Wednesday, August 15, 2018

Risks of Cryptocurrencies

Cryptocurrencies and blockchains are now all the rage. In 1999, if your startup ended in "dot com", people threw money at you; today, if your startup has something to do with blockchain or cryptocurrency, likewise.
I am naturally a skeptic having seen a handful of boom-and-bust cycles in technology. It's not that I'm skeptical about enthusiasm for a new technology per se. I am as much an early adopter and techno-apologist as anyone.  Indeed, in 2007, along with the RAD Lab at Berkeley where I was a researcher at the time, we cheered loudly for Amazon's new "public utility" style cloud computing (EC2, or Elastic Compute Cloud), against skeptics who thought it was hype/nothing fundamentally new. Ten years later, Amazon owns >30% of the infrastructure services market on the strength of its utility-computing offerings, and Netflix, one of the largest app installations on the planet, relies entirely on EC2 for its computing. This is largely in keeping with what we predicted would happen.
But sometimes, there are elements of techno-optimism about a new techno-fad that seem to wilfully ignore economic reality, technical reality, social reality, or a combination of the three. For example. in the late 90s, peer-to-peer filesharing was going to make centralized servers obsolete. The reasons given were many: P2P didn't rely on a single centralized point of coordination or failure (if properly designed and implemented); "spare" cycles and storage around the network could be harnessed to store and process data, rather than paying for centralized capacity to do so; Big Evil Governments would be unable to take down P2P networks acting in ways they didn't like; and so on.
In fact, my advisor at the time, Eric Brewer (now VP Infrastructure at Google), argued persuasively that from a technical and economic perspective, centralization made more sense than distribution. A centralized cluster that's well-run requires fewer human resources per server, can be made more secure and more reliable because all the eggs are in one basket to which dedicated attention can be given, and so on. He was right: Amazon EC2 is the manifestation of exactly that. It is true that there are still good reasons to use P2P, in particular when evasion of censorship or takedown is needed because the site is trafficking in illegal goods. Yes, there is a free-speech argument to be made, but overwhelmingly, the uses of P2P have been to facilitate transactions or discourse that society has already agreed should be illegal.
Similarly, the 2005 "One Laptop Per Child" $100 laptop was supposed to be the technical innovation that would get laptops and the Internet into the hands of children in developing countries, but it failed miserably in doing that. While the prototype did feature some technical innovations, the nonprofit's founders and spiritual leaders had little experience in either large-scale hardware procurement or the politics of development projects in foreign countries. The OLPC, with its one-off technology and quirky bespoke OS, was rapidly eclipsed by $200-400 Intel-based subnotebooks running Windows, and the resulting momentum arguably created that new product category; today Chromebooks can be had for under $100 from various vendors.
In the spirit of tempering techno-optimism with doses of socio-political-economic reality, I had a great time reading Nick Weaver's devastating critique of cryptocurrencies in last month's Communications of the ACM (Inside Risks: Risks of Cryptocurrency, CACM 61(6), June 2018). Nick was a grad student in systems at Berkeley at about the same time I was, and is now a security researcher at Berkeley's International Computer Science Institute. In his essay, he argues persuasively that cryptocurrencies are neither fit for purpose as a stable store of value, nor are they invulnerable to mutation as proponents claim, nor is their control sufficiently distributed in practice to avoid having to trust a small cabal of entities that effectively control most of the wealth, in addition to which the presence of bugs in the code can lead to situations that are catastrophic not only for individual coin holders but for entire societies.
The prose is not polemical or hyperbolic, but it is implacable, relentless, and dryly sardonic in the style of something like Why Pascal Is Not My Favorite Programming Language, and it musters its evidence well. Suffice to say it affirmed my original decision (on which I've never wavered) to stay the hell away from cryptocurrencies.
To be fair, P2P and OLPC had important follow-on effects, and their development resulted in important ideas that play key roles as part of today's ecosystem (which, coincidentally, is focused on centralized servers serving commodity-built clients). It's just that the ideas haven't been deployed in the way envisioned by their creators, because the socio-technical arguments underlying their positions were uncertain to begin with and readily crumbled.
Go read Nick's article. If you like it, feel free to tip him in Bitcoin.