The Coin Center – a Washington, DC-based non-profit research and advocacy organization focused on cryptocurrency-oriented public policy issues – has released a new report that identifies how digital currencies can strengthen financial data security and privacy, as well as why regulations should be tailored to preserve the benefits of technology.
Prepared by the center’s Director of Research, Peter Van Valkenburgh, the report defines security as the ability to hide information from all comers and privacy as the ability to shape how we selectively disclose information and how it is used following the disclosure.
The report states financial data security is the ability of people to maintain principal control over the credentials that enable them to participate in financial transactions. Technological breakthroughs in the 20th century, in particular credit cards, have deteriorated security in the name of countervailing virtues: speed, interoperability, universality, and ease-of-use. The report says when security is the goal, by contrast, cash is king.
To conceptualize the difference between cash and credit is to think push versus pull, says the report. When paying for groceries with cash, the customer is pushing value. By paying with a credit card, the customer is pulling value from his or her accounts.
The pull process involves at least four players: the merchant; the merchant acquirer (e.g. Bank of America Merchant Services); card network (e.g. Visa); and card issuer (e.g. Bank of America). Should any of these actors “fail to maintain good cyber-hygiene,” the customer may find his or her private information now extending to a seedy black market, or the entire public at large.
The report notes that recent data breaches at Target, Home Depot, and JP Morgan demonstrate the innate vulnerability of pull-based payment technology. Target’s estimate of losses from its breach is $148 million. Losses from similar security breaches across the American economy are profound, with identity theft costing Americans more than $24.7 billion in 2012, according to Bureau of Justice data.
A digital currency such as Bitcoin gives a consumer the means to reliably pay and provably pay without the use of intermediaries as with a credit card, and cryptocurrency users can exercise greater control over his or her data security, says the report.
However, digital currency is not without its own security risks. The user and his or her devices and online accounts can be compromised and stored digital currency can be stolen. While a credit card company can potentially refund amounts lost by fraudulent charges of an attacker, cryptocurrency is like cash in this instance: it would not be easily returned once stolen from a wallet.
There are two factors that mitigate this risk of loss, says the report. First, the user may decide to hold and use small amounts of digital currency at any time. Secondly, using security technologies native to cryptocurrency protocols can reduce the risk of loss. One example of such technology is multi-signature transactions. With a multi-signature wallet, a user could place fund in a public address that has three controlling keys to enable transfer, and the funds could be locked in that address until two of the three keys are used.
Such a system “combines the consumer protection benefits of legacy credit card payment systems the added security of cryptocurrencies,” says the report. “As with credit cards, there is fraud protection apart from user-self help, and transactions are easy to initiate, requiring only the single user credential stored on the phone. Unlike credit cards, however, security is vastly improved because at no point do third parties have access to financial credentials. Without sufficient keys to effect a transfer, the third parties’ servers never become an attractive target for hackers seeking to steal bitcoins.”
The report says that from the start credit card technology was not set up to a preserve financial privacy in a global and interconnected world, so merchants and payment providers have to spend time and resources to ensure that systems remain secure.
The report offers two examples from currency financial industry practice that illustrate compliance costs. First, chip and pin technology being incorporated into POS systems of many American retailers. Installation of these systems are not cheap, costing $100 million for Target stores alone. Yet these system would not likely have prevented the type of breaches that happened at Target or Home Depot, nor do they prevent fraud or identity theft online.
Second, as online fraud rates rose in the 2000s, Visa and MasterCard started creating a technological anti-fraud solution for ecommerce named the 3-D Secure protocol. This protocol has been in development for years but many claim it has yet to make any significant improvements in financial security for online purchases.
The report says it is surprising that there is still no viable improvement to credit card payment systems developed in the 1960s, despite losing $30 billion to fraud in 2012 alone, and spending an unknown amount capital year after year investing in security systems that have not borne fruit.
Digital currency has the potential to slash compliance costs for securing customer information by fundamentally reshaping the infrastructure, states the report. Digital currency payments do not require storage, even temporary storage, of personal information on merchant servers, allowing merchants to concentrate on offering valuable products rather than accumulating and securing a vulnerable database against attackers.
A merchant who accepts Bitcoin need only receive and keep coins sent by consumers or have access to a service that would exchange payment in digital currency for the local fiat currency. This allows payment networks to be international and interoperable without needing any shared global database of user account data and private financial histories, beyond a pseudonymous ledger.
The report cites New York University professor Helen Nissenbaum’s concept of contextual integrity as a flexible definition of privacy. Defined as contextual integrity, privacy is not secrecy, but rather the control of information, control that can be fine-tuned based on the circumstances of a particular interaction. For example, an employee would not give his or her employer personal medical records but would need to provide a social security number for tax purposes.
This notion of privacy is not served well by existing financial or identification infrastructure, says the report. Unless you want to pay in cash, you’d need to provide your name, mailing address, credit card number, expiry date, and the code on the back of the credit card. Accordingly, the databases of selected merchants and financial services providers are comprehensive lists of customer’s habits and routines. This despite the fact, says the report, that all a retailer such as Amazon really needs to know is if a customer has enough money to pay for an e-book.
Ignoring context and developing comprehensive databases of financial information has costs, says the report. Consumers may forgo transactions (chilling effects) or take costly measures to obscure their identity (cloaking costs) in a bid to maintain contextual identity, meaning to avoid sharing all of their personal information indiscriminately.
Digital currency shows great promise in mitigating chilling effects and cloaking, the report states. Many digital currencies, such as Bitcoin, are not entirely anonymous; they are pseudonymous. All of the transactions of a particular public address – a random string of alphanumeric characters – are visibly recorded on a public ledger, but the name or names of the people controlling that address are not listed. The public ledger provides law enforcement with a unique opportunity, the report says. Law enforcement can peruse the block chain in order to flag only those transactions that seem suspicious and at that point can seek a warrant to use tools that can de-anonymize only those public addresses involved in suspicious transactions.
“By automatically eliminating benign transactions from regulatory scrutiny before any costly attempt at de-anonymization, law enforcement can reduce its own enforcement costs by narrowing the field of suspect addresses in advance of real investigation,” says the report. “This will help law enforcement focus limited taxpayer resources on real threats. Simultaneously, innocent parties can be assured that their privacy is not being violated while their pseudonymous account’s good name is cleared. This also stands in stark and beneficial contrast to the current financial ecosystem, where transaction visibility for law enforcement only comes at the expense of (a) an invasion of privacy of many innocents and (b) the cybersecurity inherent in storing a wealth of personal data across many intermediary services.”
Currently, there is no reason to believe the block chain is, in fact, too prone to revealing the true identities of its pseudonymous users, the report states. The transaction graph can be observed and addresses that feed into and out of one another can be identified as all belonging to one single user. If any of the inputs and outputs of those addresses are traced to a known identity, the entire crypto-dominated financial history of the individual might be attained.
The report suggests one possible solution to this privacy vulnerability is the use of services that shuffle coins between many users, making it difficult or impossible to trace the coin to a previous address. These services pose challenges for law enforcement in incidents where money laundering or other illicit activities are suspected. But some coin mixing services should be tolerated, argues the report.
For example, a digital currency startup might market itself as a legally-compliant anonymization service. Users will be told their coins will be mixed, granting them anonymity on the public ledger but, also, a confidential record will be kept that lists their name and the input and output addresses from the mixing. The user and the service can contract to keep this record confidential except when law enforcement presents a valid warrant.
In turn, law enforcement can identify suspicious transactions, check whether these transactions involved in addresses used in the legally-compliant mixing service, and, if so, seek a warrant to attain information. Coin-mixing services can compete to gain the trust of consumers who worry about privacy abuse from warrantless surveillance by publicly disclosing their responses to law enforcement requests.
“This is the sort of compromise that may inevitably leave both law enforcement and civil libertarians with a bad taste,” says the report. “With such a young and promising technology, however, it seems imprudent to insist that one extreme ideological perspective or the other – full anonymity or full surveillance – should dictate its development. Neither is likely attainable.”
The report says the most promising uses of digital currency and the block chain technology to enhance our privacy is yet to come. The ideal of contextual integrity is a world where people can customize which information they decide to share with which specific merchants or individuals. “This necessarily entails owning one’s information, a difficult proposition when data can be so easily reproduced even without authorization.”
People seeking to prove certain facts of the purposes of an entitlement, say buying drink at a bar or getting a credit card, can be granted a special form of digital property, a token of certification from a reputable third party, suggests the report. Control of these tokens are limited, using public key cryptography, to the holder of a secret key. An individual can present a bartender with a token to prove he or she is of legal drinking age, without revealing a name and address which appear on a driver’s license. Or one could demonstrate with a token his or her positive credit rating in order to get a credit card without having to provide a social security number.
“One way to look at Bitcoin is as a system that allows an otherwise anonymous individual to prove that they have a certain amount of funds without revealing any other personal details about themselves,” says the report. “The same technology could be leveraged to prove all sorts of attributes.”
The report concludes that “policymakers should be aware that cryptocurrencies and block chain technology have this great potential to promote both security, privacy, and the rule of law. These tools already provide enhanced security for simple payment applications and they may, one day soon, offer robust privacy for the law abiding citizens without facilitating illegal activity among the less virtuous.”