Your Bitcoin wallet will never be your bank account
Don’t get me wrong; Bitcoin and crypto currencies are a big deal, at least technology-wise. Bitcoin and blockchains taught us a lot on what can be done with security protocols, and at a lower level, it even taught us that computation inefficiency is not always a bad word, but something that can yield benefits, if that inefficiency is properly orchestrated and exploited. It was also the most prevalent demonstration of scarcity being artificially created by technology alone. As I wrote before, blockchains will probably have some novel use-cases one day, and Bitcoin, aside of being a mechanism for transferring money, also provides a target of speculation, which in itself can be (and is) monetized.
What I truly do not understand are the advocates who see Bitcoin wallets as the near-future replacement for bank accounts, and Bitcoin replacing banks (and other financial institutions) in the near future. I understand the motivation, as those are dreams easy to fall for, but for crypto-currency wallets to replace financial institutions much more is needed, and for the sake of this discussion I will not even delve into the many technical difficulties.
There is much to like in a Bitcoin-only world: freedom, lower transaction costs (maybe), no discrimination in financial services (maybe), anonymity (probably not), and most importantly: the feeling that we are finally independent of the traditional financial institutions that we all so like to dislike.
Looking at Bitcoin, or at any other crypto-currency for that matter, it gives us the entire package. It supports:
minting, i.e., generating, the currency,
maintaining its value by controlling its scarcity,
allowing it to be securely stored, and
allowing it to be securely transferred (earned, spent).
All those functions are readily provided by the crypto-currencies, their distributed network, and their local and remote wallets – those applications that allow participants to store and transfer their money.
Anyone who looks at this list of fulfilled features can readily claim that crypto-currencies are ripe for replacing all financial institutions, which essentially give the same features. However, this list of features is complete only if we assume that money manages itself. Money, however, is managed by the people who own it, and while those people indeed require all those features, they also have their own additional requirements. Those additional requirements are not needed for money to be made available, stored and moved, but they are required for people to subscribe into their role in this system. Money, as it seems, is more than technology.
Had I been a psychologist, I could have thought of a dozen such requirements, but I am not. For what I’m worth, I can think of one – security; but it’s trickier than what some security engineers may think.
Security, seen by humans
When techies think of security, they imagine the tool-set that security architects use, in the financial sector and otherwise: cryptography, access control lists, authentication, authorization, and other keywords. All those are security technologies. Other tools such as dual-control and auditing, are not merely technical but are rather also procedural. We can safely call all those procedural tools “technical” as well, since the main difference is that they are executed by people rather than by computers.
When the techie looks at crypto-currencies, like Bitcoin, she easily checks all boxes of security: strong cryptography, identities tied to long keys, keys securely encrypted using long passphrases; the system seems end-to-end secure, no doubt. Indeed, there are weaker links, like users’ machines, gateways, and the users themselves, but all those are not unique to crypto-currencies. Usual bank accounts are phished as well.
For the non-savvy end-user, however, security is not just tools. The end-user sees security more holistically. He wants to know that he is secure, and proper technologies are just one part of the solution. Why is it that end-users do not focus primarily on technology just like us, techies? First, because they often know less about it. A person who is not familiar with how cryptography works, does not share our excitement about it. He is more apt to respond to his crypto-enthusiast friend by saying: “yes, but everything gets broken eventually, no?”, without even meaning to tease. Second, when most people do read about security technologies in the press, it’s usually about the parts that broke, not as much about the parts that didn’t. But lastly, and most importantly, most people see security as more than a bunch of protocols and methods, simply because that’s the way it really is. Technologists like to think of security as a set of technical challenges that are solved by a set of tools; in reality, the situation is often not as simple, particularly when usability and the human-factor come into play.
So what is to security other than tools and processes? There is one magic vehicle that is always sought by those people who cannot (or who do not want to) carry out their own threat modelling, security controls evaluation and risk assessments. This magic security dust is called: liability-shift.
If you cannot solve your problem, or if you do not even want to quantify it, just make it someone else’s.
The bank customer knows that as long as she chooses strong passwords, avoids writing them down, replaces them whenever asked, avoids logging-in from web-cafes, and follows a short list of other simple practices – the bank is responsible for securing her money. The fact that the bank has this fancy HSM in its vault, an AI-enabled anomaly detection on its servers, and what not, is barely even interesting. With credit cards, the situation is even clearer. You keep your PIN safe, and worry about nothing else; you’re covered beyond a certain fair amount, and you don’t even need to know how.
For the average user, there is no private-key system, no crypto-wallet with two factor auth, and no secure vault on his PC, that will ever come close to giving assurance that resembles that provided by simply shifting the liability away.
It doesn’t really matter who’s right. A crypto-currency is a product, it has customers, and they need to buy into it; either they do or they don’t. So far they don’t, and my guess is that they won’t.
But while there is no right vs. wrong but only mass-adopted vs. not-mass-adopted, I do find it worthy to note that this approach of the masses, which may be touted as the approach of those that “just don’t get the cleverness of the system”, is also the approach that I personally subscribe to.
I am a techie, and a techie in security. I enjoy and trust security technologies as a way of life, I know enough about security technologies to feel comfortable trusting (some of) them, and I do threat modelling for a living. And still, I will not put all my life savings behind an RSA private-key on my PC; no, not even if it’s 4,096 bits, and not even if the PC has TPM and runs hardened Linux, or whatever. Protecting my life savings is a liability too high for me to bear on my own, sorry.
I want to use technology for protection; I want to authenticate transactions with two-factors; always and forever. But I also want the bank teller to call me if she sees an unusual transaction request before committing, and I want the legal system to watch the credit-card company for making sure it does not move much of the liability back to me. More than anything: I want this to not be only my problem. Even if technology gets me covered 99.9% of the time, sometimes 0.1% is too high. Just Google for stories of people who got their money stolen by malware on their reasonably-secure PC, or of lost millions by a forgotten wallet password.
If those “evil” financial institutions charge me a certain fee for giving me a system that works, along with all the basic guarantees, and with them being responsible for it, then for me it’s just worth it. Of course, not any charge will be worth it, but this is where supply, demand, and competition kick in to give me a worthy deal.
I appreciate the crypto-currency tech, and I do think it has a role to play in parallel to traditional institutions. But moving our entire financial system into it requires giving away too much of the stability and reliability that we might be taking for granted.
Display comments as Linear | Threaded
Matthias Urlichs on :
Along with personal liability there's also the legal aspect to consider. Somebody who has all their money in BTC cannot be forced to pay child support. Somebody who hacked you and stole your BTC cannot be forced to give it back to you. Same for a non-existent or faulty product they sell to you. All the legal system can do is incarcerate them, but “stay in jail until you divulge the 2FA” isn't something a judge is allowed to sentence the crook to.