IT Analyst Jason Bloomberg: What I’m Really Saying Is ‘Shut Down Permissionless Blockchains’

The criminal involvement in cryptocurrency was one of the original reasons why Bitcoin became as popular as it did in the earlier days We need to make cryptocurrency, as we know it, illegal, I think If cryptocurrency is going to survive, we’ll have to move to a permissioned infrastructure Because cryptocurrency is the problem here the whole economic context for the dark web is cryptocurrency What book are you reading right now, if you are reading a book? Criminals have been using cash since the invention of cash Once that happened, well, all of a sudden it became the way you got your pornography You are too young for this, you weren’t even born Can you just introduce yourself in 30 seconds or less? Just a few words Okay, well I’m Jason Bloomberg, president of Intellyx And Intellyx is an industry analyst firm focused on what we call agile-digital transformation So, we help enterprises — or big companies — understand how all of the various disruptive trends and enterprises in IT fit together and support their transformation goals So, for us, blockchain is one of those trends So, you have maybe made a reputation for saying some pretty bold things about cryptocurrency I know that, in your panel today, you talked about crime involved in cryptocurrency And in March, you wrote an article in which there was a sentence that was like, “We need to make cryptocurrency, as we know it, illegal.” I think, I hope I’m not misquoting you, something like that So, can you explain that statement — “make cryptocurrency, as we know it, illegal?” Right, or “shut it down” was the phrase I used The challenge that most cryptocurrencies have is that they run on a permissionless blockchain infrastructure By permissionless, we mean that there’s nobody in charge, right? Anybody can be a miner A miner is an individual or a company who sets up computers to process transactions of the cryptocurrency The way that the blockchain works is, because it’s decentralized, essentially every transaction processor has to process every transaction — so there’s a lot of duplication Only certain ones get rewarded for it, you know, in a proof-of-work system, but every transaction processor has to process the transactions Because it’s permissionless, anybody can sign up as a miner, including criminals Now, not all miners are criminals, obviously, but criminals are welcome to be miners There’s nothing stopping them from being miners As a result, many criminal enterprises, including organized crime syndicates, have gotten into the mining business There’s really no way to stop this, aside from moving away from permissionless blockchain-based approaches So, when I say, “Shut all the cryptocurrencies down,” what I’m really saying is “shut down the permissionless ones.” If cryptocurrency is going to survive, we’ll have to move to a permissioned infrastructure Just hypothetically, if people start taking you up on this call to action, what would that look like? What would happen to the crypto industry? Do you have a vision of how that would start to affect what we know today as the crypto industry? Well, in practical terms, it would be very difficult to shut down, say, Bitcoin, because it doesn’t exist in any one country So each country would have to decide what laws it wanted to create in order to make transactions illegal, or whatever it would be So, it would have to be on a country-by-country basis What I would expect to happen is, over time, as various organizations and governments, as well as banks, Wall Street trading firms realize that permissionless cryptocurrency has these issues, then gradually the trend would be to encourage permissioned systems versus permissionless — and that would drive down the value of Bitcoin and other cryptocurrencies that run on permissionless systems So if you drive down the value sufficiently, then it is no longer cost-effective to mine the cryptocurrency And at certain point, then, essentially it will fall apart Nobody will be running transactions because there’s no money made in conducting transactions, and fewer and fewer countries allow for the cryptocurrency And hopefully, other cryptocurrencies that are based on permissioned systems are essentially taking the line and investment is going to move to them, and there could be very well a flourishing permissioned cryptocurrency infrastructure as a result But I would say that the permissionless ones will essentially fade over time There will be less interest in them, they’ll be less valuable, and fewer and fewer people will want to mine them What do you say to the people who really care about the decentralized aspect about cryptocurrency? Which, I think, is, like… there’s different names for these people, but it’s sort of like, the base core of the values that people have around cryptocurrency — the fact that it’s decentralized is really important, the fact that anyone can interact with this,

essentially, in case of cryptocurrency, can send money from one person to another directly without intermediaries, without an enterprise, without a bank So, what do you say to those people when you are talking about shifting the entire value system? You’re quite right, and this is a very astute point, that the whole perspective on decentralized cryptocurrency blockchain versus the centralized permissioned approach And for many people in this community, it’s all about decentralization, and some of them don’t even see permissioned blockchain as being blockchain at all They don’t even want to define it as something that they are interested in So, there’s this whole separation between the two In terms of decentralization, I still don’t see that there’s a way to implement decentralization without opening the doors to criminal enterprise And so, all of these people with these libertarian priorities, libertarian vision for decentralized world with no government intervention, essentially the problem there is that, if you don’t have sufficient regulation, if you don’t have sufficient permissioning of the transaction processors, then essentially, it becomes just a playground for criminal enterprise What about the fact that not all cryptocurrencies are proof-of-work and you don’t need to mine all of them It’s not necessarily true that you have to have a… if it’s minable, it’s centralized or permissioned — you can have permissionless and proof-of-stake, right? So, what about that? Well, this is an important trend and that’s why I mentioned this earlier, is that the trend is away from these permissionless systems to the more permissioned approach And there could be a lot of different variations — whether it is proof-of-stake, you know, Ripple is an example of a centralized, permissioned approach — and I would expect these, maybe Ripple, maybe not, a lot of people don’t like Ripple, but I would say that is really where the focus will be But whether or not there’s a way to solve the crime problem and still be decentralized, I just don’t see that because I think the whole point is that we need to have, essentially, a centralized entity that people put their trust in, who is now extending their trust to the participants in the infrastructure to the miners And without that, we are just allowing criminals in And this has happened over the years with various approaches, right? This is nothing new In the research that you’ve done, you see that the criminal involvement is increasing? Is this some kind of growing problem? The criminal involvement in cryptocurrency was one of the original reasons why cryptocurrency took off, so it’s one of the reasons why Bitcoin became as popular as it did in the earlier days And now, it’s only continuing to expand I mentioned in my panel this morning that in 2017, the most active form of hacking of big business was ransomware Ransomware is only practical when you can pay the ransoms in some sort of cryptocurrency Before cryptocurrency, there was no ransomware, it just wasn’t feasible So, cryptocurrency now gave the criminals a way to conduct ransomware That was 2017 Ransomware is no longer the most popular In 2018, the most popular is cryptojacking — or illicit crypto mining — where the hacker puts crypto mining software either in a browser, but increasingly on servers, both in enterprise centers and cloud environments that essentially sucks up electricity and pays the criminal in some sort of cryptocurrency This is now the most popular, the most predominant way of hacking a big company So essentially, what cryptocurrency has become is not only a way for criminals to get into the mining, but it’s a way to conduct criminal transactions, it’s a way to conduct hacking If you look at the dark web, the whole economic context for the dark web is cryptocurrency The dark web wasn’t really practical, because there was no good way of exchanging funds until cryptocurrency came along Once cryptocurrency came along, the dark web exploded and the primary type of transaction the dark web is illegal drugs So, if you want to do illegal drug transactions, especially international, look to the dark web, look to cryptocurrency But one of the arguments that people make is that that is not the majority of the transactions happening with cryptocurrency and why would you fight the medium of exchange rather than looking for other ways to prosecute criminals? There’s always going to be crime, is kind of the argument, right? There’s always going to be crime Criminals can use any means that they find Maybe you are arguing this is the most convenient means, especially in the internet, but cash is still the big and a sort of ideal asset in a lot of ways Well, criminals have been using cash since the invention of cash, obviously But that’s actually a false comparison You’re saying, “Well, because criminals can use cash, we shouldn’t worry about criminals using cryptocurrency.” It’s like saying, “Well, if I get stopped for speeding, my argument to the cop should be that other people are speeding,” or, “Other people were going faster than I was.” No cop is going to let you off of a ticket because you said that somebody else has committed a crime That is not a justification for a crime

But here’s the comparison Why can the car go faster than the speed limit? Why aren’t we stopping the car from going… like, why don’t they just make cars that can’t go faster than a certain speed? If you start controlling the means, it restricts people’s freedom And I think that is a really important thing for people in crypto — it’s like, I want the freedom to be able to send you, transact with you on a peer-to-peer basis That’s how we deal with crime in the traditional world Someone commits a crime and then you deal with that crime after it’s committed Like someone speeds, and you get a ticket It’s not like we keep the cars from being able to speed I don’t know I feel like It’s sort of crushing the dream of decentralized world People want to be able to interact Well, I don’t think it’s a question of crushing the dream, it’s that the technology that people have come up with does not support the dream The dream of being able to conduct a transaction as easily as giving you a dollar bill, but be able to do it internationally, electronically – okay, well that makes sense on the superficial level, so why come up with this huge technology infrastructure that is hugely valuable to the criminals and becomes a central element of organized crime, globally speaking And this has happened over the years In fact, I’ve just read some research that came in a newsletter this morning, about how this notion of decentralized network communication has really never… we’ve never come up with a way of doing it without it just ending up being a means for criminal activity This started back in the 80s with bulletin board systems You are too young for this, you weren’t even born But I remember, being grey-haired, from the 1980s — before the internet became something that people would use — you had these modem-based systems where you call somebody’s computer and the computer would answer and you’d be able to upload and download messages And as modems got faster, you could upload and download binary files, which in those days were just images because we couldn’t do much more — images and small pieces of software Once that happened, well, all of a sudden it became the way you got your pornography Back in the 80s, hardcore pornography was hard to come by The web wasn’t around You’d go to your local store, you could get Playboy — but that wasn’t hardcore — so this was it And it was mostly illegal until the Clinton administration relaxed the obscenity rules in the 1990s Once the Clinton administration did that, mainstream pornography moved to the web, and it’s been there ever since Now, we have the rise of Usenets, now these are the news groups, which were similar to bullet boards, only on the internet And those started off as being ways for clubs to communicate with their members and it soon became a way of exchanging binary files And because primarily mainstream pornography had moved to the web, what were those binary files? Well, they are child pornography and wares — that is pirated software And that became the modus operandi of Usenet Everything else was spam So, Usenet became spam and contraband Now along comes BitTorrent We’re now using the internet, internet speeds are going faster, we’re now able to download videos So, what do we do? We come up with a peer-to-peer — that’s decentralized — peer-to-peer protocol that allows anybody to exchange big files with anybody else So, what do you use that for? Well, pirated software, pirated videos and illegal pornography Because that was the primary use This is just human nature: If you have a way of exchanging information or files that is hidden from view, then it is going to be primarily used by criminals to conduct criminal activity The problem with BitTorrent was that BitTorrent itself was not particularly anonymous — you had to identify your IP address — so it wasn’t very good for organized crime It became, sort of, a disorganized crime protocol It also didn’t provide a payment mechanism It was more about sharing that illegal porn with your buddies than building a business What do we need? We needed a way of greater anonymity in the payments and a payment infrastructure And along came Bitcoin That’s why Bitcoin exploded, it was because BitTorrent did not have those things Now, you add Bitcoin to BitTorrent and now you can build a global, professional black market for illegal contraband and that’s the dark web This is the history of distributed technologies — it’s been one of facilitating criminal enterprise Bitcoin played right into that, and now we have the dark web and now we have hackers who are leveraging the technologies as well This is the story This is the story of cryptocurrency And people are pretending or fooling themselves that it’s about some sort of a libertarian ideal, where people are going to behave No, people will not behave Criminals are going to come in, and they are going to take over, and it’s going to be the whole reason why we have this stuff You have this arguably pessimistic vision of how this all will turn out Let’s get back into the nitty-gritty of cryptojacking, you mentioned that particular type of hacking What’s the harm being done there? Because, I think in a lot of cases, it’s a little bit ambiguous — ethically ambiguous — because in case of something like ransomware, it’s pretty clear: Your money is being stolen

from you But in case of cryptojacking, what’s that harm being done — I’m not saying no harm is being done, I just want you to explain — What’s the exact harm being done? So, with illicit crypto mining or cryptojacking, the early days [were] all about the browsers — you have some sort of compromised website that would give you some javascript you would run on your browser And so, your own computer would spin for a while, and it steals a little bit of electricity and a little bit of processor power from you That software has gotten better and now, even when you close your browser, it will still run on your computer So, it’s sucking up your processor on your laptop That is relatively minor compared to crypto mining software on a server You put it on a server, it’s getting more sophisticated, it’s now consuming electricity and processor power on the server If it’s in the cloud, it’s running up the cloud bill So, companies are paying money for their cloud services, including any crypto mining that is running on there If it’s on premises, it’s still consuming electricity and processor power, and will continue to do so until the miners proliferate and take the entire network down It’s not just one hacker doing this If a company is vulnerable, then multiple different bad guys are going to figure this out and put mining software, which is forming itself into botnets So, many different computers mining software, consuming electricity and processor power, unbeknownst to the other crypto mining software on the same servers Essentially, at certain point, it just uses up all the processing power, the server stops working and this could happen across the entire network It could take down the entire company’s data center But because it is running behind the scenes, because it doesn’t require a command-and-control link like ransom, where money has to go back to the criminal, with crypto mining, the way that criminals make their money is simply processing transactions and they get money from the Bitcoin or Monero infrastructure directly The money isn’t going directly from the victim to the perpetrators It’s indirect But as a result, it’s catching a lot of the CSOs, the chief security officers, unaware until such time that it takes down their entire network So, this is already the biggest problem on corporate networks today, but it’s not going to take as much attention as perhaps it should because it doesn’t have the command-and-control link and, in the early days, it doesn’t have much impact Okay, I see And you think the solution, just to clarify, is not to deal with preventing that kind of an attack or mitigating it in some way, but actually shut down cryptocurrency because cryptocurrency is the problem here Well, I don’t think this is really a practical solution It would be great if I could say, “Well, we’ll just shut down cryptocurrency, that’s going to stop crypto mining.” And yes, it would, but I don’t think it’s practical for the reasons I listed: There’s no one country, it’s no one country’s laws So, it’s going to take a lot of time And it’s going to be, really, the economic forces, right? It has to be less valuable to own certain cryptocurrencies over others And once we shift the economy to the safer cryptocurrencies, then that is going to be a long-term, gradual solution In the short term, yes, it’s essentially traditional cyber security methods: malware detection and threat prevention And this is where a lot of big companies are spending their cybersecurity dollars today Let me ask you a question that’s a little bit pointed, but what are you hoping to do by coming to BlockShow or any other crypto/blockchain-related events? Like, why are you here exactly? Why am I poking my stick into all these people? Well, I write for Forbes I am a Forbes contributor, so I write five articles a month for Forbes I’m always looking for good stories, and that’s a part of the story But I’m also, essentially, looking for the gems in the rough I’m looking for those enterprise blockchain companies that have real solutions, at least in the works — obviously, it’s still early days, so it’s usually proofs-of-concept — but real solutions in the sense that they are solving business problems for companies who aren’t just other companies in the blockchain echo chamber There are some of these, right? Decent is one I know who is here They’re one of our customers, actually We are helping them with their marketing And there are a few others, and hopefully I’ll run into some more And those are the stories that I think are the most important to tell But yes, I can tell the stories about the flaws of cryptocurrencies or the problems with the libertarian perspective on things, but that only gets you so far Really, it’s more important to focus on the positive stories, right? The real business cases for real companies, who are solving real customer problems And that’s really what I am looking for I think I have one last question, just a totally random one What book are you reading right now, if you are reading a book? What book am I reading? Well, I generally don’t have time to read books, professionally

So, it’s not like I’m reading any books on digital transformation or blockchain But I do read is science fiction and fantasy for fun So, I’m reading… I forget what it’s called It’s Neal Stephenson book and it has dodo in it and it’s about time travel, but I forget the whole name But Neal Stephenson is one of my favorite authors and some of your audience, I’m sure, has read him as well Okay, cool Thank you so much!