2013-11-15

On Bitcoin redlists

So recently Mike Hearn proposed an idea of "redlisting" Bitcoins. Here is the gist of what is being proposed:

Consider an output that is involved with some kind of crime, like a theft or extortion. A "redlist" is an automatically maintained list of outputs derived from that output, along with some description of why the coins are being tracked. When you receive funds that inherit the redlisting, your wallet client would highlight this in the user interface. Some basic information about why the coins are on the redlist would be presented. You can still spend or use these coins as normal, the highlight is only informational. To clear it, you can contact the operator of the list and say, hello, here I am, I am innocent and if anyone wants to follow up and talk to me, here's how. Then the outputs are unmarked from that point onwards. For instance, this process could be automated and also built into the wallet.

Pondering this issue for awhile, I am reaching a few reactions and points for and against this issue.

First of all, it touches on one of rather important ideas of money - fungibility. In essence, implementing this system as proposed would constantly be reminding people that despite all money being equal, some money would be more equal than other. Money needs to be fungible to make payments fast, cheap and predictable. If it isn't, then we start creating a market for trading bitcoins for bitcoins, euros for euros and so forth. On a more personal level, trying to keep track of money in one's wallet and trading tainted coins for clean coins would be too much of a hassle.

Second problem raised by this concept is how one would track the taint. Bitcoin constantly mixes coins from multiple outputs. There are no singular Bitcoin bills one can track, bitcoins are more like cheques that spend whatever amount one wishes from the money one has. This would create transactions that are 95% tainted, 47% clean, or just contain 1% of "pizza coins". The problem gets more complicated when we take into consideration transaction fees. Does a block that accept a 1BTC tainted along with their 25BTC newly minted money makes that coinbase transaction 1/26 tainted? Would miners want to get reimbursed for receiving those tainted coins?

Third problem I can think of is whether with the redlist one would be entitled to the sweat of one's brow? If someone provided a service in good will and got paid all in tainted coins for a coffee they sold, would they be forced to give that money to whoever it was stolen from? What would happen if a coin got redlisted only after we have received the money? Would everyone have to keep track of everyone they are doing business with them to let the authorities follow the breadcrumb trail back to the original criminal? All of those questions don't have a clear answer if you want to respect the rights of the original owner of the stolen money as well as the rights of a business person earning their living and the rights of every Bitcoin user to the high pseudonymity offered by the Network.

The fourth is the issue of who would be entrusted to keep track of the redlist? If it is controlled by an individual or a single corporation, they are open to manipulation, threat, or government muscling their power. If there is no single redlist, there might not be consensus as to which coins are tainted and which are clean.

Overall, keeping a redlist is a slippery slope. Here is how things could progress:

  1. You start with informing people of coins that were used for crime
  2. People start discriminating against tainted coins
  3. Someone from the US government would have the bright idea of redlisting coins that passed through wallets of "terrorist organizations", so say Wikileaks gets redlisted
  4. People that don't know better can't tell a difference between coins redlisted for crimes and ones redlisted by politicians for "war on terror", so they discriminate against them both.
  5. Term "terrorist" or whatever is the flavour of the month gets extended to more and more organizations that are inconvenient for the US - Anonymous, some foreign journalists that report on war crimes, government of a country that is "at war" with US or "harbouring terrorists", etc.
  6. Soon the redlist becomes a political tool - we start discriminating against the grey area. Say some place does research on human embryos or human cloning in a country where that is legal, but since some western country thinks that their law trumps over regional law, they start redlisting their addresses.
  7. Transactions and addresses are started to be added to it indiscriminately because some government agency says they are tied to this or that crime. Whoever is keeping the redlist can't say no since they have some order from the agency, and they can't tell anyone why they are adding those since they have a gag order.
  8. Soon you start having a currency controlled by the political powers of one country that houses whoever is making the redlist since they can muscle their way into controlling it.


HOWEVER! There is also a flip side of the coin, be it digital or not.

If anyone wanted to track coin taint, nobody can stop them anyway. With Bitcoin, every transaction is on the record forever. You can track your pizza taint until the end of time. This also means that any government agency can use this information against you if they know your addresses.

Going away from the negative things, if the redlist was implemented well, it could be a good tool for stopping bitcoin theft. The proposed idea is an indiscriminate bomb, but consider this approach:

  • Anyone can report a theft of their coins to the proper authority - police and the like. Same as credit card theft.
  • Them reporting a theft officially (not through some forum rant), means that they are accountable in case they are lying. This would deter any wannabe free loaders that want to spent money other people entrusted to them. Again, same as credit card theft.
  • If the proper authorities acknowledge the claim, they can ask for voluntary information to track the thieve, or can obtain a warrant to audit any Bitcoin business operating in their jurisdiction for the record of their transactions. A proper business would be required to keep that information anyway - especially the Exchanges.
  • If the authorities come across evidence that a given person has been paid with tainted coins, they can ask them if they know who they got the money from, or with a warrant request that information. It is in everyone's best interest to help fight the criminals.
  • However, unlike say, buying stolen merchandise, one should not be required to forfeit the tainted coins (unless they are connected to the criminal and so forth). If one provided a service in good will, they are entitled to their money, unless whatever those coins paid for is returned to them - similar to returns in stores or whatever. This ensures that merchants do not discriminate against money from one source or another.
  • If the original criminal is caught, they should be handled like any other criminal.
This approach does not make the redlists binding and indiscriminate, but instead keeps them as a normal tool in fighting crime. Of course anyone would be able to keep a redlist of their own and it is likely that police from various countries might operate together to find trails of crime, but it all happens in a regulated space of the law. Common users should not see the redlists by default - the last thing we need is someone who is oblivious to how Bitcoin works trying to be a vigilante for "justice".



So to sum all up - the current proposal of the redlist is akin to many US attempts to "combat terrorism" through indiscriminate surveillance of everyone. This approach is unacceptable. However, Bitcoin will need a way to combat coin theft, so a regulated and limited approach to redlisting should be developed, but nothing more.

No comments:

Post a Comment