The launch of Bitcoin futures trading is a good moment to consider the cyber and wider security issues raised by this and other cryptography-based currencies.
It is worth making the distinction between the blockchain technology underpinning Bitcoin, and Bitcoin as a currency or investment. The second has generated heat and headlines, but it is the technology itself that is truly transformational for security.
The “distributed ledgers” made possible by blockchain have huge potential to improve the security and resilience of transactions in and beyond the finance sector, to reinforce trust and data integrity, and to strengthen appropriate transparency. Governments, in particular, will be able to use this to offer secure services to citizens and to give ownership and control of personal data back to the individual.
The fundamental strengths at the heart of cryptocurrency technology will be familiar to those in the national security cryptological world. By forcing anyone wishing to take part to use the public key infrastructure (PKI), cryptocurrencies draw on the mathematical genius of public key encryption, first discovered in the late 1960s in secret by the GCHQ mathematicians James Ellis, Malcolm Williamson and Clifford Cocks, and later publicly developed by Whit Diffie, Martin Hellman and others.
Distributed ledgers eliminate the single point of failure of highly-centralized systems, and their associated cost, complexity and unreliability, in favor of multiple shared copies of the same database. A ledger that is publicly open but fundamentally secure is the ultimate expression of the “non-secret encryption” that Ellis imagined.
But it would be naïve to think that distributed ledgers are immune to cyber attack or manipulation. Completely “unpermissioned” networks like Bitcoin, which subscribe to a global trust theory, are still vulnerable in principle. The reported attacks on individual Bitcoin exchanges or thefts of existing coins are not really the main threat. For governments, the issue is that the network integrity underpinning distributed ledgers could be threatened, for example, by actors adding their own servers or by denial-of-service attacks against existing servers.
The possibility of duplicate spending of Bitcoins, for example, through control of over 51 percent of the network is not completely far-fetched, particularly given the dominant position of a relatively small number of players. Nation states also will need to ensure quantum-resistant signature schemes for ledgers of national interest: Bitcoin has benefited so far from a lack of actors wanting to undermine it. But it is not fanciful to think that, in the future, some actors would want to destabilize a national ledger.
Bitcoin technology also has exposed some privacy limitations. Seeing all transactions on the blockchain will reveal information that previously has been private to banks, their clients and, where necessary, law enforcement. This new transparency is not necessarily wrong, but needs public and political debate.
Governments and regulators will need to keep exploring the possible uses and abuses of blockchain as they adopt it more widely at a national scale. Bitcoin is a useful global experiment to observe. It is at one end of a spectrum that goes from the completely decentralized to the totally “permissioned,” or private, dedicated network. In practice, governments and mainstream industry are more likely to choose somewhere in the middle, sacrificing some resilience for greater trust.
By contrast, Bitcoin as a currency rather than a technology seems to me to have a less certain future. I am not an economist, but this particular currency touches on many of the lessons of the financial crisis. It is an investment without any tangible assets. It has no obvious sellers, beyond those “miners” trying to fund their astronomical electricity bills, and few obvious legitimate users. The currency exists primarily as a playground for wild speculation in a period with too much capital looking for a home. Despite the best efforts of enthusiasts to argue that Bitcoins can be spent normally, there are few mainstream outlets to do so and the most enthusiastic active users seem to be criminals; it therefore performs none of the useful services for society that we associate with fiat currencies.
From a national security perspective, Bitcoin’s enabling of real-world anonymity in financial transactions and its value to criminals, despite the irony that the blockchain itself is remarkably transparent, runs against the public and political tide. The last century of financial services regulation has been about making financial crime and tax evasion more difficult. A currency that enables both is unlikely to be welcome in Western democracies, and there will be strong political pressure to do something about it.
Patience with proponents of new technology behaving irresponsibly is wearing thin in many countries. Bitcoin has not yet attracted this public attention because it does not affect the ‘real’ economy or ordinary citizens; it is the preserve of tech enthusiasts, speculators, libertarian idealists and a sprinkling of criminals. But that may change and regulators are clearly waiting to move in.
In theory, regulation could transform Bitcoin into something usable, but only by imposing conditions such as moving away from a completely “unpermissioned” model towards some centralization, with clearer real-world ownership and access control. That would build greater trust, although purists will argue that it comes at the price of weakened resilience.
I suspect Bitcoin owners will find any change unacceptable for a range of ideological reasons and will consider the process of agreeing to anything at all very difficult. If so, regulators will probably freeze Bitcoin out from contact with the real-life finance sector. But that could enable other, more pragmatic cryptocurrencies to thrive; the first adopter of technology is often not the most successful.
Whatever happens to Bitcoin, distributed ledgers and blockchain are an exceptionally important part of the future and a huge net gain for cyber security and data integrity. We should not let Bitcoin’s ups and downs distract us from that.