Click the comments link on any story to see comments or add your own.
Subscribe to this blog
08 Mar 2014
Code is Law - Larry Lessig
MtGox finally collapsed, although for a reason I didn't anticipate: software bugs. Something called "transaction malleability" allowed crooked MtGox users to trick MtGox into believing that their withdrawals hadn't worked, so MtGox reissued them. This continued over about three years, during which time the crooks stole about 700,000 bitcoins from the wallet where MtGox kept most of its customers' deposits without them noticing.
Bitcoin's defenders have pointed out that this particular bug was fixed a long time ago in open source Bitcoin software, and the underlying algorithms still appear to be sound, which is true. The software at MtGox turned out to have been more along the lines of duct tape and baling wire than industrial strength, and they never fixed the bug. It's also true that simple auditing techniques would have found the problem a long time ago, e.g., run several different Bitcoin clients to track the blockchain and make sure they agree about what's in the wallets. But that misses the point.
A lot of people, at least in the financial world, are now saying that for Bitcoin to grow up it needs to be more like conventional money. But it can't--Bitcoin is an algorithm and it only can do what it does now.
Bad Code is Bad Law - me
Credit card systems have all sorts of complicated features intended to detect fraud or mitigate its consequences. Card processors limit (to some extent) who can get a merchant account, who can be an issuing bank, and require that all the transactions go through their system. So when I make a transaction, the merchant and their bank apply anti-fraud rules, as does my bank, and only if they all agree that the transaction is good does it go through. The credit card system generally works pretty well; when my Amex card number was stolen a few months ago, I first learned about it when a merchant (Target, ironically) called up up to ask if I'd made an online order to be delivered to Florida. Nope, OK, thanks, voided.
With Bitcoin, anyone can be a buyer or seller, you keep your own wallet, and the transaction is published by the first miner who claims the transaction fee, with the miner and the parties to the transaction unknown to each other. Now that we see that it might be nice to have a little friction to deter bad Bitcoin transactions, but too bad, can't do it, that's not how it works, since the transactions are directly from peer to peer. You could set up transaction systems with intermediaries acting as escrow agents, but as we've seen that's only as reliable as the intermediary, which in the Bitcoin world often isn't very reliable, with no recourse if they aren't.
Credit card systems also have ways to reverse transactions that are found after the fact to be fraudulent. After Target called me, I checked my Amex statement online, and found a couple of other bogus charges, and called Amex. I told them which ones were bad and which were good, then they reversed the bad transactions, cancelled my card and issued me a new one. Bitcoin advocates tout the fact that once a transaction is in the blockchain, it's totally permanent, with no way to reverse it. If a transaction's recipient is in a good mood, they can send the bitcoins back to the sender in a new transaction (something that actually happened when my withdrawal at the Bitcoin vending machine failed), but that's entirely voluntary.
To reverse a transaction, you can't make it under the control of the sender, since then people could undo legit transactions, and you can't make it under the control of the recipient, since the problem is often that the recipient is a crook who won't cooperate. You need an intermediary that the parties trust to undo bad transactions but not good ones. With credit cards, those are banks, and we trust them because we know who they are, they are heavily regulated, and we have legal recourse against them if they screw up too badly. With Bitcoin, sorry, that's not how it works.
So Bitcoin is turning out to be the Peter Pan of virtual currencies, unable to grow up no matter how much its friends might wish it would. We know that it is possible to invent electronic transaction systems that have transaction filtering and reversibility, because we already have them. They're called credit cards.
My other sites
© 2005-2018 John R. Levine.
CAN SPAM address harvesting notice: the operator of this website will not give, sell, or otherwise transfer addresses maintained by this website to any other party for the purposes of initiating, or enabling others to initiate, electronic mail messages.