What do Cryptocurrency and the 90's have in common? Easily exploitable bugs and also Paris Hilton, apparently. We cover the state of regulation and cybersecurity within the blockchain and cryptocurrency space - covering environmental, democratization, and equity concerns, as well as user vs. system security, code audits and minimum standards. We also have a special guest appearance by crypto strategy expert, Corinna Fehst. Bethan talks about whether you should post your laptop screen on BeReal [spoiler alert, please don't].
What do Cryptocurrency and the 90's have in common? Easily exploitable bugs and also Paris Hilton, apparently.
We cover the state of regulation and cybersecurity within the blockchain and cryptocurrency space - covering environmental, democratization, and equity concerns, as well as user vs. system security, code audits and minimum standards. Corinna Fehst (MPP'18 and crypto strategy expert) makes a surprise guest appearance. Bethan talks about whether you should post your laptop screen on BeReal [spoiler alert, please don't].
Show Notes:
[00:00:00] Hello, and welcome to cyber dot R R a podcast by Harvard Kennedy school students. My name is Winona. I'm joined today by grace. Bethen Sophie and Danny. Today, we'll be asking the following questions. What is cryptocurrency anyway? What does it have to do with cybersecurity? And what are policy makers doing to regulate it?
Hi everyone. so hi. So on our last episode, my cyber show and tell was about tornado cash, getting sanctioned by the us treasury and, grace was making a lot of fun of me for being a hype crypto bro. And so I'm going all in this episode. I was calculated well, well, no, no. I feel like the questions you just introduced are questions I've been asking since I don't know the. , five to 10 years since crypto has been a thing. I just feel like there's so much hype, there's so much on, , [00:01:00] different social medias. I think this is a really important conversation to bring this cybersecurity angle.
Yeah, I think that it's definitely worth exploring this topic. And so why don't we start with some definitions. Does anyone want to explain to our listeners what blockchain and cryptocurrencies are? So I, I feel like ever since day zero, there was blockchain and day one, there was the onslaught of what is blockchain article explainers.
And since that day on, we've had at least five a day that have come out and some with great analogies, some less so, but, I read one. In anticipation of this episode on the verge from Mitchell Clark. I thought it was a really, really great analogy. So I wanna share it with all of you
imagine you've got, a series of boxes with receipts stacked up in each of those boxes and those boxes are linked together and sort of a, they're just placed next to each other. And, and we can imagine that as a chain of boxes and those receipts might have what we traditionally [00:02:00] think of receipts as containing, which say information about transactions, but it also could have really any other kind of data.
Cryptocurrency is one type of transaction that can be recorded on this blockchain. So you're recording transactions of a currency, a digital currency. And then you can have lots of different kinds of those cryptocurrencies. Yeah, I think we can start with like, because public blockchains create this unique decentralized way for people to interact without a middleman, it allows for trustless exchanges in a way that actually is pretty unique.
Two parties can interact without the oversight of a third middleman. And when data in the blockchain is good and true, that's a really great thing. On the other hand, it also makes it really hard to regulate this space because no one's in charge and nothing can be modified. So that means that mistakes can't necessarily be correct.
That's a really good point, Danny and Sophie, because then on top of all of that, you add [00:03:00] finance and money into this equation where you have the blockchain, which is this very interesting emerging tech, and now people are paying each other with it in a decentralized manner or paying each other with cryptocurrency, which operates on the blockchain.
Winona, as you're saying that what's coming to mind is, one could easily apply that description to web 2.0 that we had an original vision of the internet and it was this community oriented utopia full of weird stuff.
And for a while, it was that, , it was amazing open source content. It was well mannered, weird boards. And, and then we got commodifying data and then we got some not so well meaning boards and, that's kind of what we're seeing here. There was an original conception born outta the idea that when we have either finance or other kinds of spaces that are determined by gatekeepers, with authority that lends itself to potential for abuse by those gatekeepers.
And so what if we have an [00:04:00] instrument that. Builds spaces and builds currency and builds value be that monetary or intellectual value or entertainment value builds that value by consensus.
And let's have that, but of course, as soon as you create the initial steps for that vision, you get things like what we're probably gonna get into in this podcast, which is all the other layers that go on top of it, including the current instantiation of the cryptocurrency industry, where you do have things that are starting to resemble a lot. Like gatekeepers.
Yeah, Danny, I think building on that point about gatekeepers, you also see this massive growth in, venture capital and finance using crypto as a major asset like Andreen Horowitz recently announced a 4.5 billion fund for backing crypto and blockchain companies and your average retail investor, , such as all of us, we don't get a slice of that massive VC.
And also this is [00:05:00] in recent's fourth fund , which brings its total raised VC funds to 7.6 billion. We're seeing this gatekeeping and this is not aligned with the original article that created blockchain by Toshi Nakamoto. And we're getting further away from that. Can our listeners tell that Bethany used to work in finance?
yes. I'm a recovering finance error.
Yeah. The most that was like 7 billion seems like a lot of money. But there are so many. Weaknesses that I think need to be addressed head on. I, I think the first one, is very obvious with the environmental impact of the computing power that it takes for the proof of work. I think that there are a lot of interesting ideas out there to, combat that but I think until it does , that itself just alone would be a net extremely negative and irreversible negative to our global climate. That's a good point, grace.
I do wanna go back to Danny's web 2.0 point where it feels like we are in the early two thousands again. And [00:06:00] we have this interesting new technology that a lot of people are rapidly migrating to and now money is involved and, , money ruins everything.
So how the heck do we fix this before it gets out of hand? I actually have a surprise guest on our podcast today. And I asked her to give us a little bit of a pre-recorded clip, on.
What she thinks are the most interesting parts of cryptocurrency regulation and what that has to do with cyber. So I'm gonna play that. We are so honored today to be joined on the podcast by Rina fast. She is a former. HKS grad
she has also done stints at Boston consulting group, Google, and now she is working at a fairly well known cryptocurrency exchange company, doing strategy and policy. Now welcome to the podcast. . Thanks for having me guys excited to chat.
I would love to just kick off by asking you what you think some of the big security or policy [00:07:00] problems there are in the cryptocurrency space. Sure. Crypto is obviously so both hyped and under doored by its followers and then absolutely detested and despised by lots of regulators.
Let's start maybe by distinguishing between blockchains and crypto. Cuz I think a question that a lot of people often ask is, oh, blockchain seems so obviously sensible. But then crypto is, is this whole mess. If we're talking about public, as opposed to private blockchains, you can't separate the two things you need cryptocurrencies.
So you need virtual and digital currencies to power and essentially incentivize the, the decentralized network of peer to peer participants that power secure right of blockchain. But generally speaking, I think the thing that is so incredibly powerful about public blockchains and the cryptocurrency that power them is this idea that you you can create a, a way for people to interact in a completely decentralized way.
Without any middleman, right? And that [00:08:00] it doesn't sound like that big a deal, but it's actually fundamentally revolutionary. Like it's not how we interact in any way, shape or form today. There's always a middleman in anything that we do in every single aspect of your life.
And the idea is what that gets you in theory, hypothetically, eventually you will get much greater efficiency cuz you're cutting out the middleman, right? It's gonna be faster. It's gonna be simpler. In theory, you'll eventually get lower fees and lower cost and you'll give greater control and control can be, anything can be like over your personal data.
So your privacy, but also just more generally control over what you want to do, right? You as an individual, get a lot more control by directly being able to interact on your own terms in the way that you want with someone else. But there's also this whole. How blockchains and, and the cryptocurrencies like power and support them can enable a whole different set of economic models.
So for example, like maybe you disagree with the fact that so much economic power, so much Wells and, and so much control over personal data is centralized in, in a couple of massive tech companies these days. [00:09:00] So one of the really cool opportunities that blockchain technology opens is you could have something like an Uber, but it could be peer to peer, right?
Without a company in the middle, you could have a network of drivers that directly interacts with a network of riders without anything in the middle. That's really, that's really exciting. You could take a lot more ownership of your data and carry it with you and take it with you and grant parties, access to it as you please.
And let people monetize it as you please. So there's all of these different, cool economic models that you can Unlock let's get to some of the cons or like areas of challenge.
And I, I think a couple of these just relate to public blockchain technology in general, and then some are like specific to the way that cryptocurrencies are used today. But in terms of like general cons, the elephant in the room often is environmental. So because for these public blockchains, you need cryptography to secure them.
How do you do that? And the, the dominant model in the past to, to secure them, the one that the Bitcoin blockchain runs on is proof of work and [00:10:00] that's just incredibly energy intensive. So how do you get around that? There's lots of technological innovation to try and reduce that carbon footprint. The biggest one being the switch from proof, proof of work to proof of sake, which is much more energy efficient as a, as a cryptographic.
The second con with the way that blockchains work today is as scalability, transaction throughput, basically they're neither fast nor efficient, and they can't really be used for anything that involves small or regular transactions today. , we're still a long way away from making any of this workable for small transactions cuz cost time and so on is just not, not workable at right now.
Some people actually argue that there is like a lack of privacy. On public blockchains. I mean, you, you have ized identities, right? You have your wallet addresses. And then the blockchain allows basically in the vast majority of cases, anyone to see which wallets are interacting with one another, you can argue that that's space of pro and cons.
So from a policy point of view, might you might actually argue that that's a pro you're worried about [00:11:00] like money laundering and crime and so on. You could actually argue that's it. Right. But if you're thinking about trying to use this technology to run your private finances, your, your entire business.
And so, and then obviously this is a challenge. Fourthly there's the security angle.
This is what you guys are probably most interested in. There've been so many very high profile hacks or various participants in the crypto ecosystem. So it could affect a centralized exchange. It could affect a blockchain in and of itself. It could affect a wallet provider. There's all of these different participants in the ecosystem or parties in the ecosystem.
And every one of them can be vulnerable. And vulnerability in one part might be much, much more serious for the overall ecosystem than others, but those are obviously big, big challenges. And at the end of the day, it comes down to engineering and, and technological security. So that's a big potential concern.
And then another area is you could actually make a case that even though the whole idea with blockchains is to be fully decentralized in practice right now, a lot of them aren't, they're not delivering on that promise. So if you look at the [00:12:00] presence of big centralized exchanges, you can argue actually the technology still has a really, really long way to go to, to deliver on that promise.
Then moving into a couple of points around that I think more directly linked to the cryptocurrencies that power, these blockchains, the biggest area of concern , would be customer protection. I tend to think of it as like three things. First regulators are worried that, there is no inherent value in the cryptocurrency and it's all a bit of a Ponzi scheme and the people who are gonna suffer at the end of the day will be unsophisticated retail investors.
That's the. Negative view , that some regulators are taking of the technology right now. I think another concern in this space is that customers get access to very sophisticated financial products that in the traditional financial world are very heavily regulated, very tightly controlled, if you are not sufficiently sophisticated to know how to handle those kinds of tools, it can work in your detriment.
And then another big area of concern is around financial stability and systemic risk. I would describe it as crypto is getting more connected to the [00:13:00] traditional financial system in part because institutional investors are moving into this space.
The concern here is you're actually starting to bleed into the traditional, financial system. For example, if you have big institutions, take significant stakes in a cryptocurrency and then there's fluctuation or volatility, that impacts their balance sheet in the traditional financial sense.
And then the glass bucket is the use for illicit activities. Within that, I would think of criminal activities. So for example, ransom payments in crypto, there are scams. And then the sad item is sanctions are mentioned. So basically that's selling link international security.
So is for example, North Korea able to finance part of their nuclear programs through, crypto, right? Those are, those are the big elements there, I would say. And, and I assume this is of most interest for a lot of HKS folks, a lot of the folks in our world, but there's a couple of like pretty prominent crypto research firms are actually say that in terms of.
Percent of total crypto volume traded , the amount that can be linked to wallets that are known to be [00:14:00] engaging in illicit or problematic activity is actually a tiny fraction of the total. Is also worth saying, because chain analysis like blockchain analysis tools and companies have become so sophisticated, it's actually not that easy to just get away with this, with some of the recent high profile events where crypto was used for ransom and the FBI and other players were actually able to very quickly recover a lot of the payments.
It's not that easy to do this. If you think about it, you at some point need to be able to get Fiat currency traditional money into the crypto ecosystem. And it's really hard to do that. Like typically you need a big player, like a big centralized exchange
so you might have to interact with like a Binance or a Coinbase or something like that. And those companies tend to actually be really quite regulated. They have to go through KYC for their customers and so on. There's still some traceability there. So anyway, there's was like a big overview of a couple of the relevant teams I'm gonna, I'm gonna stop now.
Thank you, Cara. That was really, really informative. If you could think [00:15:00] of where the regulatory space is going, or if you could describe in a couple of words where you think the regulatory space in crypto is going, what would those words be? Yeah. Get it more hawkish. Is it more balanced?
My perspective, and this is a personal perspective, but I right now it's still very hawkish. I think regulators can see that there is potential with this technology. But because it's not there yet. And it can't easily point to use cases that are directly beneficial to customers today. It is regulators duty to protect customers.
They see a lot of the negative sides of crypto, much more prominently, like big price fluctuations or scammy adverts for low quality tokens and so on. But hopefully as crypto can prove the validity of its use cases, as it gets more interest from more traditional institutional players, then hopefully [00:16:00] that will gradually smoothen and, and tape it down.
I would say in terms of like specific areas where there is a lot of regulatory interest as mentioned, it's the customer protection. So for example, in the UK right now, you're seeing a lot of, you're seeing a big piece of regulation emerging that is essentially trying to shut down. Or add restrictions and frictions to marketing and onboarding into the crypto space.
So for example, in the EU, there's a huge piece of crypto regulation in its final stages of formation. Right now it's called Mika and Mika's introducing a white paper requirement. So they want token issuers to basically provide basic information about the token to just make sure it's higher quality. And I think linked to this is also some of the disputes that you're seeing in particular in the us around the nature of token.
So is a token a security, or is it something else? That debate interestingly doesn't exist at all, or to the same extent.
In other countries. So it's driven by the us regulatory environment and the division [00:17:00] between the different regulators in say the UK or in Europe. So yeah, those are a couple of thoughts down. That's so funny that nobody else has this problem. I feel like not quite nobody, but it's, it's a lesser, lesser issue in many other places.
Yeah. Well, thank you so much, Karina, for hopping on, as our special guest for this episode, I really appreciate all of the insights, Winona. Thank you so much. That was such a great conversation. That was really, really wonderful. good. Um, Yeah, Karina is the best. She said a lot of interesting points though, so what are people's thoughts on what she had to say? Yeah. So Karina's comments about some of the risks with blockchain and with cryptocurrency, I think ties in with our earlier discussion about the resemblance to web 2.0.
One of the things I've been thinking about is Jim Waldo out of Harvard Kennedy, who's teaches a number of privacy and internet courses. Talks a lot about how the original, conception of the internet [00:18:00] assumed that PCs weren't a thing, , this was before everybody had a computer in their home, you had a secure endpoint.
And so you weren't building for endpoint security. And now of course, everybody has a PC in their home and that has changed the nature of where the risks are, but we're too far down the line of producing cheaply made rapidly deployed PCs to bake security that way into the end points
And so I, I wonder if there are developments that any of you are watching that really strike you as something that wasn't originally conceived of, but that presents a really significant and sort of fundamental risk when it comes to the basic building blocks of cryptocurrency,
I think when kna talked a little bit about how the ecosystem of cryptocurrency has a lot of these high profile, Big centralizers even though it's originally a decentralized, technology, right? So not just the [00:19:00] bridges, but also large crypto exchanges where you're exchanging one cryptocurrency to another or even just the fact that you have a lot of new tokens and new cryptocurrencies coming into the market.
The thing that particularly strikes me, is not the scams or the like money laundering part. Although I do wanna talk about those aspects of, cybersecurity within crypto. But the thing that really stands out to me is how easy some of the hacks or intrusions were.
So for example, there's a lot of smart contract hacking so for example, a lot of these wallets or exchanges or bridges have terrible code like you're looking at a smart contract on a blockchain that somebody owns. And again, a smart contract is a piece of code and it's not actually like a contract, like a legal document, but it's like, if these preconditions are met, this code is going to run automatically.
The problem with having those things on the [00:20:00] blockchain is anybody can read that code by virtue of it being a public blockchain. So some of these smart contracts are so poorly written that your average Joe Schmo can read the code and be like, oh, if I change my account in X, Y Z way, I can withdraw as much money from the crypto exchange as I want.
Again goes back to web 2.0, when everything in the early two thousands was super hackable over the web browser. And I just, I find it so fascinating how a really financially focused, technology has all of these like easy hack and like it's the 1990s type bugs. Yeah. It's not only low rise jeans that are back it's now major, major exploitations, anyway, I wanna follow up on this point when no , like I think the wormhole bridge platform hack is really interesting because after a hacker spotted an error in open [00:21:00] source code, which was on GitHub, that's how they exploited it.
And that hack led to $325 million lost, wormhole is a communication bridge between Solana and other top, , defi decentralized finance networks. So again, it allows transfers across chains for tokens and NFTs, et cetera, et cetera.
So there's a lot of flow of assets going through these bridges.
The other thing, I just wanna note a lot of touted about the security of the blockchain, but, , the weakness of human networks remains. So I was reading a lot of really horrible stories about people who've lost all of their whole things in cryptocurrency. And there was one gentleman who was perplexed because he had incredibly good security.
He detailed everything he'd done, , multifactor authentication on everything and seemed like he had a air. Situation. And his wife is not at all interested in cryptocurrency. But she had been mailed a bunch of USB [00:22:00] keys
she assumed it was his package. He assumed it was hers. Nobody questioned it. She just opened up the package and left the keys on counter. And then of course thinking they belonged to each other. They plugged them in and it had malware on it that like totally wiped out his system. And so that's , it doesn't matter how secure the blockchain and it's, if you have a really good social engineering hack you can get in and that's.
Not a new tool. That's old tools being applied to new assets. And I think we don't notice enough the ways in which blockchain and cryptocurrency are still susceptible to problems. We haven't beat yet. , yeah. Danny, speaking of malware , now that crypto has become a part of the zeitgeist. You see a lot of criminals taking advantage of that. I mean, we were joking when starting this podcast that your laptop was slow because maybe you had crypto miners accidentally installed, thinking about the fact that there is malware that exists, that is probably not a nation state.
It's like your average cyber criminal. [00:23:00] Targeting specifically crypto wallets. And I think it's a Testament to how mainstream crypto has gotten, but maybe the question is, should it really be mainstream at the moment considering how emerging of a technology, this blockchain and cryptocurrency type stuff is?
Yeah, we were joking about it, but two, the minors who are harnessing my computing power, I wanna cut of your rewards and or to apple send me a new computer, cuz I only have one app open right now and all of us can hear my fan I wanted to follow up on Winona's point about , should crypto be mainstream and a really interesting stat is that a lot of scammers and these types of cybersecurity risks come from social media, which is a huge enabler of a lot of this language and these scams.
And it's also interesting. There is some data that showed that people in their thirties are actually hardest hit by a lot of these frauds and like, 35% of [00:24:00] reported fraud losses in 2021 were in cryptocurrency with the largest amount of losses coming from people in their thirties. , and I think what's interesting is these are folks who are on social media, but maybe not as literate as folks in their early twenties or even gen Z.
but I've definitely had some weird people request me on Twitter, like crypto something 1 0 1 and you check on their profiles and it's like, , join this to earn millions or whatever, massive returns, et cetera.
And that's really dangerous because the social media component of this is really concerning. I don't know what you're talking about, Beth. Those work they're a hundred percent foolproof get rich, quick schemes.
I'm a millionaire. we all wish . Yeah. I think that's a really, really important point. And just looking back at the last two years, it's been remarkable, the swell in names, celebrity names that I recognize that are shilling crypto on Twitter. And it seems to like really have [00:25:00] spiked at least in the last six or seven months, onslaught super bowl commercials really stands out in my mind.
And Corrina talked about this, Beth, and you just mentioned it, but there used to be a threshold to entry for engaging with cryptocurrencies. And it was either familiarity with the community and, and understanding of. What this was as an asset or as a tool or as a speculative, , engagement but now it's really, really easy to get into. And more than that, you have names , maybe it's your favorite movie, star, TV, star athlete telling you get into this. So it makes it seem like, oh, I don't need to be an expert either. I don't need to do my reading.
I can just do this. Like get rich quick scheme that this other really rich and famous person is telling me they've done. And, I think probably fair to characterize it as speculative and high risk, high reward investing.
Now we're seeing stories of people who are putting in things that they had intended for long term yields. College funds were their kids [00:26:00] a 10 years down the line business. And those kinds of huge savings aren't really well suited for something that even if it was airtight, security is already a volatile asset.
So now we've doubled down all the risk. Paris Hilton has never lied to me ever. Danny, what are you talking about? she lied to us about low rise jeans. Good. I, I would love to go back to, Danny's point about like the social engineering like, , the tried, and true statement that the weakest link of any network is the human component.
Like it's just multiplied compounded because of how opaque blockchain is. And like it's too advanced for where we are as a society in, like how susceptible we are , to different schemes. And I feel like there's also been like a huge resurgence in that social engineering.
I don't know about you guys, but I get massive numbers of texts and calls and WhatsApp messages from, I mean, certainly [00:27:00] people, I do not know , I think it's deeply unsecure insecure and not, just because of the actual system itself, but because of the people who are using it.
So, I get that point, grace, but I do wanna push back a little bit because is it really the user's fault? For being tricked like this, if the systems that are starting to centralize around cryptocurrencies, make it so easy to sign up and don't have the proper protections in place, right?
Like you have not just the fact that cryptocurrency is volatile, like even the most secure exchange of the secure wallet. Is going to have that risk of a crypto as volatile, but then you have less secure wallets or less secure exchanges that don't audit their own code, such that anybody can go and take advantage and, and withdraw, however much they want because somebody forgot a semicolon somewhere,
this is me going [00:28:00] off on my software engineering ran a little, we sees joke from you're you're welcome but also you have untrusted parties creating tokens or wallets or exchanges where if they get hacked. Don't make any promises to make their users whole again, like, yes, there's a user problem, but there's a huge, bad irresponsible actor problem with these new entrants into the space.
So the bar for entry is low, not just for the users, but also for the platform providers. Yeah, absolutely. Plus one to that. Yeah.
The other thing too, is even, I mean, we can have a debate about whether or not blockchains are actually as decentralized as they sometimes are made out to be. Like if the web three services, for example, that interact with those blockchains are still controlled by a very small number of private large companies, then whether or not the blockchain itself is [00:29:00] decentralized.
It maybe doesn't even really matter. On this point, I wanted to speak about this kind of unchecked chaotic ecosystem that's decentralized and particularly in the us, we have this major tension on and definition of what is crypto.
Is it a security or is it a commodity? And the reason why that is so important is that definition tells us who needs to regulate crypto as an asset. If it's a security, it will be regulated by the security and exchange commission. And if it's a commodity, it will be regulated by the commodity future training commission.
and again, this has not been figured out and Congress is trying to figure that out, but it's, it's this battle between these two ideas on who's gonna own the regulation. And that has huge repercussions, depending on which way policymakers decide to define crypto. And traditionally there's been quotes from, [00:30:00] original crypto experts that is, have said very clearly, crypto is a commodity, but then the way we see crypto use in finance and venture capital, it is a speculative asset.
For sure. So my question to the group is which should it be? How should policy makers go about making this definition? And when is this gonna happen? Because the urgency is real. I know there's a lot of questions, but I just wanted to put that out there. I would love to answer that question, Beth, but. Can you explain to me, like I'm five, the difference between a commodity and a security so securities are traditionally things like equities stocks they're not raw goods that maintain the same value regardless of who's producing them.
Commodities are things that while there might be minimal differences at value, depending on where the production is from typically they're interchangeable. So think of it as, , raw gold sort of thing.[00:31:00] And they tend to have standards that regulate what is the, the quality that qualifies it as gold.
And that's how you get that sort of stability of, of pricing across, manufacturers. So I couldn't say, Hey, this, , spec of dust I found in my backyard is gold and therefore is worth, , whatever the current price for bullion is. It has to meet that basic standard. Yeah, exactly. Danny and, and a security produces a return from a common enterprise or a company.
So, , a stock or a warrant from a publicly traded company, whereas yeah. Commodities are a basic good that can be bought, traded or exchange. Tangible assets like oil or corn
so on regulation, it's kind of interesting, bruce Schneider at HKS has interestingly compared Regulating blockchain to kind of being like regulating offshore gambling, in that it's, it's hard to regulate on the user side. I'm not really sure how you regulate this as a commodity versus versus anything [00:32:00] else, but I think it's important to know where investors or people using cryptocurrency are getting their information about cryptocurrency. And most of them are getting it from the crypto exchanges themselves and then another quarter, get them from, , your general trading platforms like fidelity or, or Robin hood, and then a last 25% of them actually get it from social media. So the question of how you regulate that gets really complicated really quickly. And only a very, very small minority get their information from an advisor or, or a broker.
So one of the I think clearest lines for the debate between what should crypto be classified as, and therefore who should regulate it is the argument that the sec is much better set up to do robust regulation than CFTC. And so if we could go either way, , then let's go with the classification that allows it to be put in the body that is better [00:33:00] prepared to regulate it. That holds a lot of water for me. I may be over indexing on the implementation side of things, but also when it comes to federal government, I think it's reasonable to over index , if we think this is a area that's not going away let's not be shortsighted about how we regulate it.
And , if CFTC is actually the best place to do it, then, then now it is the time. And now is perhaps the only window of time, I E early days to give CFTC the tools it needs, to, to become that long term regulator. but I wanna come down pretty firmly on the CFTC side, just based on a point about quality control, right?
Because if. People genuinely believe, and users genuinely believe that this is a commodity that should be traded and sold like a commodity, then it should be regulated as such. And ideally if it were regulated as a commodity tokens with a lower standard of [00:34:00] quality would be pushed out and.
Be able to be sold going back to your spec of dust versus gold argument. Right. I mean, Micah, which is a regulatory framework that the EU is, working on at the moment, has something similar in terms of barrier to entry for new tokens, like basically writing on white papers as to what the token is and, and how it works.
So maybe what we really need is quality control for some of these new tokens entering the market. I will say also , a lot of the regulations for data in the finance sector revolves around personal data or credit card information like PII personally, identifiable information.
Whereas a lot of the cryptocurrencies are all anonymized. Yeah. Somebody please tell me are all anonymized are all anonymized, it's unsure as to whether or not it's personally identifiable, but for example, any bank or centralized authority has to have some sort of PCI compliance, for [00:35:00] example, uh, worldwide, whenever they process any sort of credit card transaction, and so. Part of me wonders that if this were regulated like a commodity, would that raise the bar of quality for tokens entering the market, but also cause the exchange of those tokens to be more highly regulated and create a new regime around the data that is stored on the blockchain when, oh no, I'm gonna take the opposite position.
I am firmly of the belief that the F sec should be regulating this because the volatility of the commodity market, obviously there have been some examples and it's very tied to geopolitics about what happens to oil, et cetera. However, I think on net, the SCC has way more expertise to.
regulate something that just has massive volatility regularly. and volatility in commodity markets like oil. It's pretty clear when it's coming. Like if there's an OPEC meeting or if there's, , a war or [00:36:00] something, or some type of massive geopolitical event investors know and commodity investors in particular, but with, with crypto, the volatility sometimes has no bearing to whatever's happening around the world.
And so I I'm firmly of the belief that the SCC needs to regulate crypto almost like how there's. No relevance between stock price and actual value produced. Okay. Don't get me started for traditional equities. don't get me. You're telling me that game stop is not worth every dollar and cent yeah, please don't get me started on Reddit investors.
I will go off. Doesn't it, doesn't it matter? Like how Bitcoin is actually used?
Like, is it the problem is that it's used both ways or it can fit into both and that's the problem. Cause I thought that you can buy stuff with Bitcoin now. You're absolutely right. Grace. I think it's also like a, is crypto more like oil or is it more like a meme song? is [00:37:00] that's exactly. I'm saying . Yeah, but I'm not sure if that's something that we can answer. Right. Yeah. And I don't think it's possible for us to put the genie back in the bottle. I mean, you see China tried to ban cryptocurrency exchanging, oh, I didn't say that the mining of crypto. Yeah. They did mining a little little over a year ago. And because of the way that you can set up VPNs or, , circumvent different traffic controls in terms of the great firewall and things like that You still see China as one of the top, producers of cryptocurrency in terms of mining, in the world.
It's not, , number one anymore, but it's still pretty high up there. So given that we can't put the genie back in the bottle, like what can we do to safeguard systems and users? Yeah. Yeah. And I love that point that Sophie made that Bruce Schneider made about, trying to regulate offshore gambling.
Because I think that we have a bit of, policy school blinders on where we're like, we must regulate this. And that's [00:38:00] sort of, a given in our conversation, which for the record, I'm certainly on board with,
yeah. Like who are we actually regulating? There isn't yet. I think a figure quite like the Bezos in the Musks of the, of the cryptocurrency world.
And so it feels more difficult to, I guess, even build a movement towards, that regulation. That's a, I think a really fair point, grace, about , the biases of everybody on this call towards regulation. So it maybe just be worth outlining the argument against regulation. This was originally conceived as a way to get away from the abuse of gatekeepers. And in particular, a lot of the popularity came right after the financial crisis in which we saw major banks, institutions causing problems, and then not really, suffering the, the life changing financial repercussions, that of their mistakes. And so the idea of going to a decentralized decentralized system really appealed to a lot of folks. So that's one argument is just fundamentally, we must be community [00:39:00] held.
And the other argument is I think this was outlined in a Cato article among others that we have. Solutions already within the community. So you don't need government, it's sort of, you go to business or go to private, actors, , you have people and Twitter accounts who are combing, the blockchain for suspicious transactions and who are sort of doing that community security work.
And I'm not particularly compelled by either one of those. One, I find the argument that that business and the private sector will, will solve problems for the collective. Good. I, , please point to where that has been true in our capitalist society. It's wonderful if individual actors are doing that work and I would always want to encourage them, but relying on that as a regular practice and structure is not something that I think we can bank people's life savings on.
And then on the, Hey, this is a new way of being we're in web 3.0, this is a, egalitarian and decentralized space. , I go back [00:40:00] to our web 2.0 thing. We already had that Eureka moment and it didn't pan out that way. And it's just too hard to predict the ways in which a tool that is available to all will evolve.
I think just to take the more benign point on this, Danny, I think there are a lot of people that don't want, , big centralized authorities. I think though that there's a difference between having a low barrier to entry for anybody to be able to participate and making sure that some minimum standards are met, like, please make sure that your code is up to standard and that you've read it before putting it on the blockchain for everybody to see and take advantage of
And I think that just at least having those minimum standards from a technical perspective simply don't exist at the moment. I agree. And Protecting the vulnerable and protecting the users on that side too.
I think honestly, making those delineations of what agency is in charge of regulation, just even for, so that people have a place to turn. If things like where people lose, like [00:41:00] their life savings so that we can hold. People accountable. And the reason I think we're, we're very team regulation, whether or not we agree on who should be doing that regulation. I think it goes back to that. , there are people getting hurt by, the mistakes or the things that are getting overlooked.
And that's a regulation comes in. It's not an assumption that people who are writing this code or people who start new, new wallets are bad people or people who have malicious intent. It's that there isn't a big enough barrier to entry where we're not doing enough quality control to ensure, that the work that people are putting out, is actually of a high quality that can actually do , what blockchain has promised us.
Yeah. I think that's a great point. And to be clear, not, I totally agree with your point that we should be doing that quality control of. Checking code before shipping cryptocurrency sits at an interesting intersection between an industry that has traditionally not over oriented to quality control before [00:42:00] shipping, when it comes to software, at least in code, because you can always update.
And in fact, so many of our security issues are shaped by that DNA of tech industry. That it's a move fast ship software updated later industry. So that's at one, one vector and then at the other is finance, which is a heavily regulated space because the consequences of getting it wrong are so, so significant. And, and then which, which set of cultures and norms and quality control expectations do you apply?
On the point of who should regulate this, it seems like there's multiple user bases that we'd have to consider when deciding who should regulate this.
Like, I wish I had the statistic handy, but the folks who are using cryptocurrency for transactions and the folks who are using cryptocurrency for investing. Are two distinct user bases who may have different , levels of access to [00:43:00] information. And we would have to, , cater regulation to both of those groups, in ways that are distinct.
The other, I mean, I guess this is sort of like a bit of a pivot, but , grace raised the point earlier on the environmental impact of Bitcoin and cryptocurrencies, writ large and kind of the huge quantities of fossil fuel generated electricity that are required to mine.
These Bitcoin I read a, a stat a few weeks ago that Bitcoin and Ethereum used the same amount of energy as the whole of Austria. So it's, it's kind of large scale quantities of , generally fossil fuel based electricity that are used to even run these systems. There's talk about, , how that could be impacted by the switch from proof of work to proof of stake, which essentially are two algorithms that, are used to keep blockchain secure.
So users can add new cryptocurrency transactions. And those are two ways of kind of validating those , additions to a [00:44:00] blockchain network, main difference being how users are selected and, and qualified to add transactions to the blockchain. The main goal of the switch to proof of stake is to Make the process more energy efficient, but on the other hand, proof of, stake requires that validators have a certain amount of basically assets up front.
So you need something like $50,000 to even participate in the stake process. So there's trade offs in the environmental concerns and, and some of the equity concerns I think with respect to regulation,
Yeah, I mean, this has been a really interesting episode. Y'all like talking about not just the criminal activity, the scams the system security, but also thinking about democratization of the financial system of user equity of technical audits and standards compliance to monetary policy crypto has it all.
Okay. Gear [00:45:00] shift to our cyber show and tell this week's show and tell is Beth. Hello everyone. Okay. There's an app you may not know exists. Well, I think we all know here cuz of my show and tell, but a lot of folks around our age don't know about be real.
It's a really fun idea. It basically you get a notification at some random time in the day and then everyone has to take a picture and it's automatically front and back camera at the same time and post to the feed. It's called be real because it's supposed to take the, the, the yeah, it's supposed to take. way The hyper edited and, , perfect to a T type of engagement and photos that we see in mainstream social media and have led to a lot of deep anxiety, particularly for younger generations.
And so anyway, be real is supposed to make social media, , boring and real, however, cuz so many of these be reals are front of people's computer screens in the back. And there was [00:46:00] actually an interesting thread by Rachel Toback on Twitter. About how a ton of sensitive information is being shared on people's be real. , people in healthcare posting patient info , proprietary information is being shared across these networks. And people in their mid to late twenties are sharing laptop, screens, offices, offices, slack, zooms, and it's a, big problem. And there's a big lack of that awareness, which I think we all have to address, particularly for, our generation where we grew up when all of the social media was just starting and the conversation about privacy and the risks really weren't. Mainstream. So that's my cyber show and tell because I am on be real.
And while I have not shared my screens, I see so many people sharing that. The posts on be real of people sharing their screens? Do you think they're doing it on purpose or by accident?
Oh, totally by accident. I think you take the photo wherever [00:47:00] you're at. Even though it's supposed to be people you trust, all it takes is one bad actor or , someone using someone else's phone or insecurities on the app for, for this information to be exploited. And then another point that I wonder about is once companies pick this up, what are the implications for employees?
Like could you get fired for sharing sensitive information? I'm curious what the repercussions will be. Those are some great points. So for all of you be real users out there, make sure you turn both cameras away from your laptop screens or any other sensitive information when you post with your friends.
Thanks for listening to cyber.re R a podcast by Harvard Kennedy school students, given that this is a student led program, this podcast does not represent any views of any institution, school, or even ourselves after we've finished this recording on September 5th, 2022. We're just students learning every day, trying to navigate this murky area of cyber palsy.
Stay tuned for more episodes and discussions I will say this whole conversation of [00:48:00] cryptocurrency makes me feel like kind of a boomer. Oh my God