Government must leave encryption alone, or it will endanger blockchain

With Sinclair Davidson and Jason Potts

If we could give Malcolm Turnbull one piece of economic advice right now – one piece of advice about how to protect the economy against a challenging and uncertain future – it would be this: don’t mess with encryption.

Earlier this month the government announced that it was going to “impose an obligation” on device manufacturers and service providers to provide law enforcement authorities access to encrypted information on the presentation of a warrant.

At the moment it’s unclear what exactly this means. Attorney-General George Brandis and Malcolm Turnbull have repeatedly denied they want a legislated “backdoor” into encrypted devices, but the loose way they’ve used that language suggests some sort of backdoor requirement is still a real possibility.

Hopefully we’ll discover more when the legislation is introduced in the August sitting weeks. Turnbull did say at the press conference “I’m not suggesting this is not without some difficulty”. The government may not have made any final decisions yet.

But before any legislation is introduced, the government needs to understand what the stakes are in as they strive against encryption.

Anything the government does to undermine the reliability of encryption could have deleterious consequences for what we believe will be the engine of economic growth in decades to come: the blockchain protocol.

The blockchain is the distributed and decentralised ledger that powers the Bitcoin cryptocurrency. Blockchain constitutes a suite of five technologies: cryptography, a database that can be added to but not altered, peer-to-peer networking, an application of game theory, and an algorithm for ensuring a consensus about what information is held on the ledger.

Taken separately, these are long established technologies and techniques – even mundane ones. But taken together, they constitute an entirely new tool for creating political, economic, and social relationships.

The possibilities far exceed digital currencies. Already banks and other financial institutions are trying to integrate blockchains into their business structures: blockchains drastically reduce the costs of tracking, recording, and verifying transactions. Almost any business or government organisation that is done with a database now can be done more efficiently, more reliably, and cheaper with a blockchain – property registers, intellectual property, security and logistics, healthcare records, you name it.

But these much publicised blockchain applications are just a small taste of the technology’s possibility. “Smart” self-executing contracts and massively distributed organisational structures enabled by the blockchain will allow the creation of new forms of business structures and new ways to work together in every sector and every industry.

In fact, we think that the blockchain is so significant that it should be treated as its own category of human organisation. There are firms, there are markets, there are governments, and now there are blockchains.

But the blockchain revolution is not inevitable.

If there is one key technology in the blockchain, it is cryptography. There are lots of Silicon Valley entrepreneurs playing around with lots of different adaptations of the blockchain protocol, but this one is a constant: the blockchain’s nested levels of encryption are built to ensure that once something is placed on the blockchain it is permanent, immutable, and only accessible to those who own it.

Blockchains only work because their users have absolute confidence that the system is secure.

Any legal restrictions, constraints or hurdles placed on encryption will be a barrier to the introduction of this remarkable new economic technology. In fact, any suggestion of future regulatory challenges to encryption will pull the handbrake on blockchain in Australia. In the wake of the banking, mining and carbon taxes, Australia already has a serious regime uncertainty problem.

Melbourne in particular is starting to see the growth of a small but prospective financial technology industry of which blockchain is a central part. The Australian Financial Review reported earlier this week about the opening of a new fintech hub Stone & Chalk in the establishment heart of Collins St. What’s happening in Melbourne is exactly the sort of innovation-led economic growth that the Coalition government was talking about in the 2016 election.

But the government won’t be able to cash in on those innovation dividends if they threaten encryption: the simple and essential technology at the heart of the blockchain.

Medicare details available on dark web is just tip of data breach iceberg

Modern governments use a lot of data. A lot. Our social services are organised by massive databases. Health, welfare, education and the pension all require reams of information about identity, social needs, eligibility, and entitlement.

Our infrastructure is managed by massive databases holding information about traffic flows, public transport usage, communications networks, and population flows.

Our security is maintained by complex information systems managing defence assets, intelligence data, and capabilities and deployment information.

We should be thinking about these enormous data holdings when we read the news that thieves have been selling Medicare numbers linked to identities on the “dark web” – a mostly untraceable anonymous corner of the internet.

That last detail is what has made this such a scandal for the government, as Human Services Minister Alan Tudge and the Australian Federal Police have scrambled to identity the systems’ weaknesses.

But the fact that the Medicare numbers are being sold is the only thing that makes this an unusual data security breach. Australian government databases are constantly being accessed by people who are not authorised to do so.

Here’s just a taste. Last year the Queensland Crime and Corruption Commission revealed it had laid 81 criminal charges and 11 disciplinary recommendations in the space of 12 months for unauthorised access to confidential information by police. One of those was a police officer who had been trawling through crime databases looking for information about people he had met on a dating service. He was convicted of 50 charges of unauthorised access.

A Queensland police officer was disciplined in May this year for using the police database to share the address of a woman with her husband who was subject to a restraining order.

The Victorian government’s police database was wrongly accessed 214 times between 2008 and 2013, by “hundreds” of officers.

Earlier this year 12 staff were fired from the Australian Taxation Office for accessing tax data on celebrities and people they knew.

We could go on. These of course are the instances we know about because they have been detected and reported on. There are undoubtedly others.

Governments manage a lot of data because we ask them to do it a lot, and to do what they do well.

They run thousands of complex systems. Many of these systems have been jerry-rigged and adapted from earlier systems, a series of politicised, over-budget and under-delivering IT projects stacked on top of each other over decades.

But these repeated episodes of unauthorised access show that these complex systems are in dire need of reform.

It is clear that the “permission” structures on these government databases are deeply broken.

In the debate over mandatory data retention one of the big questions was whether law enforcement and regulatory agencies should have to obtain a warrant before accessing stored data. In the end the government decided no warrant was necessary – because warrants could only slow down investigations.

This is exactly the sort of loose permission structure that leads to abuse. Just two weeks after data retention officially came into effect this April, the Australian Federal Police admitted one of its members had illegally accessed the metadata of a journalist.

This breach was entirely predictable. Data retention opponents repeatedly predicted it.

Last week’s Medicare breach has been made possible because thousands and thousands of people – bureaucrats, health professionals, and so on – can access the Medicare database. Most police officers, bureaucrats, and health professionals are trustworthy. But it only takes a few bad actors to wreck a system built on trust.

Rather than leaving data access up to the discretion of thousands of people, we need stricter codified rules on data access. Government databases need to be restructured to prevent, not simply penalise, government employees from going on fishing expeditions through our data.

The point isn’t to provide a legal or technological fix to the problem of unauthorised access. Rather, we should completely reimagine who owns the information that the government keeps on all of us. We ought to own and control our information, not the state.

New cryptographic technologies increasingly being applied to blockchain and cryptocurrency applications allow for even greater personal control over information. If applied, they would only allow government agents to know exactly what they need to know.

And it would move us from a system of surveillance and big data, to one of personal disclosure and privacy.

In the past, economic reform was targeted at big sectors like banking, telecommunications, and trade.

As Australian governments evolve inevitably into complex information brokers, the next wave of reform will have to focus on data management.

Delegation and Unbundling in a Crypto-Democracy

Abstract: Representative democracy consists of a chain of delegation from voters to the executive and a corresponding chain of accountability, with some questions (particularly constitutional questions) reserved for popular vote. This structure reflects the high transaction costs of coordinating preferences among a large and diverse population, which has in part been determined by technological limitations. A new technology, blockchain, significantly reduces transaction costs. This technology turns out to have significant implications for democratic governance. In a crypto-democracy, voters have contractual relationships that allow them to unbundle, delegate, re-rebundle and reserve their voting power. Rather than planning our democratic structure and thus restricting opportunities for political exchange, the use of blockchain in a crypto-democracy allows us to ‘grow’ a democracy in a Hayekian framework.

Working paper available at SSRN.