Bitcoin Blockchain As FMI PDF
Bitcoin Blockchain As FMI PDF
Bitcoin Blockchain As FMI PDF
Angela Walch*
Contents
Introduction ............................................................................................................. 2
I. Bitcoin and its Blockchain................................................................................... 6
II. Disrupting Existing Financial Market Infrastructures ........................................ 11
A. Virtual Currency as Disruptor..................................................................... 11
B. Regulatory Treatment of Existing Financial Market Infrastructures .......... 13
III. Bitcoins Operational Risks and Its Potential as Financial Market
Infrastructure.................................................................................................... 18
A. Bitcoin as Software ..................................................................................... 19
1. Software always has bugs.................................................................. 19
2. Software is vulnerable to attack ........................................................ 23
3. Software is ever-changing through new releases .............................. 29
4. Few people understand how software works..................................... 31
B. Bitcoins Decentralized Structure ............................................................... 33
C. Bitcoin as Open-Source Software ............................................................... 39
D. Bitcoins Expertise Problem ....................................................................... 45
V. Why Arent We Talking More About Bitcoins Operational Risks? ................. 48
A. Bitcoin Is Too Small to Matter ................................................................... 50
B. Bitcoins Operational Risks are Obvious, Minor, or Boring....................... 52
C. Bitcoin is Organic and Untainted by Human Hands. .................................. 52
D. We are Comfortable with Software and Technology.................................. 54
E. Techno-fundamentalism .......................................................................... 54
F. Let a Thousand Virtual Currencies Bloom .................................................. 56
Conclusion .............................................................................................................. 57
The faith that technology can redeem all of our sins and fix all of
our problems is the ultimate hubris. 4
***
Since 2012, almost $930 million of venture capital has been invested in
virtual currency companies,6 with over $450 million invested in 2015
*
Assistant Professor, St. Marys University School of Law. J.D., Harvard Law School,
2002. A.B., Harvard College, 1998. I would like to thank Michael Ariens, Shawn Bayern,
Catherine Martin Christopher, Reuben Grinberg, Colin Marks, Eric Posner, Todd Senulis,
Jonathan Zittrain, Paul Finkelman, the editors of the New York University Journal of
Legislation & Public Policy, participants at the Inside Bitcoins NYC conference from July
2013, participants in the 2014 Arizona State University Legal Scholars Conference, participants
at the 2015 Harvard Law School Institute of Global Law and Policy mini-conference on
Monetary Design in Global Perspective, and students in my Law of Money seminars for helpful
comments, explanations, and insights. I would also like to thank my research assistants Tapash
Agarwal, Sarah Scheidt, and Andrew Stephens.
1
Nathaniel Popper & Peter Lattman, Never Mind Facebook; Winklevoss Twins Rule in
Digital Money, N.Y. TIMES, April 11, 2013, at A3 (statement of Tyler Winklevoss).
2
Frequently Asked Questions, MULTIB IT, https://multibit.org/faq.html (last visited Oct. 21,
2015). Multibit is a Bitcoin wallet. Companies that store Bitcoin users private keys
(essentially passwords), which enable them to transfer their bitcoins, are known as wallet
companies.
3
LAWRENCE LESSIG, REMIX: MAKING ART AND COMMERCE THRIVE IN THE HYBRID
ECONOMY 85 (2008).
4
SIVA VAIDHYANATHAN, THE GOOGLIZATION OF EVERYTHING 77 (2011).
5
Leah McGrath Goodman, The Face Behind Bitcoin, NEWSWEEK, Mar. 14, 2014, at 21
(quoting Gavin Andresen, core developer of the Bitcoin software code).
6
See Bitcoin Venture Capital, COINDESK, http://www.coindesk.com/bitcoin-venture-
15
Private (permissioned) blockchains are common ledgers shared amongst a known
group of parties with only certain parties having the ability, or permission, to make changes
to the ledger. Public (permissionless) blockchains like Bitcoins are publicly available
common ledgers that allow anyone who runs the Bitcoin software to participate in making
changes to the ledger. See BITFURY GROUP & JEFF GARZIK, PUBLIC VERSUS PRIVATE
BLOCKCHAINS: PART I: PERMISSIONED BLOCKCHAINS (2015), http://bitfury.com/content/4-
white-papers-research/public-vs-private-pt1-1.pdf) (presenting explanation of permissioned
and permissionless blockchains, and arguments for and against each type, focusing on the
Bitcoin blockchain as the most commercially successful and secure permissionless
blockchain); BITFURY GROUP & JEFF GARZIK, PUBLIC VERSUS PRIVATE BLOCKCHAINS:
PART II: PERMISSIONLESS BLOCKCHAINS (2015), (same); Ian Allison, Nick Szabo: If banks
want benefits of blockchains they must go permissionless, INTL BUS. TIMES (Sept. 8,
2015), http://www.ibtimes.co.uk/nick-szabo-if-banks-want-benefits-blockchains-they-
must-go-permissionless-1518874 (reporting an interview with cryptography and cyber
expert, Nick Szabo, who argued that permissionless blockchains offer true innovation
while permissioned blockchains keep existing problems with financial infrastructures);
Giulio Prisco, Blythe Masters And Wall Street Opt For Permissioned Non-Bitcoin
Blockchains, BITCOIN MAG. (Sept. 2, 2015), https://bitcoinmagazine.com/articles/blythe-
masters-wall-street-opt-permissioned-non-bitcoin-blockchains-1441227797 (reporting that
permissioned blockchains are attractive to companies because they offer a completely
known universe of transaction processors).
16
See Prisco, supra note 15 (reporting that many financial institutions are working to
create private blockchains rather than rely on the Bitcoin blockchain); Andrew Robinson &
Matthew Leising, Blythe Masters Tells Banks: The Blockchain Changes Everything,
BLOOMBERG (Aug. 31, 2015), http://www.bloomberg.com/news/features/2015-09-
01/blythe-masters-tells-banks-the-blockchain-changes-everything (noting that Nasdaq is
using the Bitcoin blockchain to trial certain share issuances and transfers).
17
Although Bitcoin is not now functioning as financial market infrastructure, in this
paper I consider the implications of the Bitcoin blockchain potentially supporting financial
market infrastructure. I therefore use the Federal Reserves definition of financial market
infrastructures, which is consistent with the definition used globally, throughout this
paper. See Supervision and Oversight of Financial Market Infrastructures, FED. RESERVE
(Sept. 2, 2009), http://www.federalreserve.gov/paymentsystems/over_about.htm. The
Federal Reserve defines financial market infrastructures as multilateral systems among
participating financial institutions, including the system operator, used for the purposes of
clearing, settling, or recording payments, securities, derivatives, or other financial
transactions. Id. FMIs include payment systems, central securities depositories, securities
settlement systems, central counterparties, and trade repositories. Federal Reserve Policy
on Payment System Risk, 79 Fed. Reg. 67,326, 67,333 (Nov. 12, 2014) [hereinafter Fed
Policy on Payment System Risk]. See also COMM. ON PAYMENT & SETTLEMENT SYS. &
TECH. COMM. INTL ORG. SEC. COMMNS, PRINCIPLES FOR FINANCIAL MARKET
INFRASTRUCTURES (2012), www.bis.org/cpmi/publ/d101a.pdf [hereinafter PFMI] (upon
which the Federal Reserves definition of financial market infrastructure is based).
In Parts I and II of the paper, I provide needed context for the reader.
Part I provides a brief overview of the key features of Bitcoin and its
blockchain that are relevant to my argument. Part II discusses how Bitcoin
and blockchain technology are poised to disrupt financial market
infrastructures, why the uninterrupted operation of these systems is so vital,
and how global financial regulators address operational risks18 in existing
financial market infrastructures.
Part III provides the meat of my argument. In this Part, I lay out the
operational risks of Bitcoin that concern me, including the inherent
vulnerabilities of software, the governance problems that arise from
Bitcoins decentralized, open-source status, and the expertise problems that
stem from having software developers control potential financial market
infrastructure through their code development. After explaining each risk, I
demonstrate how each threatens the Bitcoin blockchains reliability as
potential financial market infrastructure.
In Part IV, I provide possible reasons why these operational risks have
not received as much regulatory or academic attention as the use risks of
Bitcoin.19
18
In the Fed Policy on Payment System Risk, the Federal Reserve defines operational
risk as the risk that deficiencies in information systems or internal processes, human
errors, management failures, or disruptions from external events will result in the
reduction, deterioration, or breakdown of services provided by the FMI. Furthermore,
operational risk also includes physical threats, such as natural disasters and terrorist attacks,
and information security threats, such as cyberattacks. Further, deficiencies in information
systems or internal processes include errors or delays in processing, system outages,
insufficient capacity, fraud, data loss, and leakage. Fed Policy on Payment System Risk,
supra note 17, at 5. The Policy notes that this definition of operational risk is consistent
with [that] presented in the PFMI. Id. I use this definition throughout this paper.
19
I consider the use risks of Bitcoin to be those risks that arise from how it may be
used, such as crimes that can be committed with it (like money laundering and online sales
of illegal goods and services), how it should be taxed, how people who handle it on behalf
of others (e.g., exchanges and wallet companies) should be regulated, etc.
Importantly, the computer network that runs the Bitcoin software is not
the only part of Bitcoin that is decentralized. The software development
process is as well, meaning that there is no central entity that is officially
charged with maintaining or fixing the software.30 In fact, the actual creator
of the Bitcoin software remains a mystery; an unknown software coder or
group of coders known by the pseudonym Satoshi Nakamoto introduced
it to the world in 2009.31
Bitcoin (bitcoin.org) does not come from a unified, identifiable source. See About
bitcoin.org: Who owns bitcoin.org?, BITCOIN.ORG, https://bitcoin.org/en/about-us (last
visited Oct. 21, 2015) (Bitcoin.org was originally registered and owned by Bitcoin's first
two developers, Satoshi Nakamoto and Martti Malmi. When Nakamoto left the project, he
gave ownership of the domain to additional people, separate from the Bitcoin developers,
to spread responsibility and prevent any one person or group from easily gaining control
over the Bitcoin project. . . . Bitcoin.org is not Bitcoin's official website. Just like nobody
owns the email technology, nobody owns the Bitcoin network. As such, nobody can speak
with authority in the name of Bitcoin.) (emphasis added).
24
See ANTONOPOULOS, supra note 23, at 17677.
25
Id. at 17374.
26
See id. at 1.
27
See supra notes 1516 and accompanying text.
28
See, e.g., Nathaniel Popper, Wall Street Takes a Keen Interest in Bitcoins Latest
Technology; Bitcoins blockchain tech is being examined to see if it can be used to create a
new way of transacting online, IRISH TIMES, Sept. 14, 2015, (Finance), at 5 (reporting on
the interest in blockchain technology by numerous major banks across the globe).
29
See id.; Robinson & Leising, supra note 16; THE ECONOMIST, The great chain of
being sure about things, Oct. 31, 2015, 21.
30
See ANTONOPOULOS, supra note 23, at 1.
31
See id. at 34.
The Bitcoin software has evolved significantly since its initial release,32
and changes to the software have come about through the efforts of a mix of
volunteer and paid programmers, who determine what changes should be
made through informal processes that depend on rough notions of
consensus and that are subject to no fixed legal or organizational
structure.33 As will be discussed at length in this paper, Bitcoin software
maintenance and development is spearheaded by a team of around five
core developers,34 who release periodic new versions of the software,35
and who have certain privileges that other coders do not, such as the ability
to send emergency messages to all nodes,36 and to make decisions about
what changes are included in a new release of the Bitcoin software. 37
32
See Goodman, supra note 5, at 23 (quoting Gavin Andresen, head developer of the
Bitcoin software code, as stating that the developers have rewritten roughly 70 percent of
the code since inception).
33
Shawn Bayern, Of Bitcoins, Independently Wealthy Software, and the Zero-Member
LLC, 108 NW. U. L. REV. ONLINE 257, 259 (2014).
34
The core developers listed on the Bitcoin software development website are
Wladimir J. van der Laan, Gavin Andresen, Jeff Garzik, Gregory Maxwell, and Pieter
Wuille. Bitcoin Development, BITCOIN.ORG, https://bitcoin.org/en/development (last visited
Nov. 14, 2015).
35
See, e.g., Joon Ian Wong, Bitcoin Core 0.10 Gives Developers Simplified Access to
Network Consensus, COINDESK (Feb. 17, 2015), http://www.coindesk.com/bitcoin-core-0-
10-gives-developers-simplified-access-network-concensus/ (reporting on the Feb. 16, 2015
release of core Bitcoin software by the core developers).
36
The emergency message power allow[s] the core developer team to notify all
bitcoin users of a serious problem in the bitcoin network, such as a critical bug that
require[s] user action. ANTONOPOULOS, supra note 23, at 157. Alerts have only been used
a handful of times, most notably in early 2013 when a critical database bug caused a
multiblock fork to occur in the bitcoin blockchain. Id. The password that allows the
sending of the network-wide emergency messages is held only by a few select members of
the core development team. Id.; see also ARTHUR GERVAIS ET AL., IS BITCOIN A
DECENTRALIZED CURRENCY? (2014), http://eprint.iacr.org/2013/829.pdf (arguing that
giving the emergency alert power only to the core developers gives these entities
privileged powers to reach out to users and urge them to adopt a given Bitcoin release).
37
See Tom Simonite, The Man Who Really Built Bitcoin, MIT TECH. REV., (Aug. 15,
2014), http://www.technologyreview.com/featuredstory/527051/the-man-who-really-built-
bitcoin/ (describing how only the core developers have the power to change the code
behind Bitcoin and merge in proposals from other volunteers); see also GERVAIS ET AL.,
supra note 36, at 6 (This [software development process] limits the impact that users have,
irrespective of their computing power, to affect the development of the official Bitcoin
[software].).
38
Regulators have sought in recent years to create a definition of virtual currency. In
2012, the European Central Bank (ECB) defined virtual currency as a type of
unregulated, digital money, which is issued and usually controlled by its developers, and
used and accepted among the members of a specific virtual community. EUROPEAN CENT.
BANK, VIRTUAL CURRENCY SCHEMES 5 (2012) [hereinafter 2012 ECB PAPER],
http://www.ecb.europa.eu/pub/pdf/other/virtualcurrencyschemes201210en.pdf. In 2015, the
ECB revised its definition of virtual currency to a digital representation of value, not
issued by a central bank, credit institution or e-money institution, which, in some
circumstances, can be used as an alternative to money. EUROPEAN CENT. BANK, VIRTUAL
CURRENCY SCHEMES: A FURTHER ANALYSIS 25 (2015) [hereinafter 2015 ECB PAPER],
http://www.ecb.europa.eu/pub/pdf/other/virtualcurrencyschemesen.pdf. The U.S.
Department of Treasury has defined virtual currency as a medium of exchange that
operates like a currency in some environments, but does not have all the attributes of real
currency. DEPT OF TREASURY FIN. CRIMES ENFT NETWORK, GUIDANCE FIN-2013-
G0001, APPLICATION OF FINCENS'S REGULATIONS TO PERSONS ADMINISTERING,
EXCHANGING, OR USING VIRTUAL CURRENCIES 1 (2013). The U.S. Government
Accountability Office (GAO) defines virtual currency as a digital representation of
value that is not government-issued legal tender. See U.S. GOVT ACCOUNTABILITY
OFFICE, GAO-14-496, VIRTUAL CURRENCIES: EMERGING REGULATORY, LAW
ENFORCEMENT, AND CONSUMER PROTECTION CHALLENGES 4 (2014).
39
See Reuben Grinberg, Bitcoin: An Innovative Alternative Digital Currency, 4
HASTINGS SCI. & TECH. L.J. 159, 16874 (2012) (providing a historical overview of prior
forms of digital or virtual currencies).
40
See 2015 ECB PAPER, supra note 38, at 67.
41
A convention has developed to distinguish between (a) references to the Bitcoin
software and network and (b) references to individual bitcoins that comprise the units of
the currency. Lower case bitcoins refer to the individual units of the currency; upper case
Bitcoin refers generally to the phenomenon of Bitcoin, the software, its protocol, or the
Bitcoin network. See Vocabulary, BITCOIN.ORG, https://bitcoin.org/en/vocabulary.
42
See 2015 ECB PAPER, supra note 38, at 13 ([U]sers do not hold units of the
currency in decentralised [virtual currencies]. They actually hold keys which give access to
a certain account balance, which is stored in the blockchain.).
43
See id.
44
See ANTONOPOULOS, supra note 23, at 10911.
45
See id.
46
Total Bitcoins in Circulation, BLOCKCHAIN.INFO,
https://blockchain.info/charts/total-bitcoins (last visited Oct. 22, 2015).
47
See ANTONOPOULOS, supra note 23, at 2.
48
Id. at 173.
49
See id. at 19596.
50
See id. at 20406. For an analysis of Bitcoin mining practices, see generally
NICOLAS T. COURTOIS, MAREK GRAJEK & RAHUL NAIK, THE FUNDAMENTAL
INCERTITUDES OF BITCOIN MINING (2014), http://arxiv.org/pdf/1310.7935v3.pdf.
51
See ANTONOPOULOS, supra note 23, at 20710.
52
See, e.g., ACCENTURE, BLOCKCHAIN IN THE INVESTMENT BANK 5 (2015),
http://fsblog.accenture.com/capital-markets/wp-
content/uploads/sites/2/2015/06/CM_ATS_POV_Blockchain_in_the_Investment_Bank-
web.pdf (Accenture believes that, although the potential of the technology is only just
emerging, Blockchains will become the critical backbone of the future capital markets
infrastructure.); Laura Shin, Moneys New Operating System, FORBES, Sept. 28, 2015, at
100 (reporting on the ways that blockchains may alter existing financial and recordkeeping
practices); Robinson & Leising, supra note 16 (reporting claims that blockchains will be as
transformative as the Internet towards financial systems).
In the early days of Bitcoin, the buzz was primarily about how Bitcoin
could serve as an actual currency that displaced the fiat currencies issued by
governments.55 When the economy of Cyprus collapsed in 2013, the price
of Bitcoin spiked as many depositors in Cypriot banks bought bitcoins to
avoid having government currency that could be frozen or seized by the
government.56 Many of the early users of Bitcoin were motivated by the
idea of the creation of money moving from the hands of government to the
53
For a more substantial technical description of Bitcoin, see generally
ANTONOPOULOS, supra note 23 (providing a useful overview of how Bitcoin works by a
prominent Bitcoin proponent and directed primarily at software coders). For cultural
analyses of the phenomenon, see generally NATHANIEL POPPER, DIGITAL GOLD: BITCOIN
AND THE INSIDE STORY OF THE MISFITS AND MILLIONAIRES TRYING TO REINVENT MONEY
(2015) (providing a history of Bitcoin and the people involved with it); PAUL VIGNA &
MICHAEL J. CASEY, THE AGE OF CRYPTOCURRENCY: HOW BITCOIN AND DIGITAL MONEY
ARE CHALLENGING THE GLOBAL ECONOMIC ORDER (2015) (providing an overview of
Bitcoin along with the risks and opportunities it presents).
54
See Consensus Conference Agenda, A $1.6 Quadrillion Opportunity: Securities
Settlement and Clearing, Sept. 10, 2015 http://10times.com/consensus-newyork
(describing a blockchain conference sponsored by prominent virtual currency news site
CoinDesk in which one of the panels discussed the opportunity for blockchain technology
to disrupt the $1.6 quadrillion securities settlement and clearing market).
55
See, e.g., David Yermack, Is Bitcoin a Real Currency? An Economic Appraisal 78
(Natl Bureau of Econ. Research, Working Paper No. 19747, 2014).
56
See Emma Rowley, Russians Turn to Bitcoin After Cyprus Crisis, SUNDAY
TELEGRAPH, Apr. 7, 2013 (Business), at 5 (reporting speculation that Bitcoins price
increase was related to the Cyprus banking crisis).
57
See, e.g., Grinberg, supra note 39, at 17274 (describing the attraction that Bitcoin
holds for gold bugs); Yermack, supra note 55, at 78 (describing the libertarian interest
in Bitcoin due to its lack of connection to any government).
58
See, e.g., 2015 ECB PAPER, supra note 38, at 2325 (noting that virtual currencies
like Bitcoin are not money or currency from an economic or legal perspective); STEPHANIE
LO & J. CHRISTINA WANG, FED. RESERVE BANK OF BOS., BITCOIN AS MONEY? 311
(2014), https://www.bostonfed.org/economic/current-policy-
perspectives/2014/cpp1404.pdf (concluding that Bitcoin does not perform moneys
functions as a medium of exchange, unit of account, or store of value); Yermack, supra
note 55 (concluding that Bitcoin does not satisfy the standard definition of a currency
because it does not perform moneys functions as a medium of exchange, store of value,
and unit of account); THE GOLDMAN SACHS GRP., ALL ABOUT BITCOIN 6 (2014),
http://www.paymentlawadvisor.com/files/2014/01/GoldmanSachs-Bit-Coin.pdf
(concluding that bitcoin[] and other digital currencies[] currently lie somewhere on the
boundaries between currency, commodity and financial asset).
59
See, e.g., Paul Krugman, Golden Cyberfetters, N.Y. TIMES: THE CONSCIENCE OF A
LIBERAL (Sept. 7, 2011), http://krugman.blogs.nytimes.com/2011/09/07/golden-
cyberfetters/ (noting that Bitcoin is prone to deflation due to the limits on its quantity);
Yermack, supra note 55, at 17 (arguing that Bitcoin is prone to deflation due to cap on the
number of bitcoins to be created); Daniel Reber & Simon Feurstein, Bitcoins: Hype or Real
Alternative, in INTERNET ECONOMICS VIII 90 (Burkhard Stiller et al. eds., 2014) (noting
that Bitcoin is subject to deflation in the long-run).
60
See Blockchains Whirlwind MonthSo Far, PYMNTS.COM (Oct. 16, 2015),
http://www.pymnts.com/in-depth/2015/blockchains-whirlwind-month-so-far/ (noting the
shift in focus toward the potential of Bitcoins blockchain technology rather than as a
currency).
61
For recent feature articles on the blockchain in prominent financial publications, see,
e.g., Shin, supra note 52; Robinson & Leising, supra note 16; THE ECONOMIST, supra note
29; Jane Wild et. al., Technology: Banks Seek the Key to the Blockchain, Nov. 1, 2015, FIN.
This all sounds great. Dont we want to save time, cut costs, and create
jobs every time there is an opportunity to do so? Isnt this a no-brainer?
TIMES.
62
See, e.g., Speech by Andrew Haldane, Chief Economist of the Bank of England, at
Portadown Chamber of Commerce, Northern Ireland, How Low Can You Go?, Sept. 18,
2015 (noting, in a speech about money and monetary policy, that the distributed payment
technology embodied in Bitcoin has real potential) (available at
http://www.bankofengland.co.uk/publications/Documents/speeches/2015/speech840.pdf);
FIN. STABILITY OVERSIGHT COUNCIL, 2015 ANNUAL REPORT 114,
http://www.treasury.gov/initiatives/fsoc/studies-
reports/Documents/2015%20FSOC%20Annual%20Report.pdf ([T]he potential
applications and uses of the peer-to-peer network for transferring value in the payment and
financial service industry warrant continued monitoring.); Robleh Ali et al., Innovations in
payment technologies and the emergence of digital currencies, 54 BANK ENGLAND Q.
BULL. 262, 266 (2014) (evaluating the promise that digital currencies hold for payment
systems).
63
See generally, e.g., Shin, supra note 52; Robinson & Leising, supra note 16; THE
ECONOMIST supra note 29; Wild, supra note 61.
64
See Wild, supra note 61 (describing the initiatives at major banks to investigate how
the blockchain could be used to improve the financial services industry).
65
See supra note 9 (describing Lawrence Summers involvement with virtual currency
companies; Marc Andreessen, Opinion Why Bitcoin Matters, N.Y. TIMES (Jan. 21, 2014),
http://dealbook.nytimes.com/2014/01/21/why-bitcoin-matters/?pagewanted=all (comparing
Bitcoin to the Internet in terms of its revolutionary potential).
66
For such claims by the financial industry, see, e.g., THE ECONOMIST, supra note 29,
at 24 (noting claims by Santander, a bank, that distributed ledgers could save the banking
industry $20 billion a year by 2022); Wild, supra note 61; Shin, supra note 52 ; Robinson
& Leising, supra note 16.
67
See Shin, supra note 52; Robinson & Leising, supra note 16.
68
See generally, e.g., Felix B. Chang, The Systemic Risk Paradox: Banks and
Clearinghouses Under Regulation, 2014 COLUM. BUS. L. REV. 747 (2014); Sean J. Griffith,
Governing Systemic Risk: Towards a Governance Structure for Derivatives
Clearinghouses, 61 EMORY L.J. 1153 (2012); Jeremy C. Kress, Credit Default Swaps,
Clearinghouses, and Systemic Risk: Why Centralized Counterparties Must Have Access to
Central Bank Liquidity, 48 HARV. J. ON LEGIS. 49 (2011); Kristin N. Johnson,
Clearinghouse Governance: Moving Beyond Cosmetic Reform, 77 BROOK. L. REV. 681
(2012).
69
Guido Ferrarini and Paolo Saguato, Regulating Financial Market Infrastructures, in
OXFORD HANDBOOK ON FINANCIAL REGULATION (2015) 2 (describing the supranational
approach to regulating financial market infrastructures, with international regulatory
guidelines adopted by the G20 and then developed by the Financial Stability Board).
The Group of Twenty (G20) is the premier forum for its members international economic
cooperation and decision-making. Its membership comprises 19 countries plus the
European Union. https://g20.org/about-g20/. The Financial Stability Board (FSB) is an
international body that monitors and makes recommendations about the global financial
Although the Federal Reserve policies described above note how critical
financial market infrastructure is to the stability of the U.S. financial
76
See Ferrarini & Saguato, supra note 69, at 2.
77
Id. at 4.
78
See PFMI, supra note 17.
79
Fed Policy on Payment System Risk, supra note 17, at 4.
80
See PFMI, supra note 17, at 1820.81 Fed Policy on Payment System Risk, supra
note 17, at 5, 5 n.8.
81
Fed Policy on Payment System Risk, supra note 17, at 5, 5 n.8.
82
PFMI, supra note 17, at 3.
A. Bitcoin as Software
89
I discuss softwares vulnerability to attacks in relation to Bitcoin in Part III.A.2
infra.
90
See Bambauer, supra note 92, at 1021 (Software is . . . structurally prone to failure,
despite significant efforts to remediate it. . . . Eliminating bugs completely is simply
impossible.).
91
For a discussion of how people dynamics and skills are determinative of the quality
of software, see generally ROBERT GLASS, FACTS AND FALLACIES ABOUT SOFTWARE
ENGINEERING (2003).
92
Open SSL is an open-source software that provides part of the fundamental security
structure of the Internet, and the Heartbleed bug made private information, such as
passwords, credit card data and other personal information, from supposedly secure
transactions available to hackers. Computer security experts deemed it catastrophic. See
Brian X. Chen, Q. and A. on Heartbleed: A Flaw Missed by the Masses, N.Y. TIMES:
BITS (Apr. 9, 2014, 2:26 PM), http://bits.blogs.nytimes.com/2014/04/09/qa-on-heartbleed-a-
flaw-missed-by-the-masses/?_r=0.
93
Ben Grubb, Man who introduced serious 'Heartbleed' security flaw denies he
inserted it deliberately, SYDNEY MORNING HERALD (Apr. 11, 2014),
http://www.smh.com.au/it-pro/security-it/man-who-introduced-serious-heartbleed-security-
flaw-denies-he-inserted-it-deliberately-20140410-zqtal.html (quoting Robin Seggelmann,
author of the code containing the Heartbleed bug).
94
Id.
95
Id.
96
See, e.g., Larry Zelvin, Dir. of the Natl Cybersec. & Communicns Integration Ctr.,
Reaction on Heartbleed: Working Together to Mitigate Cybersecurity Vulnerabilities,
DEPT HOMELAND SEC. BLOG (Apr. 11, 2014, 7:52 AM),
http://www.dhs.gov/blog/2014/04/11/reaction-%E2%80%9Cheartbleed%E2%80%9D-
working-together-mitigate-cybersecurity-vulnerabilities-0 (providing information on
Heartbleed, the governments response, and steps for the public to take to protect itself).
97
The Linux Foundations Core Infrastructure Initiative Announces New Backers,
First Projects to Receive Support and Advisory Board Members, LINUX FOUND. (May 29,
2014, 4:56 AM), http://www.linuxfoundation.org/news-
media/announcements/2014/05/core-infrastructure-initiative-announces-new-backers
(describing the private initiative, funded by large companies including Facebook, Google,
HP and others, to fund development of open-source software that support[s] critical
infrastructure); see also Nicole Perlroth, A Contradiction at the Heart of the Web, N.Y.
TIMES, Apr. 19, 2014, at B1 (discussing how the underfunding of Open SSL software
development contributed to developers creating and failing to identify the Heartbleed bug).
98
See Perlroth, supra note 97, at B1 (reporting on Shellshock, a particularly alarming
software bug that could be used to take control of hundreds of millions of machines around
the world, potentially including Macintosh computers and smartphones that use the
Android operating system that was discovered in Bash, a free piece of [open-source]
software that is now built into more than 70 percent of the machines that connect to the
Internet).
99
See Issues List, GITHUB, https://github.com/bitcoin/bitcoin/labels/Bug, (last visited
Oct. 22, 2015) (showing that in the Bitcoin software development repository there are 79
unresolved bugs while 427 reported bugs have been resolved); see also Rainer Bhme et
al., Bitcoin: Economics, Technology, and Governance, 29 J. ECON PERS. 213, 228 (2015),
http://ssrn.com/abstract=2495572 ([T]he Bitcoin platform faces operational risks through
potential vulnerabilities in the protocol design . . . .); Vasilis Kostakis & Chris Giotitsas,
The (A)Political Economy of Bitcoin, TRIPLEC: COMM., CAPITALISM & CRITIQUE (2014),
http://www.triple-c.at/index.php/tripleC/article/view/606/578 (noting that [b]eing still in
development it is yet unknown how many bugs are hidden in the [Bitcoin] code).
100
Issues List, supra note 99.
101
The instructions provide:
104
See, e.g., Brian X. Chen, Apple Says It Will Add New iCloud Security Measures
After Celebrity Hack, N.Y. TIMES: BITS (Sept. 4, 2014, 11:32
PM), http://bits.blogs.nytimes.com/2014/09/04/apple-says-it-will-add-new-security-
measures-after-celebrity-hack/ (Apple said on Thursday that it would strengthen its
security measures after a recent episode where hackers broke into the Apple accounts of a
number of celebrities, stole their nude photos and leaked them on the Internet.); David E.
Sanger & Nicole Perlroth, Bank Hackers Steal Millions via Malware, N. Y. TIMES, Feb. 15,
2015, at A1 (reporting the Feb. 2015 discovery that more than 100 banks and other
financial institutions in 30 nations were robbed by a team of hackers in what may be one
of the largest bank thefts ever); Robin Sidel, Home Depots 56 Million Card Breach
Bigger than Targets, WALL STREET J. (Sept. 18, 2014, 5:43
PM), http://www.wsj.com/articles/home-depot-breach-bigger-than-targets-
1411073571 (describing the security breaches at Home Depot, Target, and other
merchants).
105
FIN. STABILITY OVERSIGHT COUNCIL, supra note 61, at 3.
106
Examples of Bitcoin exchanges include Coinbase, BitStamp, ItBit, and OKCoin.
Examples of Bitcoin wallet companies include Circle, Armory, DarkWallet, and
Blockchain. Examples of Bitcoin payment processors include BitPay and Coin.co.
107
See, e.g., Richard Boase, Hackers steal $1.2 Million of bitcoins from Inputs.io, a
propose solving this problem by automating the creation of authoritative copies of the
blockchain, creating checkpoints. Id. The authors note that the Bitcoin core developers
already do create checkpoints of the blockchain that they push out with new software
releases, but argue that putting the creation of checkpoints in the hands of the developers
makes them unreliable. Id.
112
See, e.g., ANTONOPOULOS, supra note 23, at 211; JOSHUA A. KROLL ET AL., THE
ECONOMICS OF BITCOIN MINING, OR BITCOIN IN THE PRESENCE OF ADVERSARIES 1112
(2013),
http://www.econinfosec.org/archive/weis2013/papers/KrollDaveyFeltenWEIS2013.pdf;
Barber, supra note 111.
113
Such an attack on the blockchain could succeed even with less than a 51% share of
the computing power, with claims that as little as 30% of the computing power could
succeed in this type of attack. See ANTONOPOULOS, supra note 23, at 212; ITTAY EYAL &
EMIN GUN SIRER, MAJORITY IS NOT ENOUGH: BITCOIN MINING IS VULNERABLE (2013),
http://arxiv.org/pdf/1311.0243.pdf (demonstrating in a controversial computer science
paper that selfish miners of any portion of ownership could collude to control the Bitcoin
network).
114
See ANTONOPOULOS, supra note 23, at 21112.
115
Id.
116
Id.
117
Id.
Bitcoin proponents have argued that a 51% attack is highly unlikely for
several reasons. First, the attack would be extremely expensive to conduct
because obtaining the needed computing power would cost so much. 120
Second, after spending all the money to accumulate all the computing
power, it would be against the attackers financial interest to destroy the
system in which it had invested so much.121 And third, the 51% threshold
has already been hit by certain mining pools, and they have not yet
performed such an attack.122
118
Id. at 21213.
119
Id. at 213.
120
Id.; HARVEY, supra note 109, at 56.
121
See KROLL, supra note 112, at 1213 ([A] 51% . . . attack [by a mining cartel] is
unlikely to generate enough reward within the Bitcoin economy to be worthwhile to the
attacker.); see also Daniel Cawrey, Are 51% Attacks a Real Threat to Bitcoin?, COINDESK
(June 20, 2014), http://www.coindesk.com/51-attacks-real-threat-bitcoin/ (stating that
miners, whose profits depend largely on the price of bitcoin being high . . . [have] no real
incentive to attack the network).
122
See Jon Matonis, Exec. Dir. of the Bitcoin Found., The Bitcoin Mining Arms Race:
GHash.io and the 51% Issue, COINDESK (July 17, 2014), http://www.coindesk.com/bitcoin-
mining-detente-ghash-io-51-issue/ (arguing that tensions have eased about the threat of a
mining pool executing a 51% attack after a July 9, 2014 meeting of miners in London
resulted in the GHash.io mining pool pledging to do all it can to limit its share of the total
bitcoin network to 39.99%).
123
See Aaron Timms, Big Banks are Confident in the Face of the Bitcoin Threat,
INSTITUTIONAL INV. (Oct. 10, 2014), http://www.institutionalinvestor.com/inside-
edge/3389462/Big-Banks-Are-Confident-in-the-Face-of-the-Bitcoin-
Threat.html#.VQSCj47F8nU (discussing banking industrys response to claims that Bitcoin
could unbundle the banks and reimplement the entire financial system as a distributed
system as opposed to a centralized system). This threat may have changed now that the
financial industry seems to be embracing blockchain technology as a whole, so may no
longer have an incentive to destroy Bitcoin. However, destroying Bitcoin could
demonstrate that the permissioned blockchains being developed by the financial industry
are superior to Bitcoin and allow the financial industry to maintain control over financial
market infrastructures.
124
See The Financial Services Industry in the United States, U.S. DEPT. OF
COMMERCE, http://selectusa.commerce.gov/industry-snapshots/financial-services-industry-
united-states (last visited Mar. 8, 2015) (In 2012, finance and insurance represented 7.9
percent (or $1.24 trillion) of U.S. gross domestic product.).
125
See KROLL, supra note 112, at 13 (arguing that governments are the most plausible
source of a 51% attack on Bitcoin from outside the Bitcoin network).
126
See Stan Higgins, Bitcoin Mining Pools Targeted In Wave Of DDOS Attacks,
COINDESK (Mar. 12, 2015), http://www.coindesk.com/bitcoin-mining-pools-ddos-attacks/
(reporting that mining pools AntPool, BW.com, NiceHash, CKPool and GHash.io were hit
by DDOS attacks, with hackers demanding ransoms to end the attack).
127
See Julia McGovern, Official Statement on the Last Weeks DDoS-attack against
GHash.IO Mining Pool, CEX.IO BLOG (Mar. 13, 2015), http://blog.cex.io/news/official-
statement-on-the-ddos-attack-against-ghash-io-mining-pool-13355 (reporting on the
GHash.IO mining pool on a DDoS attack it suffered the week of Mar. 7, 2015 that
prevented miners from mining for 6 hours, with the hacker demanding five to ten bitcoins
to end the attack).
128
See Benjamin Johnson et al., Game-Theoretic Analysis of DDoS Attacks Against
Bitcoin Mining Pools, 8438 FIN. CRYPTOGRAPHY & DATA SECURITY 72, 73 (2014)
(evaluating the incentives miners have to inflict DDOS attacks on one another); Marie
Vasek et al., Empirical Analysis of Denial-of-Service Attacks in the Bitcoin Ecosystem,
8438 FIN. CRYPTOGRAPHY & DATA SECURITY 57, 68 (2014) (estimating 142 DDOS attacks
on the Bitcoin ecosystem between May 2011 and Oct. 2013, with thirty-eight percent of
those attacks on mining pools, and noting that over 60% of large mining pools have been
[A]s we know, there are known knowns; there are things we know we
know. We also know there are known unknowns; that is to say we know
there are some things we do not know. But there are also unknown
unknownsthe ones we don't know we don't know. And if one looks
throughout the history of our country and other free countries, it is the
latter category that tend to be the difficult ones. 131
132
See Simonite, supra note 37.
133
See David E. Sanger & Martin Fackler, Tracking the Cyberattack
on Sony to North Koreans, N.Y. TIMES (Jan. 19, 2015),
http://www.nytimes.com/2015/01/19/world/asia/nsa-tapped-into-north-korean-networks-
before-sony-attack-officials-say.html (reporting on President Obamas statement that North
Korea was responsible for the November through December 2014 cyberattack on Sony
Pictures and that the United States would retaliate).
134
See Wong, supra note 35; Upgrading and Downgrading: Downgrading Warning,
GITHUB, https://github.com/bitcoin/bitcoin/blob/0.10/doc/release-notes.md (last visited
Mar. 13, 2015) (stating that the block files and databases are not backwards-compatible
making-process/ (noting that the proposed versions of the Bitcoin software to address the
block size problem reflect policy choices and affect different Bitcoin users differently).
140
See id.
141
See Jim Dwyer, Volkswagens Diesel Fraud Makes Critic of Secret Code a
Prophet, N.Y. TIMES (Sept. 22, 2015),
http://www.nytimes.com/2015/09/23/nyregion/volkswagens-diesel-fraud-makes-critic-of-
secret-code-a-prophet.html?_r=0 (describing the dangers of secret software code and
arguing that it should be inspected).
Yet, for the moment at least, virtual currencys complexity and the
software and network knowledge required to truly understand it means that
there is an even more limited number of people who understand it
(assuming that anyone actually does).142 This is because having a
sophisticated understanding of Bitcoin or other virtual currencies requires
extensive knowledge in multiple fields, likely including software coding,
networks, cybersecurity, economics, payment systems, money, financial
and economic history, finance, and surely many more. This is not to say that
there arent some amazing people who have mastered this array of fields,
but that it is surely a very select group.
The fact that only a very limited portion of the population truly
understands how Bitcoin operates gives rise to systemic operational risks.
This is because it requires the population to put extreme amounts of trust in
the skill and integrity of the people making decisions about the Bitcoin code
and network. The larger the system becomes, with more blockchain
companies using the Bitcoin network to accomplish their tasks,143 the more
pressure that is put on this small group of experts to make desirable policy
choices144 that they implement accurately and safely into the code. We
should proceed with caution in building complex, opaque systems that carry
out tasks of significant systemic importance.145
142
Cf. LO & WANG, supra note 58, at 7 (noting that anecdotally, the typical [Bitcoin]
user tends to be well versed in internet applications and even programming); 2012 ECB
PAPER, supra note 38, at 27 (noting the complexity of Bitcoin and the high-risk situation
created by the fact that users of it may not understand how it works).
143
See Shin, supra note 52.
144
Of course, the desirability of a particular policy choice for Bitcoin (Should there be
transaction fees? Should the limit on total bitcoins be increased? What should the block
size be?) will vary depending on which constituency is being asked.
145
The open source nature of the Bitcoin code does mitigate this risk as it allows other
coders to evaluate the code. This contrasts with the proprietary nature of the Volkswagen
code, which was unavailable to regulators or the public for scrutiny. See Dwyer, supra note
141. However, there is still a barrier between the expertise of the coders and the expertise
149
Bayern, supra note 33, at 1488.
150
RISK MANAGEMENT STUDY, supra note 102, at 2.
151
Bayern, supra note 33, at 1489. But see GERVAIS, supra note 36, at 54 (concluding
that due to centralized mining and software development, Bitcoin isnt a truly
decentralized system as it is deployed and implemented today); KROLL, supra note 112, at
18 (noting that [T]he lead developers of the open source [Bitcoin] software have become a
de facto rules governance body for the Bitcoin economy); BEN LAURIE, DECENTRALISED
CURRENCIES ARE PROBABLY IMPOSSIBLE (BUT LETS AT LEAST MAKE THEM EFFICIENT) 4
(2011), http://www.links.org/files/decentralised-currencies.pdf (If Bitcoin is, indeed, using
a known consensus group, then it has, after all, a central authority (that consensus group),
and is not, therefore, a decentralised currency.); Grinberg, supra note 39, at 175 n.71
(This development team constitutes the de facto central bank of Bitcoin.).
152
Bayern, supra note 33, at 1491 (noting that Bitcoin does not operate in as
rigorously decentralized a manner as Nakamoto originally designed it and that the
developers of the Bitcoin client have the ongoing capacity to change the Bitcoin protocol in
minor but incompatible ways, actively managing the community of Bitcoin users to make
sure that the Bitcoin network upgrades in ways they have determined.) (citations omitted).
See also Danny Bradbury, Why Bitcoin's Core Developers Want Multiple Versions,
COINDESK (Oct. 19, 2014), http://www.coindesk.com/bitcoins-core-developers-want-
multiple-versions/ (describing the exclusive powers that the core developers have to make
changes to the Bitcoin code).
153
Of course, analogous to employees and their stock options, coders who own
substantial numbers of bitcoins have a financial incentive to keep the code operational in
order to preserve their own wealth. Whether this is a sufficient incentive is an open
question. I am grateful to Andrew Stephens for this insight.
154
See infra notes 161-164 and accompanying text.
155
See generally ERIC POSNER & ADRIAN VERMEULE, THE EXECUTIVE UNBOUND:
AFTER THE MADISONIAN REPUBLIC (2011) (arguing a strong presidency is necessary in the
modern world as the executive is often called upon to act quickly in a world of far more
complexity than that of the Framers); Saikrishna Bangalore Prakash, The Imbecilic
Executive, 99 VA. L. REV. 1361 (2013) (arguing that despite arguments to the contrary the
Constitution limits the Presidents ability to act unilaterally even in times of emergency).
156
See supra notes 137-139 and accompanying text.
157
See About bitcoin.org: Who owns bitcoin.org?, supra note 23 ([N]obody can speak
with authority in the name of Bitcoin.).
158
The Bitcoin Foundation was created in July 2012 to advocate for the success of
Bitcoin. See Transparency, BITCOIN FOUND., https://bitcoinfoundation.org/transparency/.
Since then, there has been much debate in the Bitcoin community over the role of the
Bitcoin Foundation, and in the fall of 2014, the Foundation limited its mission to
supporting the development of the Bitcoin core software. See Everybody Pivots, BITCOIN
FOUND. (Nov. 19, 2014), https://bitcoinfoundation.org/bitcoin/everybody-pivots/
(describing the evolving goals of The Bitcoin Foundation, from public policy, education
and outreach, [and] core development originally to its current focus on funding the
ongoing core development of Bitcoin).
159
See Brian Fung, Inside the Bitcoin advocates closed-door meeting with federal
regulators, WASHINGTON POST (Aug. 27, 2013),
http://www.washingtonpost.com/blogs/the-switch/wp/2013/08/27/inside-the-bitcoin-
money and they were the ones running the bug-free version); see also GERVAIS, supra
note 36, at 57 (describing the resolution of the blockchain fork and stating that the manner
of resolution was at odds with Bitcoins claim that its a decentralized system and that the
majority of the computing power regulates its decisions).
164
Resolving the March 2013 fork required groups that held a significant percentage of
the computing power used to mine Bitcoins to agree to support a particular version of the
blockchain. See Andresen, supra note 163. This meant they had to act altruistically rather
than in their own best interest and sacrifice significant amounts of money. Id. Such
altruistic acts cannot be presumed in the future.
165
See Perlroth, supra note 97 (quoting Columbia University computer science
professor Steven. M. Bellovin as saying of the Heartbleed bug: This bug was introduced
two years ago, and yet nobody took the time to notice it. . . . Everybodys job is not
anybodys job); see also Andrew Meneely et al., An Empirical Investigation of Socio-
technical Code Review Metrics and Security Vulnerabilities, 2014 PROC. 6TH INTL
WORKSHOP ON SOC. SOFTWARE ENGINEERING 37,
http://dl.acm.org/citation.cfm?doid=2661685.2661687 (evaluating Linus Law
empirically and noting the negative impact of the Bystander Effect in the discovery of
security vulnerabilities in open-source software).
166
For an overview of the debate, see generally FADI P. DEEK & JAMES A. MCHUGH,
OPEN SOURCE: TECHNOLOGY & POLICY (2008).
167
See id. at 1.
168
See id.
169
Id.
170
See id. at 162.
171
See id. at 5.
172
See id. at 163.
173
See id. at 16263.
174
See id. at 5, 5960. As famously stated by Eric Raymond in the seminal The
Cathedral and the Bazaar, Linus law [is that] given enough eyeballs, all bugs are
shallow or [g]iven a large enough beta-tester and co-developer base, almost every
problem will be characterized quickly and the fix will be obvious to someone.
Eric Steven Raymond, Release Early, Release Often, THE CATHEDRAL &
THE BAZAAR (2000), http://www.catb.org/~esr/writings/cathedral-bazaar/cathedral-
bazaar/ar01s04.html. But see GLASS, supra note 91 (arguing that there is no evidence that,
once past a threshold small number of developers, more developers will either identify or
resolve more software bugs). The recent Heartbleed and Shellshock bugs also tend to
undermine Raymonds claim that all bugs will be found quickly in open-source software.
See supra notes 9298 and accompanying text.
175
CLAIRE LE GOUES ET AL., THE CASE FOR SOFTWARE EVOLUTION 205 (2010),
http://www.cs.cmu.edu/~clegoues/docs/legoues-foser10.pdf (citations omitted) (paper
presented at the 18th FSE/SDP Workshop of the Future of Software Engg Res.).
176
See supra notes 99-103 and accompanying text. Additionally, the Bitcoin
Foundation has assessed the likelihood of certain threats to its software. On a scale of one
to seven, the Foundation assesses the likelihood that significant bugs lurk in the Bitcoin
protocol at around 4 and the likelihood that significant bugs lurk in the software code at
178
See Strengthening the Core, BITCOIN FOUND. BLOG (Nov. 20, 2014),
https://blog.bitcoinfoundation.org/strengthening-the-core/ (describing how the
compensation of the core developers has evolved over time).
179
See Danny Bradbury, Gavin Andresen to Bitcoin Companies: Support Open Source,
COINDESK (Feb. 21, 2014), http://www.coindesk.com/gavin-andresen-bitcoin-companies-
support-open-source/ (reporting that Bitcoin core developer Gavin Andresen wrote to
Bitcoin companies urging them to assist the core developers in developing, reviewing, and
testing the code rather than treating the code like a purchased product); Hajdarbegovic,
supra note 181 (reporting a software developers concerns that because developers are not
incentivised [through pay] . . . they simply dont tend to tackle the big problems and little
progress is being made); Kadhim Shubber, Jeremy Allaire: Bitcoin Developers Need to
'Step Up', COINDESK (July 2, 2014), http://www.coindesk.com/circle-ceo-jeremy-allaire-
issues-challenge-bitcoins-core-developers/ (reporting that CEO of Bitcoin wallet company
Circle calls for changes in the software development process to support the huge industry
being built on top of the code).
180
As core developer Gavin Andresen wrote in a blog post on Bitcoin software
development:
People are busy. They have lives, families, careers and hobbies outside of Bitcoin.
Its unrealistic to put expectations of a full-time employee onto a volunteer. As
more and more people come to rely on this protocol and businesses build products
and services powered by Bitcoin, it becomes increasingly more important to have
a dedicated team doing the painstaking work it requires.
Bitcoin Foundation, Welcome Sergio Lerner!, BITCOIN FOUND. BLOG (Dec. 5, 2014),
https://blog.bitcoinfoundation.org/welcome-sergio-lerner/ [hereinafter Welcome Sergio
Lerner].
181
State of Bitcoin 2015: Ecosystem Grows Despite Price Decline, COINDESK (Jan. 7,
2015), http://www.coindesk.com/state-bitcoin-2015-ecosystem-grows-despite-price-
decline/ (reporting that venture capital investment in Bitcoin-related companies totaled
$433 million from 2012 to the end of 2014).
186
See supra notes 15760 and accompanying text.
187
See, e.g., Topic: How Could Bitcoin Evolve?, BITCOIN FORUM (Oct. 3, 2014,
6:52:59 PM), https://bitcointalk.org/index.php?topic=809588.0 (debating ending proof of
work (Pow) as part of Bitcoin mining, among other matters); Topic: The Problem of
Centralized Develpoment ("core devs") in Bitcoin, BITCOIN FORUM (Oct. 22, 2014, 5:42
PM), https://bitcointalk.org/index.php?topic=831540.0 (debating whether the Bitcoin core
developers should simply implement the wishes of the Bitcoin community as expressed
through votes or should also make policy decisions that they implement in the code).
188
See supra note 137-139 and accompanying text.
189
This debate has money and power implications, because the size of a block
determines how much memory a computer has to devote to storing copies of the
blockchain, or ledger. The system creates its distributed trust through multiple copies of
the blockchain spread throughout the network. Computer memory costs money; money
determines who is able to afford to participate in the network. The more money it costs to
participate, the fewer nodes or miners there will be in the network (or the more
concentrated mining pools become), meaning the network can become more and more
centralized as it becomes cost-prohibitive to participate.
190
See Caffyn, supra note 137.
Both sides of the coin (sorry) are problematic here: either Bitcoin
adheres to traditional open-source decentralized practices of maintaining the
software through purely volunteer contributions, resulting in inadequate
code maintenance and higher risk of software problems or it tries to do
better software maintenance by having private parties compensate core
developers for their work, introducing conflicts of interest into the mix.
Either scenario is worrisome if the Bitcoin blockchain serves as financial
market infrastructure. In spite of the open nature of open-source software,
its development methods, coupled with the decentralized structure of
Bitcoin, create significant operational risks.
The final operational risk that I will discuss in this paper is what I
term the expertise problem. This is the risk that springs from people with
191
Ferrarini & Saguato, supra note 69, at 20 (In particular, policy makers stressed the
importance of public regulation in modeling prudential and corporate governance standards
for FMIs, given the public nature of their services.).
192
See supra Part II.B.
Software coders, who make the decisions about what the Bitcoin
software will look like and what functions the system will have, are not
necessarily financial systems experts. The known backgrounds of the core
team of developers are in computer science and software development, not
in economics, finance, financial systems, or monetary policy.194 Examples
of decisions that have been made by the software developers (including the
original developer, Satoshi Nakamoto) include: having a cap on the number
of Bitcoins that may ultimately be issued; having Bitcoins be divisible into
a certain number of smaller chunks; reflecting all transactions on a common
ledger that is distributed amongst Bitcoin nodes; the trajectory of Bitcoin;
and how Bitcoin should interact with government regulators. There are no
doubt countless others. All of these decisions impact viability and success
of the Bitcoin blockchain as financial market infrastructure, and all have
been made by software developers rather than financial systems experts.
193
Eric Posner referred to this expertise problem in his piece for New Republic in
December 2013:
In response to those who have argued that bitcoin is inherently deflationary because
the supply does not grow as rapidly as the global economywhich encourages
hoarding of money rather than its use for investmentone commentator pointed out
that the bitcoin community can increase the supply of bitcoins through majority rule
by jointly reprogramming the underlying software, which is publicly accessible. But if
this is true, it means that bitcoin is controlled by a central bank after all, albeit one
whose boardroom holds millions of people. The money supply is determined by votes
cast by people who know nothing about monetary economics and little about the
economic conditions that justify modification of it. So on what basis would they
decide to increase the supply of the currency, and by how much?
Eric A. Posner, Bitcoin's Bandwagon Has Never Been More Crowded, NEW REPUBLIC
(Dec. 3, 2013), http://www.newrepublic.com/article/115801/bernankes-bitcoin-comments-
signal-growing-acceptance; see also Yermack, supra note 55, at 5 (noting that
macroeconomic policy decisions [about Bitcoin could end up] controlled by an online
discussion forum or blog rather than by an expert agency such as the Federal Reserve).
194
For profiles on core developers, see Gavin Andresen, LINKEDIN,
https://www.linkedin.com/in/gavin-andresen-6987971 (last visited Nov. 9, 2015); Jeff
Garzik, https://www.linkedin.com/in/jeffgarzik LINKEDIN, (last visited Nov. 9, 2015);
Pieter Wuille, LINKEDIN, https://www.linkedin.com/in/pieterwuille (last visited Nov. 9,
2015). Neither Gregory Maxwell nor Wladimir J. van der Laan appear to have a LinkenIn
profile or other publicly available profiles. See also Simonite, supra note 37 (describing
Gavin Andresens background in computer science and software development).
195
See supra notes 16164 and accompanying text.
196
See generally YOCHAI BENKLER, THE WEALTH OF NETWORKS: HOW SOCIAL
PRODUCTION TRANSFORMS MARKETS AND FREEDOM (2006) (discussing the social benefits
of peer production versus centralized production); LESSIG, supra note 3 (discussing the
cultural shift towards nonprofessionals contributing creatively to information development
and the economic structure). This trend is best demonstrated by the widespread creation of
media content by individuals as opposed to more centralized sources. Professor Lawrence
Lessig has referred to this as a transition from a primarily Read Only world to one which
is also Read-Write, where the masses do not just consume (or read) content, but
actively create (or write) it themselves. Id. at 8485. Rather than content coming solely
from record labels, movie studios, or mainstream newspapers, it comes from individually
made recordings that people post on YouTube, websites, or blogs.
197
See VIGNA & CASEY, supra note 53, at 27678 for a description of the trend
towards amateur control of traditionally centralized product and service markets.
The operational risks of Bitcoin have not gone unnoticed, but they have
received far less attention than the harms that might be caused by Bitcoins
use. Thus far, regulators have primarily focused their attentions on
categorizing Bitcoin under existing laws, identifying and halting the harms
that Bitcoins use can facilitate (e.g., the operation of illicit online
marketplaces like Silk Road or money laundering), and regulating the
businesses that operate the Bitcoin ecosystem, such as exchanges and wallet
companies.199 Only relatively recently have regulators and scholars begun
to talk more about the operational risks of Bitcoin in their public writings.
For example, within the last eighteen months, the European Central Bank
198
LESSIG, supra note 3, at 8485.
199
For a regularly updated compilation of regulatory actions on virtual currencies, see
Virtual Currency Regulation Resources, DAVIS POLK, http://bitcoin-reg.com/ (highlighting
actions by the Internal Revenue Service, Commodity Futures & Trading Commission,
Securities and Exchange Commission, FINCEN, and other money transmission and
consumer protection regulators) (last visited Oct. 23, 2015).
200
In February 2015, the European Central Bank noted that Bitcoins open-source
software development process means that no single entity [is] responsible for preventing
or resolving [major] incidents. 2015 ECB PAPER, supra note 38, at 20. It noted that [l]ike
any highly IT and network-dependent mechanism, [virtual currencies] are specifically
subject to operational risks. These include a wide spectrum of risks, ranging from technical
failures to hacking, without obligations to mitigate these risks as is the case for financial
institutions and payment systems. Those failures or hacking attacks can occur at individual
level (loss or theft of private cryptographic keys or user credentials) or on a wider scale
(disruption to, or hacking of, the technical infrastructure of the key actors). Id. at 22; see
also EUROPEAN BANKING AUTH., EBA OPINION ON VIRTUAL CURRENCIES 38 (2014),
https://www.eba.europa.eu/documents/10180/657547/EBA-Op-2014-
08+Opinion+on+Virtual+Currencies.pdf (identifying operational risks of virtual currencies,
such as the fact that the software operating the currency can be changed, accidently
introduc[ing] errors or being done without good faith; the operator of a virtual currency
may lack adequate and secure IT infrastructure and governance arrangements . . . or [fail
to] act with sufficient integrity (speaking of a centralized virtual currency); lack of
corporate capacity and governance: lack of skills, expertise, systems, controls,
organizational structure and governance exercised by market participants).
201
See KIRAN & STANNETT, supra note 86; PETERS ET AL., supra note 86.
202
See, e.g., VELDE, supra note 136, at 3 (hinting at operational risks of Bitcoin in its
discussion of blockchain forks, continued maintenance of the code by a small set of
programmers, and incentives to hijack Bitcoin); Grinberg, supra note 39, at 17576,
17981 (providing a brief discussion of potential technology failures of Bitcoin,
including failure of anonymity associated with the currency, theft of bitcoins from users,
and DDOS attacks on the Bitcoin system and noting that the developers of the Bitcoin
software may make changes to it that could undermine confidence in the currency); Reber
& Feurstein, supra note 59, at 9192 (noting in passing that Bitcoin is subject to
operational risk, the risk that arises through the reliance on the functioning of the Bitcoin
network). Interestingly, the Bitcoin Foundation, a Bitcoin advocacy organization,
published a lengthy list of threats to Bitcoins success, including operational risks. See
RISK MANAGEMENT STUDY, supra note 102, at 1, 2, 619.
Proponents cant easily explain what a cryptocurrency is. If you cant explain
what you are and how you fit into the current legal and regulatory scheme, you are
at the mercy of the ignorant. The what this is answer needs to address not just
things like is it money transmission? but more mundane yet important questions
like where is a bitcoin located? and where and when does a transaction take
place?
Sarah Jane Hughes & Stephen T. Middlebrook, Regulating Cryptocurrencies in the United
States: Current Issues and Future Directions, 40 WM. MITCHELL L. REV. 813, 839 (2014).
For a while, this was a reasonable position to take, but I argue that
the moment for dismissing Bitcoin as a fad has passed. Too many well-
known, credible people are singing its praises and investing huge sums of
money to build the Bitcoin and other virtual currency ecosystems.206
Moreover, in the fall of 2012, when the European Central Bank (ECB)
provided the initial global regulatory guidance on Bitcoin, there were only
around 10,000 users of Bitcoin.207 By contrast, in early November 2015, the
Financial Times reported that more than 120,000 transactions are added to
the Bitcoin blockchain every day.208
204
See 2015 ECB PAPER, supra note 38, at 1617.
205
See, e.g., 2012 ECB PAPER, supra note 38, at 6, 7 (noting that virtual currencies
cannot jeopardise financial stability, owing to their limited connection with the real
economy, their low volume traded and a lack of wide user acceptance and that [o]wing to
the small size of virtual currency schemes, these risks do not affect anyone other than users
of the schemes).
206
See supra notes 6-13 and accompanying text.
207
See 2012 ECB PAPER, supra note 38, at 25.
208
Wild, supra note 61. Of course, as the ECB has noted, his number is still miniscule
compared to the 274 million non-cash retail payment transactions per day for the EU
only. 2015 ECB PAPER, supra note 38, at 17.
209
In 2012, the ECB noted that it would have to continue to reevaluate the risk posed
by virtual currencies. 2012 ECB PAPER, supra note 38, at 7 ([The risk] assessment could
change if usage increases significantly, for example if it were boosted by innovations
which are currently being developed or offered. As a consequence, it is recommended that
developments are regularly examined in order to reassess the risks.). In its 2015 report, the
ECB noted that As in 2012, again because of their small size, [virtual currencies] do not
pose a threat to payment system stability. 2015 ECB PAPER, supra note 38, at 27.
However, it noted that this could change depending on how integrated mainstream
financial players become with virtual currencies and whether there is a significant increase
in users and the volume of transactions in virtual currencies. Id. Further, the ECB
acknowledged that virtual currencies do have the potential to have an impact on monetary
policy and price stability, financial stability and the smooth operation of payment systems.
Id. at 29.
210
BITCOIN PROJECT, http://www.bitcoin.org (last visited Oct. 25, 2015).
211
Nakamoto, supra note 26.
212
BITCOIN FOUND., https://bitcoinfoundation.org/ (last visited Mar. 12, 2015).
213
See generally NASSIM N. TALEB, THE BLACK SWAN: THE IMPACT OF THE HIGHLY
IMPROBABLE (2d ed. 2010).
214
Popper & Lattman, supra note 1, at A3. The cited statement was made by Tyler
Winklevoss.
These statements have been put out into the world by proponents of
Bitcoin, and they suggest to those who receive them that Bitcoin is
somehow flawless and perfectmore of an elegant math theorem that
follows the laws of science or nature rather than an invention of man.
According to Tyler Winklevoss, a prominent Bitcoin supporter, Bitcoin is
a mathematical framework that is free of politics and human error. 216
215
MULTIBIT, supra note 2.
216
Popper & Lattman, supra note 1, at A3.
217
See generally Issues List, supra note 94.
218
See generally BITCOIN FORUM, https://bitcointalk.org (last visited Oct. 25, 2015).
219
See supra notes 32-37, 161-64, 177-190 and accompanying text.
220
See supra notes 183-87 and accompanying text.
221
See Velde, supra note 136 at 34 (noting that much of the interest in Bitcoin is
inspired by the ideas of Friedrich Hayek of the Austrian School of Economics).
222
Id. at 76.
223
Id. at 53 (citations omitted).
224
Id. at 52.
225
See, e.g., Beyond Silk Road: Potential Risks, Threats, and Promises of Virtual
Currency: Hearing Before the S. Comm. on Homeland Sec. and Governmental Affairs,
113th Cong. 5 (available at www.hsgac.senate.gov/download/?id=4cd1ff12-312d-429f-
aa41-1d77034ec5a8 ) (2013) (statement of Patrick Murck, General Counsel, Bitcoin
Foundation) ([W]e believe Bitcoin holds out a number of powerfully beneficial social and
economic outcomes, including global financial inclusion, enhanced personal liberty and
dignity, improved financial privacy, and a stable money supply for people in countries
where monetary instability may threaten prosperity and even peace.); Jerry Brito &
Andrea Castillo, BITCOIN: A PRIMER FOR POLICY-MAKERS (2d ed. 2013) (identifying
Bitcoin benefits as lower transaction costs, potential to combat poverty and oppression,
and stimulus for financial innovation); Andreessen, supra note 65; Popper & Lattman,
The final reason Ill discuss for why we might not be addressing the
operational risks of Bitcoin is a belief that innovations need to be
encouraged and allowed to flourish rather than being shut down. This is
different than the worship of technology that defines techno-
fundamentalism and seems to be afoot with regulators treatment of
Bitcoin. Indeed, Janet Yellen, Chair of the Board of Governors of the
Federal Reserve System, recently noted that:
supra note 1 .
226
Letter from Janet Yellen, Chair, Fed. Reserve Sys., to Congressman Mick Mulvany
(Sept, 4, 2015) (emphasis added) (responding to a question regarding whether she thinks
new regulations are needed for Bitcoin and other virtual currencies).
227
OZ SHY ET AL., FED. RESERVE BANK BOS., CAN ECASH & VIRTUAL CURRENCY
COMPETE WITH OTHER ELECTRONIC PAYMENTS? 12 (2014).
228
See CONFERENCE OF STATE BANK SUPERVISORS, CSBS POLICY ON STATE VIRTUAL
CURRENCY REGULATION 1 (2014) (State regulators recognize the public interest in
allowing [virtual currency] technologies to develop in a purposeful manner, providing
clarity and certainty for implementation, and ensuring the stability of the larger financial
marketplace.).
CONCLUSION
229
See JERRY BRITO & ANDREA CASTILLO, BITCOIN: A PRIMER FOR POLICYMAKERS
(2d ed. 2013), http://coincenter.org/2013/08/bitcoin-primer-policymakers/; Andreessen,
supra note 65; Nikolei M. Kaplanov, Nerdy Money: Bitcoin, The Private Digital Currency,
and the Case Against its Regulation, 25 LOY. CONSUMER L. REV. 111, 171 (2012)
(Allowing bitcoin to operate unfettered by substantial regulation allows it to contribute
towards job creation, economic growth, and opportunity.).
230
The Senate Hearings on Virtual Currencies, the meetings of multiple Federal
Agencies with representatives of the Bitcoin community, and the creation of various task
forces to monitor virtual currencies demonstrate regulators efforts to learn about virtual
currencies.
231
Cryptocurrency Protocol Protection and Moratorium Act, H.R. 5777, 113th Cong.
(2014).
Given that significant resources are being devoted to Bitcoin and its
surrounding ecosystem, as well as financial market infrastructures that will
rely on it, it is vital to evaluate these risks now, to avoid building important
structures on shaky foundations. While the harms that a Bitcoin blockchain
failure would cause right now are relatively limited (particularly in
comparison to what a collapse of an existing major payment system or
clearing house would cause), the more structures that come to rely on the
Bitcoin blockchain, the greater the global harms (and the waste of
resources) will be.
232
See PATTERSON, supra note 150.