Bruce Schneier on the Crypto/Blockchain Disaster
It’s a bad year for the reputation of cryptocurrency. The foundation of cryptocurrencies, blockchain, has not faired much better. The IBM Blockchain page promises to deliver trust, security, and cost savings, there are few examples where any of that is true. That assessment might be generous.
While some of the older cryptocurrencies, like Bitcoin, have resolved some security issues. However, the intrinsic value of any currency depends on its reputation for stability, especially when applied to commerce. The volatility of all cryptocurrencies, along with almost weekly stories of stolen wallets, has destroyed that value.
More to the point, a progressive view of cryptocurrency has said that it could be useful for countries with no national currency and limited banking resources. However, El Salvador, which is arguably a power child for such a nation, descended into chaos economically when the country’s government declared Bitcoin to be legal tender. On the plus side, the rapid devaluation of bitcoin a year after the announcement has boosted tourism, but at a severe cost to the general economy
Bruce Schneier, dubbed the “security guru” by The Economist, has been decrying the value of blockchain and all its offshoots for more than a decade. In an interview with Cyber Protection Magazine, he stated. “It’s not secure. It’s not safe, it’s not reliable, it’s not trustworthy, it’s not even decentralized, it’s not anonymous, it’s helping destroy the planet. I haven’t found one positive use of nothing that couldn’t be done better without it.”
It’s not going well, but it’s not going away
“Just because something is stupid, doesn’t mean it can’t exist. We can regulate it and hope we do. But as long as somewhere on the planet, it can exist legally, it’ll exist legally globally. But it’s kind of like offshore gambling. It’s really hard to regulate it, so I don’t see it going away anytime soon. This is unfortunate because it’s helped me cook the planet.
“I’d like to see it heavily regulated,” he continued, “Possibly even banned (in some places and instances). Make it harder to buy and sell cryptocurrencies.”
In spite of that assessment, Schneider also says it’s not going away anytime soon.
Schneier’s interview transcript
CPM—I wanted to talk to you specifically today was the blog post you did back in June about the dangers of cryptocurrency and the problem that blockchain is. Do you still are you still in on that position?
Schneier—It’s been a disaster for years and nothing has happened in the past few weeks to change my mind. It’s funny. I’m doing a seminar on blockchain and cryptocurrency, at the Harvard Kennedy School in Fall, so it’s going to be kind of interesting.
CPM—I always like the idea of blockchain just for the fact that, well, it’s an interesting exercise in coding.
Schneier—But what do you like about it?
CPM—Well, the fact that it’s easier to do bookkeeping with it, I mean, that’s essentially it.
Schneier—It’s kind of not. I mean, bookkeeping is kind of trivially easy. I tend to use Excel for most of my bookkeeping. Why is blockchain easier?
CPM—I don’t know. Like I said, it sounded like an interesting application for it. But the problem is, as you say, it’s not something that there’s no problem for it to solve.
Schneier—I spent a lot of time sort of debunking blockchain. I mean, there’s a lot of I think. Mythos and excitement because it’s new is a lot of stick it to the man and crypto bros don’t fully understand the technology it exists. It’s a thing people are making and losing money. Just because it’s a dumb idea doesn’t mean it’s not real. But when I peel off how it works, what it is, it’s not secure, it’s not safe, it’s not reliable, it’s not trustworthy, it’s not even decentralized, it’s not anonymous, it’s helping destroy the planet. I haven’t found one positive use. For blockchain, it was nothing that couldn’t be done better without it.
CPM—Well, let me give you two.
CPM—Stopping ticket scalping and counterfeiting. Then, there’s a company called Upheaval. They’re using blockchain to obfuscate data.
Schneier—Okay, so what’s that?
CPM—Well, it’s just a way to do it. But here’s the thing. What they do, is they don’t use a (single) blockchain. They use multiple blockchains and each block in the chain has a bit of the data. In order to actually get the full data that you want to steal. Is you have to have access to all the blocks. It’s just an interesting idea.
Schneier—So here we are again. It’s an interesting idea. I can think of ways to do that without blockchain would probably be a better idea. What is the essential thing that blockchain is providing that would be impossible without it? That’s the question to ask. Is blockchain useful in any way? It adds insecurity, It adds complexity, it adds a lot of problems. It’s a frickin’ disaster in every respect unless it does something essential.
This company would be better off not using it. That sounds great using lattices. I mean, these are all from the seventies and eighties. These are all ideas that are interesting. But they’re not blockchains, right? Be careful. If someone uses the blockchain data structure, that’s a hash chain that’s early eighties technology. Sure. That’s useful. Use it. You don’t need to use a blockchain for that. Whenever you see somebody using a blockchain you need to figure out why it is they’re using it. If it’s because blockchain is cool and we want to ride the hype. It’s not a good answer.
CPM—What about prevention of ticket scalping?
Schneier—Why? How would blockchain help this problem?
CPM—You can actually track who is buying the tickets. You can you can restrict them from buying the tickets. And if you apply if you apply NFTs to it, then you’re creating unique tickets. However, when I when I heard this, I was thinking, there’s all kinds of stories about how NFTs themselves have been counterfeited.
Schneier—Yeah, it doesn’t matter. So I don’t know. Tickets have been around for events probably thousands of years. Lots of ways to prevent scalping. None of them use blockchain. All of them are good. All of them are similar. The question is there any problem in the history of mankind that blockchain is needed. Scalping is not an unsolved problem. So it’s worth knowing what these blockchain people think has been impossible before. Now I’m being a little bit pedantic, but this is important.
The technology is full of hype. Lots of people say blockchain this blockchain for that, and rarely do they ever stop and say, Can we do it another way? It is never the case that someone says, I have a problem like I’m a ticket issuer and scalping is a huge problem over blockchain can help. That never happens. What happens is someone says, I have a blockchain, let’s see what I can do with it. Oh, ticket scalping. I don’t know anything about that. Let’s use blockchain. And that is the way it goes.
And it’s unfortunate. It’s a lot of hype here. But I guarantee you that this ticket scalping blockchain measure doesn’t do any better than other methods. Blockchain is like a disaster on top of a disaster. It isn’t going to help. I mean, we can track ownership of digital objects well before blockchain. Yeah, this hasn’t been a problem. This hasn’t stopped digital audiobooks and movies and all these systems. Sure, there are insecurities. There’ll be insecurities in the blockchain. It’ll probably be worse. So, you know, I see a lot of applications and none of them have any essential property. And this is important where until now we couldn’t do the thing, but now blockchain exists and we suddenly can do it, not even ownership of digital objects. We can buy and sell digital objects all the time and it just makes that worse and harder.
CPM—Okay. So how long do you think we’re going to have to deal with this bullshit?
Schneier—Probably forever. Just because something is stupid doesn’t mean it won’t exist. Right? Bitcoin is a currency. It’s a disaster as one, but it has value. People are buying and selling and people are losing money, making money. We can regulate it and I hope we do. But as long as somewhere on the planet it can exist legally, it’ll exist legally, globally.
It’s kind of like offshore gambling. It’s really hard to regulate at the user end. You’ve got to regulate it at the casino end. So I don’t see it going away any soon. This is unfortunate because it’s helping cook the planet. But we can make it harder. I’d like to see it heavily regulated, possibly even banned, and that will remove a lot of the legal uses of it. It’ll make it harder to buy and sell cryptocurrencies, at least safely. No way to do it safely really is. We have exchanges that kind of don’t actually buy and sell the cryptocurrency. But it’s here. It’s a thing, right? It’s a currency that’s not regulated by a government, which is its own set of problems.
CPM—That’s supposed to be a benefit.
Schneier—I don’t know. I mean, the fact that if you forget your password, you can lose your life savings and you can’t go to any court is not a benefit to it. That’s the reason why governments issue currencies (and) why wildcat banks have been illegal for 107 years. It is not just because governments are mean and want to control. It’s because it’s really good reasons. What? You don’t want individuals minting money. You can’t just toss away all those centuries of banking regulation that really know what you’re doing.
CPM—What about smart contracts?
Schneier—The contract where you make a typo when you lose your life savings? Yeah, I hate that. That seems dumb.
CPM—I’ve wondered about it because a smart contract is, number one is legal terminology. So you can get a lawyer that can help you with the terminology.
Schneier—And if he makes a mistake, there’s no recourse.
CPM—But even beyond that. To make a smart contract, you need not only a lawyer but also a coder. And if the coder doesn’t write the contract according to what the legalese did, you still don’t have any legal recourse because that’s the contract.
Schneier—So this is the problem. The reason we have judges and adjudication is that people make mistakes. Things change. Human beings are messy. It’s you not only need a lawyer and a coder, but they both also need to be perfect. The contract is flawed and there is no recourse. Lots of times people go to court because someone made a mistake and the courts figure it out. That is not a bug. That is a feature.
Now, the notion of contracts that automatically execute, that’s a good idea. And they exist in the financial world all the time. You can put lots of buy and sell orders into the system that happen automatically. And there have been problems with that. There have been some pretty catastrophic where someone puts in a typo and it’s and there’s a mistake, but at least that is backstopped by a human legal system. So we can have smart contracts without blockchain to be better automatically executable things, but you don’t want to remove the human adjudication system. So putting them on a blockchain is a frickin disaster. I would never recommend anyone to do that for anything because if you’re not perfect. Know, we’ve seen this. We’ve seen hackers find little bugs in smart contracts and then steal all the money. And what happens? They started all the money. That’s all you get.
CPM—I wish I could get you actually to give me a strong opinion on this.
Schneier—I know it’s bad out there, but I am doing the class and I’m going to have people who disagree with me as guest speakers, etc., to Harvard Kennedy School. So it’s not about the tech, it’s about the policy. And I think I’m going to talk about that. We need to figure out how to craft policy around this. As much as I can complain, it’s not going away.
So we need to figure out: Is it a commodity? Is it a currency? What do we do about wildcat banks? Unregulated securities? Ponzi schemes? Sort of all the financial fraud that has gone into cryptocurrencies because there is no regulation? How do we keep people safe when they try to buy and sell cryptocurrency? Because if we’re going to buy and sell cryptocurrencies, if you are a little second slower than me, I can steal all your money. And that’s not safe for you or anybody. How do we build infrastructure to make it safe so that even though it’s a dumpster fire, it’s being used, and we can mitigate the damages? If you hear anything interesting about a blockchain application? You let me know. And then we can dissect what it is, what the blockchain is doing, what it’s not doing, how it works, and whether it’s better or worse. You remove the blockchain. I mean, this is the real analysis and we can do it if we have a system to pick apart.
CPM—All right. Sounds good. I think I’ll do that. Thank you.