Bitcoin Value Questions

Does Bitcoin offer something of value today?  Does it have the potential to be more valuable in the future? Here are some thoughts how you might be able to answer yes or no to these questions.

I.

The first point is a question of how currencies have value. How does the US dollar have value? In a very concrete and practical sense, the dollar is valuable due to legal tender laws, where any legitimate transaction that occurs in the US must accept US dollars as a form of payment. Moreover, US taxes must be paid in dollars. However, that’s not a majority of the dollar’s value.

The US dollar has value because people believe it will be accepted in the future. That’s why the dollar is valuable in countries outside America where users are presumably not under US legal tender laws. Why do people believe it has value? Well partially its derived from the practical points made above combined with the size and scope of the US economy; if dollars are used in the United States, often by legal mandate, and if the US economy is large and vibrant, it will need lots of dollars. The US economy, even if it struggles, won’t be gone overnight, so you can bet in five or ten years, there will be plenty of transactions that need to occur in dollars. There’s also the point that trade with people in the United States mean dollars cross borders pretty easily. This creates a self-fulfilling prophecy; since people know there are Americans and traders who will accept dollars, other people accept dollars too, knowing they will be accepted in the future.

That accounts for the demand side of dollars. On the supply side, there is at least implied trust in the US central bank, the Federal Reserve. This may rub Ron Paul fans the wrong way, but I think it’s somewhat undeniable. People in the US and outside see the inflation track record of the American dollar and agree that it’s unlikely to be really poorly managed. Perhaps that’s just because alternative central banks are even less trustworthy, perhaps it’s because the Fed has a reputation of being stingy about inflation. It’s hard to say. What is undeniable is that the US dollar is widely used and held throughout the world.

II.

Does Bitcoin have a role to fulfill in the market when the US dollar serves as an excellent international medium of exchange and store of value? Yes. Bitcoin is inherently digital, meaning you just need some information, on a computer, in your head, or written on paper, in order to use it. Dollars require a bank, and if international, they require a bank that reports to a local government which may or may not allow foreign currency holdings.

This means today Bitcoin offers some advantages over American dollars in certain situations without any scaling updates to the Bitcoin network that we’ll discuss later. Such areas include international transfers, domestic currency mismanagement, and anonymous transactions.  International transactions because all you need is an internet connection, not a bank or Western Union office. Bitcoin transactions have fees, but they can be lower than international wire fees. Domestic currency mismanagement is Bitcoin’s clearest use case. Venezuela has experienced hyperinflation as its currency is worth less than World of Warcraft gold. Bitcoin has become highly useful as it does not lose its value over time like Bolivars. Bitcoin also saw a spike in India when they unanimously outlawed large denomination cash bills. In another interesting case Zimbabwe actually uses the US dollar (after hyperinflation destroyed the currency last decade), but because they cannot print it, liquid cash is scarce in the country, so Bitcoin is highly valuable since it is more easily imported than dollars.

Finally, Bitcoin is of course useful for illicit activities, such as the fabled Silk Road dark net trading site.  Not much to add here, except to point out that another cryptocurrency, Monero, may actually fill this niche better if you’re just looking for confidential transactions. More on other cryptocurrencies in the final section.

III.

However, if you are in a developed country, it’s unlikely Bitcoin is better than your national currency in terms of ease of use, acceptance by merchants, quickness of transactions, cost of transactions, etc. Certainly people who believe in Bitcoin politically can pay these increased costs and use it anyway, but that’s essentially paying for a political statement.

Bitcoin may be a better long term store of value than a state currency, e.g. the US dollar. It is governed by an algorithm as opposed to a committee. Algorithm changes are difficult and slow, and there is currently a cap on the total number of Bitcoins that will ever be created. If the US hits the Fed’s estimated inflation target of 2%, then the value of any currency owned by residents will halve in about 34 years.  However, Bitcoin is volatile, and buying it as a store of value uses it as an investment. Some Bitcoin investment today is certainly speculation. And if a decent chunk of the Bitcoin price is caused by investment/speculation instead of current usefulness, then a better store of value/investment could rapidly pull the money out of Bitcoin. Perhaps some investment is acceptable, but doing more radical actions, like putting your life savings in something that can lose its value relatively quickly isn’t a good idea.

We should keep in mind that there are people even in developed countries that have limited access to banking and credit. Large commercial banks are notorious for charging fees to customers who specifically don’t have the cash to spare on those fees. Bitcoin may be a way for those with poor access to banks to “be their own bank” and hold their savings securely without needing a national bank. Perhaps transfer fees are too high to make this practical, but at the very least, this is a potential market for Bitcoin, if scaling issues can be solved.

There is one other use case where Bitcoin is clearly superior to even a developed world currency. That would be a tax-free asset and currency. It’s not particularly difficult to purchase Bitcoin and then launder it through another cryptocurrency or through CoinJoin (an anonymization protocol) and make the money untraceable. Assuming Bitcoin’s basic use cases of international transactions and troubled currency refuge continue to grow, Bitcoin offers a big tax haven. I should note, of course, that this is plainly illegal, and I suspect the more tax evasion an individual undertakes, the more likely they are to be scrutinized by authorities.

IV.

We’ve established Bitcoin has explicit use cases and therefore offers value today. We’ve also established that some of these uses cases may grow in the future. What about threats to Bitcoin’s value?

If a significant use case of Bitcoin is illicit transactions and tax avoidance, then I would claim Bitcoin is a direct threat to the state, even in developed countries. As stated in “What is Postlibertarianism? v2.0“, widespread adoption of cryptocurrencies could mean the end of taxable transactions, and possibly the end of the modern state. I’m not interested in making a judgment about whether this is good or bad, but I think the threat to states is undeniable (if still very far away).

The obvious next question: if states have an incentive to stop Bitcoin, can they do it In cases where Bitcoin has solid use cases, as in Venezuela and Zimbabwe, it seems highly unlikely. Bitcoin was built to be censorship resistant; deleting a node does almost nothing to the network, as all nodes are peer-to-peer and you can quickly switch to talking to another node or two or fifty. To shut down a Bitcoin payment network in a country, you’d likely have to shut down access to the outside internet. However, with new developments in the Bitcoin space, even partitioning a country’s internet from the outside won’t work anymore; Blockstream is currently broadcasting Bitcoin blocks from geostationary satellites (yes, really) to most of the world. Their goal is total global coverage. However, you can only receive the blockchain, not send transactions with this technology. So recently, Nick Szabo and Elaine Ou introduced a protocol for sending and receiving Bitcoin transactions (and block headers) over HF radio.

In reality, Venezuela hasn’t made Bitcoin illegal anyway. It seems unlikely that Nicholas Maduro’s ineffective government could substantially threaten the internet. China, while having the Great Firewall and having shut down Bitcoin exchanges, has not made the possession or use of Bitcoin illegal. These technologies are really only a just-in-case scenario. However, if you do live in a country with no internet or interaction with the outside world (North Korea), you still might not be able to use Bitcoin; no internet, no distributed systems, no censorship resistance (although the North Korean government itself uses Bitcoin to avoid international sanctions).  While I have to concede this point, it’s also important to acknowledge that technological advancement has enabled South Korean soap operas to be smuggled across the border; in the future Bitcoin may find a way into the Hermit Kingdom as well.

However, North Korea is one of the worst-case situations. In almost any other country, cheap computing technology and simple internet infrastructure has taken hold in an irreversible trend. And that’s all that’s really needed to use Bitcoin.

…Probably. What if a high trust societies made Bitcoin illegal? What if the United States and Europe made it illegal to own or transact in Bitcoin? I don’t think this is likely, as democracies tend be very slow when it comes to legislation, especially regulation where financial markets can make a lot of money. Moreover, institutional investors have already created legitimate companies in the US and Europe and so there would be lobbying, deliberating, compromising, etc. Japan has already recognized Bitcoin as an official form of payment, and if nothing else, the US making Bitcoin illegal would create an odd situation for American citizens living in Japan and vice versa.

But let’s say it happens.

It’s undeniable that Bitcoin’s value would drop. If you were already using Bitcoin for illicit activity, you might keep using it, but it might expose you to additional legal risk where it didn’t before. However, if you were using Bitcoin as an investment/speculative vehicle or as a way to send international transfers, an illegal Bitcoin is significantly less appealing because it would expose you to legal risk that you wouldn’t otherwise have to deal with at all. Bitcoin’s growth proposition wouldn’t be zero, but it might be pretty grim, and perhaps relegated to country’s with weak state legitimacy (and where widespread mistrust of the state means ordinary activities are criminalized anyway).

However, like I said previously, I find this scenario unlikely. Moreover, the Bitcoin network isn’t just waiting for governments to act, it is constantly under development with a large technical community.

V.

Can Bitcoin scale to take on more roles and use cases? Can it upgrade to become more censorship resistant? Definitely.

One big item we’ve talked about before is the Lightning Network. The idea behind the LN is pretty simple: you can create payment channels by putting some Bitcoin in escrow through a time-locked transaction that is signed but not posted to the blockchain. This channel can be continually updated with new transactions representing different payments back and forth across the channel until the channel closes by posting the final “net” transaction to the Bitcoin blockchain (read more about it here). This uses the blockchain as a settlement layer, and saves on transaction fees since only two transactions are ever posted to the blockchain (to open and close the channel) even if lots of payments occur.

There is another interesting aspect of this technology, which is that you can use a LN channel as an initial hook into a larger network. So if you (Person A) already have a channel open with Person B, you could pay Person C without opening up a new channel as long as both B and C have a channel between them already open. A pays B, then B pays C, and everyone updates their current balances on two payment channels, but no one needs to post anything to the blockchain, so no transaction fees are needed.

This is pretty good for scaling. However, it is somewhat negative for privacy. The most efficient way any Lightning Network will exist is through large central hubs. This is because end users will want to open a single payment channel (since it’s cheaper and ties up fewer funds), so they will want to connect to a hub everyone else is connected to. A hub that doesn’t stay available all the time would be unhelpful if you want to make instantaneous payments at any time, so the trend will be towards large, continuously available hubs. These hubs will also need access to lots of liquid cash as they will have lots of funds tied up in open channels, while also needing to have liquidity available to open new channels at any time.

This will lead to hubs with lots of cash and thus corporate backing. These large hubs will best be able to scale lots of LN instant payments while keeping LN node fees low. However, a central payment hub would have lots of information about its users, users who are using a single Bitcoin address for all of their transactions. Thus each address would have much more information leaked to the LN hub nodes, which you could track across time.

Of course, if you wanted more anonymity, you could just use a regular Bitcoin transaction; any service or individual who has a Lightning address must by definition have a Bitcoin address. This seems a reasonable tradeoff: instant transactions that can be tracked over time vs anonymous transactions that you pay a higher fee per use.

VI.

Another impressive project is Drivechain.  This project would allow for sidechains in the Bitcoin ecosystem. These would be soft-forked in (that means no network split), and these sidechains would not need to impact the mainchain. The sidechain could run its own nodes independent of the Bitcoin chain, although in practice we would expect Bitcoin nodes to watch the sidechains since we would imagine sidechains would only exist if there was significant value added there. The way these work is that Bitcoin would be sent to an escrow account watched by the sidechain. That would allow those coins to appear on the sidechain and be governed by any rules the sidechain wants.

Interesting sidechain ideas include Hivemind (decentralized Bitcoin prediction markets) and MimbleWimble (homomorphically encrypted confidential transactions). Needless to say, there is an enormous amount of potential here. Drivechains would allow limitless innovation, allowing new blockchain rules to flourish while maintaining the network effects and avoiding the coordination failure of multiple currencies or blockchains.

However, there are risks with this approach. One risk is that money stored in the sidechain is sitting in an escrow account on the mainchain. Mainchain nodes don’t have to watch the sidechain, and so if incorrect transactions are posted trying to withdraw money from the sidechain, it’s up to the miners to enforce the correct rules. As long as miners believe sidechains enhance the value of Bitcoin, there shouldn’t be a problem.  But if we don’t get to that point quickly, drivechains could be a short-lived experiment ending in grand theft. I’m hopeful this is not the case though, and sidechains would offer such a massive increase in the value of Bitcoin that several will survive and grow.

VII.

Let’s take a moment to elaborate on the implications here.  The creation of a MimbleWimble sidechain or the addition of the related idea of Confidential Transactions to Bitcoin would be game changers for Bitcoin privacy. Tax avoidance with Bitcoin would become simple, easy, and possibly unstoppable. Combined with improved scaling or the essentially limitless use cases for Bitcoin sidechains, there will be a combination of high demand and availability of Bitcoin with widespread privacy.  Even if governments can continue to collect tax revenues, their ability to combat Bitcoin would be completely diminished.

The interesting corollary is that governments aren’t really getting in the way of Bitcoin. Maybe they’ll crack down on it in the future, but for now there isn’t a lot of indication for heavy regulation. In the US, electoral politics means there will be a deregulatory environment for the next year, maybe three.

Finally, the Bitcoin and cryptocurrency space is not done developing. Sidechains offer the potential to incorporate all sorts of new rulesets and innovation into Bitcoin. The potential here is literally unknowable. For these reasons, I believe Bitcoin has the potential for significant value.

I would also of course like to point out that this is just some blog on the internet so take my advice as policy speculation and not investment speculation. There are plenty of other financial risks to Bitcoin I don’t have time to cover. This includes that if you lose your private keys, your money is gone forever. It includes that there could be an unknown flaw in the Bitcoin code that could be exploited, losing money and crashing the price of Bitcoin. It includes that government agencies could compromise developers and pay them off to put in code that helps to destroy the network. Bitcoin is risky and speculative. The fact that it has a lot of potential does not guarantee that it will have value in five years.

VIII.

A final note on other cryptocurrencies. There are many other cryptocurrencies, and I’m doubtful on all of them for two reasons. (1) If Drivechain is successful, most use cases for other coins will be gone. (2) As it is, even if other chains have cool features, they don’t have the network effects of Bitcoin. Collective action failures mean that better features may be passed over if it involves transaction costs distributed over many individuals; in other words, it will be nearly impossible to get users, vendors, developers, and miners to switch over to a different cryptocurrency. In the long run, we’d probably expect one or two cryptocurrencies to dominate. This may be Bitcoin or it may be something else, but today, Bitcoin is the clear market leader. To bet on another cryptocurrency is to bet against the market and to bet against the large ecosystem that Bitcoin has built. This seems very risky.

Thanks for reading, and if you enjoyed this, feel free to donate to the Bitcoin address on the sidebar!

 


Leave a comment on the official Reddit thread.

Bitcoin Hard Fork Predictions

Tomorrow there is scheduled to be a hard fork of the Bitcoin blockchain and network. There’s a fair amount of uncertainty over what will happen. The hashrate is unknowable until the fork occurs. The price seems to be around 10% of the price of Bitcoin. However, there aren’t too many exchanges that will be accepting this currency, and there are even fewer places you can actually spend it.

I’m going to make some predictions about it to put on record what I think is going to occur and to see how correct or incorrect I end up being.

  1. There will be a Bitcoin Cash block mined before 12 AM August 2, US Eastern time: 80%
  2. The price of Bitcoin Cash at 12 AM August 2, US Eastern time will be <10% of Bitcoin’s price: 70%
  3. The price of Bitcoin Cash on August 5 will be < 10% of Bitcoin’s price: 90%
  4. The price of Bitcoin Cash on September 1 will be < 10% of Bitcoin’s price: 90%
  5. The value of all transactions of Bitcoin Cash around September 1 (maybe averaged over a week?) will be < 10% of the value of all transactions in Bitcoin: 95%

I have mixed hopes for the success of Bitcoin Cash. On the one hand, I wrote previously that if the two factions in Bitcoin split, we could have a competitive market showing which rules were better. However, due to network effects, I still don’t think it could happen and be very successful. Supposing it did succeed though (had a pretty high market price), what would that mean? I suppose it would mean forks would become more common. That might be better for competition, but not for stability of the currency.

Ultimately, the idea that it would be fairly easy to make a successful hard fork of Bitcoin would be pretty devastating to Bitcoin’s health. It would mean consensus doesn’t mean much, it would mean the Bitcoin community could splinter pretty easily, which would therefore mean Bitcoin’s usefulness as a currency decreases as each part of the community would be using their own forked blockchain and coin. Something like sidechains seems like a much better implementation of this idea.

I should probably also disclose that I do not have much faith in the current governance model of Bitcoin Cash, and that does concern me a bit as well. I hope that hasn’t clouded my judgment of the actual technological and economic implications, but only time will tell if my predictions are true.

A Few Thoughts on Bitcoin

I have been aware of Bitcoin’s existence for a while, and while I was excited about it a few years ago, it had somewhat dropped off my radar. Perhaps because over the past few months, Bitcoin has seen a big increase in value, I started to revisit it and analyze it as a technology. My experience has been nothing short of breathtaking.

A few years ago, Bitcoin was pretty cool. I even wrote a paper about it, discussing the huge potential of the technology and decentralized, autonomous transactions could totally upend the banking industry. But back when I first got into Bitcoin, I was also interested in Austrian Economics, which I’m largely over now. Their focus on control of the money supply and dire warnings about the Federal Reserve weren’t really borne out by the rather mundane economic growth of the last few years.

Nonetheless, the Bitcoin community has been working on without me, and it has paid off: you can now use Bitcoin to purchase from all sorts of retailers, including Dell, Overstock.com, Newegg, and more. You can also buy all sorts of internet specific services, which to me seems like the clearest use case. These include Steam credit, VPNs, cloud hosting, and even Reddit gold.

The price has jumped up to over $1000 at the end of April 2017 (that’s over $18 billion in total market value of all Bitcoins), and it was briefly even higher a month ago on speculation the SEC would allow for a Bitcoin ETF. The ETF was rejected, but the potential of the currency remains. And technologically, Bitcoin is far more impressive than it was, most notably with a concept called the Lightning Network.

This technology would allow for instantaneous Bitcoin transactions (without having to accept risky zero confirmation transactions). These transactions would have the full security of the Bitcoin network, and would also likely allow massive scaling of the Bitcoin payment network. Drivechain is another project with great potential to scale Bitcoin and allow for applications to be built on top of the Bitcoin blockchain. It would create a two-way peg, enforced by miners, that allowed tokens to be converted from Bitcoin to other sidechains and back again. This would allow experimentation of tons of new applications without risk to the original Bitcoin blockchain.

Hivemind is particularly exciting as a decentralized prediction market that is not subject to a central group creating markets; anyone can create and market and rely on a consensus algorithm to declare outcomes. If attached to the Bitcoin blockchain, it also wouldn’t suffer from cannibalization that Ethereum blockchains like Augur can suffer from.

Mimblewimble is another interesting sidechain idea. It combines concepts of confidential transactions with (I think) homomorphic encryption to allow for completely unknowable transaction amounts and untraceable transaction histories. It would also do this while keeping the required data to run the blockchain fairly low (the Bitcoin blockchain grows over time). It would have to be implemented as a sidechain, but any transactions that occur there would be completely untraceable.

And there are even more cool projects: Namecoin, JoinMarket, the Elements Project, and of course other cryptocurrencies like Ethereum, Monero, and Zcash. This really makes the future of Bitcoin and cryptocurrencies seem pretty bright.

However, we’ve skipped a big point, which is that most of these cool innovations for Bitcoin can’t be done with Bitcoin’s present architecture. Moreover, the current number of Bitcoin transactions per block has just about maxed out at ~1800. This has resulted in something called the Scaling Debate, which centers about the best way to scale the Bitcoin blockchain. Upgrades to the blockchain must be done through consensus where miners mine new types of blocks, institutions running nodes approve of those new blocks, and users continue to create transactions that are included in new blocks (or else find another cryptocurrency). Before any of that can happen, developers have to write the code that miners, validation nodes, and users will run.

Right now, there is a big political fight that could very briefly be described as between users who support the most common implementation of the Bitcoin wallet and node (known as Bitcoin Core) and those who generally oppose that implementation and the loose group of developers behind it. I certainly am not here to take sides, and in fact it would probably have some long term benefits if both groups could go their separate ways and have the market decide which blockchain consensus rules are better. However, there is not much incentive to do that, as there are network effects in Bitcoin and any chain split would reduce the value of the entire ecosystem. The network effects would likely mean any two-chain system would quickly collapse to one chain or the other. No one wants to be on the losing side, yet no side can convince the other, and so there has been political infighting and digging in, resulting in the current stalemate.

There will eventually be a conclusion to this stalemate; there is too much money on the line to avoid it. Either the sides will figure out a compromise, the users or the miners will trigger a fork of the chain in some way and force the issue, or eventually a couple years down the road another cryptocurrency will overtake Bitcoin as the most prominent store of value and widely used blockchain. A compromise would obviously be the least costly, a chain split would be more expensive, but could possibly solve the disagreement more completely than a compromise, while another cryptocurrency winning would be by far the most expensive and damaging outcome. All development and code security that went into Bitcoin would have to be redone on any new crytocurrency. Nonetheless, Litecoin just this week seems to have approved of Segregated Witness, the code piece that is currently causing the Bitcoin stalemate. If Bitcoin’s stalemate continues for years, Litecoin is going to start looking pretty great.

Obviously it’s disappointing that even a system built on trustless transactions can’t avoid the pettiness of human politics, but it’s a good case study demonstrating just how pervasive and pernicious human political fights are. Ultimately, because cryptocurrencies are built in a competitive market, politics cannot derail this technology forever. And when the technology does win out, the impact on the word will be revolutionary. I just hope it’s sooner rather than later.

 


Bitcoin featured picture is a public domain image.

Leave a comment on the official reddit thread.

Encrypted Communication Apps

I have discussed this idea in the past, but normally I’ve only gotten excitement about encrypted communication from my fellow libertarians and netsec friends. But with the current Presidential situation, there seems to be more interest in communicating without being overheard by the government, even among my government-loving left-wing friends. And this is excellent! Even if you don’t need privacy, by communicating securely all the time, you make it less notable when you do have to communicate securely, and you create more encrypted traffic that other government targets of surveillance can blend into.

First, let’s go over a very quick summary of encryption. If you’re already familiar with encryption, skip down past this section and the pictures to the list.

Public Key Encryption in 5 Minutes

An encryption algorithm takes information, like text, numbers, picture data (it’s all just 0s and 1s to computers) and outputs different text on the other side. A good encryption algorithm will output text that looks randomly generated so that no information can be gained about the source text. That output is then sent out in the clear (over the internet, where people might be spying) to the recipient. The recipient then reverses the process, decrypting the message and getting the original text, numbers, picture data, etc. However, if an algorithm always created the same output data from the same inputs, bad guys could figure out what you were saying pretty quickly. This introduces the idea of keys. A key is a number the algorithm uses to change the output in a predictable way. If both the sender and the recipient have a secret key, they can use their keys and the algorithm to send messages that only they can read (without the right key, the algorithm won’t reverse the encryption):

Symmetric key encryption. Public domain image.

But we can do better! In our previous scenario, we need to somehow communicate the secret key separately from our message. That’s a problem, since we likely are using encryption precisely because we can’t communicate openly. The solution is something called public key encryption. In this system, each person has two keys, one public and one private. To send someone a message, you can encrypt the message with their public key, and then send it to them. Then only they alone can decrypt the message with their private key.

Public key cryptography. Public domain image.

The reality of the mathematics is slightly more complicated, but for our purposes, what matters is how the public and private keys exist in each messaging app. Messing with these keys is difficult and confusing for users, but loss of the private key means communication is unsecured. Therefore, when using encrypted messaging, it’s important to be aware of how the app uses and manages the keys.

The Best Apps

The following is my ranked order of preferred secure communication:

1. Signal. This the gold standard encrypted communication app. It’s open source, free, has group chat, works on mobile and desktop, and of course is end-to-end encrypted. It even has encrypted voice calls. The one significant drawback is that it requires a phone number. It uses your phone number to distribute your public key to everyone that needs to contact you.  Because of this, it offers excellent encryption (requiring no security knowledge!), but no anonymity. If you want that, check the next entry.

2. PGP Encrypted email. So this one is a bit complicated. OpenPGP (stands for Pretty Good Privacy) is an open protocol for sending encrypted messages. Unlike the other apps on this list, PGP isn’t an app and therefore requires you to produce and manage your own keys. The tools you can find at the link will allow you to produce a private and public key pair. To send a message to someone else, you will have to obtain that person’s public key from them, use the software to encrypt the message with their public key, and then send it to them. Because it is so much work, I have this method second on the list, but there is no better way to communicate securely and anonymously. To better distribute your public key, I recommend keybase.io (use that link to send use encrypted emails!). The good thing about PGP is that it can be used with any email, or really any other method of insecure communication. Additionally, it’s open source, free, and very encrypted. 

Both Signal and PGP are very secure methods of communication. The following apps are good, but they are not open source and thus are not as provably secure. They are still better than just using unencrypted methods like SMS text, email, etc.

3. Whatsapp. WhatsApp is pretty good. It’s free, widely used, implements Signal protocol (and requires a phone number), works on mobile and desktop, has group chat and encrypted phone calls, and is encrypted by default. Moxie Marlinspike, the guy who made Signal, the number one app on this list, actually implemented the same Signal protocol on WhatsApp. That’s great, but unfortunately, WhatsApp isn’t open source, so while Moxie vouches for WhatsApp now, we don’t know what could happen in the future. WhatsApp could push out an update that does sneaky, but bad things, like turning off defaults. It’s also important to acknowledge that WhatsApp’s implementation already isn’t perfect, but it’s not broken. If you use WhatsApp, it’s important to make sure the notifications are turned on for key changes. Otherwise, it’s an excellent, widely used texting substitute.

4. Threema. Threema has an advantage in that it isn’t based in U.S., and it’s more security focused than Whatsapp. Threema is fairly feature rich, including group chat, but it isn’t free, it’s limited to mobile, and it isn’t open source. Threema uses the open source library NaCl, and they have a validation procedure which provides some comfort, although I haven’t looked at it in depth and can’t tell if it proves the cryptography was done perfectly. This paper seems to indicate that there’s nothing obviously wrong with their implementation. Nonetheless, it cannot be higher on this list while still being closed source.

5. FB Messenger secret conversations. Facebook Messenger is a free app and when using its secret conversations options, the Signal protocol is used. The app is also widely used but it takes effort to switch the conversations to secret. An encrypted app that isn’t encrypted by default doesn’t do much good. FB Messenger does let you look at your keys, but it isn’t as easy to check as it is in WhatsApp, and since it isn’t open source, keys could be managed wrong or defaults changed without us knowing. It also doesn’t have other features like group chat or desktop versions.

6. iMessage. Apple has done a good job with an excellent secure protocol for iMessage. It’s also feature rich, with group chat and more, but it’s only “free” if you are willing to shell out for Apple products. While Apple does a good job documenting their protocols, iMessage is not open source, which means we can’t verify how the protocol was implemented. Moreover, we cannot view our own keys on the app, so we don’t know if they change, and we don’t know how Apple manages those keys. It is therefore possible that Apple could either loop government spying into their system (by encrypting all messages with an extra master key) or simply turn over specific keys to the government. The amount you are willing to use iMessage to communicate securely should be determined by the amount you trust Apple can withstand government attempts to access their security system, both legal and technological.

Things I have specifically not listed on purpose:

  1. Don’t use SMS. It’s not encrypted and insecure. It would be good to not even use it for 2-factor authentication if you have a better option.
  2. Don’t use email. It’s not encrypted and insecure.
  3. Don’t use Telegram. They created their own “homemade” crypto library which you should NEVER EVER DO. Their protocol is insecure and their encryption is not on by default. In fact, there are at least two known vulnerabilities.

Leave a comment on the official Reddit thread.

Model-Breaking Observations in the Senate

It’s rare when an idea, or piece of evidence, comes along that is so impressive, it forces you to rethink your entire model of the world. The recently released Feinstein-Burr encryption bill has done just that.

It has been described as “technically illiterate”, “chilling”, “ridiculous”, “scary”, and “dangerous“.  Not only are the issues with the bill fairly obvious to anyone with a cursory understanding of encryption, the problems are of such magnitude that it thwarts any attempt to understand the Senators’ actions.  Let’s look at the effects of the hypothetical law.

The biggest issue is that this bill will significantly damage the United States’ national security. We live in a highly insecure world where cyberattacks, both foreign and domestic, are omnipresent. The Feinstein-Burr bill would fundamentally reduce the security of all technology infrastructure in the country. Jonathan Zdziarski in a blog linked above, gives some details:

Due to the backdooring of encryption that this legislation implies, American electronics will be dangerously unsafe compared to foreign versions of the same product. Diplomats, CEOs, scientists, researchers, politicians, and government employees are just a few of the people whose data will be targeted by foreign governments and hackers both while traveling, but also whenever they’re connected to a network.

That’s awful, and even if you have the most America-first, protect-American-lives mentality, weakening American encryption is the worst thing you could do; it literally endangers American lives.

I think there’s also a strong case to be made that this will do very little to combat terrorism. Unbreakable, strong encryption is widely available on the internet for free, forever; if bad people want to use it, they will.  Moreover, terrorism, as awful as it is, is relatively rare; Americans are about a 1000x more likely to die non-terrorism related homicide. And many more “common” homicides occur due to heat-of-the-moment arguments, which means there would be no encrypted messages detailing conspiracies. All this bill does is remove the ability of average, non-technically inclined Americans to secure their data.

And the people whose data will be most at risk will be those consumers who are less educated or less technically adept. Better informed consumers might have the ability to install foreign encryption software on their phone to keep their data safe, but most uninformed consumers just use default settings.  Thus, criminals who try and commit identity theft will greatly benefit from this legislation; they wouldn’t usually bother targeting knowledgeable users anyway, and with security stripped away from phones, it will be much easier to steal data from susceptible users. The people most in need of help to protect their data will be disproportionately harmed by this legislation.

On the other hand, most companies are not uniformed users. They have IT departments who understand the value of encrypting their data, and they will continue to purchase strong security software, even if it is no longer sold in the United States.  Foreign produced software works just as well.  Banning strong encryption will debilitate the American technology sector, one of the biggest and most important parts of the economy.   This will cost Americans jobs and diminish America’s influence on the future of the world, as technological innovation moves overseas.  But this isn’t just bad for Americans; it’s not easy to simply move an entire company or product overseas. There are huge capital investments these companies have made that will not be available in other countries immediately, if ever, and this will set back the global technology industry billions if not trillions of dollars.

So this really begs the question of why Senators Dianne Feinstein and Richard Burr introduced this bill; given their stated obsession with national security, and given the horrific effect this bill would have on American national security, there’s no good way to resolve their stated beliefs with their actions. Here are a couple theories to explain their behavior, and some discussion as to why each respective theory is unsatisfying.

The Senators are actually foreign spies purposefully trying to weaken American national security.  Obviously, if this theory is true, it’s self-evidently very bad that our elected officials not only don’t represent us, but actually represent foreign governments likely trying to harm Americans. Sure it’s quite unlikely since it’s very difficult to become a U.S. Senator at all, and no spy agency would send agents in with a plan to become a U.S. Senator.  Whether they were turned into foreign agents after being elected, I really can only speculate. But it strikes me as improbable. Nonetheless, it is true that this legislation is exactly what foreign security agencies would want to introduce to make the United States more vulnerable.  I was curious, so I checked the constitutional definition of treason as well as the Espionage Act, but it seems that you need to literally give secrets to other people, not just make it easier for them to obtain. But there is that one case where a high ranking official is in trouble for storing documents insecurely…

They’re power hungry politicians. The idea of the Senators being foreign spies is bit far-fetched.  But what know for sure is that they are politicians, which means they chose a career path that would give them more power to change things. Maybe Burr and Feinstein are sick of technology companies telling the FBI that they can’t assist their investigations, and they wanted to put them in their place.  If this theory is true, it’s pretty self-evidently evil; people in power using their power indiscriminately to harm citizens is the exact problem Thomas Jefferson identified in the Declaration of Independence.  Of course, it’s not usually a big problem, because James Madison helped construct a whole host of ways to check the power of government. Of course, the most important check for our situation is that senators are voted in by the people. So as long as people know about this dumb bill, they’ll kick these guys out…right?

Hanlon’s Razor (origin disputed) states that one should “never attribute to malice that which is adequately explained by stupidity.”  This theory would mean that two sitting, highly experienced U.S. Senators are too stupid to realize the ill effects this will have on national  and economic security.  Obviously, congress has to make laws in areas that its members are not always familiar with…but Burr and Feinstein are the chair and vice chair, respectively, of the Intelligence Committee. If anyone knows about intelligence, they do. And Feinstein is even on the Judiciary Subcomittee on Technology, Privacy, and the Law! If even these people are too stupid to understand what the effects of their own policies are, we might as well stop sending representatives to a legislature at all and just have run-of-the-mill uneducated voters pass everything directly through referendum. Sure, they’d have no idea what they’re doing, but apparently neither do Senators!

What I think is most likely, and most terrifying, is that American Democracy incentivizes members of Congress to make bad policy if it’s politically beneficial. With all the aides and staff Senators have, plus the amount of pressure they receive from outside groups, it seems unlikely they never heard about the bad effects of the bill. Yet, they did it anyway. Given they don’t work for law enforcement, there is no Frank Underwood endgame for passing this bill; banning encryption doesn’t directly allow Burr and Feinstein to look at their political enemies’ phones (…probably), just criminals and the police.  So then maybe their incentive was to appear tough on crime and terrorism, consequences be damned. Richard Burr is in a reelection year in North Carolina, so let’s look at the effect this horrible bill has had on his chances to win according to Predictit.org:

Primary was in mid-March, bill introduced in early April
Primary was in mid-March, bill introduced in early April

As you can see, the bill had very little effect on his perceived chances. Now, it could be that voters have already factored in Senator Burr’s position on destroying defending American national security, and he needed to introduce this legislation to maintain his position. But it looks identical to a situation where North Carolina voters couldn’t care less about Senator Burr’s position on encryption, and his introduction of legislation consequently had no effect on his reelection chances. If it’s the former, then we are in serious trouble because our legislative representatives are incentivized to make horrible policies because voters aren’t well informed.  If it’s the latter, then we have to dismiss this explanation and go back to one of the other three.

Whatever the explanation is, it reflects poorly on how the government constructs policy, and it reflects poorly on American Democracy. Moreover, assuming any of those discussed theories are true, they imply massive issues that will be difficult or impossible to solve.  Reforming democracy as many progressives would like, through campaign finance, wouldn’t even address any of these issues; it is the technology corporations and privacy NGOs which have been advocating for more privacy and making unbreakable encryption more accessible, while law enforcement and other government agencies have been advocating for less security.  But as far as I can tell, even they haven’t demanded anything like this bill.  Thus,  more campaign spending by private groups would help, not hinder good policy.

No matter how you look at it, this bill indicates a big failure for democratic government and illustrates the dangers discretionary state power.


Photo credit: Caïn venant de tuer son frère Abel, by Henry Vidal in Tuileries Garden in Paris, France, photo by Alex E. Proimos, licensed under CC-BY-2.0.

Banning Unbreakable Smartphone Encryption is Stupid

At least two states, New York and California, have introduced legislation that would ban smartphones sold in those states if those smartphones could not be searched under request from law enforcement.  This would likely mean no phones would be sold with unbreakable encryption, although I suppose Apple or Samsung could manufacture two types of phones and then just sell all the encrypted ones from New Hampshire or something. These bills are still somewhat controversial, and as it has gotten press coverage, there has been a House bill introduced that would prevent state legislation like those bills introduced in New York and California. Continue reading Banning Unbreakable Smartphone Encryption is Stupid