Podcast: Play in new window | Download
Subscribe: Apple Podcasts | Google Podcasts | Spotify | RSS
This week we speak with Becker Polverini of PKC Security:
- Facebook isn’t the only one who knows more about you, than you do
- Don’t let yourself be ignorant: You are the product on the internet
- How much is private data about you worth? Everything!
The McAlvany Weekly Commentary
with David McAlvany and Kevin Orrick
“Cultures are going to have their own domestic players and their own domestic rules about where data is kept, how it is stored, and I think this idea that America would somehow promote its views on privacy or individual liberty through the Internet – that dream is going to be shattered because countries are now able to, essentially, espouse their views on personal liberty through regulation on Internet companies.”
– Becker Polverini
Kevin:We have a guest today, Becker Polverini. He was one of my favorite guests last year. You and I have talked about this growing concern with artificial intelligence, big data, surveillance. We were even joking about 2001: A Space Odyssey. “Open the pod bay doors, Hal.” And the computer responds, “I can’t do that, Dave.” Well, Becker brings understanding to this issue because this is his direct line of work.
David:This last week I went to breakfast with my oldest son. We do a Sunday morning book club kind of a thing. He brings a book that he has read and I bring a book that I have read. This week was Cyberpolitics In International Relations, Nazli Choucri. We had her on the program back in December of 2014, so this has been a topic which has been on our minds from some time – the interplay between cyberspace, international relations, corporate control, the impact from social media into our communities, and ultimately into our own psychology.
And who actually controls the Internet? Who controls the kill switches? How is it being used? There are a thousand questions to be asked that relate to this, and it is relevant. It is very relevant today. It is not even just a 2014 conversation. Here in the last few weeks the Wall Street Journal ran an article titled, “Facebook really is spying on you, just not through your phone’s mic.” We have issues relating to bitcoin in the cryptocurrencies where Bloomberg, just two weeks ago, reported that bitcoin dives after the SEC says that crypto platforms must be registered.
So again, you have this toggling back and forth for who controls what in cyberspace and what are the long-term implications? I think there is none better in terms of the conversation to bring into than Becker Polverini, cryptographer, and, I think, perhaps an admitted geek on these issues.
* * *
David:Becker, just last weekend I went to a friend’s house and had a conversation with a gal named Alexa. She had this amazing Keith Jarrett playlist – I happen to like Jazz – and everything I said she was so responsive to. And then I thought to myself, “Is she listening? Is she remembering even when I’m not directly speaking to her?” What data is allowed to be collected and stored by Mr. Bezos and his gal, Alexa?
Becker:You can just assume everything. If you want an incredible exercise in confusion, I recommend reading the Terms and Conditions, or the ULA, for many of these things. Unless you are literally teaching in a university or a law school about how to write these, I doubt you’ll understand it. I would say the safest thing to assume is that they are collecting everything. Just the reason being that data begins to be increasingly valuable the more that you have and the more of these interconnections you can make.
There is a reason why Bezos makes Alexa and then goes ahead and buys Whole Foods. There is an intimate connection between what you say in your house and what you are going to buy in the store, and what you’re reading. All of these connections between these things that appear disparate in our lives are actually where the real value is in data. I know that Amazon has gone out of their way to say that they are being very hand-wavy about the data they are collecting, in the same way that Facebook does it and the same way that Google does it because it is part of their secret sauce and they’re not going to be transparent about it.
But it is just so valuable listening to what is happening inside your home, a place where even the government can’t do it because of constitutional protection, there is just a huge amount of incentive to listen to it. Alexa does have a beautiful voice, but she also has good ears, so I would recommend being very careful with bringing these technologies into your home, a place, like I said, that has very unique constitutional protection, and we’re kind of just giving it away to free enterprise. But they are giving us free stuff in return, so you do need to make sure you are aware of the trade-off there.
David:My only disappointment in the jazz playlist was that she didn’t have Cologne from the 1970s, one of his best. But I guess I can forgive that.
Becker:Ah! Well maybe what you need is to get the Apple HomePod. You put that in your house and then you’ll get everything – and they’ll get everything, too.
David:(laughs) That’s right – they’ll get everything, too. I want to cover a little of the same ground we did in June of this last year. In case listeners missed that discussion, I would go back and either listen to it or review the transcripts. But just starting with a very broad question, what is the importance of privacy?
Becker:The importance of privacy is actually quite practical, and I think it’s practical probably for a different reason than people expect, and it’s a product of the 21stcentury. And so, what has really happened, and something that people didn’t expect, is that storage has become outrageously cheap. Bill Gates has this famous quote where he says, “I don’t think anyone will ever need more than 16,000 bytes of memory.” And now we know that you have gigabytes and terabytes – huge quantities of memory. So we have clearly exceeded what we thought we would ever need for storage. And why this is relevant to privacy is that it means that data is never getting deleted – ever. So anytime you do anything on the Internet, or any of the data that Alexa is collecting, any of this is going to be kept forever.
Where privacy comes into play is, let’s say, for example, you are in your teens and you look or say politically, or some kind of offensive thing, and you do it because you just don’t know any better. What it means is, maybe when you’re 50 or 60 and running for Senator, this data is still going to be there. So the Internet is forever, and it is only becoming more that way. So in my mind, privacy is not just the right to be forgotten, which is how Europe might define it, I would say that privacy is the right to keep a secret. It is also the right to be forgiven for things like mistakes. And I feel like these are going to become very practical.
I think millennials are actually a generation that are going to kind of miss it because we were in the transition. I think we grew up getting a bunch of free stuff on the Internet and putting it all out there and not really seeing the negative repercussions, but I feel like once we start running for Senate we’re going to start realizing that it wasn’t worth it.
So very practically, that is why I think privacy is important. It has to do more with storage. Something stupid that you said yesterday could come to haunt you tomorrow, and it has just become so difficult to be able to restrict access to things like that. Or not even stupid. Maybe the world will change on you. Maybe you will say something perfectly rational and wonderful, and then tomorrow the world is just a different place.
David:We have seen that a lot with just the way the world has changed since the Cold War. Since the Cold War you have had policies which made sense when you were at conflict, and now you look back and say, “Well, gosh, that was a human rights violation on the part of the United States. We have the convenience of looking back, and we’re not in that same context, so I think you are right, if the world changes, all of a sudden something that was rational is now irrational or racist or politically not correct, whatever the current iteration of political correctness is. Why do you think the value of privacy has been so heavily discounted? We kind of live in a world where, let’s call it an open kimono policy. That’s what is almost expected.
Becker:I think people know they are giving something up. I think people are aware of that, but they’re getting so much good free stuff in return, and I think that is the trade-off that is being made. I think people know, “I don’t know if I really want to be giving Facebook all my data.” But Facebook in return says, “But yeah, I’m going to give you access to this entire global network where you can meet all your friends and you can see what they’re doing, and you can have this virtual community.” People say, “Oh, well those are all good things. You know, I didn’t really need that privacy anyway. Am I really doing anything bad? I guess I’m not. Only the bad people should be afraid.”
The error in logic there is, only bad people should be afraid, but that is a very time-bound definition. The bad people today might not be the bad people tomorrow, and vice versa. But I think the reason why people are okay is, fundamentally, they’re getting a lot of good free stuff. I think it was Tim Cook that said this, but if you’re not paying for it, then you’re definitely not the customer. They’re using your data and selling it to somebody else.
And I think there is so much financial incentive since data is the new oil in making sure that people don’t wake up to this fact, that people are just kind of walking along nicely just sort of giving this up, and getting all this free stuff in return, and not really asking the question, “Well, geez, I’m storing gigabytes and gigabytes of photos in Instagram. Who is paying for all that? Where is that being kept?” It’s just out there in “the cloud” which is kind of floating out there, but people don’t, I think, do the next step of asking the five whys and say, “Well, wait a minute. Why is this being offered for free? Why should I trust them?”
And it’s easy to see why. They use bright color schemes and they have great advertising to try to make them look trustworthy like they’re your buddy, but they’re just another company. And that’s fine, I think people just need to be aware of the trade-off they’re making.
David:Pew research has discussed that the millennial generation is very shortly, in the next several years, overtaking baby boomers in demographic size. How do you think that will impact the public policy debate on data security and consumer privacy?
Becker:That’s a great question. I’m a skewed sample as a millennial. Obviously, being in a cyber security company I have very different perspectives on this. My read is that for millennials every day has been Christmas. Every day is a new app that is free, that offers some incredible service that the world hasn’t known before. So I think that is a large source of the optimism is that every day, every year, every six months a whole new player is coming out that is changing the game on industry X.
So I think once millennials get into more positions of powers, more wealth, I would not be surprised if security gets preferential treatment, I would say national security or economic efficiency gets prioritized over privacy. Because we have grown up in that soup already of that trend, and I don’t think there has been – people throw this around a lot – a cyber Pearl Harbor – that has woken us up to how bad this could be. So I think there is really no reason to stop this trend in the mind of most millennials. So I’m pretty short on privacy getting better as millennials rise up.
I think Gen Z is a little different if you look at some of the demographic information on people that are in their teens about now and how they approach it and how they interact with social. It’s totally different than how millennials do. I think it will be more interesting when they come into the picture because I think the dynamic between millennials and Gen Z fighting over their mutually exclusive definitions of privacy will be pretty fascinating.
David:Do you have any comments on comprehensive Internet regulation? It seems like government remains behind the curve relative to what commercial enterprise continues to innovate? Pros and cons, perhaps?
Becker:Boy, I don’t think that trend is ever going to change. I think government is always going to be slower than tech, and that is just, I think, because democracy involves people that have to agree, so it is always going to take forever, whereas with technology, every 18 months we’re getting twice as fast with the number or transistors on a chip. So I think there is pretty much no solution to that.
What I’m hoping happens is, actually, a change in the types of people in government, rather than regulation. I’m hoping that the people that go into government are more exposed to technology. Maybe they grew up with more of it so they have more of an intuition about how it works than, say, boomers that probably learned typing on a typewriter as opposed to a computer. So I’m hoping that is more of like a generational mindset shift rather than a regulatory one, because I think government will always be behind the eight ball to technology.
David:A couple of questions, and this does kind of relate to government. Apple is moving over iCloud data – that is accounts that are registered in mainland China – they are moving that on Chinese state-run servers. And along with that they are handing over the encryption keys to the Chinese government. Do you have any thoughts or reactions? How does that, perhaps, concern you, if at all?
Becker:It absolutely concerns me. Whatever China does, every authoritarian regime in the world does right behind it. If you look at the trends of other examples of this it is very troubling and it is only going to continue. There are two trends that are happening. The first trend is that since China has 1.1, 1.2 billion people, it’s a huge market. So tech companies that are looking to expand will always be willing to maybe push the envelope in terms of human rights in order to get access to that market. That’s the first thing.
And the second thing we are looking at is an even bigger trend, which is, the balkanization of the Internet. This is a really important trend and I think over the next ten years it is going to be probably the defining trend of what is going to happen to the Internet. The Internet started off as a highly decentralized, highly disorganized, sort of organic connection of computers, and as it scaled up it has now become totally clear that cyberspace is becoming like physical space. There are going to be borders. There are going to be strict rules about the kinds of things that cross these boundaries. And I think we’re going to see this really pick up in the next ten years.
If you look at China, for example, China has done this great tactic of, essentially, they invite a Western company in, that Western company is required to use Chinese systems. Their software and their hardware is completely reverse-engineered. It is handed over to a domestic Chinese player, and then that domestic Chinese player dominates the market through government regulatory pressure on the foreign entity, and they win. And then the foreign company no longer has any financial incentive to try to be in China, they leave, and call it a big human rights victory.
And I think we’re going to see this trend in Russia, we’re going to see it in Europe, we’re going to see it in the United States, where countries are going to have their own domestic players and their own domestic rules about where data is kept, how it is stored. And I think this idea that America would somehow promote its views on privacy or individual liberty through the Internet – that dream is going to be shattered because what is going to end up happening is, countries are now able to, essentially, espouse their view on personal liberty through regulation on Internet companies.
So in China they obviously don’t value individual privacy, they value national security far more, and they are able to impose that by requiring data stored in country. Brazil is doing the same thing. Russia is doing the same thing. And who knows? America might do the same thing. And it is very troubling to me because tech used to be a place where you could have this very sort of open libertarian attitude toward privacy and data protection, and that is completely going out the window as the Internet, as I said, becomes balkanized, and countries begin to reclaim some of that sovereignty over what their citizens are able to do and not do.
David:This raises the question of getting geographic diversification. Let’s say in Russia you want to have a part of your data stored on the east coast and part of it on the west coast. Well, the country is big enough that if something catastrophic were to ever occur you have that geographic diversification and you have a safe place for data. But go to a place like Estonia, very tech savvy, it’s such a small country you really can’t do that.
So the idea of having data embassies where all of a sudden maybe each embassy that Estonia has around the world, or each embassy that Germany has around the world, is sort of its own data backup for all the most important data for Germany, for Estonia, for whatever respective country. What does that end up looking like? Do we end up with the same kind of confusion that we have where you have hard and set rules that apply for everyone in a particular country, but the rules don’t apply if you are on embassy territory? It’s as if you are in a different country altogether. How does that work as we imagine cyber becoming more physical?
Becker:I can tell you the technology is not anything unique, so being able to set up, from a technical perspective, these data embassies, is not technically difficult. This already happens now with data centers between companies and data centers like AWS and Microsoft Azure, like they have solutions for building these in a technical way. I think how it looks from a regulatory or a legal one – that is total mystery. And I think anyone who says they know how that looks is lying to you because as you mentioned before about regulation from government being behind on tech, we saw this with social media.
Social media came into the human consciousness and just exploded like dynamite (laughs). We had the Arab Spring, we had an election that got messed with by the Russians here in the United States, and I feel like something like those data embassies could cause a similar effect. I think that is probably the last straw in the balkanization of the Internet. That, for me, would be the end game.
The end game would be, every country, essentially, or certain consortiums of countries, maybe like how the Soviet Union was technically a collective of countries, you form these collectives where countries that share mutual political leanings form these sort of data embassies. And they form these Internet providers or platform as service providers that agree to the certain conditions that they demand, and then everybody just goes to their respective platform.
I think that is probably pretty close to a combination of what you’re describing as a data embassy and where the tech industry as a whole is headed, and where I think this balkanization is headed. I think all three of those trends would wrap up into something like that. So, if you are not looking for privacy, you want to make sure you can tap your citizens, then you go with all eCLOUD for rolling your infrastructure, which means Russia, Saudi Arabia, and China are going to use all eCLOUD.
And if you’re like, “Well, no, I really just want fast infrastructure, I really only want law enforcement to be able to get it, maybe just the United States would use AWS. And then if you’re in Europe where you say, “No, we have very strict privacy laws, we don’t want anyone to see anything, really, ever, and maybe use some other European provider. That’s kind of the data embassy meets private sector meets balkanization of the Internet. That’s kind of what I think it would look like.
David:Coming back to China for just a minute, Tim Cook’s gift to the Chinese raises issues about commercial monetary interests compromising the safety of those that believed they were engaging with one entity on one set of terms only to have those terms changed. In what ways is this instructive for consumers globally?
Becker:Just because Google has a pretty color scheme doesn’t mean it’s not motivated by financial incentive to maybe work with some bad people. I feel like these companies have very strong brands. Apple has the strongest brand in the world, so people trust them and think they are excellent, but in reality they do have huge financial incentives to work with these regimes in order to get access to more markets or to stay in those markets.
For consumers I think the wake-up call is, you need to make sure if you are using something in a trusted context. This doesn’t have to be everything, so if you’re storing your family photos and that is not something you care about keeping secret, then who really cares? But let’s say you have very sensitive intellectual property, or you’re working with a government agency, or you’re doing human rights work where you aren’t invited. In those contexts, you need to be very, very sure that you are reading the Terms of Service. If you have to go get an attorney on retainer to do it, do it, because it’s worth it.
Thankfully, you and I are operating in a country that has rule of law. We have legal protections for going after these companies for abusing that trust. But let’s say you have a field office working in China. Who cares about rule of law? That’s not going to apply to your Chinese employees. So you have a sort of ethical obligation to make sure that these things that you are doing over the Internet, that you are actually making sure these companies are appropriately managing the relationship with you. And if they’re not, you need to have a stick to be able to punish them.
David:A number of questions relating to blockchain, and maybe I can start with bitcoin as just one iteration and then we could focus in on some of the technology behind it. But let’s say you arrive in the United States, or leave the United States, and you’re supposed to declare the movements of money over $10,000, whether it is cash or gold or other foreign currencies. And it is easy enough for TSA or a treasury officer to find it if you have it. You can’t carry a big duffle bag full of cash around without there being questions asked.
But on a thumb drive, on a computer file – whether it is on your phone, tablet, or laptop, you can sit with bitcoin and have a hundred million dollars and that can float across borders like a mist. So I guess when I think about the positive side of bitcoin or other cryptocurrencies – lowers transaction costs for global remittances, protects individuals against capital controls, it provides a liquid transportable form of capital. But you get to a point where there are certain things that governments don’t necessarily like, whether you are an authoritarian regime or not, the point is no government wants the cryptocurrencies if it includes the quiet movement of money around the world.
But here is my point. If no government wants the cryptocurrencies, wouldn’t it be true that every government may want the robustness of the ledger which tracks all associated activity through time? It kind of goes back to that issue, the private sector innovates, the public sector appropriates, perhaps for very different uses.
Becker:Oh, definitely. I think what you have articulated rightly is the difference between cryptocurrency and blockchain. So I think those two things are sort of munched together very often in the discussions that are being had, but I think you have identified it right, I think. When you talk about blockchain being this immutable, distributed, tamper-evident ledger that is partially adversarial, partially collaborating, can have a trusted source of truth, that is fantastic for some applications in the public sector like voting, or a mortgage. Maybe you want to sell a house to someone and you want it to be forever kept in this record. There are lots of good examples where blockchain can be used.
Cryptocurrency, in my mind, is obviously one instantiation of a blockchain application. That, for me, I’m a little bit colder on. Is this a fundamentally producing good for society perspective? We have had hundreds of years to think about how paper money works. We have had millennia to think about how precious metals work. Cryptocurrency, we are just barely understanding what are the repercussions of this form of currency. How do we want it to work? How does it affect society? We just have no clue.
And the actual original application for blockchain, like I said, was basically to have a source of truth when you can’t trust some of the people at the table. The only reason why money would need to have that property is because you might be doing something that somebody else doesn’t want you to do. And according to our privacy discussion, I won’t use the word illegal or immoral because who knows? You might be doing human rights work and you need to get money into the country to do good work. But regardless, it means you’re trying to move currency when somebody doesn’t want you to. That’s really the only application to ever use something like blockchain.
So when I look at cryptocurrencies, I think we may need to go back to our roots and say, “Well, okay, what was blockchain meant to do? Do we really need a currency that does that?” Maybe the answer is yes, and if it is, then I think there is a bright future for it, but like you said, I think as governments realize, its primary use case is to get around them, I have a feeling it is going to get a little bit more difficult to start transacting in it.
David:On the blockchain side of things, you have the challenging conflict which seems to be the speed and data processing performance within an open architecture versus having security and integrity of data as it flows through the system. Theoretically, blockchain provides more integrity and security. Or is there more to it, from a cryptographer’s perspective?
Becker:Maybe I should start off by explaining – this is going to get a little theoretical, but I’ll try to keep it at ground level. Blockchain was revelatory because it solved one of the hardest problems in computer science. There is an area of computer science called distributed systems, and it is the science of how you get a ton of different computers that are talking to each other that aren’t in sync to essentially stay in sync. It’s a huge area of research. It is obviously enormous now because of data centers and because of a lot of the innovation that has happened with big data, and it only continues to grow.
There was an open problem, essentially, in distributed systems called the Byzantine Generals Problem, and it goes like this. You and 15 of your Byzantine general buddies are trying to seize a city. You need to agree on when you want to launch the final attack on the city. You have a bunch of lieutenants, and your lieutenants are shuffling around messages to the generals to get you all to agree to attack at noon. Some percentage of the generals – and you don’t know who – are colluding with the enemy, and they are going to put disinformation into the system so that some of you attack at 9:00 a.m., some of you attack at 2:00 in the afternoon, some of you attack at noon.
The question is, how do you set up a system so that you know, and you can converge on the right answer of attacking at noon? Blockchain, ultimately, solves this problem, and it is amazing that it does. Because it solves this problem, we are able to do really incredible things that you can’t do with databases. So like you said, there is the performance question, and then the sort of transparency security question. Databases are really, really fast.
So any time somebody says that transaction processing on blockchain is fast, it is still thousands and thousands and thousands of times slower. It is sometimes millions if we’re thinking about something like bitcoin, millions of times slower than just having a database. So no matter how fast it gets, it’s always going to be slower than a database because of all these properties of having to get everybody to agree.
So ultimately, if you’re going to use blockchain, you need to ask yourself the question, “Am I one of these Byzantine generals? Is my use case, the use case where I am forced to cooperate and agree with people that might be malicious?” If the answer to that is yes, then blockchain might be for you. And then the security and the privacy are worth the fact that it takes a lot longer to transact and to agree.
If you’re in a case where there isn’t that, for example, people talk about private or corporate blockchain, everybody is supposed to be on the same team there. It doesn’t seem to me like there is an adversarial dynamic, so it doesn’t really make sense to sacrifice the processing speed for that transparency, in my opinion. If you are a company like Goldman-Sachs and you’re really getting into blockchain, and you’re in the United States of America where there is rule of law, if you find out one of those generals was corrupt you just sue them into oblivion, or you can put them in jail.
And there are other ways that you can enforce that social pressure than with technology. But I think that kind of gets at the root of what blockchain is meant for. Blockchain is meant for getting a database to get in sync when people that are playing in the game can’t all be trusted.
David:Right. So you have Wall Street firms, you have state and government players who are taking an interest in blockchain and it seems part of it is security, part of it is efficiency considerations. But the future implementation of blockchain, you have the public decentralized form, relying on that peer-to-peer interaction and confirmation, getting agreement from the generals so to say.
But then you have the other version of it, the private form, like, say, the Estonian government is using. Where do we begin to understand the evolution of blockchain? Is this just a popular craze that is going to be a flash in the pan and gone? Or is it, whether it is the private version à la what you have in Estonia, or the decentralized form that actually has some life to it?
Becker:I think whether or not cryptocurrency is a flash in the pan is a separate question of whether or not blockchain is. Cryptocurrency, I think, is going to have a traumatic – I won’t say end, but it is going to have a traumatic decline. I think as people realize that it has all these negative properties and being really slow. I think blockchain is here to say, but I think a lot of the applications we see being hyped for now are just that – they are just hype.
So when I think of governments like Estonia and what they are doing, Estonia has been doing a lot of innovative stuff, including even the cryptography they have been putting in their ID cards, and they are really cutting edge in terms of using cryptography in the public space. So I think blockchain is here to stay and I think we will see more applications of it in our lives in any place where fraud is very common, or any place where there is huge financial incentive to lie we will see it bleed in there.
But in terms of things like the cryptocurrencies, really, the only case I can think of is, you’re trying to do something that governments don’t really want you to do, for better or for worse. And there will always be a use for that, so I think bitcoin might stick around, but I would be surprised if stuff like lite coin, for example, were to stick around. It just seems like that space is probably crowded.
I think the jury is out for things like Stellar and Ripple as to, is it really true that banks are in an adversarial relationship with one another? To do ACH and things like that, do we really think of Chase and City Bank as being enemies and they need to collaborate? Maybe that is true. If it is, then there is a future for them, but if people believe that rule of law is sufficient to make sure that they will honest brokers with one another then I don’t think there is a future for it.
David:Blockchain advocates discuss the immutability of the chain, yet isn’t it theoretically possible to change previously written blocks if you have sufficient physical resources?
David:And sufficient may be enormous.
Becker:Well, sufficient is 50%, so if you have 50.1%, as long as you have more than half, you can do it. You can begin to amend and you can force everyone to agree on your unique view of history. Why this is relevant is because the Chinese government actually controlled way more than what they need for bitcoin, for example. I shouldn’t say the Chinese government, I should say Chinese miners, but Chinese miners that are located in the People’s Republic of China that have tight relations with the Chinese government control it. That should be pretty spooky to people that own bitcoin, in my opinion.
But yes, they talk about the immutability of it because they presuppose that you can’t get more than half the people to collude when we already have evidence that there are already pools of people in bitcoin that can form up that make more than 50%. So I think they are right, from a theoretical perspective, to say it is immutable, and they are right in these game, theoretical, thought experiment type situations that it probably won’t happen. But I would argue it is far less immutable than other cryptographic data structures you could use that aren’t as popular as blockchain.
Blockchain is based on this thing called a Merkle tree. You can go Wikipedia that if you’re really curious, but this is example of a data structure that is actually central to blockchain but there are ways to use it that don’t allow you to go back and kind of amend history. That has other undesirable properties, like you lose some of the decentralization and things like that.
But I think their attitude is highly dependent on certain conditions outside of the technology being true, in exactly the same way that we make assumptions about conditions outside of our relationships being true. If I sign a contract with a bank, I assume that the legal system will back that up. In the same way, if I write something into the blockchain using ethereum, I assume that 51% of people won’t collude to undo it. So I think, it is sort of a rose by another name, in my opinion.
David:Back in 2013, Leer Beheck wrote a paper in which he said maybe it’s not 50%, maybe it’s less than 25%.
David:Again, this is totally out of my area, but the reality is, it may not be as secure as people think. And help me here, because I really am a technological idiot. Are we talking about the kind of resources of just sheer computing power? Is it sufficient to buy yourself a nice Cray supercomputer? Do you borrow the Chinese Sunway TaihuLight and have a hundred petaflops of computing power working for you? Is it quantum computing? Or are we talking about having the number of consensus points or contributors to the chain? Help me understand what that 50% or less than 25% is.
Becker:First of all, it depends on the blockchain that you are talking about, the technology that you are talking about. They have different ways of defining that. So bitcoin has this notion of proof of work. There are other ones that have notions of things called proof of stake. There are all kinds of different ways that you can disincentivize bad behavior and try to take over. Generally when people talk about it, and the paper that you are talking about is awesome because you are right, it is way less than 51%. 51% is if you want a surefire way to start rewriting history.
Basically, with about 30% you can effectively shut down the network and keep it from getting consensus, which denial of service, in my opinion, for something like financial services, like being able to push money around, is effectively as bad as being able to start rewriting stuff because you just shut down global commerce, for example, if you had all of banking running on blockchain. That would be pretty terrible. But when they say 30% or 50%, what are they talking about?
Take bitcoin, for example. There is this network that is responsible for maintaining this ledger, and essentially, what you do is, you have to communicate to this network your view of history. So, if you control enough of the network to be able to essentially shout louder than the other person, you can win. For example, let’s say somebody mines a bitcoin and they announce to the network that they have found a new coin, and they say, “This identifier, or this public key, has appropriately discovered this coin.” If you can get more of the network to say, “No, it wasn’t Alice, it was really Mallory who was the one that mined it,” then now that bitcoin is yours, according to the network.
So in certain cases, you don’t actually need a ton of computing power, you actually just need control of a lot of the network, which means you just need to have control of more of the parties of the people communicating in the network. So to go back to the Byzantine generals context, you don’t need the biggest army, you just need to have a certain number of generals around the table. You need to have the generals, not the biggest army, if that makes any sense.
David:Yes. Transitioning back from the larger context of blockchain to the private blockchain and kind of what KSI represents for the Estonians, they don’t have the same concepts of immutability in that private blockchain, do they? I think I knew what the word immutability means (laughs) but now all of a sudden there is the possibility of change which, are we really talking about immutability?
Becker:Yes, I think you have appropriately identified my problem with using the word immutability. It is sort of a probabilistic guarantee, so it is guaranteed to be immutable until it isn’t. That is basically how you can think about it. So for them, in Estonia, what they are trying to do is essentially have this blockchain where they can begin to write their entire legal system into it.
And you know, this makes a ton of sense, actually. I look at this and I think this is a great application of blockchain. This is a perfect example of something incredibly adversarial. You have your laws, you have court proceedings, police – there is a huge financial incentive to say if a mobster, for example, committed some crime to have them rewrite their sentence from 12 years to 12 months. You can see why this would be an adversarial place. It is great that it is transparent. Anyone can essentially – I’m sure they don’t allow this, but in theory, if they wanted to they could open it up so people could review the ledger and see how proceedings went and things like that.
But to get to your point of immutability, again, this only works if, let’s say, 51% of the government in Estonia agrees they want to keep it this way. What if Estonia one day were to have some sort of dictator that gets control of 51% the machines in the network and just decides that he or she wants to start rewriting all the laws. Then it is not very immutable anymore. Then it is just a really bad database.
And that is kind of my comment to people. When you think of blockchain, unless you are in this very specific context of an adversarial relationship, effectively, blockchain is just the world’s worst database – incredibly slow, it can be rewritten when you don’t want it to, and it takes an outrageous amount of computing power to maintain, and it is in lots and lots and lots of different places that you all have to secure and keep track of. It is pretty much your worst nightmare for a database unless you are really trying to solve this very esoteric problem of the Byzantine Generals Problem.
David:So let’s fixate, then, on the KSI and the positive aspects there in Estonia. They’re covering healthcare records, they have property registries. It is a business registry, it is a succession registry. It is a complete digital court record system. They have surveillance and tracking, and they have a catalog of all the laws and regulations and a record of official state announcements. It is basically soup to nuts, the back office of the state.
But transition back to China, what does China or some autocratic regime do? How is it used or perhaps even abused having this sort of comprehensive record-keeping database? Yes, it may be inefficient, but it is very clear what it is. Take it out of the hands of the Estonians and put it into the hands of an autocratic regime, then what does the private blockchain look like?
Becker:Yes, in a country like China these things already exist, they are just not using blockchain to do it. So I guess, for example, I look at KSI in Estonia. Okay, it’s this government blockchain that is stirring all this stuff. Why couldn’t they just have used a traditional database to do it? Since they are the only people that are really allowed to participate in it anyway it doesn’t seem to me like there is that Byzantine Generals dynamic. So it seems like they could have just done it with a traditional database and it would be way faster, way less error prone, way more well understood.
In China, I imagine they just do exactly the same thing. If you imagine this technology falling into the hands of an autocratic government, I imagine they would do exactly what they would do if it were not blockchain. They would just start amending it, they would take control of it, they would shut down access to it, and they would basically turn it into a database again. So I don’t think blockchain provides, really, anything in terms of helping civil liberties here. I am actually really confused why Estonia did it. Estonia, for whatever reason, loves cryptography (laughs).
Becker:It’s actually really fascinating. I’ve got to go visit. I’ve got to see what they put in the water there. It’s like a whole country of people that love crypto. But I don’t really understand why they are doing it. If the government is going to keep all these records, I don’t know why you would use blockchain to do it. I guess for them, they are actually more afraid of what is called the insider threat. In their minds, if you read their documentation on it, they are afraid that somebody like a system administrator or a corrupt local police chief could start amending records.
And that is a real problem that is solved by this. I just don’t know if it is worth it. I think there are other ways to solve it that are arguably more easy to understand, and it is certainly not going to prevent tyranny in any sort of way. So I don’t see China ever needing to use something like this. First of all, they love central control, so they’re just going to use a central database that they only have access to anyway.