The BSV illegal content incident matters to all blockchains
Data is data, whether it's illegal pictures, stolen identities or laundered cryptocurrency.
- As blockchains continue developing, these kinds of incidents will become increasingly common.
- It's coming to a point when we need to think seriously about illegal data on blockchains, being mindful that dirty crypto-money, unlawful communications and child pornography are all functionally equivalent types of illegal data.
- The community and law enforcement response to this incident highlights a potential way forwards across all of these data types.
Bitcoin Cash (BCH) forked away from bitcoin (BTC) primarily to embrace larger block sizes as a scaling solution. Then Bitcoin SV (BSV) forked away from bitcoin cash primarily to embrace even larger block sizes.
A larger block size means more data can fit into blocks. This data is typically just the necessary blockchain transaction information, such as how much is being sent, who's sending it and where it's going.
But it's also possible to embed so-called "arbitrary data" into transactions. This data will then become part of the blockchain as surely as any transaction. That's what just happened.
Arbitrary data can mean a lot of things
The ability to hold arbitrary data using the spare storage room on blocks has been part of bitcoin's capability right from the start. In fact, Satoshi Nakamoto included arbitrary data on the first ever bitcoin block, writing the phrase "The times 03/Jan/2009 Chancellor on brink of second bailout for banks," into the transaction.
People have been embedding arbitrary data onto blockchains ever since, and it's not always as wholesome as a paper headline.
For example, last year a lot of news outlets made waves when researchers discovered links to child pornography embedded in the bitcoin (BTC) blockchain. The news was thoroughly overblown though, because the limitations of the bitcoin blockchain mean it's not actually possible to embed comprehensible media into the blockchain, and the only way to actually encounter the illegal content was to very deliberately go looking for it and then decipher it.
Consequently, everyone forgot about it pretty fast.
But the type and amount of arbitrary data that can be baked into a transaction will vary depending on the blockchain, and how visible it is will depend on the tools available. That's what's different this time. Child pornography has been embedded on the Bitcoin SV blockchain, and unfortunately the unique characteristics of Bitcoin SV mean it's actually able to carry media in a way that the bitcoin blockchain can't.
This time it's not as easy to dismiss.
Bitcoin SV is characterised by its extra-large block sizes which allows room for a lot more arbitrary data. Users embraced this functionality by creating tools which allowed the posting and deciphering of this arbitrary data in much clearer and more human-readable forms.
The Bitcoin SV Bitchat tool for example, allowed people to turn the blockchain into an actual chat program. It was flooded with racist messages shortly after launch.
Further developments in the Bitcoin SV protocol itself expanded the blockchain's ability to carry arbitrary data. Specifically, a 24 January update allowed up to 100KB of arbitrary data per block. This was a 450-fold improvement over the previous, suddenly making it possible to plant image, audio and video data on the Bitcoin SV blockchain.
This is the functionality that makes this incident such a big deal, relative to last year's stories of child abuse imagery being embedded on the bitcoin blockchain. This time it was actual imagery.
How it went down
According to the BBC, the offender posted the image to the blockchain using a tool called Money Button that's designed to make the posting of arbitrary data much quicker and easier than it would be to do it manually. The data was then converted into a visible image through a separate website, Bitcoinfiles.org, which displayed images posted to the Bitcoin SV blockchain. Bitcoinfiles shut down its blockchain browsing service following the incident.
As Money Button described it, the offending material was reported to authorities as soon as it popped up on Bitcoinfiles. The website then sprung into action and removed the content from its site, and started investigating how it was posted, finding that it came from Money Button.
It's now being investigated the same as any similar discovery would be.
The upshot is that the material itself is still on the Bitcoin SV blockchain, and will be forever unless its node hard forks to remove it. Money Button, meanwhile, has banned the user and scrubbed the account.
It's an abhorrent sign of how technology can enable depravity, a stark warning of how genuinely immutable systems stand to permanently debase humanity, and an excellent opportunity for examining these fascinating issues.
These kinds of arbitrary data injection issues have been a widely recognised problem, although they were still quite an ephemeral and hypothetical problem until now.
There were three parties involved in the storage and presentation of the material, each of which handled a different element of it. By breaking it down into separate components you can see the moving parts of data injection issues, as well as potential ways of handling them in the future.
- Money Button: The service on which the offender initially posted the material. It says it feels obligated to proactively moderate content, and is working to create systems for blacklisting certain blockchain transactions and addresses.
- Bitcoinfiles: A platform that automatically read the data on the blockchain, which resulted in illegal content popping up on its site. It's since take itself down, which is probably a prudent decision given that it was literally hosting child pornography.
- The BSV blockchain: The storage and communication system for the offending data. Technically, all BSV blockchain nodes are now in possession of illegal content. But without the separate tools to decipher it into a human-readable form, describing those chunks of raw data as illegal content is akin to saying a random collection of pixels are illegal because they can also be turned into an illegal image.
What we can see is that even with blockchains, there are still centralised points of access for users which can enforce rules on how a blockchain is used. However, these are reflections of the blockchain's functionality.
In the case of something like Bitcoin SV, you currently can't simultaneously have a high capacity for arbitrary data as well as a tool for automatically posting anything on the blockchain. By removing limitations of what kind of data you can put onto a blockchain, you introduce a new need for screening blockchain data itself.
It's an example of how certain functions might come with unforseen downsides.
A wider angle
In some ways, this issue is a mirror of the wider argument around decentralisation and privacy vs surveillance and control, and upcoming questions around how decentralised exchanges might be a little too good for money laundering.
It's crucial to remember that data can be verbal or written communication (such as plotting a terror attack), money itself (a la cryptocurrencies) or illegal pornography, as in this case.
The question in all cases comes back to controlling the movement and storage of digital data.
Do uncontrollable data storage and transmission systems like public blockchains make the world a more dangerous place? If you can no longer take action against that middle "data storage and transmission" layer, who's responsible for crimes on the blockchain?
In this wider context, this Bitcoin SV incident is a significant landmark for a much bigger debate.
From one angle, this incident is bad news for blockchain, privacy and digital freedom. It's now clear (although, really, it's always been obvious) that there are people who will do bad things with decentralisation, and that a world with complete freedom and immutability will have some stark downsides.
Even if the technology was there, would the world really be ready for true decentralisation and immutability?
But from another angle, this incident played out how many privacy and decentralisation advocates said it should, and highlights some ways of adapting to a more decentralised world.
In an increasingly decentralised and digital world, a suitable vision is one of community self-policing with the assistance of authorities, rather than top-down enforcement. The point is that authorities and communities are typically on the same page, and so should be responding to incidents as partners in crime-fighting. Trying to top-down monitor and control every element of the digital world is wasteful and ultimately futile.
And very, very few people want child pornography, terrorist liasons and similar under their nose, so there will be no shortage of undercover informants, turncoats and whistleblowers. If a legal authority consistently finds itself going against the wishes of the community it's policing, it might be worth thinking twice about the law rather than the community.
And this community self-policing is already beginning, spurred on by unfortunate incidents like this one.
"We are collaborating with other businesses to create protocols and tooling for sharing blacklisted transactions and addresses. BitcoinFiles.org and others are helping to create protocols we can use, including the possibility of writing this information to the blockchain in authenticated way," Money Button said in a statement. "If illegal content continues to be an issue, we can build moderation tools into the blockchain. Businesses and users will be able opt-in to blacklists from trusted businesses and authorities."
"The vast majority of blockchain users are legal and legitimate. Criminals who use the blockchain, like in the real world, are a small fraction of the community who try to spoil something good for everyone else," it continued. "We are committed to making sure the blockchain remains useful to the vast majority of users who do not commit crimes and will continue to improve our moderation policies as needed."
The same community-driven enforcement has been seen in other areas. Most legitimate cryptocurrency exchanges, for example, are self-policing the data in their own pipes and have actually tended to be more strict than necessary. And you really don't have to look very far to see community self-policing in action around exchanges.
Just checked, we were able to freeze some of the funds. I don't understand why the hackers keep sending to Binance. Social media will be pretty fast to report it, and we will freeze it. It's a high risk maneuver for them. https://t.co/i0PeahLzic
— CZ Binance (@cz_binance) January 16, 2019
The advent of technologies like blockchain mean we need to look for new ways of doing things, and these kinds of incidents present an opportunity to see what does and doesn't work as we navigate the shift.
Disclosure: At the time of writing the author holds ETH.