26 Dec 2018 c.e.
Blockchains Against Evil, Impressions

Takeaways from a blockchain ethics conference I attended earlier this month, Blockchains Against Evil

I attended a day-long conference/seminar earlier this month, that pulled together a bunch of people in the 'blockchain' space to talk about trends in the industry, especially around security and lawlessness.

The Event, Specifics

The event itself was held in a rented conference space off Divisidero, in San Francisco. There were about 30 people in attendance, if I had to guess. Most everyone who attended worked or invested in the 'blockchain' space. There was a good mix of job types and roles: programmers, investors, company-runners, cypherpunks, non-profit directors, etc. I knew a few people from the Internet, but most were new faces.

The day was split up into a bunch of round-table talks. I honestly can't remember most of the themes. I took notes, but I've since misplaced the notebook. I'm planning to write up a longer piece on the insights the discussions gave me that specifically related to privacy and secrecy and how cryptography and the state interplay in this, but that piece is far more ambitious that I have the time or inclination to reason through now. Much like my lost notebook -- it'll be dug out later.

Themes and Thematics

Instead, I'll leave you with a short overview of the most salient points that were discussed. Most of these are a paraphrasing of other's points and ideas. I take credit for only the spotty transcription.

  • Crypto has provided a secure mechanism for ransomware makers to get paid. The global nature of the web plus Bitcoin's ubiquitous reach[1] mean that ransomware is truly a viable attack for anyone who's got access to a Bitcoin wallet. This is all of you. Another lens to put on this one is that it's put a premium on securing networks of valuable data. If your data being inaccessible makes your work impossible, it's likely only a matter of time until you're a target for a ransomware play.

  • While ransomware has placed a bounty on your databases, Bitcoin and other Proof of Work currencies have placed a directly calculable value on a computer's CPU cycles. Previous hacking rings have focused on skimming credit card numbers[2]; the past decade has seen more and more viruses that aim to steal compute power rather than credit cards or identities. That's because they can make money by stealing computation cycles and your power to mine crypto. I'd be curious to see stats on how the rise of ASICs has affected the profitability of botnet miners. Bonus points for an analysis that includes the impact of the recent price drop on said profitability.

  • Personal security is hard to measure. There've been several high profile cryptocurrency and 'blockchain' project attacks recently that involved getting a phone company to port a target's telephone number to a new SIM card, giving the attackers access to their SMS two-factor authentication backup codes. The general advice for avoiding this sort of problem is to ask your phone company not to port your number without being provided with a secondary PIN number or the like; others at the conference had switched to Project Fi, Google's phone service, for the express reason that they don't have a customer support telephone number. (Personally, I already use Project Fi). More generally speaking, there seemed to be generally an interest in hiring a hacker to do a personal security audit. If you or someone you know runs this kind of a service, let me know. I'd love to hear more about what kind of people you work with and what your price point is for an individual investigation.

  • Demand for decentralized services historically has been rather complex, if not a bit on the weak side. Often, they crop up as alternatives to more centralized services when a core user group is pushed off of the more centralized services (i.e. music and film piracy, right-wing punditry, and most recently sex work with SESTA/FOSTA[3]). As difficult as it is, it's pretty wild to imagine existing in a fully decentralized world, one where no one has the power to deplatform anyone else. It's hard to imagine a world where everyone runs their own decentralized server, a la the Urbit dream. Curation and searchability seem like they'd be particularly high value services in this kind of world. It definitely would be heading into 'pure free speech' territory, of the likes we only dream of currently but also remember folks that while speech may be free, slander is still illegal.

  • Personal anonymity. What right do you have to decide who and what can see where your money is going? I've got a lot of unfinished thoughts on this that I'm hoping to put up later in a separate piece. If and when I do, I'll update this to link to it.

  • Closely related to that, do anonymous payment networks breed demand for dark market goods? I'm talking about child pornography and buying hitmen for untraceable cash. I think the recent Epstein revelations[4] points towards no, vice isn't necessarily driven by access to invisible money. Honestly, if anything it's moving illicitness from the cash economy to the digital economy. Cash is largely untraceable. If you lose it in a fire, it's gone. In some ways, this is oddly similar to problems with keeping private keys and wallets safe for digital cash. But I digress. To what extent has a traceable money supply kept people exercising base desires that a lack of traceability now enables? Again, I think this is smaller than we suspect, but maybe I'm wrong. If anything, I think dark money and dark Internet (Tor) have made buying illegal drugs and child pornography much easier than they were in the past, but does ease of use drive volume? These things are still illegal. I'd love to read a study on the impact of digital darkness on illicit good trade, though I imagine hard numbers on this are hard to come by.

In Exitus

Digital money has created huge new opportunities for criminals and privacy lovers alike. I feel like the cat's largely out of the bag with the existence of digital money systems such as Bitcoin and Zcash (and Grin soon!). I'd love to see personal and institutional privacy and security become both more widely understood and practiced -- though at its core this problem involves an even greater investment into even basic computational understanding.

Will we, as a society, be able to educate ourselves fast enough to protect our systems and selves against the rising tide of spying nation states and exploitative hackers? I guess we'll find out.

I really enjoyed spending a day hearing about the in's and out's of blockchain ethics. I'm really grateful that there's people in SF who want to have these conversations, and went so far as to organize a space where we could discuss them. Huge <3 to all the organizers and other attendees that made the day incredibly worthwhile.

[1] By Bitcoin I really mean any value-acknowledged cryptocurrency.
[2] See the story of The Iceman
[3] A lot of this discussion hinged on the stuff John Backus has been digging up lately, I really like his article on Music Piracy
[4] The man basically ran a prostitution ring for wealthy and well-connected men, from a cadre of underage women that he developed. Miami Herald has the story.

#blockchains #conference-swag #impressionism
<< >>