Wednesday, June 26, 2019

Message to engineers about regulation of Facebook Cryptocurrency


One advantage engineers can have in bringing other folks to reality is that many of us deeply appreciate how concrete testbeds are vital in helping us appreciate even the most general of cosmic principles. 

There is a new testbed out there on the issue of privacy and security... the growing emerging issue of privacy and security connected to facebook's new cryptocurrency, which was preceded by a whole lot of industrial strength planning and analysis. Lots of people I know will be deep into that testbed for its own sake, which is reasonable, but someone ought to be approaching it in a more fundamental way, seeing what lessons we might get from it. DC and EU will be paying LOTS of attention to this testbed, but muddling through in the usual fuzzy ways. 

My first (yet informed) impression is that it teaches us that none of us on earth knows what he/she is doing enough to avoid disaster.

Many people pushing cryptocurrencies have argued that they can help us avoid really gross dangerous and growing problems, like the Panama papers scandal, with billions and billions of dollars going into hidden, criminal and corrupt activities, helping to destabilize the world political systems and even to degrade social networks into instruments of propaganda and state control... and facilitate the corruption of the state apparati themselves. If cryptocurrencies could help... we really could USE the help. Criminals would object, but we probably still have enough honest and well-meaning people to get something better implemented, if enough of us can agree on what to implement. 

OK... if a system of registered qualifying cryptocurrencies were accepted by enough people worldwide... analogous to qualifying ISOs and RTOs following FERC rules,or registered internet domains... what rules on privacy and security should be required to qualify? (So instead of asking "how well regulated and monitored will Facebook be?", a question which reeks of Chinese gumshoes, we may ask "what should the general rules be which it should follow, and how can automated systems be designed to ensure compliance?")

Should all entities which hold any of the cryptocurrency be registered as entities in a kind of global register or ledger, a kind of metaledger, like internet domain names? Should the set of total holdings of any registered entity across all the cryptocurrencies be a matter of public record, annually or in real time? 
What does "public record" mean?

David Brin has argued that the only viable solution to the security/transparency issue is to accept the need for all of us to live in glass houses, where everyone has access to everything. "The antidote to Big Brother is Big Family of everyone. the antidote to all-knowing State is all-knowing everyone." I wouldn't agree, because creativity requires exploring domains of thought and possibility and understanding which no gumshoe would tolerate, and I don't see a clear credible path to making humans SO mature that they could live that way. At NSF, it was important to respect the privacy of people with new ideas, because theft is still rampant out there. However, what of total net worth or net worth by currency? Could it be that the benefits outweigh the costs of greater transparency in THAT sphere?

Or could the rules allow a LIMITED kind of public access to the information, access by authorized state agents for purposes like law enforcement? If so, how do such agents get registered to the system? Who qualifies? (I seem to recall some fuzzy confusion even at NSA on who gets access for what purpose, and how to prevent fuzzy random misjudgments about that which can backfire to an incredible degree.) Should the developer/owner of each cryptocurrency in the system have the right to decide who qualifies for access to the information, subject to general rules? What rules? Who is to prevent a cryptocurrency as bad as the scandalous bank branches which ended up serving criminals?  

Furthermore, if the world switches to such a system (or, worse, an messy informal reflection of that)... WITHOUT a vast and fundamental upgrade of cybersecurity affecting chips, operating systems and communications, informed by the coming transformations of quantum information science and technology (QuIST), all of this may simply be setting us up for a discrete shock ever so much worse than the market problems which brought us the Great Recession of 2008/2009 (and Obama). 

The technical level of present fuzzy discussions of the future simply is not concrete or detailed enough to offer much hope yet of avoiding such a shock. 

Best of luck. We need it.

No comments:

Post a Comment