environment
As I described before, the terrified cat was outdoors and I had to pick him up to bring him inside. He was scared, so he scratched and bit me. I saw my doctor and got a mis-prescription for antibiotics. Then I needed an X-ray to see what was going on inside the hand that was painful after weeks. That's the situation.
Jack the cat decided this was an opportunity for me to learn about databases and get some extra exercise, no doubt as penance for failing to pet him well or often enough.
The search for the X-ray provider
First, I got a referral to a provider that was way far away from where I live. How did this happen? The doctor claims she called me to find where I live twice and got no answer. Hmmm. I guess the information was mysteriously missing from my records and no one thought it was important to get it, and I guess the fact that I only got one message, and it had no request for where I live was just ... whatever. So I decided I better get active, rather than waiting another couple of days for a referral.
I went onto the Anthem site -- the provider of my health insurance in spite of their horrible computer security track record. I discovered a provider that is covered by them just a couple blocks from where I live:
That should be an easy walk. After more fumbling with the doctor's office, I finally got them to give me a referral.
Here's the place to which I was referred:
Same place. Good. I called them up, and they said no appointments were required, just show up with the referral. I walked right over, but they weren't in the building directory. Hmmm. I asked the person at the desk, who had clearly seen confused and lost people like me before. She told me they've moved, and gave me the new location. Great!
I went back home, and discovered that someone else at my doctor's office had also given me a referral, only to a place that actually has an X-ray machine. So out I walked again, and got my medicinal dose of radiation.
Anthem didn't know that they'd moved. The people on the phone at the X-ray place had no idea. One person at my doctor's office did know -- but another one didn't. In normal life, companies that acted like these did -- my doctor, the X-ray place and the insurer -- would be out of business. But as we all know, healthcare isn't normal life.
Big Data and Blockchain
What happened with me was no big deal. Business as usual in healthcare, and in this case had no consequences beyond getting me to walk more, which is a good thing whether I decide to do it or I'm tricked into doing it.
But let's consider the consequences of this trivial episode.
Where are the Big Minds, the elite in healthcare, spending their oh-so-valuable time and effort? Lots of things, of course, but two of the big obsessions are Big Data and Blockchain. Each of these, for different reasons, is a holy grail of technology for healthcare, if you pay attention to the talks, conferences, articles and real dollars invested.
Big Data is a focus because the leading thinkers and influential, powerful people are convinced that if all this healthcare data is poured into a giant Hadoop data lake and poured over by ultra-modern machine learning tools, we'll discover important things that will make us all healthier.
We already knew that EMR's are riddled with data problems; now Jack has shed light on problems elsewhere:
If the data is missing or wrong, no amount of bathing in Data Lakes will cause accurate results to pop out. Bad data in, bad results out.
If there are protocols that have been proven to be the best for treating patients and doctors simply refuse to follow them, nothing improves.
Blockchain has attracted the attention of leading figures among the healthcare elites because of its awesome promise to solve the problem of data interchange and effortlessly created universal health data -- on which Big Data can proceed to work its magic.
BUT ... if no ones cares or is allowed the time to get the data accurate and complete and the data is no good, spreading it around hardly helps anything.
As usual, all the attention goes to the highly visible frosting on the cake, while the underlying layers of the cake rot from inattention.
The consequences of extraordinary cat knowledge
This valuable knowledge about provider databases and the reliability of doctor decision making came from just a couple days of cat-sitting our daughter's cat. The experience was so rich that we decided to get a cat of our own, Priss:
We eagerly await the medical knowledge that Priss will bring our way!