Guest User

July 8, 2022

Understanding Crypto

Understanding Crypto 6: Bruce Schneier: Security, Trust, and Blockchain

Guest User

July 8, 2022

Understanding Crypto

Bruce Schneier is an internationally renowned security technologist, called a “security guru” by The Economist. He is the author of over one dozen books—including his latest, We Have Root—as well as hundreds of articles, essays, and academic papers. His influential newsletter “Crypto-Gram” and his blog “Schneier on Security” are read by over 250,000 people.

He has testified before Congress, is a frequent guest on television and radio, has served on several government committees, and is regularly quoted in the press. Schneier is a fellow at the Berkman Klein Center for Internet & Society at Harvard University; a Lecturer in Public Policy at the Harvard Kennedy School; a board member of the Electronic Frontier Foundation and AccessNow; and an Advisory Board Member of the Electronic Privacy Information Center and VerifiedVoting.org. He is the Chief of Security Architecture at Inrupt, Inc.

Picture credit: Erik Nilsson

Welcome back to another episode of our limited addition Crypto Series on the Rational Reminder Podcast, a weekly reality check about sensible investing and financial decision-making. Are cryptocurrencies and the associated technologies beneficial? Could they change the world for the better? There is a lot of controversy surrounding the use and application of cryptocurrencies and the associated technologies. Some say the innovation is ultimately useless while others think it is the answer to society’s problems. To help us unpack this complicated and hot-button topic is Bruce Schneier, an internationally-renowned security technologist, author, and educator. The focus of his work is the intersection of security, technology and people. Bruce also has an immense passion for educating people about cryptocurrencies. Examples of his well-known books include Liars and Outliers and Data and Goliath, which provide much-needed insight to readers about DeFi technologies and big monopolies. He also lectures in public policy at the Harvard Kennedy School and is a fellow at the Berkman Klein Center for Internet and Society. In our conversation, we discuss the debate surrounding cryptocurrencies such as privacy concerns of digital cash, what makes Bitcoin different from earlier digital currencies, aspects of public blockchain technology, the misapplications of crypto technology, the different forms and approaches to cryptocurrencies, and whether DeFi technologies can be beneficial to society, and what the biggest concerns are regarding cryptocurrencies. Join us today as we take a detailed look into the value and drawbacks of crypto and DeFi technology with Bruce Schneier!

Key Points From This Episode:

What the objective was of early digital cash projects, like DigiCash. [0:03:27]

The privacy concerns associated with digital cash. [0:04:45]
Whether financial surveillance should be a concern for people. [0:05:45]
Differences between Bitcoin and earlier forms of digital cash. [0:08:35]
How good technology is at solving economic and political problems. [0:09:30]
Details about the pieces that come together to make public blockchains work. [0:10:29]
Why Bruce considers proof of work to be an idiotic way to form consensus. [0:13:43]
Whether alternatives to proof of work resolve wasteful energy practices. [0:16:01]
The new properties that public blockchains offer. [0:17:04]
We find out if public blockchains do what their proponents say they do. [0:17:37]
The claims that crypto proponents make regarding blockchain are discussed. [0:19:29]
We discuss the misapplications of crypto and DeFi technologies. [0:20:23]
Outline of the systems of trust that humans use to incentivize good behaviour. [0:23:26]
Whether cryptocurrency technologies will become secure and trusted. [0:27:49]
Reasons for the perspective ‘code is law’ from crypto technologists. [0:30:02]
Whether ‘one CPU, one vote’ is how blockchains are working in practice. [0:31:35]
We discuss other ideas and emerging technologies in the crypto space. [0:33:24]
If government intervention is needed for crypto technologies and currencies. [0:36:21]
How cryptocurrencies can be included in the mainstream financial system. [0:39:06]
Bruce shares his opinion on the future of NFTs for artists to be able to capitalize on their creativity. [0:40:08]
What the potential impacts of crypto technologies on younger generations are. [0:43:48]
How blockchain erodes moral and reputational incentives to act responsibly. [0:45:26]
Ways in which cryptocurrencies can help people who are ‘bankless’ and avoid high bank fees. [0:46:13]
Break down of a real-world scenario where blockchain is being used in an alternative way. [0:49:00]
Bruce tells us whether Bitcoin is suitable as a global currency. [0:50:55]
The message that Bruce hopes his students will take away after his class. [0:51:59]
If the government is beginning to take regulation of cryptocurrencies seriously. [0:52:43]
What aspects, if any, excites Bruce about cryptocurrencies. [0:53:04]
What Bruce’s biggest concerns about cryptocurrencies are. [00:53:43]

Read the Transcript:

So Bruce, you've been around this stuff for a long time. I want to start by asking you about digital cash. What was the objective of early digital cash projects like DigiCash in the 1980s?

So this is really David Chaum, who's trying to create digital cash. The thing about cash that is unique is that you can't double spend it. If I give you a piece of paper, you have the paper and I don't, but if I give you a bucket of bits, you have the bucket of bits and I do also. So he's trying to create using cryptography a system where we can move ownership of buckets of bits to create not necessarily cash, but a scarcity-based economic environment, and cash is the obvious application for that, but you can imagine others.

So that's what he's trying to do, and that's what digital cash is. David Chaum had a series of papers in the '80s in cryptography conferences. He had a company DigiCash, and that is what he's doing, and he was successful. It did work. The company was not successful, but the math, the cryptography certainly was.

So the scarcity piece makes sense. The other thing I picked up from reading your book and reading Chaum's papers is that he was really worried about privacy. Can you talk a little bit about that aspect of digital cash?

So digital cash is private in the way that cash is private and, no, no, credit card transactions are not. So there isn't a third-party that knows about your financial movements. It's a little sloppy because, certainly, if I give you money, you know I know if we deposit it, withdraw it from the bank at times you can correlate things, but he's building a system where there isn't a central third-party that keeps track of all the transactions, and a credit card would be an example of not that. That's a system where the bank has a ledger of all the transactions that I made and all the transactions that you made and knows how the money moves.

Okay. Now, I've read your book, Data and Goliath. How big of a problem do you think financial surveillance is today, the fact that the credit card companies and the banks have all of our transactions?

Yeah. I'm not sure it is a problem. So there's a lot going on here. I think we need to unpack, especially when the libertarians start talking about financial privacy and what it means. Financial movement is not the same as speech, as conversation. The amendments on free speech don't necessarily transfer to freedom to purchase, freedom to spend. I think there is value in financial privacy to some extent. There's also great danger because financial privacy leads to financial fraud.

Now, if you can be secret in your financial transactions, you can engage in all sorts of fraud, and that's bad, and that's bad for society. So when you look to balance things, I mean, so Amazon has some financial privacy, right? When I buy something from Amazon, of course, Amazon knows just like if I buy it from you you would know, but there's no other third-party that knows what I purchased, knows what books I bought.

Now, if we use Chaumian digital cash, we use credit cards, it's the same thing. Of course, the authorities can subpoena Amazon and ask them in both cases what I purchased, but there is some financial privacy. Maybe if I go to a grocery store, maybe the same thing. So there is value financial privacy, and I want people to be able to buy and sell things, possibly, I don't know, sex toys would be an example of someplace you want people to have privacy, books they want to buy and read, other information they might want to get. We might want privacy in who we support.

Again, I'm going to make this up. There's someone I support. Maybe they're a relative of mine. I don't want that public, right? That's a perfectly reasonable request, but there are a lot of dangers. So I am not as absolutist on financial privacy as I am on conversational privacy. Even there, I mean, we can talk about conversational privacy also leads to stalking and harassment and lots of bad things where we're now trying to balance.

Yeah. That's really interesting. The idea of having money that can exist outside of government's, completely outside of government's view on all circumstances is not necessarily on net a good thing for society.

It's a dangerous thing. I think we are more secure because things are known about financial movements, less individual and more organizational, and that is, hence, an important difference, I think.

Yeah. That's very interesting perspective.

So what do you think made Bitcoin stand out versus earlier attempts at digital cash?

Bitcoin, Chaumian cash needed a bank. What Chaumian cash didn't have that Bitcoin had is the complete decentralization, right? It used peer to peer verification. All of Chaumian transactions was through the bank. If I had got a coin from you, I had to send it to the bank and get it back before I could spend it again, and that was the difference. I know, I mean, so why did it take off? Because of stick it to the man libertarian crypto bros is why it took off, but why it was technically a success is that. What Nakamoto solved was the peer-to-peer part.

You've mentioned libertarians a couple of times. I want to take a bit of a step back and ask more generally, maybe even stepping away from cryptocurrencies, how well does technology typically do at solving economic and political problems?

Oh, it's terrible at it. You knew the answer before you asked, right? We do not solve social problems with technology. Technology is a tool. It's an important tool. It's a valuable tool, but you do not solve social problems with technology. I mean, this is a universal truism.

Why do you think then that that's such an important part of the, back to cryptocurrency now, why is that such an important part of the discourse when it's being promoted?

Because wouldn't it be great if we could?

Right.

Wouldn't it be great if you didn't like politics and you could just invent some piece of software and suddenly you've made a difference, you don't have to vote, you don't have to campaign, you just do your thing? It is a techno-libertarian dream to be able to subvert politics, search for policy, subvert society in that way. I think that is the main undercurrent of blockchain and cryptocurrencies, 100%.

Can you talk about the pieces that come together to make public blockchains work?

So I think this is important. I teach blockchain here at the Harvard Kennedy School. So I give classes in how all this works. So I'm, in a sense, teaching cryptography to people who didn't take math in college, which is a thing. So I talk about blockchain. I make something clear. I probably make it clear a couple times. So I'm sure it'll come up again that by blockchain I mean public blockchains.

When you hear about permission blockchains or private blockchains, those are actually not blockchains. Those are systems that use the blockchain data structure, and that's so what. Data structure was around the '70s. It's called the Merkle Hash Tree. Feel free to use it. Write only ledgers from the '60s, feel free to use those. For it to be a blockchain, which is Bitcoin, Ethereum, any of the public blockchains, actually needs three very distinct aspects. It needs the ledger, right?

This is a way of saying what happened and in what order. It is singular, it is centralized. All transactions are on that ledger. It is also distributed in that lots of people have copies of it, right? So decentralized, centralized. It's both. It's public. Anybody can look at it, and it's immutable. It's right only. That's where the math, the hash chain makes that possible. So it is a centralized, distributed, public, right only ledger of what happened. So that's the first thing you need.

The second is a consensus algorithm. We have all these copies of the ledger. We need to make sure they're the same, and that means you can have a distributed system where you don't have to trust any particular node, and because you can decide which node you trust, it could be you. This is a theory, almost never happens in actual practice, but blockchain allows for that. So blockchain as a consensus algorithm is actually the most expensive computationally consensus algorithm the world has ever seen by a lot, really idiotic way to do consensus, but it is what we got.

The third thing you need is a currency, some sort of digital tokens that have value, and you need that because, otherwise, you don't have the incentives to create the ledger, make sure all the different copies are accurate, allow people to add things to the ledger. All of that requires someone to do the work and the currency is the incentive to make it work.

So those are the three pieces. If you don't have those, you don't have a blockchain, and this is the genius of Nakamoto's invention. Getting these three things to work properly is what he did. The pieces aren't new, but getting it working was, not obvious, not intuitive, brilliant.

You mentioned proof of work being an idiotic way to form consensus. Can you expand on that?

Proof of work is basically wasting electricity that we call mining, which is doing useless computations on computers, on networks of computers in order to create new coins. It's necessary because you need to pay the creation of these new blocks, but it is very expensive. I mean, right now, Bitcoin is half percent of all electricity consumed in the world, and it's designed so you actually can't make it better by making it more efficient because it's designed to be wasteful. If it is more efficient, it becomes more wasteful.

So the waste is part of the process, which is nutty. You can't fix this with energy efficiency. You can't fix this with clean energy, right? Bitcoin is calibrated to produce one coin every 10 minutes. If energy got suddenly 10 times cheaper, it would equally suddenly cost 10 times the energy to mine a new Bitcoin, right? There's no such thing as green crypto. This is important and it's necessary, right? Mining is essential and it has to be expensive. Otherwise, you can have people pretending to be other people, what we call civil attacks. It has to be profitable. Otherwise, no one's going to do it.

More important, there has to be a way to convert cryptocurrency into real money. You think about miners. They're spending money on electricity. They have to pay with cash. They have to pay with real money. So in order for this to work, there always has to be a buyer for every new coin minted. There always has to be someone who believes that the numbers will go up, and a cryptocurrency requires speculation in order to function. If it's being speculative, it wouldn't actually work because the miners couldn't get paid for the mining, they'd stop mining, we could never have transactions.

Now, the other consensus approaches or mechanisms, I don't know what the language is, did they fix any of that? If we say, "Well, hey, we're going to go to a proof of stake," like what Ethereum's been saying, does that solve it?

Well, so here's a good point because they've been saying it for years and they haven't actually done it. So I think it's easy to say, "We'll go to proof of stake." So proof of stake, for everyone else, is instead of this proof of work wasting electricity, we're going to set up a governance mining system where those who have the biggest stake get to do the thing. So it's basically you who has the gold makes the rules, which is a crappy governance system. Don't use it, but it does work. There are examples of it. It is not clear it works well at all. The fact that Ethereum can't get it to work for them and they are the only successful blockchain that if they did it would be a big deal I think demonstrates that it's much harder than you can just hand wave and say, "We're going to move to proof of stake."

Okay. You mentioned blockchain, not public blockchain, but the blockchain data structure, that's old technology, but you also mentioned that there was some genius in what Nakamoto did. What's new? What are the new properties that we get with a public blockchain that didn't previously exist?

Yeah. It's putting that all together. It's putting together the ledger, the consensus algorithm, and the mining to allow this transfer of value peer-to-peer without, as Chaumian cash did, going through the bank after every transaction.

Okay. So the new property is the peer-to-peer value transfer.

Yes, and that is what Nakamoto solved. We can talk about later whether that's a problem that needed to be solved, but that's the problem we solved.

So in practice, do public blockchains do what their proponents say they do?

What do their proponents say they do? Sorry. Probably say all sorts of crazy things. So which particular things are you referring to?

I mean, I think that decentralization is a big one.

So slow down. Decentralization is a word. Blockchain do decentralization a little bit, kind of. What do you mean by that? I mean, actually this is important because blockchain proponents say lots of things. They make grandiose claims, and they're almost never looked at in detail, and it's important, too. So we moved from, "Does blockchain say what people say it does?" which means nothing to decentralization, which means almost nothing. So let's go further. Give me a thing that blockchain proponents say that it does and then we can talk about whether it does that or not. We need to be specific.

Immutability. Are blockchains immutable?

Yes, and that's not new or interesting, but yes, right? Blockchain is a right only ledger, right only data structure I think around from the '60s, and they are valuable and useful.

Can we talk more about why decentralization is not meaningful because I think that is one of the, my understanding is that's one of-

It is meaningful, but it's right now a word. Does blockchain do decentralization? I know what do centralization means? I need more specifics in the word. There are parts of blockchain that are decentralized. In practice, it's a lot more centralized than people think. There are three or four exchanges, a couple of wallets. Mining is highly centralized. There's a singular ledger. There are multiple copies of it. That's decentralized that can, in theory, be lots of players and practices tend not to be. So it's a mixed bag. So I need to know what you mean by decentralized before we can really talk about it.

All right. I'm going to flip this question back on you then because you have much more expertise here than we do. Can you talk about some of the claims that you've seen crypto proponents make about the public blockchain?

Oh, God. No, I don't. I mean, there's so many and they're so weird and often they just blaze over. We talked a little bit about some of the decentralization versus centralization properties. They don't eliminate trust. They'll replace trust with math, and that's ridiculous. They are highly centralized. They're actually not anonymous. That's a common myth. A lot of the FBI takedowns of Bitcoin fraud are examples to show that they are less anonymous than you think. I have someone coming to my class in fall, who's from an injustices financial crimes division who works on blockchain-related crimes. It'd be interesting to have her speak to my class.

Wow. That would be very interesting. Okay. So given what we were just talking about, have you seen any misapplications of this technology?

No. I think it's an odd question. I think there is no actual application. So every application's a misapplication. So I'm not sure what you meant by that. You probably didn't want that answer. I know. Actually, this is not even controversial on computer security people. There is no actual use case for blockchain that every application is better off without it.

That's the answer to the question. That's-

It is. So blockchain does do this digital cash. I look at it and say the only uses for it that can't be done another way are buying and selling illegal goods. Sadly, child porn is one of them, illegal goods that don't have a physical instantiation and ransomware. Ransomware would not be possible without Bitcoin. I mean, you know this. For any kind of kidnapping, watch any TV show or movie, the dangerous part is the money handoff. So Bitcoin makes that possible.

You can't use the normal financial system. Go to your bank and try to wire 50,000 to some account in Russia. You will be blocked. You will not be allowed to. So because cyber criminals are locked out of the financial system and suitcases full of $100 bills are really, really heavy, Bitcoin, blockchain is the only way to make ransomware payments. So you eliminate it and ransomware disappears and not going to happen, but it would now. Similarly, the child porn market.

Now, we're doing better there because it is not as anonymous as people think, and there are ways to unwind the financial transactions involve in child porn, but they can be hard, especially for smaller amounts, and the criminals, a lot coming out of Southeast Asia, are very agile and smart. It's the consumers that live in the US and the UK and are stupid.

It highlights that on net the censorship resistance is not a good thing. I mean, those are two pretty, pretty good examples.

Yeah. It's a plus and a minus. We have to figure out how to balance it. I think we're learning that with speech as well, that all of the harassment and bullying and real psychological crimes are a lot against women because of anonymous, secure speech. It's actually very detrimental to society. We need to figure out how to balance that with our very real requirements for anonymous free speech. How do we do both? It's not easy or obvious, but the current system is pretty terrible as well.

You talked about trust earlier and we were talking about whether the claim of trustlessness is true. Can you talk a little bit about the systems of trust that humans use to incentivize good behavior?

So I wrote a book on this, I don't see it on my shelf, sadly, called Liars and Outliers, that talks about how trust works in society, and a very complex system of trust that involves people and groups of people and are innate psychology and some technology. Nothing doesn't rely on trust. Nakamoto famously wrote in his 2008 paper on Bitcoin, but as a sentence, "We have proposed the system for electronic transactions without relying on trust." That's just not true, right? Bitcoin doesn't eliminate trust. It eliminates certain intermediaries, but you have to trust Bitcoin.

Now, it doesn't actually even reduce the cost of trust. It shifts it around. If you think about it, blockchains are three-sided markets, the buyer and the seller and the miner. The miner makes buying and selling work, and the miners are paying the cost of trust in a proof of work system. It's very expensive, right? It consumes enormous amount electricity, but that is a trust payment.

Now, you need institutional trust because while, in theory, Bitcoin might be distributed trust, you have to trust the wallets, the exchanges, the software, the operating system, the computers, and all of those things, and people need to be in-charge. Now, if you think about Ethereum, they want to move to proof of stake. They're human beings governing the system outside the system, making that decision. Changing the Bitcoin block size has been a disaster because there isn't a human governance system.

There have been hacks. DAO is an old one. There are others where human beings override the rules to return the system to a good state. You always need to be able to override the rules. You always need to be able to make permanent rule changes, and that requires governance, that requires people, that requires trust.

Bitcoin has to have that in the same way Visa has to have it. You can't not have it, right? You can't have a system where if you, I don't know, forget your password, you lose your life savings. That's not a trusted system. Any blockchain system has to operate with the conventional financial network. It can't be separate. You need to be able to turn money into Bitcoin and Bitcoin into money. It can't be completely separate. That interface has laws, has norms, has a trust architecture.

So a classic story, Steve Wozniak, there've been others, but this is one of the first stories that got public, he's buying something with Bitcoin, and I think he's actually turning it into cash, and he gives the person the Bitcoin, the person gives him the money into his bank account, and then withdraws money from the bank account, right? There's no way to fix that. Wozniak has out the money because there's no recourse, unlike if you and I are going to exchange currency through the normal banking system, you defraud me, I can get my money back, right? You sell me something, you don't deliver, I complain to eBay's dispute resolution or to my credit card. Lots of ways to deal with that because human beings who don't trust each other need a trust intermediary to engage in transactions, and Bitcoin claims it does away with it, but it actually doesn't.

Huge amount of scams out there involving betraying trust. I mean, try. Go onto Twitter and write, "Can someone help me with my Bitcoin wallet?" and you'll get lots of people who offer to help you, but they will basically get you to turn your money over to them. That's the way the scam works. So it's a disaster in terms of trust. I would not want anybody who I cared about to use this for any kind of value because it is so dangerous. It is so untrustworthy.

So are you saying there is no chance that this, call it platform, can become secure?

Nope. Generally, when you see a blockchain application, eliminate the blockchain and then it becomes secure, whenever you see a useful blockchain application, the non-blockchain parts that make it useful. Now, blockchain just makes it worse. It's more complex. It's more dangerous. You just don't have the good properties you might need. I mean, there are times where you might need the data structure, and these are the private blockchains, blockchains for marketing purposes only, but the real public blockchains, I have not seen one application. I don't think anybody has.

I was talking to a reporter last night because I wrote something about blockchain on my blog a week ago, and he's asking me about these space. So what does he say? Something like, "People I talk to say they know there's an application here somewhere, they just haven't found it yet." Now, that's funny. It's been what, a decade? If you haven't found it yet, maybe it actually isn't there, but there is this belief that this must be useful for something. I think the answer is no.

Just to make this real simple, this is because there are, in the world, good people who need help, who lose a password, for example, and there's bad people who want to rip other people up, correct?

No, no. It is because blockchain is fundamentally untrustworthy because it tries and fails to replace people and human systems with math, an Ethereum contract. Do you actually want a contract where if you make a typo, you lose your life savings and there's nothing you can do about it? There's a reason contracts are written in English by lawyers and judges adjudicate disputes. Removing that system does not make anything more trustworthy. It makes it much less trustworthy. Even worse, you have to be an expert in programming and law to sign an Ethereum contract because a mistake in either one, you lose your life savings and there's no recourse.

You're in this world, in the culture of technologists. Why do you think that's used as a selling point for crypto? For Ethereum code is law. Why is that a selling point?

Because libertarian crypto bros. I mean, stick it to the man, stick it to society, we're going to do our thing, we don't need anybody else. That's what it is. It's insane that that's a selling point, and watch why you see nobody real using them for anything because they're probably lawyers, look at it and said, "Are you mad? You want to guarantee that there's, A, no programming mistakes and, B, no legal mistakes, and if there is, there's nothing you can do about it?"

I want to keep going on that. In one of your books, I think it was one of your books or a talk or something, you talked about how the quality of software in general. So when we say code is law, okay, take that. In general, is software-

It's really that law, right?

Is software well-written and secure, generally?

It was terrible. It can be. It's just not. This is stepping back from blockchain, but in general, that it's economic, that writing secure code is expensive. It's extraordinarily expensive. In most cases, it's prohibitively expensive with the exception of the space shuttle, which even then isn't perfect. We've had satellites. We've had them. We had two Mars landers fail because of software bugs. There, what? We spend an enormous amount of money and time and effort and code review to make sure that software is accurate, let alone secure. So no, we don't know how to write good code.

Yeah. That's fascinating. We talked earlier about how I didn't do a good job defining decentralization. Satoshi-

I know. I caught you early.

Satoshi, I think, partially defined it at least as one CPU, one vote. In practice, is that how crypto blockchains are working?

It's not. So mining is highly centralized exchanges, and because blockchains are so efficient, a lot of Bitcoin transactions aren't really Bitcoin transactions. They pretend they are, but they're not. So I mean, this happens for stocks. If you are a big stockbroker and one of your clients buys stock, you often don't just buy it. You have some stock and you yourself record who owns it. It's called buying it on the street, and it's just easier than engage in the actual Wall Street on the floor shouting or however they do it on computers these days, exchanges of stocks.

A lot of cryptocurrencies are the same, and that's one of the reasons why when the companies go belly up, you can't get your money back. You don't actually own what you think you own, right? The company just pretends you own it, which is great if things are going well and disaster if things are not.

So it is much more centralized than people think. I mean, there are aspects of this. The ledger is decentralized. There are multiple copies of the ledge. Mining could, in theory, be decentralized. Mining has become such a profitable operation that you have centralized miners, and a surprisingly few number of miners control most of the Bitcoin mining and Ethereum and the other cryptocurrencies.

For some of the ones that are lesser, it's so bad that they'll engage in fraud because if you have a majority, if you own majority of the mining, you can engage in fraud. There are cryptocurrencies where you hit below that threshold and then the miner steal all the money. Of course, there's no recourse because that's the way we built the system.

Yeah. We talked in an earlier episode for this crypto series with Igor Makarov, who's an economist at LSE, and he's got a fantastic paper on money concentration. Very interesting.

It's dangerous because we require that decentralization to work, but what we know about society is power centralizes, and that's what we see in Bitcoin, the fact there are only a few exchanges because exchanges are hard and popular ones get more popular, same thing with wallets or computer operating systems. So centralization will always creep back in. I think that if it's going to creep back in, you want to be explicit about it. You want to know what it is and control it instead of pretending it's not there, then when you get it, you're screwed.

What about web3? Again, I keep saying that you were there for the early part of this and you were. You were there for the early internet. Is web3 redecentralizing the internet?

So web3 is a buzzword. I think decentralization is good and valuable. I think one of the biggest problems we have is centralization monopolies and decentralization is great. Blockchain is only one way to do decentralization. It's probably the worst way. Now, email. Email is a great decentralized system. Unlike SMS or Facebook Messenger, you can have any email reader on any server and you can send email to any other email address, right? It's wholly decentralized. It's great. That's decentralization and that's working well.

So people who are working on decentralization along those lines, I think it's very important. I think of this as a centralized web conference that happens in California. That actually happened this year. The pandemic stopped it. There's lots of ways to think about centralization. I think it's really important. Centralization of Facebook, of Amazon, of Apple, of Google is a disaster for society, for the economy. It is bad.

We're now trying to force Apple to give up its monopoly on its iTunes store to allow people to load software onto their phone like they could load software onto their computers. The same. They are fighting it, of course, because their monopoly is very profitable, but it'd be valuable to get rid of it.

If we had systems of messaging, which are not like Facebook Messenger, which are close ecosystem but more like email, where my message system can talk to your message system. We had that in some of the primitive systems before Facebook and Instagram and Twitter took over messaging. No need blockchain for any of this. It would be really valuable.

Decentralized commerce. Centralized so many things would be incredibly important. I think it's the one thing we can do to, to use the term broadly, fix the internet. It is the thing that would cascade and fix so many things to get back competition and innovation and neuter the monopolies.

So by we, I assume you mean government intervention?

No other way.

Wow. Okay.

This is Corey's big point. Monopolies don't just amass money, monopolies amass power. Monopolies take money, use that to generate policy, to create more money, generate more policy. It's that feedback loop, where that's enabled by money in politics that allows monopolists to launder their money into policies that give them more money. When you watch this, watch if Apple does manage to kill the bill that will force them to open up their iTunes store. If they did, they are converting monopoly profits into laws that protect their monopoly profits.

So you can see one heck of a collision coming up between libertarianism around crypto and government regulation, obviously. How do you see this playing out?

Well, hopefully, I mean, ideally, blockchain just disappear. It's not going to happen. Too big, too global. What we need to do is regulate it. We need to bring it into the financial network. Just because something stupid doesn't mean you have to ignore it, right? So we need to treat cryptocurrencies as currencies, right? You're going to have Nick Weaver on and his phrase is that, "Cryptocurrencies are speed running 300 years of financial fraud," and they are. Everything illegal in the financial world is happening on the blockchain, right? You've got your Wildcat banks. You've got your Ponzi schemes. You've got your unregulated securities. You've got your unregulated commodities. You've got your outright frauds. It is all happening, and innocent people, naive people are losing a lot of money. I mean, it's a joke how much money is being lost and stolen.

So we need to get those systems under the financial network, the same rules that apply to normal financials need to apply to blockchain ones. Libertarians will hate that, and it's too freaking bad. I mean, you don't get your playground. I think that's starting to happen. I mean, some states are regulating it, and the federal government is looking at it. I wish it would happen quicker because people are losing money. The website for this is, I think, it's web3 is going great, where you can go on and just look at the billions of dollars that have been stolen this week, every week.

Yeah. It's sad to watch that number go up, unfortunately.

Sad to watch them, right. Actually, it's sad to watch the crash. I take no delight in the crash. There are lots of people losing money they can't afford to lose in this crash.

So how can it be included in the financial system? Because this thing, it's built as a libertarian technology by its construction.

It still has companies. There are exchanges. There are US companies that are exchanges. It's not the technology. It's like saying, "How do I put credit card terminals on the financial network?" You don't. You put Visa on the financial network. Who cares about the technology? It's the companies. It's the people.

Right now, there's a single check box on the US tax return, "Do you own cryptocurrency?" You need to expand that. How much? Let's see a 1099. Let's see an actual form of what you own and who and where it is. Now, you now have financial rules that exchanges have to follow, and wallets have to follow in the same way that if you're a stock exchange, you have to follow certain rules. Why is it different? So don't think of the tech. Think of the human institutions. That's what you regulate.

I want to ask you about NFTs. What do you think about the future of NFTs, especially for recording artists to be able to capitalize on their creativity without being part of the centralized iTunes or some other Spotify type platform? Any thoughts on NFTs?

So that's stupid on top of stupid because remember, anything the NFT does is not the NFT part. When you talk about music, when you buy an NFT, what do you buy? I'm asking you a serious question.

I guess your own certified proof that you're at a concert or some of digital art, I'm guessing.

You're buying a proof that you're at a concert. Okay? Probably lots of ways to do that. How is that helping the artist? I'm an artist. I sell you a ticket. You come to the concert, you enjoy yourself. Now you have proof. How is that better? Okay. We can imagine it's better. Right? You have some souvenir.

Yeah, instead of buying a T-shirt.

Lots of ways I can give you souvenirs. Why is this way different?

I don't know. Maybe if a 20,000 people go and they spend, I don't know, five bucks on some sort of NFT, maybe it's an extra revenue stream for the artist.:

Well, maybe they come and go and spend five bucks on some non-NFT in this additional revenue stream. What's the NFT part that's valuable? So this is weird, right? NFT is basically a URL that's on the blockchain, that the blockchain shows that you own. Doesn't mean you own the art if the URL points to the art. Doesn't mean you own the music if the URL points to the music. Doesn't actually mean anything. It could mean those things. That is a separate contract.

Now, I don't need the NFT, right? It is not the case that from the history civilization until now artists have been unable to sell their work and now suddenly they can. The NFTs are a Ponzi scheme. That's what pretty much all they are. It is not actually clear what you're buying. It's a right. That URL that is on the blockchain that says that you own could point to a different song, a different piece of music, a different piece of art, nothing later. It doesn't convey any actual ownership rights, especially not copyright. It actually isn't clear what you're buying.

So you have all the risks blockchain like client side hacking, buggy smart contracts, web content disappearing, the whole speculation. There's nothing here. The fact that it crashed so hard, I think people realized it that it really was just a Ponzi scheme. Now, Ponzi schemes are great if you're the second most stupid person, right? Ponzi schemes are only bad if you're the stupidest. The trick is how do you know if you're the second most stupid person because you're at the line. There is nothing an NFT does that a non-NFT can't do, simpler and better.

I mean, the problem with Spotify is non-NFT. It's that Spotify's a monopoly. You have 50, 100 different music systems. Suddenly, it's a different ecosystem and artists are going to make more money because there's going to be competition. The fact that it's a monopoly is why artists are being screwed, not because it's not an NFT. Now, some artists actually do sell music directly to customers. They don't need NFTs. They can just use normal commerce, and that works fine. I mean, just like me selling signed copies of my book, I could go through Amazon, I could go through a bookstore, I choose not to so I capture more of the revenue. I don't need blockchain for that.

What has been the impact with so many of ... Like my kids or young 20s. Many of their friends are into crypto. None of them that I've met can actually articulate anything about this, and you can tell that-

Which is is interesting right there, right?

They're just lapping this up unbelievably. You look at the Robinhood trading app or as an example, right? People arguably speculating with this kind of stuff. What's been the impact on a generation do you think of this experience?

Yeah. I don't know. I think these are the people being taken advantage of, especially Robinhood. The people making money on Robinhood are largely the big institutions who are capitalizing on the herd mentality because they are the faster, they are the smarter, they have more capital. They're able to hedge. They're able to do things that kids these days are not. I worry that there's going to be a lot of money lost, but you're right. The people who expound these things can't articulate what's going on. They just know it's a mania and they want to be part of it, and they see people who make money. So it's a little bit like gambling, right? A lot of people go to Vegas and get rich. A lot more people don't. So you go in optimism and on average, you don't make a lot of money. Betting against the house is always a mistake. That's why they're the house.

Right. The comment Cameron made about people lapping it up, I find that fascinating because it's true. All of the narratives, which we had trouble articulating earlier, but whatever is said to support crypto, people, just some people very easily lap it up without a whole lot of basis.

It's just like people think Bitcoin is private. It's not. Now, you go to the ledger, you can see the transactions, and all it takes is one mistake where you link your email address to a public key and you're forever known, and this is how we unravel criminals.

Do you think that the ... I want to come back to trust for a minute. We talked about web3 is going great and all the frauds and stuff that are going on. In your book, Liars and Outliers, you talk about the moral and reputational incentives to act in a way that is responsible and good. Do you think the pseudonymous nature of the blockchain reduces that or takes them away?

So we know that even out of blockchain. Just think of social media and harassment. When people are anonymous, some portion of us act much worse, act far more moral, far nastier, engage in behaviors that we would never engage if our names were attached to the things we are saying, and that does seem to be true. So it would make sense that we would engage in behaviors with currency. Nobody's going to buy child porn if their name is attached to their transaction. You're not going to buy it on Visa. You're only going to buy it if you think then you are anonymous.

I have a different question for you. One of the arguments that I've heard a lot about the benefits of Bitcoin is that it will help the world's bankless.

So there are things that help the world's bankless, and if you look at some of the cash transfer systems, the PayPals, and Venmos, Alipay, M-PESA, those do, and they're really valuable. They don't use blockchain so they're better, but systems that allow the bankless to move value. There's one, I forget the name of it, that is basically cellphone minutes that are traded. These are really important, especially in the third world where you have people who are either bankless or don't have a bank anywhere near them physically, and need to be able to move money and are afraid of being robbed.

So those systems are great and they tend to be ... There's some big ones. They tend to be local. I mean, they work in certain countries because they really optimize for those citizens' needs, and they're often by a company like Venmo. So yeah, I mean, those are really important systems. You don't need blockchain for any of that, and you're better off without blockchain costs. Now, you can make it efficient and more secure and more trusted and more trustworthy, and you get all the good things without all the dangers of using a blockchain.

What about the other one we hear, which is the outrageous bank fees to transfer money around? I've heard an argument up to 8% to transfer money to say a relative overseas.

Yeah, and that again, I think, is monopolies. So yes, we can use Venmo for that, right? Much reduced transaction fees. You hear about credit cards. Matt Greene made this point in a blog post, "Why are credit card transaction fees so high?" You look at it, and the reason is that pretty much everyone paying attention gets 1% back, either in cash, frequent flyer miles or some other points.

At least.

Right. So credit cards, the way the ecosystem works is they're a middle class subsidy that the poor pays. This is a disaster. The poor will more likely pay in cash. It's the same price. I pay with a credit card, I get 1% back, right? Those poor buyers are paying for my subsidy. This has nothing to do with blockchain. I mean, we solve this through regulation, but this is bad, and this is something that things like Venmo do solve. Venmo has either little or no transaction fees for most users. So yes, high transactions fees are really bad. It is not a problem that is either solved by blockchain or caused by no blockchain.

No one has sit around and said, "Oh, my God, suddenly there's a blockchain. We now can charge lower fees." Everyone's saying, "They're paying high fees. Let's charge them," and that is competition of monopolies.

Okay. Another example while I'm at it. I heard on a podcast recently that I think it was Walmart in Canada is now able to use blockchain to track suppliers more accurately and that disputes about invoices is a big deal, and by going to a blockchain to track everything from the driver being delayed in traffic for delivery, being delayed is now live on blockchain.

So that's not blockchain. That's one example of blockchain marketing purposes only. That's the right only ledger, right? That's the singular distributed ledger of what happened. Those supply chain systems, IBM and Merck had one, met a big one, but it died because it was a dumb idea, that you can track supply chain because all of the information is on the singular data structure that everyone can look at. Don't use a blockchain and suddenly that's so much better or what Walmart's likely doing is they're using the blockchain architecture, where they don't have the currency, they don't have the mining, all the things that make it a blockchain. This is a blockchain for marketing purposes only. That has value. The data structure has value. Now, there are other ways to do it. They chose this way, that's fine, but that's not a blockchain the same way that Bitcoin or Ethereum is.

It gets spun into the story that you want blockchain, you want crypto, and it becomes this whole-

Of course, because a blockchain story sells. That's why a lot of these blockchain marketing purposes only get funding because the herd mentality, blockchain cool, let's give them lots of money because they're going to be great. Often, you find the systems as they mature, they remove the blockchain part quietly because it's inefficient, replace it with better systems, have the blockchain in the background because they need it to look cool, but don't actually use it for what they're doing.

We talked earlier about how the things that fit together to make a public blockchain work. Based on that structure set up, do you think Bitcoin is suitable as a global currency?

No. It's a disaster. No system where if you get your password, you lose your life savings is suitable for anything, right? No system where if I'm a millisecond faster than you in the exchange, I can defraud you is suitable for anything. It's just not. No system wherever you make a mistake you're completely screwed is suitable for anything. It is not trustworthy. You would never trust that with your money.

Would you refer to it as a self-enforcing protocol, the structure?

Parts of it. Man, I saw that in your list of questions, and it's a rabbit hole you don't want to go down. I'll ask you, man.

Okay. We'll leave it. In your applied cryptography book, you-

I know, and that was written in 1994. The world was different back then.

Huh.

That's why it's a big rabbit hole.

Okay. Well, we'll stay on the rabbit hole. So you mentioned earlier you teach blockchain to public policy students at Harvard. What message do you hope that they come away with after you've taught them about it?

That it needs to be regulated.

Huh.

Now, I want to talk about how it works, what it does and doesn't do, what the truth, what the lies are. I could talk about how useless it is, but it's here, but it's real. NFTs are there. Bitcoin is there. Ethereum is there. People are doing things. People are buying, selling, losing money, being defrauded, and government can't ignore it. Government needs to pay attention. Consumer protection is vital. Financial regulation is vital, and that we need to start working on it, and that really is the message. You can't put your head in the sand and say, "It doesn't matter." I can't even, and I know how bad it is. It does matter. People we know own cryptocurrency and they need to be protected.

Is government listening?

I think it's starting to. Certainly on the fraud detection part they are. I think there is resistance because there's so many voices and so much noise, but I think so and I hope so soon.

You said earlier that there was genius in this creation from Satoshi Nakamoto. Does anything about the innovation excite you?

No. I mean, it's cool. It is really a cool innovation. The innovation itself excites me. There are no useful applications of it. It's sad, but the innovation is neat. The math is cool. The math works beautifully. The incentives are lined up. It just works. It really is a genius. Chaum wasn't able to do it. It is a true innovation.

All right. I've got one last question for you. You released a really nice talk recently about how technologists need to be more involved in policy and you refer to yourself as a public interest technologist. From that perspective, what is your biggest concern about cryptocurrencies?

I mean, everything we talked about here, that it is going to hurt a lot of people. I want it regulated to the point where it is firmly embedded in our financial system such that all the controls are in place. I think that will largely strangle it, which is good, and to the extent it doesn't, it's blockchain. This won't matter, which is also good.

That's right. Somebody at the University of Oxford referred to that as the blockchain paradox is that if you need governance and once you have governance, you no longer need blockchain.

Right. That's a better world, though. That's the important thing.

That's fascinating. It's fascinating coming from you, Bruce, because you're a privacy expert early internet pioneer and you're saying the answer is regulation.

I'm a believer that humans need to govern themselves and that human governance is vital and there isn't enough of it in the tech world, writ large.

Awesome. Well, Bruce, this has been fantastic. We really appreciate you coming on our podcast.

Thank you so much. This is fun.

Yeah. Thanks, Bruce, very much. Great to meet you.