The implications of cryptocurrency’s quiet privacy revolution
Unbreakable encryption is coming, for better or worse. How should the world make the most of it?
In December 2015, more than a dozen people in San Bernardino were killed in a workplace-terrorist shooting. The attacker's iPhone was recovered, but it was locked with a 4-digit password and would destroy all data after 10 failed log-in attempts.
In February 2016, the FBI announced that it was unable to unlock the phone and requested that Apple write a backdoor for government authorities to open up that particular phone as well as others when needed. After some legal back and forth, the request was eventually withdrawn and a third-party security firm was hired to create a solution. Slightly ironically, it's not known which security firm engineered the solution and how much they were paid. Journalists filed a freedom of information request to find out, but it was declined and the solver remains anonymous.
The incident left people uneasy on both sides of the fence. Law and order enthusiasts were concerned about the average person on the street carrying cutting-edge military-grade encryption in their pockets and felt that Apple was putting profits over public safety by refusing to install a backdoor for authorities.
Meanwhile, privacy fans were glad Apple took a stand, but were still worried that it could hand over the keys behind closed doors and that their right to privacy seemed to be entirely in the hands of authorities and law enforcement agencies, many of which have their own clear records of power abuse and misbehaviour.
The incident ended up spurring a conversation around the right to privacy which was never properly resolved.
The state of encryption
Just a couple of years later (aka now), Russian authorities are asking the Telegram messaging platform to hand over its encryption keys so authorities can monitor communications on the platform, ostensibly to catch terrorist plotters, but the conversation is going very differently.
Telegram said no thanks, and that it couldn't even if it wanted to. In response to Telegram's refusal, Russian authorities ineffectually stomped around the Internet and realised that it's technically almost impossible to block a system that doesn't want to be blocked. Now it has started trying to chip away at distribution pillars like app stores, but finding it to be slow going.
This kind of "couldn't even if we wanted to" defence is going to be increasingly common in the age of decentralised technologies. With the addition of features that mean data doesn't need to be stored on devices themselves, there won't necessarily even be a trail left on phones and computers.
This is accomplished by using decentralised systems to create platforms where the platform itself can stay strictly hands off user data, explains Eric Lifson, CEO and co-founder of Skrumble Network, one such system.
"With Skrumble Network, the entire blockchain and application is community owned and operated, and everyone controls their own data," he explained. "Skrumble Network will have no visibility into user data.
"Storage will be offered to users in two ways. The first is on device — this is where data is stored on the user's device through a direct download. The second is through a proprietary, patented distributed scheme. This allows for data files to be stored in multiple locations. These data files are split using a proprietary algorithm and are encoded using the session key and encryption key that are generated for the user and the given session."
It also takes steps to get around being blocked by firewalls or barred by authorities, by functioning as a kind of communication dapp platform. The plan is for users to create and distribute their own secure communication systems and dapps over the Skrumble Network.
China managed to get in early and bar mainstream messaging platforms before they could take off, replacing them with censorable and closely monitored official messaging platforms such as WeChat. But that monitoring might not be effective if someone runs the program through a decentralised encryption service.
The end result is intended to be a multimedia communication system that cannot be monitored, intercepted or blocked by anyone or anything.
"One of the best things about the project is that we won't be able to be blocked by firewalls, we can assure user anonymity and ensure data and content privacy, truly democratising private communication on a global scale," Lifson said. "The future of communication is blockchain, and a blockchain and application like Skrumble Network's is helping to lead the revolution."
Similar privacy elements are also coming to financial transactions through certain cryptocurrencies, further helping individuals go invisible.
Is it a good or a bad thing?
When asked whether authorities have an inherent right to access citizen's communications to protect them, and what a future of ubiquitous bulletproof encryption might look like, Lifson understandably sidestepped. After all, neither question has any right answer. Instead, Lifson pointed out that the nature of the technology simply means that it's out of Skrumble's hands, and that user communities will have to be responsible for policing themselves because no one else can.
For better or worse, decentralised systems mean "true privacy" is coming to communications and transactions for the first time in the very near future. It's already come, with some hiccups, through Telegram and certain cryptocurrencies, but it will probably start causing more pronounced ripples once it gets more widely used.
For every person using privacy technology to participate in politics without contracting polonium poisoning, there will be a homegrown terrorist enjoying an amateur bomb-making course, or the average person on the street marvelling at how easy tax evasion is these days.
Rather than asking whether it's a good or a bad thing, a more practical question is what are the new pros and cons that these system will introduce and how to best reshape existing systems to accommodate the inevitable.
Community members of the small-name-big-tech privacy coin PIVX have given a lot of thought to these questions. In fact, they might be more tuned in to these kinds of questions than any other coin community. PIVX is unique as the first proof-of-stake privacy coin, which means it can be held as an untraceable interest-earning asset rather than simply being used for one-off transfers the way Monero and others are. As such, it probably tends to attract users who are thinking of privacy on a broader and more ideological societal level, rather than those who just want a private coin to buy drugs with.
Unsurprisingly, most prefer to use pseudonyms.
Balancing the pros and cons
The core argument against universal privacy is that monitoring citizen transactions and communications is necessary for keeping society safely ticking. Arguments against it are largely focused on moral arguments in favour of privacy.
"Innocent citizens should not become victims of the government. Citizens should be trusted until proven otherwise, not distrusted all the time," said PIVX community member "Gets". "It’s no one’s business what you spend your money on, whether they be shameful things or ordinary, it’s a right not to have to disclose such."
Others pointed out that the privacy tech's arrival seems inevitable, but that with a bit of societal adjustment, the benefits can outweigh the downsides.
Simon Fischer (aka Fused_Helios) gives the example of readjusting tax law to accommodate for private assets. As it gets easier for anyone to hide assets, making it so hard for tax agencies to collect taxes that it's not cost-effective to even try, some readjustments will be needed to keep society ticking.
"For taxation, the easiest answer is the adjustment of where taxes are drawn from. Move away from income tax into sales taxes, corporate taxes, etc," he said. "As far as crime goes, they can still follow the money trail. If a McDonalds fry cook is driving a lambo, even if he/she is paid in PIVX, you can still dig and follow the obvious trail."
The argument that bulletproof privacy for all will increase crime may also be a bit specious.
"Crime will keep finding a way, as it always does, regardless," said "Strontium". "The worst that I can imagine is people potentially not paying income taxes en masse, in which case sales taxes go up to accommodate this."
In some ways, it looks like universal privacy technology might actually reduce crime.
Can privacy reduce crime?
There's scant data on how private digital transactions affect crime rates, but evidence to date suggests that cryptocurrency use among criminals actually makes the streets safer and reduces violent crime. Crook-on-crook violence is still crime, and potentially deadly to bystanders. The creation of a safe digital way for criminals to make payments may have already made the streets a bit safer in some places.
It might come at the cost of arrests, but that might be a price worth paying. Crime rates and arrest rates are very different things, and they don't necessarily have a lot to do with each other.
The violent and property crime clearance rate in the USA is dismal. Most violent crime and property crime goes unreported, and even when it does get reported, it tends to go unresolved. Even a cursory glance that very generously assumes that every single convicted person is actually guilty, which they most definitely aren't, paints a fairly unflattering picture of law enforcement success rates.
This is to be expected. Police forces around the world tend to operate stretched to capacity and are simply faced with more crime than can be effectively pursued. It's not a matter of chasing down all leads so much as prioritising the low-hanging fruit and working towards hitting quotas. In extreme cases, these broken incentive mechanisms lead to police knowingly framing people.
Even if some criminals find it easier to go invisible, police will still be just as thinly stretched as always. The worst-case scenario might be a redistribution of arrest rates, without any actual corresponding increase in crime rates.
It might be well worth it if it can help reduce violent crime as well as white collar crime.
White collar crime
In the case of white collar crime, privacy technology will almost certainly do much more good than harm.
Significantly, identity theft is by far the most common type of white collar crime and it's becoming more prevalent year on year, at a devastating human and economic cost. For example, businesses lose fortunes to identity theft involving credit card fraud each year, while victims often suffer irreparable damage to their credit scores with direct impacts on their quality of life.
Here, more secrecy and decentralised identity management systems are not just a good solution – they might be the only solution.
In the case of more conventional white collar crime, such as embezzlement, its prevalence is most closely tied to the general economic situation at the time, suggesting that people mostly do it because they need the money rather than out of sheer greed.
Most people don't commit crimes because most people aren't criminals, not because they're worried about whether they'll get away with it. It's quite possible that making it easier won't have any measurable impact on crime rates.
The flip side of privacy – transparency – can also go a long way to bumping down crime rates.
"A future where everything is secret is not the ideal," Fischer said. "Optional privacy has a far more versatile range. Things like your income, your savings, and your typical spending habits can remain private. Government or even corporate funds can be left public so that the money can be effectively tracked. You can verify that a company isn't lying about expenses or overpaying for basic supplies. The school board's distribution of funds can be tracked for poor decision making or just to get an honest breakdown of what costs so much money. A coin that can operate both privately and publicly has the potential to both enhance individual privacy and institutional transparency."
More transparent business and government finances, where appropriate, could help make the police's job easier by helping embezzlement and similar crimes stand out.
It's also worth laying the human cost of less considered and rarely penalised institutional crimes, such as the violation of workplace health and safety standards, next to the cost of citizen-on-citizen crimes. Preventable workplace deaths (which is theoretically all of them) kill about 50,000 people a year in the US. By contrast, 2016 saw "only" 17,500 homicides across the USA, and that was kind of a big year for murders.
Despite the disparity, almost no law enforcement efforts are focused on tackling the deadly crime of businesses knowingly violating workplace safety standards. On the contrary, the issue is actually being pushed aside through the scrubbing of workplace death data and lax reporting standards, "removing one of the most basic deterrents to unsafe working conditions," in the words of lawmakers. This is one extremely deadly crime that could be directly helped through improved transparency.
Decentralised systems and the arrival of bulletproof privacy technology is inevitable. At the same time, it's also bringing tools for improved transparency. By ensuring that the privacy and transparency sides of the coin are appropriately distributed, society might be able to get the best of both worlds. Running into the hardest core libertarian ideals isn't perfect, but neither is bending the potential of blockchain technology to universal surveillance. The right path is probably to get a range of opinions on this undeniably charged subject, while staying focused on the practical factual outcomes of different options.
Full quotes from PIVX community members
"I think privacy in transactions is something people as a whole feel differently about to governing bodies. To most people, we value our privacy for a few reasons: (the illusion of) control, security (not becoming a target of theft or discrimination for example), maintaining our public face (eg. not openly sharing on taboo topics/avoiding shame). The priority of governing bodies is towards maintaining control, both by monitoring our behaviour, and sapping our resources via tax. We're a communal species, and transacting—be it emotional, financial, teamwork etc—is the basis of our survival. Having control over that is, I feel, integral to our ability to function.
"It was not that long ago that 'pay-packets' were handed out by companies on pay day as literal packets of money. People would do with that cash as they pleased—be it depositing it, blowing it at the casino, anything! All was well as long as they paid taxes. Nowadays many nations refuse to pay you unless it's through a bank, where they can have near-full access to how and where we use our money. Slice by slice our freedom with our money is being taken away from us with things like the patriot act, with the government boiling-frogging us out of freedom under the pretense of security. Crime and tax evasion is nothing new, and is just another excuse to maintain the leash around the necks of the masses.
"I can't see any problem with [complete secrecy]. Crime will keep finding a way, as it always does, regardless. The worst that I can imagine is people potentially not paying income taxes en masse, in which case sales taxes go up to accommodate this."
Simon Fischer (aka. Fused_Helios) says:
"The morality of it all comes down to whether or not the regular, law abiding citizens have to give up their privacy because some people might abuse that. Your financial information can be used by companies to manipulate you, can be used by criminals to target you, and can be used by your peers to pressure you. You as a law abiding citizen do not deserve that. Privacy is needed within cryptocurrency because the alternative is not the status quo. It is the complete removal of privacy.
"As far as crime goes, they can still follow the money trail. If a McDonalds fry cook is driving a lambo, even if he/she is paid in PIVX, you can still dig and follow the obvious trail. For taxation, the easiest answer is the adjustment of where taxes are drawn from. Move away from income tax into sales taxes, corporate taxes, etc.
"A future where everything is secret is not the ideal. Optional privacy has a far more versatile range. Things like your income, your savings, and your typical spending habits can remain private. Government or even corporate funds can be left public so that the money can be effectively tracked. You can verify that a company isn't lying about expenses or overpaying for basic supplies. The school boards distribution of funds can be tracked for poor decision making or just to get an honest breakdown of what costs so much money. A coin that can operate both privately and publicly has the potential to both enhance individual privacy and institutional transparency."
"We already had private money (cash) for a long time. The debate should be, are we ready to give up privacy. Are we ready to let the government require you to register your crypto addresses, let them limit how much you can hold or send, let them decide who you can't send money to? Do you want to provide your account balance and transaction history to anyone you transact with? Are you ready to put that target on your back?"
"I’d say right to privacy of transactions: safety against prying eyes who may come for your money if they see you spend a lot (criminals, people soliciting donations etc.). It’s no one’s business what you spend your money on, whether they be shameful things or ordinary, it’s a right not to have to disclose such.
"Innocent citizens should not become victims of the government, citizens should be trusted until proven otherwise, not distrusted all the time.
"Everyone is already able to [transact/communicate in complete secrecy] through cash/encrypted channels. We’re just making it easier/more accessible. It’s the only means we have left to combat the ever increasing surveillance state.
"Without privacy, we won’t have free speech anymore, just look at China for instance. The stronger a government becomes, the more important privacy is.
"The economy and personal freedom and access to money will actually improve with readily available private transactions. Aml/Kyc is expensive and slow to enforce and harms a lot of innocent people by making banking inaccessible to much of the world's population. When the other option to private transactions results in an industry created to monetize and share your personal information (or lose it), then private transactions protects us from such misuse."
Disclosure: At the time of writing, the author holds ETH, IOTA, ICX, VET, XLM, BTC and NANO.