Monday, June 28, 2021

There are two kinds of people who label bitcoin a ponzi

There are two kinds of people who label bitcoin a ponzi. The first group is made up of salty nocoiners who launch the word ponzi as an insult. These people disliked bitcoin and/or bitcoiners pretty much from the get-go. They criticize it at every chance they get.

The second group uses the word ponzi in a neutral, or analytic sense. They aren't describing bitcoin as a ponzi in order to insult bitcoin, but in the same way that a biologist would describe a certain mosquito as belonging to the family Culiseta longiareolata rather than Culiseta minnesotae.

In philosophy, this distinction is captured by the contrast between descriptive and normative statements. A descriptive claim is one that describes a situation. "Brutus killed Caesar." A normative one is that makes some sort of value judgement about how things ought to be. "Killing is wrong."

Likewise, economists distinguish between positive and normative economics. (The economic distinction is the same as the philosophical distinction, so I won't rehash it, but here is a good article.)

So returning to our two kinds of people who label bitcoin a ponzi, the first is hurling normative statements about bitcoin. "Ponzis are frauds, which makes them bad. And bitcoin is a ponzi, so it too is a fraud." The second group is making descriptive or positive statements about what sort of thing bitcoin is in the universe of financial things.

Now, bitcoiners tend to bristle at all bitcoin is a ponzi statements. And that's because they perceive them to be attacks on their tribe. And the normative statements are, for the most part, designed to be attacks. And so bitcoiners raise their defences and engage in blustery counterattacks. These counterattacks are also composed of value-laden normative statements.

I find these flareups of normative versus normative statements to be unhelpful.

The positive/descriptive claim that bitcoin is a ponzi isn't an attack. And it can't be countered with ideological bluster. It deserves a much more nuanced critique.

And to clarify, the word ponzi is not an entirely accurate description of what bitcoin is. Back in 2017 Preston Byrne provided a more precise description of Bitcoin as a Nakamoto scheme. Give it a read. It's quite well-written. For my part I've been using the Bitcoin as a chain letter descriptor since 2018 and more recently here.

Byrne's and mine are essentially the same idea, that bitcoin is a ponzi. Except not quite. Bitcoin is a decentralized ponzi scheme, one without a schemer. I describe it as an honest chain letter. Byrne uses the word automated.

After all these years, I still haven't seen a convincing explanation for why bitcoin is neither a Nakamoto scheme nor an honest chain letter. That is, I haven't seen a good positive/descriptive response to the positive/descriptive statement that bitcoin is a decentralized ponzi. One of the best alternative theories, bitcoin-is-money, broke down long ago in the face of empirical evidence. And the bitcoin-is-gold description isn't panning out too well.

Bitcoiners haven't turned the perceived slight into a virtue. If someone is calling you names, then proudly adopt the slur. If the descriptive statement bitcoin is a ponzi is accurate and popular, then adopt it and make it your own. "Yep, of course bitcoin is a chain letter/Nakamoto scheme. And that's a good thing."

I mean, there are many ways to go about making bullish normative statements about bitcoin being a ponzi. For instance, a chain letter is managed in a decentralized manner. That make it almost impossible for authorities to suppress them. A creative bitcoin meme artist could rejig this descriptive statement into a celebration of bitcoin being impregnable.

Put differently, up till now all normative statements invoking bitcoin's ponzi nature have been used by critics to attack bitcoin. Where are the normative statements that embrace bitcoin's ponzi nature in order to defend bitcoin?

P.S. After publishing this post, someone sent me a perfect example of a meme that puts a positive slant on bitcoin's ponzi nature.

Tuesday, June 22, 2021

A short and lukewarm defence of anti-money laundering standards

These days it seems that everyone is a critic of anti-money laundering rules. In this post I want to try and defend our current approach to anti-money laundering.

I'm writing from the perspective of an outsider. That is, I'm not a regulator. Nor am I a member of the growing anti-money laundering industry. Mine is a lukewarm defence. I'm not terribly wedded to my views.

First, a quick definition. What I mean by anti-money laundering rules are the set of standards that banks and other financial institutions have to follow to prevent criminals from using them. For instance, a cryptocurrency exchange is required to verify ID before it can open a new account. For international wires, a bank must follow the travel rule and send their customer's personal information to the recipient bank. This is just a sample. There are hundreds of rules.  

I want to start waaay back at the beginning with first principles.

1) Should money laundering be a criminal offence?

Society has criminalized money laundering. But we could also imagine living in an alternative universe where money laundering is perfectly legal. In this parallel world a criminal could walk into a bank with $1 million in cash, announce loudly that they had stolen it, and the banker could casually accept the criminal's deposit without ever having to worry about being indicted for laundering money.

But we don't live in that world. It's illegal for the banker to knowingly accept a $1 million deposit of dirty money.

When I think about money laundering I put it in the same category as fencing. Criminalizing money laundering makes sense to me for the same reason that fencing is illegal.

A fence is a third party who specializes in providing burglars and thieves with a market to re-sell stolen property. The fence knows full well that they are contributing to the process of facilitating property theft. They may have an explicit relationship with the thief, or they may only have a pretty good idea that the goods they are buying are stolen. But they partake anyways. And so like the original thief, they are guilty of hurting innocent victims.

A banker who launders money is like a fence. They specialize in providing fraudsters and mob families with a venue for depositing and converting stolen money. Because they are knowing participants in this transactional chain, these bankers abet the original crime, just like a fence does.

We could decriminalize the acts of money laundering and fencing. But I think this would be a mistake. Any financial intermediary who deliberately specializes in serving a criminal clientele is engaging in the very same act as the criminal themselves. It's wrong and deserves to be made illegal.

2) Should we have anti-money laundering standards?

If you accept my premise that money laundering should be criminalized, I think that you should also accept that we need an anti-money laundering standard. That is, you should agree that we need a minimum set of anti-money laundering rules that all financial institutions are required to implement.

Consider Jack, a banker. He specializes in providing financial services to criminals. If money laundering is declared illegal, Jack can avoid prosecution for money laundering by following a policy of don't-ask-don't-tell or ask-but-don't-check. That allows him to continue serving his criminal clientele while not explicitly running afoul of society's prohibition on laundering money.

To close these don't-ask-don't-tell and ask-but-don't-check loopholes, we need a standard, a minimum set of anti-money laundering rules that Jack and all his banking competitors must implement. Without a standard, the criminalization of money laundering is meaningless. We'd be letting the Jacks run rampant, and that equates to living in a world where money laundering is "illegal" but is actually permitted.

Put differently, if you don't support anti-money laundering standards, then you effectively support a decriminalization of money laundering.  

3) Is our current standard the right standard?

You may agree that money laundering should be criminalized, and you may also agree that we need to augment this with a standard set of rules to prevent folks like Jack from exploiting loopholes. Which gets us to our third and last point: is our current standard the right one?

Our current standard involves requiring every bank to set up strict know-your-customer (KYC) procedures, thus (hopefully) keeping criminals out of the system.

KYC comes at a cost. First, it is expensive for financial institutions to implement, favoring incumbents. Second, KYC shuts those who lack ID out of the financial system. Lastly, according to the UN, privacy is a fundamental human right. Universal KYC sacrifices this right by forcing everyone to give up their valuable personal information to an assortment of financial institutions.

Privacy advocates are appalled at the costs of KYC. On the other hand, calling for the abolition of KYC requirements on human rights grounds would be tantamount to endorsing the decriminalization of money laundering. After all, without KYC we would be allowing dirty bankers like Jack to operate with impunity. One of the two ideals, either the criminalization of money laundering or privacy as a fundamental human right, inevitably has to give.

For now, we accept the costs or KYC as the unfortunate by-product of our original choice to make money laundering illegal. It's not an easy compromise, but we're plowing ahead with it.

What if it was possible to improve our current standard so we could reduce the aforementioned deficiencies while still catching the Jacks of the world? Dave Birch recently described a different sort standard. Instead of keeping criminals out, maybe banks should let them into the financial system (by setting up minimum KYC) and then use AI and analytics to catch them. (Presumably all of those good actors who formerly lacked ID can now get the financial services they deserve.)  

It's an interesting idea.

So to sum up, I'm tepidly in favor of current anti-money laundering standards. First, I support the criminalization of money laundering. And second, I accept that we need a minimum set of rules and standards to out the Jacks of the world. Third, I'm not sure if our current standard is the best. Maybe it is, maybe it isn't. I'd like to learn more. If we can squeeze out a bit more privacy while still catching the same number of money launderers, I'm all for it.

Friday, June 11, 2021

Why do ransomware gangs like bitcoin? It's the censorship resistance

A new type of crime has recently emerged: big-ticket repeatable ransomware. Bitcoin is the chosen payments method for ransomware gangs. But these gangs don't use bitcoin because it is anonymous. They've chosen it because it is censorship-resistant.

Here's a quick illustration of how ransomware works. A university's servers are encrypted by a ransomware operator. Common victims also include corporations, hospitals, or police departments. Only a payment of, say, $1.14 million in bitcoins will release them (see below). The gang may up the ante by threatening to auction off the institution's data if a ransom isn't paid.

Ransomware isn't new. What is new and unique about the recent spate of ransom attacks is that they are:

That is, the average size of these attacks registers around $170,000, according to Sophos. Prior bouts of ransomware involved much smaller amounts. Secondly, these aren't isolated one-off attacks. They are manufactured at industry-scale with gangs like Ryuk or REvil carrying out dozens of attacks each day.

What makes bitcoin such a great tool for carrying out big-ticket repeatable attacks?

It's not the anonymity. A lot of people think that bitcoin is anonymous it's actually pseudonymous. All bitcoin transfers can be seen on the blockchain, or Bitcoin's public ledger. This is inconvenient for ransomware gangs because a ransom can be tracked from the original victim to its final destination. While it's possible to use a tool called a mixer to obfuscate one's bitcoin transactions, most ransomware gangs don't bother. Nor do gangs use cryptocurrencies that provide native anonymity, like Monero.

All of this points to the fact that anonymity is not really important to Ryuk, REvil, and other ransomware operators.

So what is it about Bitcoin that is attractive to these gangs? The feature they are after is something called censorship resistance. That is, Bitcoin allows value to be electronically transferred across vast distances without being halted or frozen. A ransomware gang can extort $1.14 from a victim in a country like the U.S. with strong law enforcement and repatriate it to a country with weak law enforcement like Russia, and then sell it for hard cash all without having to worry about a bank or the FBI freezing their funds somewhere in-between.

Bitcoin isn't the only censorship resistant payment network.

You wouldn't think it, but gift cards like iTunes and Google Play cards are (semi) censorship resistant payments networks, and it is for this reason that they've become popular with criminals. Scammers in call centres located in India frighten their U.S. victims with the fake threat of being apprehended by IRS agents, then tell the victim send a $500 gift card number by text in order to be exonerated. The gang will either resell the card number for cash or spend the balances in an app that they control. Gift card issuers don't have effective measures to freeze balances, so the bad guys can more-or-less use gift card networks with impunity.

So why are today's ransomware gangs using bitcoin instead of gift cards to extort money from the likes of the University of California San Francisco?

At the outset of this post I specified that one of the unique features of modern ransomware is that it is big ticket. A gang that wants to extort a victim for $1.14 million can't do so using gift cards. The maximum gift card size is $500. University of California San Francisco would have to buy 2,500 cards and send the attacker all the card numbers. And then the gang would have to launder all those cards. It's just too inconvenient. 

No, some other payment rail is necessary to do big ticket ransoms. Bitcoin is perfect for this there is no limit on transfer size.

What about carrying out big ticket ransom attacks via wire transfers? A wire transfer is an electronic payment from one bank account to another, often overseas.

Wire transfers are ideal for big ticket payments, but they aren't censorship resistant. Banks require identification and can freeze suspicious transfers. Our ransomware gang might be able work around this by setting up a network of money mules and accounts using fake ID in a foreign jurisdiction with weak law enforcement. They could then order a victim such as the University of California San Francisco to wire $1.14 million to the gang's foreign bank account. If the $10 million successfully arrives without being frozen, the gang  quickly withdraws the funds as cash before an injunction arrives.

But remember, the second key feature of modern day ransomware is that these gangs are carrying out multiple attacks each day. Setting up fake accounts at various foreign banks in order to receive wire transfers requires a lot of effort. Once one account has been used, it is compromised forever. By contrast, using the Bitcoin network over and over is a cinch. 

In short, wire transfers don't scale. Only Bitcoin allows for the mass production of ransom payments.

So now we know why ransomware gangs like to use Bitcoin. It's not the anonymity. Rather, Bitcoin opens up the field to big-ticket repeatable censorship-resistant payments. 

The next question we may want to ask ourselves is this: should we try and modify the Bitcoin payment network to stop these attacks?

We have a long history of making changes to payments systems that have become popular with criminals. When electronic gold issuer E-Gold became a tool for carders, it had to introduce a customer identification program. Western Union became a haven for “wire money to get me out of jail!” scams. It was fined and introduced much stricter know-your-customer rules. In the early 2010s Green Dot's MoneyPak became a popular network for FBI scams. Green Dot shut MoneyPak down for a year and rebuilt it from scratch to make it much harder for scammers to penetrate.

Bitcoin can't be modified, though. It is censorship-resistant. Which means we need other responses.

One possibility is to ban cryptocurrency. But as I wrote in a recent article for the Sound Money Project, I'm not a big fan of that solution. It seems like overkill. Rather, I suggested putting an embargo on the ransom payments themselves in order to cut off ransomware gangs' revenue. (I also fleshed this idea in an article for Coindesk in 2020.)

Here's another option. The U.S. government could make it difficult for ransomware operators by dusting off Section 311 of the USA Patriot Act. Let me explain how this would work.

A big chunk of the ransom payments that gangs like REvil collect are routed to cryptocurrency exchanges in jurisdictions with minimal anti-money laundering controls. The bitcoins then get converted into cash. Without these liquid offshore exchanges, it would be difficult for ransomware operators to launder their funds into spendable cash.

According to cryptocurrency analysis firm Chainalysis, one large Russian cryptocurrency took in nearly 44% of all ransomware funds sent to exchanges in 2019. (Chainalysis refused to name names). More recently, I stumbled on the following anecdote. It shows how a certain Russian exchange (perhaps the same one that Chainalysis mentions?) converts incoming bitcoin ransomware directly to U.S. dollar banknotes.

Now, without rogue exchanges such as the one above it would be difficult for ransomware operators to engage in business. But these exchanges are usually located outside of U.S. jurisdiction, so there seems to be little that the U.S. can be done about it.

This is where Section 311 comes in.

Section 311 allows the the Financial Crimes Enforcement Network (FinCEN), an arm of the U.S. Treasury, to designate any foreign based financial institution (like our Russian cryptocurrency exchange) as a primary money laundering concern. Once so designated, it becomes illegal for any U.S. financial institution to interact with the listed entity. 

For those readers with long memories, Section 311 was used to shut down Liberty Reserve, a Costa Rican-based electronic money issuer that became popular with criminals involved in identity fraud and credit card theft. Below is a list of entities that have been designated under Section 311.

Entities designated by FinCEN under Section 311 of the Patriot Act

What really provides Section 311 with the extra oomph for reaching rogue exchanges is that it allows FinCEN to require that U.S. financial institutions stop doing business with any other entity that provides banking services to the designated entity. Think of this strategy as the friend of my enemy is my enemy. Any Russian bank that offers an account to the offending Russian cryptocurrency exchange could be cut off from the U.S. banking system, too. Because the U.S. market is such an important market, most Russian banks will stop doing business with the exchange just to stay friendly with the US.

So Section 311 would cripple ransomware-friendly exchanges by severing them from the financial system. And without these rogue exchanges, it becomes much trickier to be a ransomware gang.

To sum up, Bitcoin is censorship-resistant. That's why ransomware gangs like it. This very same feature also prevents democratic societies from modifying the Bitcoin protocol to exclude ransomware gangs. Bitcoin may be censorship resistant, but the venues where it is traded are not. Section 311 and other tools that allow for leverage over these venues remain one of the best ways to attack bitcoin-based ransomware.

Tuesday, June 1, 2021

A bronze currency in ancient Europe?

Metal scraps from a soldier’s pouch found at the Late Bronze Age battlefield of Tollensee Valley (source)

1) Last month I wrote about hacksilver currency in the ancient Middle East. This month I thought I'd share some fascinating archaeological research exploring what Europeans may have used as money during the Bronze Age.

2) By Bronze Age Europe, what is generally meant is the period beginning with the first appearance of bronze, a product of copper and tin, in southern Europe around 3000 BC and spreading north into the rest of Europe. It lasted till the introduction of iron between 1000 BC - 600 BC, depending on the region.

3) Did Bronze Age Europeans develop the idea of using metal as a common medium of exchange? There's a big hurdle to answering this question. Europe lacks textual evidence.

4) This isn't a problem in the Middle East. Thanks to the survival of "texts" such as cuneiform tablets, it is commonly accepted among archaeologists that hacksilver, or bits of cut up silver, circulated as a medium of exchange in the Near Middle East (i.e. Turkey, Israel, Iraq, Egypt, Iran). Europe, by contrast, hadn't yet developed written language -- that wouldn't come till around 500 BC. And so archaeologists don't have textual evidence that they can use to get hints about what Europeans used (or not) as money during the Bronze Age.

5) One curiosity from Bronze Age Europe is why cut up pieces of bronze are habitually found at dig sites all over Europe. Here is a picture of a bronze hoard found in France that I screenshotted from a paper by Dirk Brandherm (2018).

6) Europeans liked their bronze fragments. As time passed, evidence from hoards shows that more and more bronze was used in Europe. And the proportion of bronze being subject to fragmentation increased over time as well.

7) Archaeologists have long speculated why Europeans cut bronze into pieces. One theory is the owners of the bronze intentionally did so just prior to burial for religious reasons. Brandherm (2018) goes into this theory in some detail. Breaking up bronze may have been part of a ritual of "killing" objects perceived as being animate beings. These bronze fragments may have been intended for use in the afterlife or as votive offerings.

8) Archaeologist Rob Wiseman (2018) recently flagged a problem with the religious theory of intentional bronze fragmentation.

If bronze was purposefully broken up, there should be a discernible pattern in the weight and/or length of pieces making up individual hoards. For instance, one hoard might have a lot of smaller fragments, and another larger ones. That would demonstrate intentionality. However, the characteristics of bronze hoards (Wiseman studied British ones) shows that they can be best modeled as if they had each been accumulated randomly.

9) According to Wiseman, Europe's bronze hoards are best thought of as personal stashes of bronze haphazardly assembled from already-circulating bronze fragments. These bronze hoards were probably only meant to be buried for a few weeks or months. Instead they ended up being forgotten or lost.

10) Which gets us to our next theory for Europe's bronze fragments. If the bronze was not fragmented just prior to burial for religious reasons, but while it was still in circulation, might it have been fragmented for commercial reasons? More specifically, was bronze a form of currency?

11) In a recent paper, Nicola Ialongo and Giancarlo Lago provide what they believe could be evidence for the currency theory. Through a careful statistical analysis, the two archaeologists have found a relationship between bronze fragments and balance weights used by ancient Europeans to measure mass. They believe that this compliance of bronze pieces to a system of weights and measures is a good indication that bronze fragments were used as currency.

12) The technology for weighing things -- balance weights and bone/antler balance beams -- arrived in Southern Italy in Early Bronze Age (2300 to 1700 BC) and by 800 BC had been adopted all across Europe.

Bronze age balance weights from Southern Italy (source)

13) In an earlier paper published in 2018, Ialongo teamed up with Lorenz Rahmstorf to analyze around 500 stone and bronze balance weights found all across Europe. They find that these balance weights tend to form a sequence, illustrated below in a frequency distribution chart.

The frequencies of balance weights for each weight in grams (source)

As you can see, the balance weights mostly fall within a number of major clusters. Taking the cluster of weights at 9.6 grams as the base unit, it's possible to see a logical sequence of roughly 1⁄3, 2⁄3, 1, 2, 3, 4, 5, 6, 10, 12, 15, 20 for all weights between 3.1 grams and 393 grams.

It's pleasing to see this regularity, because it's what you'd expect of weights -- a degree of standardization.

14) In his subsequent paper with Lago, Ialongo searched for a link between these balance weights and the bronze fragments found in hoards. The two archaeologists measured the weight of 1411 bronze fragments found in modern-day Italy, Poland, and Germany. They then compared this data to balance weights found all across Bronze Age Europe. What they found is that the bronze fragments seem to have been systematically broken up in a way such that their mass aligns with the system of weights.

15) Below is a chart that illustrates this statistical relationship.

Bronze fragments (right) comply with balance weights (left). Source

(The archaeologists have used a tool called cosine quantogram analysis to pin down this relationship. If you are interested in the details of this process, please refer to their papers. But to understand what this chart is saying, read on.)

16) On the left, the data for the balance weights is depicted. The bell-shaped purple region between 9 grams and 11 grams is where most of the balance weights lie (with a best fit of 9.6 grams). That is, most of the balance weights either had a mass of ~9.6 grams or some multiple of 9.6 grams. As a multiple of 9.6 grams, that means they may have clocked in at 19.2 grams (9.6 x 2) or 96.2 (9.6 x 10) or some other even multiple.

Likewise, the chart says that weights were unlikely to clock in at a weight of, say, 6 grams, or some multiple of 6 grams (like 12 grams, 18 grams, 60 grams etc). There is no bell-shaped concentration on the chart at 6 grams.

17) Ialongo and Luca describe this regularity as evidence of a pan-European weight unit, a shekel, of about 9.4 grams to 10.2 grams, the same unit Ialongo pinpointed with Rahmstorf a few years before.

18) The right side of the chart shows that the bronze fragments are broken up in a way that aligns with a theorized European shekel. The bronze fragments tend to fall in the orange zone, with a best fit of 9.8 grams. That means they either weigh about 9.8 grams or an even multiple of 9.8 grams. (But they almost never weigh 6 grams or a multiple of 6 grams).

I don't know about you, but I find this three thousand year-old regularity remarkable. Both the fact that it existed and that we teased it out so many years later.

19) Why might bronze have been fragmented in a way that seems to comply with the 9.4 gram European shekel? 

Presumably if bronze pieces were being used as a medium of exchange, then it would be convenient for those engaged in trade if those pieces were broken up into standardized 9.6 gram chunks (and its increments such as 19.2, etc). The possession of multiple cleanly cut pieces would have sped up the process of exchange, sort of like how having five $1 dollar bills and three $5 bills in your wallet is more convenient than having just one $20 bill. Having many denominations allows one to cleanly reach a wider number of amounts, buy more things, and transact with more people.

20) I don't think this quite gets us over the line to currency, though. 

Bronze could have simply been a popular commodity at the time, not a medium of exchange. But why did bronze fragments comply with the weight system if there was nothing monetary about them? Because it was convenient. Even if bronze was just a commodity, cutting it up in a standardized way would have simplified the process of trading it.

21) Ialongo and Lago don't stop there, though. They turn to the Middle East for an analogy. Evidence shows that hacksilver (bits of broken up silver) found at Ebla, a dig site located in modern day Syria, complied with balance weights found all over the Near Middle East. In a 2018 paper with Luca Peyronel and Agnese Vacca, Ialongo illustrates this relationship with a chart.

Middle Eastern balance weights and hacksilver (in green) tend to overlap (Source)

Both the balance weights (in non-green colours) and the hacksilver (in green) tend to accumulate at regular intervals such as 8.36 grams, 16.58, grams (which is 2 x 8.36), 82.77 (which is 10 x 8.36) etc. This makes sense, since archaeologists have long believed that ancient Mesopotamia used a standard weight unit of 8.4 grams

22) To continue with Ialongo and Luca's analogy...

The statistical relationship between metal fragments and balance weights that we see in Bronze Age Europe is very much the same as the one we see see in Middle East. But in the Middle East we have textual evidence that hacksilver was a popular medium of exchange. Europe lacks textual evidence. Given that we know that hacksilver was a form of currency in the Middle East, and said currency aligned to a system of weights, could that mean that the alignment of bronze fragments to a system of weights in Europe indicates that bronze was also a type of currency?

23) It's a provocative argument. Ialongo and Luca's paper is still new, so it'll be interesting to see what their peers have to say.

24) Even if you don't buy the currency argument, it's still neat to see how bronze pieces all over Europe were being fragmented according to the same European weight standard. It implies that Europeans weren't primitive and isolated. They were engaged in continental commercial trade with each other, and were connected enough to merit the development of standardized systems of weights and measures.