Advertise With Us
Sign up for our Newsletter
Join Our Directory
Open an Account
Cryptocurrency Interviews

Former CIA employee and NSA Edward Snowden on Bitcoin 

21 Aug 2015 by OneStopBrokers
Edward Snowden

Speaking in an interview during IETF 93 Meeting, former CIA employee and NSA contractor Edward Snowden, spoke among others about Bitcoin. He focused his talk on Bitcoin’s flaws and weakness.

Edward Snowden began by briefly speaking about the the “51% attack” and the weakness of the protocol that structurally make it vulnerable for attacks and maipulation.

Find below Edward Snowden’s comments at IETF93 where he referred to Bitcoin.

Bitcoin

???: What scared me most about the documentary and some of the comments were making sense even right now is not the data and we can encrypt that, but the metadata and the correlation. So the fact that our point of view now is going to get you in real, real trouble.

{laughter}

Edward Snowden: Probably. I just moved a couple of steps up on the list after this discussion.

???: Exactly. So question for you is the first example you gave was credit card being so dangerous. What do you think about things like – I mean you talk about – you can anonymise the end point, but then I’m talking to you, and then how do I know I’m talking to you and how do we have a meaningful conversation without the NSA knowing who’s talking to whom, but the big thing might be for money.

So what about Bitcoin or things like Bitcoin that says at least the market transactions get anonymized when…

Edward Snowden: So, the Bitcoin thing is – I mean this is – nobody really likes to talk about Bitcoin anymore. There are informed concepts there. Obviously, Bitcoin by itself is flawed. The protocol has a lot of weaknesses and transaction sides and a lot of weaknesses that structurally make it vulnerable to people who are trying to own 50 percent of the network and so on and so forth.

But when we think about the basic principles behind it, there are some very interesting things that particularly when we start to combine them with that idea like before of tokenization, of concepts like proof of work.

Are there other means through which people can basically pay for access other than direct transfers of currency that originated with an association to their true name?

The other ones are inaudible mixed in networks, for example, where we have multiple steps just like Tor where they got these mixed inaudible in the Bitcoin universe where they tumble the transactions of the Bitcoins that go in it to pay for your purchase aren’t the same Bitcoins that go out.

But focusing too much on Bitcoin, I think, is a mistake. The real solution is again, how do we get to a point where you don’t have to have a direct link between your identity all of the time? You have personas. You have tokens that authenticate each person and when you want to be able to interact with people as your persona in your true name, you can do so. When you want to be able to switch to a persona – a common persona, an anonymous persona, a shared persona, you can do that. When you want to move to pseudonymous persona, you can do that.

A lot of these are difficult problems particularly when we talk about the metadata context, the signalling context. And there are actually some really bad proposals, I think, and this is in no offense to anybody who works on these particular problem spaces, but again, it gets back to the middlebox space.

We’ve got proposals like SPUD, for example, where they wanna make UDP a new channel for leaking metadata about the user’s intention. They want to be able to –

{applause}

I get the feeling that there are a lot of people in the audience who are concerned about middleboxes. I didn’t know…

{laughter.}

All right. So the idea here is we can all understand the incentives of these vendors. They want to be able to provide mechanisms for tiered pricing. They want to be able to provide prioritised service or increased rates. They want to be able to say, “Whatever, we’ll kick you down a tier and we’ll charge you less,” and these things are great, but again, those are their incentives, right? Those are not the internet’s problem sets. Those are the vendors’ problem sets.

And when we think about things like they talk about – all right – well, we want to be able to innovate in protocol space, so good – so does everybody, right? This isn’t a thing where the vendor is against the IETF or the vendor’s against the technical community, academic community, whatever.

We’re all partners here, but we need to think about where the actual problems of this ossification originated from in the protocol space and it’s actually not from the IETF. It’s from internet access providers. It’s from network service providers. It’s from Level Three, Hurricane Electric. People in the middle, people running middleboxes, setting their firewall settings to a point where basically there’s no space for innovation because they don’t – “oh, well, we don’t recognise it. It must be malicious”. They don’t update it. They don’t basically tend to the garden that we’re all collaborating on and so, the question comes, how do we try new mechanisms? How do we create new incentives for everybody to work together here?

And I think the first is to recognise that when it comes to the global security problems we have with internet communications today, we have to recognise that the new proposals being put forward, we have to go, “Does this create more problems than it solves?”

And if it’s creating more metadata that’s associated with user preference, they can be intercepted, they can be manipulated, they can be interjected as a stream, this is in general a very bad thing. We need to be able to reduce the amount of metadata that’s linked on a part of a user’s communications invisible to them, not increasing.

And in general, I think we need to get to the point of intent. What is the user’s intent? As they interact with the internet, as they interact with their community, as they interact with the associations that they have with their friends, their connections, whatever.

And how do we ensure that our standards, our protocols, our technology, the systems that surround us everyday are working to support, to protect and to armour the user’s intent rather than to betray it or to monetise it or to take advantage of it in some way that might not be the end of the world, it might not be the worst thing in the universe, but it is not compliant with the user’s actual intention as they engage with that.

If you want to provide those mechanisms, that’s fine, but in general, they should be transparent, they should be opt-in. They shouldn’t be things that we’re baking into protocols particularly when there’s no clue to the problem that there’s not another mechanism like simply changing the firewall settings to the user.

???: Thank you.

Source: GitHubGist

 

Leave a Comment

Broker Cyprus TopFX