Tuesday, July 9, 2019

Finn Brunton's "Digital Cash"

I attended the book launch event for Finn Brunton's Digital Cash at the Internet Archive, and purchased a copy. It is a historian's review of the backstory leading up to Satoshi Nakamoto's Bitcoin. To motivate you to read it, below the fold I summarize its impressive breadth.

Brunton starts with a chapter discussing the nature of money and how it necessarily relates to the future. He notes how, in the aftermath of the Great Depression, science fiction authors such as H.G. Wells used invented monies as a tools by which their future societies might be realized. The chapter concludes:
The people this book studies organize themselves and their speculative monies in terms of powerful fantasies of the future. These are ... technological and science-fictional imaginaries by which society might be irretrievably and utterly disrupted, with money as the mechanism of transformation and the escape route out of the present into the future.
The next chapter surveys the history leading up to today's paper money, ending by using "the ugliest t-shirt in the world" from William Gibson's Zero History as an analogy for the Constellation, the patterns embedded in banknotes that cause high-quality photocopiers to refuse to copy them.

Chapter 3 recounts the development of public-key cryptography and how it underlies the digital signatures needed to verify cryptocurrency transactions.

Chapter 4 starts the discussion of electronic money, and uses Paul Armer's 1975 Congressional testimony Computer Technology and Surveillance to establish that systems such as debit and credit cards are, as Armer wrote, "the best surveillance system we could imagine within the constraint that it not be obtrusive". Discussing the work of French philosopher Gilles Deleuze, Brunton writes:
Electronic money could serve as a control apparatus for making the market into a rapid response system for the police, a location log, and a Skinner box for rewarding and denying citizens into doing what corporations or governments wanted.
David Chaum shared these concerns and, in response, published his e-cash paper in 1983. With subsequent enhancements it provided truly:
anoymous digital cash secured against surveillance, forgery and counterfeiting ... It met many of the challenges in his model of privacy's future crises, and without building infrastructure for potential malefactors.
Chaum predicted that:
"If we don't get the national currencies in electronic form properly then the market will route around them and make other currencies"
Chaum's DigiCash company eventually failed and, as Brunton comments "It was prediction whose consequences we are now living out".

Chapter 5 starts with Jude Milhon and Tim May at the birth of the cypherpunks@toad.com mailing list, and the idea that, unlike Chaum's, the goal was not to cooperate with the existing financial infrastructure but to supplant  it, and thereby supplant government itself. It continues with the story of Philip Salin's American Information Exchange (AMIX), a nascent market for digital information, and its relation to Ted Nelson's Xanadu project. Esther Dyson objected that:
The law of supply and demand can't work for a product, such as information, that can be replicated at almost no cost.
Salin's answer was:
digital information is valuable because people will pay for it.
which turned out not to be true enough to keep AMIX going after Salin's death and "cryonic suspension". Cryonics is a theme of this story, both because like cryptocurrencies it is based on a naive faith in technology, and because enthusiasts for cryonics need a way to transfer their wealth securely and without being eroded by inflation into the far future in order to reward those who revive them.

Chapter 6 starts with Vernor Vinge's True Names and Tim May's BlackNet concept, which was a precursor of the Dark Web:
It prefigured parts of the model of Julian Assange's plan for WikiLeaks in his paper "Conspiracy as Governance": to create a cryptographic framework for anonymous leaking that discloses information to the public while making organizations dysfunctional by turning every employee into a potential leaker,
It leads on to John Perry Barlow's Declaration of the Independence of Cyberspace, the birth of the Electronic Frontier Foundation, and the developing demands for access to forbidden information of one kind and another.

Chapter 7 starts with Adam Back's "RSA in Perl" t-shirt/munition (I still have mine) and his 1997 "hashcash" proposal for suppressing spam via Proof of Work. But, unlike Back's subsequent papers, Brunton fails to observe that it was a version of Cynthia Dwork and Moni Naor's Pricing via Processing or Combatting Junk Mail from 1992. Dwork and Naor's abstract reads:
We present a computational technique for combatting junk mail in particular and controlling access to a shared resource in general. The main idea is to require a user to compute a moderately hard, but not intractable, function in order to gain access to the resource, thus preventing frivolous use. To this end we suggest several pricing functions, based on, respectively, extracting square roots modulo a prime, the Fiat-Shamir signature scheme, and the Ong-Schnorr-Shamir (cracked) signature scheme.
As Arvind Narayanan and Jeremy Clark write in Bitcoin's Academic Pedigree:
Hashcash is much simpler than Dwork and Naor's idea: it has no trapdoor and no central authority, and it uses only hash functions instead of digital signatures.
It is a striking example of the misogyny of the cryptocurrency world that one of the few female contributors to its foundations is omitted.

The chapter continues to explain the importance of high-quality randomness, and then explains the work of Hal Finney and Nick Szabo leading to Szabo's "bit gold" and Wei Dai's b-money, which introduced decentralization. Narayanan and Clark point out the missing piece:
These proposals offer timestamping services that sign off on the creation (through proof of work) of money, and once money is created, they sign off on transfers. If disagreement about the ledger occurs among the servers or nodes, however, there isn't a clear way to resolve it. Letting the majority decide seems to be implicit in both authors' writings, but because of the Sybil problem, these mechanisms aren't very secure
The Sybil problem is the reason why the consensus mechanism of permissionless networks, ones that anyone can join, has to make participating in the consensus process expensive. If it is cheap, an attacker can cheaply create enough fake participants, or Sybils, to control the consensus.

Chapter 8 focuses on the Extropians and their embrace of Austrian economics, while Chapter 9 follows their path to cryonics, so that they could be revived once the utopia they envisaged had been created.

Chapter 10 describes the impact of Satoshi Nakamoto's announcement of Bitcoin, coming as it did at the peak of the global financial crisis. It describes the Bitcoin blockchain data structure without noting that it was published (and patented) by Stuart Haber and W. Scott Stornetta in 1991. A company using their technique has been providing a centralized service of securely time-stamping documents for nearly a quarter of a century.

Brunton explains why the "anonymity" (really pseudonymity) of Bitcoin is so fragile:
As subsequent events would reveal, accidentally associating a Bitcoin address with something that can be connected with your real identity, like an email address, a forum posting, a postal address, or an attempt to sell bitcoin for other currencies or goods would reveal not just your identity but - throught the transaction history in the ledger - a time-stamped log of your activities and the network of your colleagues.
Andrea O'Sullivan reports that Paul Armer was right, and the Hong Kong Protests Show Dangers of a Cashless Society:
In Hong Kong, most people use a contactless smart card called an "Octopus card" to pay for everything from transit, to parking, and even retail purchases. ... But no one used their Octopus card to get around Hong Kong during the protests. The risk was that a government could view the central database of Octopus transactions to unmask these democratic ne'er-do-wells. ... So the savvy subversives turned to cash instead. Normally, the lines for the single-ticket machines that accept cash are populated only by a few confused tourists, while locals whiz through the turnstiles with their fintech wizardry.

But on protest days, the queues teemed with young activists clutching old school paper notes. As one protestor told Quartz: "We're afraid of having our data tracked."

Using cash to purchase single tickets meant that governments couldn't connect activists' activities with their Octopus accounts. It was instant anonymity. Sure, it was less convenient. And one-off physical tickets cost a little more than the Octopus equivalent. But the trade-off of avoiding persecution and jail time was well worth it.
Alas, she also writes (my emphasis):
The answer is that there is simply no substitute for the privacy that cash, including digitized versions like cryptocurrencies, provide.
Doing crimes on an immutable public ledger just isn't a good idea. There are currencies that provide greater privacy, such as Monero (14th biggest) and Zcash, (23rd biggest) but they are typically harder to convert into fiat currency so as to actually buy stuff. Trading them for less privacy-preserving cryptocurrencies raises the risk of de-anonymization, and the trade itself acts as a red flag.

Bitcoin isn't "digital cash". Paper cash offers real anonymity, and instant finality. Bitcoin transactions aren't normally regarded as final until six block times (one hour) have passed. Scammers steal £113,000 from Bitcoin ATMs by double spending before transactions can be cleared reveals that Bitcoin ATMs are either unusable or vulnerable because:
it’s inconvenient to have customers standing around for 10-30 minutes (or longer) for a transaction to go through.
How long would you stand at an ATM waiting for money to come out and blocking everyone else's access to it?

Chapter 11 traces some of the history of "libertarian speculative currencies" and their ties to gold bullion such as the Liberty Dollar and E-gold which, as Brunton writes, became:
a high-volume venue for specialists in credit-card fraud, Ponzi schemes, and money laundering.
This history, and the writings of Ayn Rand and her disciples, provided the background for the early Bitcoin adopters, who might perhaps have paid more attention to what its libertarian predecessors became. The chapter ends with the farcical story of HavenCo and its failed attempt to set up on the "independent nation" of Sealand, an abandoned fort off the coast of Essex and remnant of the "pirate radio" I listened to as a teenager.

Chapter 12 essentially asks "what is it about Bitcoin that makes it money?" Brunton's answers are that it is verifiable:
you could, in the words of one minter, "trust in yourself" to verify what you held. Cryptocurrencies in circulation are nothing more or less than records of creation, ownership, and transaction in the blockchain ledger: their existence is constituted by the user-visible records of their existence. ... The whole apparatus of Bitcoin enables verification of the currency, both in particular and in general: you can't exchange "bitcoins" outside the network or have them circulate freely - and therefore be obliged to test whether a given bitcoin is the real thing - since there are no bitcoins, only the rights to trade within the closed ledger."
And that it is artificially scarce, which:
produces a monetary system that enormously rewards its earliest users ... and encourages the use of the money as reserve and collateral or, seen differently, for hoarding and speculation. ... This is a particularly seductive notion for people already prepared for the collapse of the current monetary order. ... You can't lose your bitcoins in a bank run or have them seized from your safe-deposit box. The right to trade them remains assigned on the ledger. All you have to do is wait.
Operating together, this:
provides the certitude that no one else has the right to trade any particular bitcoin, that no copies are being produced, and that the overall number is fixed and will remain so, becoming steadily harder to create. It puts this scarce object into an infrastructure of ownership: the distributed irrefutable ledger of the blockchain - the blockchain that turned out to have so many more interesting and potentially valuable applications, from establishing the ownership of digital artworks to enabling property sharing and access schemes.
It is understandable that, in a book whose central theme is the Utopian dreams that drove the development of cryptocurrencies, the author recounts what the enthusiasts wanted their system to do. But I find it regrettable that Brunton doesn't go on to detail the myriad ways in which, like all Utopian dreams, the outcome in the real world was dystopian.

Like the "libertarian speculative currencies" Bitcoin became:
a high-volume venue for specialists in credit-card fraud, Ponzi schemes, and money laundering.
Not to mention ransomware and securities fraud. Because Bitcoin can't in practice be used to buy legal products or services, it isn't trustless because users have to trust exchanges to convert their hodl-ings into fiat currency. The price at which they can do so is completely manipulated. And even when exchanges aren't complete scams, like Quadriga CX, they routinely have the cryptocurrency they hold on behalf of users stolen. Individual users cannot in practice mine currency, they have to trust mining pools. The Bitcoin blockchain isn't decentralized, it is centralized around a few huge pools. Nor can individual users in practice verify the blockchain, its too big. Nor can they safely keep their wallet in specialized hardware, which typically has buggy firmware with easily exploitable vulnerabilities, or on their computer. As Nicholas Weaver writes:
If Bitcoin is the "Internet of money," what does it say that it cannot be safely stored on an Internet connected computer?
Merely being known as someone who owns cryptocurrency makes you a target for phishing and SIM-swap attacks, and your computers targets for malware. And, finally, no-one has found the "so many more interesting and potentially valuable applications" of blockchain technology.

As far as it goes, Brunton's book is good, with an impressive breadth of sources, and a strong thread connecting them. I only found two significant omissions. But it would have been much stronger had he connected the dystopian failures of past Utopian schemes to today's cryptocurrency world, rather than stopping the story before the full measure of its failure to live up to the developers' goals became clear.

Siddharth Venkataramakrishnan reviews Brunton's book for the Financial Times here.

2 comments:

Paul McJones said...

The final link, for Siddharth Venkataramakrishnan's review of the book, is incorrect.

David. said...

Now fixed, thank you Paul!