from the good-luck-with-that dept
The hack of the Colonial Pipeline has already made lots of news, and with that, the government is rushing to come up with new regulations, which will almost certainly be overkill. While the transparency aspect of the expected rules (requiring reporting of “cyber incidents” to the federal government) was more or less expected to come at some point no matter what, the other rules are likely to be fighting the last battle. There are constant changes to these kinds of attacks, and seeking just to prevent them is a fool’s errand.
However, we’re now seeing some truly silly suggestions. Lee Reiners, who runs Duke Law School’s Global Financial Markets Center, has published an op-ed in the WSJ that truly is an astounding example of throwing out all the babies with the bathwater. Reiners says the way to stop these attacks is to just ban all cryptocurrency. This is silly on many levels — mostly because (1) that’s impossible, (2) it wouldn’t work, and (3) it would destroy a ton of important and valuable projects. Frankly this op-ed does not speak well to the Global Financial Markets Center and its understanding of anything. Here’s the core of the argument:
Ransomware can?t succeed without cryptocurrency. The pseudonymity that crypto provides has made it the exclusive method of payment for hackers. It makes their job relatively safe and easy. There is even a new business model in which developers sell or lease ransomware, empowering malicious actors who aren?t tech-savvy themselves to receive payment quickly and securely. Before cryptocurrency, attackers had to set up shell companies to receive credit-card payments or request ransom payment in prepaid cash cards, leaving a trail in either case. It is no coincidence that ransomware attacks exploded with the emergence of cryptocurrency.
There is no doubt that cryptocurrency does aid the ability to pass around money without being traced — and that certainly can (and does) help some criminal enterprises. But, the idea that it makes their job “safe and easy” is simply not true. We’ve seen plenty of criminal operations that relied on cryptocurrency run into issues, including being taken down by law enforcement. This is for a variety of reasons — including that in the process of converting cryptocurrency into other forms of money, you often end up introducing friction that may require some identification. Similarly, there are a lot of steps involved in transferring around even large sums of cryptocurrency that can leave trails. Are there ways to hide yourself? Absolutely, but it’s not as “easy” as the article makes it out to be.
And the claim that the rise of ransomware is because of cryptocurrency seems like a “correlation does not mean causation” kind of situation. There are many reasons why ransomware may have increased over the past few years — including improvements in a variety of hacking tools, the increased online nature of many businesses (especially during the pandemic) and some other factors as well.
Banning anything runs counter to the American ethos, but as our experience with social media should teach us, the innovative isn?t always an unalloyed good. A sober assessment of cryptocurrency must conclude that the damage wrought by crypto-fueled ransomware vastly outweighs any benefits from cryptocurrency.
I mean… what? No one has ever argued that any innovation is “an unalloyed good.” Basically everyone recognizes that innovation has a variety of different impacts — some good, some bad, some indifferent. They’re tools. Some people use them for good things. Some people use them for bad things. That’s true of social media. And it’s true of cryptocurrency. But Reiner then takes the leap from saying it’s not an “unalloyed good” to insist that, actually, cryptocurrency is all bad. Why? Because he says so.
It isn?t obvious that cryptocurrency provides any benefit at all beyond the chance to make a quick buck. I have been studying the crypto market since its inception, and I have yet to identify a single task or process that crypto makes easier, better, cheaper or faster. Don?t take my word for it. Ask any friend why he owns cryptocurrency, and the answer will invariably be ?to make money.? In other words, speculation. (The blockchain technology that underpins crypto does have promising applications in supply-chain management and other areas.)
This paragraph is the kind that should be remembered in the future. I know that many people probably do agree with this assessment, but it shows a real lack of imagination about how cryptocurrency could be useful, as well as a real lack of understanding of the nature of innovations and how they progress over time. We certainly heard similar statements regarding home computers, the internet itself, mobile phones and many other things as well. It may be true that the killer apps for cryptocurrencies are not well recognized now, but that hardly means they don’t exist, and it really isn’t an excuse for trying to ban the entire concept.
As for that closing sentence about blockchain, the paragraph totally misses that the underpinnings of what makes a blockchain effective is the integration with cryptocurrency. Yes, you can create cryptocurrency-less blockchains, but they tend to be significantly less interesting, and almost certainly need to create some other incentive system. That generally means that they only work when controlled by a few centralized players, dropping the benefits of a more truly decentralized system with cryptocurrency.
And, the line that most people investing in cryptocurrency are doing so to make money is… meaningless. Yes, that’s one of the important functions of money. It acts as an incentive system. But some of the clever aspects of how cryptocurrency and blockchain work together is that built-in incentive structure that makes the distributed/trustless system function. Yes, the fact that many people are in cryptocurrency to make money does open it up to speculation (and scams). But that incentive is a feature, not a bug.
Most importantly, this ignores that there are interesting ideas and innovations that are just starting to come out of the cryptocurrency world. Obvious, we’ve talked a lot on Techdirt about dealing with other issues — competition, privacy, free speech, content moderation, etc. — with a more distributed internet. And one way to help make that a reality is using cryptocurrency. We’re already seeing some interesting elements of that start to play out with things like FileCoin and the projects that are just starting to show up around that space. To claim that there’s nothing valuable at all is to show a near total ignorance of the more interesting elements of what’s happening. Yes, there are plenty of silly scams and headline grabbing nonsense, but to insist that means there’s no redeeming value is missing the point. Entirely.
Reiner then includes a paragraph that basically says people will mock him for these claims, and insisting that because people will attack him for his short-sighted ideas, it proves that “the emperor has no clothes.” Huh?
A day after the Colonial Pipeline shutdown, cryptocurrency champion and self-proclaimed ?Dogefather? Elon Musk went on ?Saturday Night Live? and admitted the obvious: The dogecoin cryptocurrency is a ?hustle.? He then performed an encore by tweeting that Tesla was suspending the use of bitcoin for vehicle purchases due to the coin?s carbon footprint.
Tarring all cryptocurrency because Elon Musk’s random flights of fancy — and focusing on Dogecoin of all the cryptocurrencies out there — does not make the argument more compelling. It screams out that Reiner is cherry picking examples. Yes, there are silly cryptocurrencies. Yes, there are scams. Yes there is ransomware and yes sometimes cryptocurrencies can make some aspects of criminal behavior easier. But this article fails to tackle any of that in a meaningful way, simply pulling some edge cases and tapdancing around the rest.
And, of course, as we noted above, the idea that you could even ban cryptocurrency is ludicrous. The entire idea behind them was that there is no central node that you can shut off. Reiner tries to get around this by noting the government could put in place a whole bunch of annoying hurdles, but that’s not going to stop cryptocurrencies at all.
Any solution must at least reduce the use of cryptocurrency. Governments and retailers should be encouraged not to accept payment in it. An outright ban could get the job done, but if it would be too difficult to enforce or get through Congress, regulators could crack down on the off-ramps and on-ramps, the points at which crypto is converted into fiat currency and vice versa.
Cryptocurrency firms serving U.S. customers are supposed to be subject to the same anti-money-laundering requirements as traditional financial institutions, but more can be done. Late last year, the Treasury Department?s Financial Crimes Enforcement Network proposed a rule to establish new reporting, verification and record-keeping requirements for certain cryptocurrency transactions. Last week Treasury proposed granting more resources to the Internal Revenue Service to address crypto and called on businesses to report receipts of more than $10,000 in cryptocurrency. Both proposals should be adopted, but they will be effective only if other countries follow suit.
I mean, it’s kinda funny, because up top I noted that the idea that criminals can easily get away with ransomware because of cryptocurrency wasn’t always true because of regulations at the “on-ramps” and “off-ramps” and then later in the article he more or less admits that’s true.
Of course, there are other risks associated with heavily regulating cryptocurrency — again in potentially throwing out babies with the bathwater. Putting too many restrictions on the usage of cryptocurrency could hinder adoption of the actual useful elements of it.
We can live in a world with cryptocurrency or a world without ransomware, but we can?t have both. It is time for the adults to tell the children: Party?s over.
That’s nonsense. There’s no way to get rid of cryptocurrency, and if we just overly burden it with excess regulations as he proposes, that will just lead to more creative workarounds, that will get even more adoption among criminal elements, rather than for more socially useful activities. Second, there is no such thing as “a world without ransomware.” This is just wishful thinking based on the false premise that ransomware only exists because of cryptocurrencies.
And, yes, clearly there’s a real risk with ransomware and attacks like the Colonial Pipeline that the end result could be quite problematic. However, the fact is the real cybersecurity risks from ransomware are monetary risks. The risks associated with taking down or breaking critical infrastructure tends to come from nation-state attacks, not ransomware attacks for money. The whole op-ed is a silly, nonsensical attack on cryptocurrency that doesn’t seem based in reality. If that’s the level of the work that comes out of the Global Financial Markets Center, it does not speak highly of Duke’s ability to produce good scholarship on this subject.
Of course, I will note that Reiner’s hatred of cryptocurrency has not stopped his own center from asking the public to donate cryptocurrency to support the center. How curious.
Filed Under: cryptocurrency, lee reiners, ransomware