US experts push back against charges that crypto poses Ransomware risks
Publish date: 2021-07-30 01:02 | Latest update: 2023-04-17 11:49
The United States Senate Banking Committee held a hearing on Cryptocurrency this week. It appeared to have an impact; at the very least, Chair Senator Brown concluded the proceedings proclaiming it "one of the most illuminating hearings we have had." Press treatment has devoted the lion's share of attention to Senator Warren's five minutes of time, in which she assailed the industry's very loftiest promises decentralization. Professor Angela Walch's acknowledged that 'there are pockets of power' in crypto 'particularly core software developers who can exploit their position of power,' following which the Senator from Massachusetts summoned imagery of what she characterized as a 'shadowy faceless group of super group of coders and miners.' Nevertheless, a more decisive series of exchanges on the subject of ransomware occurred earlier in the hearing, which should quiet a rancorous debate on whether cryptocurrency's purported association with high-profile hacks is anything beyond tangential.
The Purpose for the Committee Hearing
Senate committee hearings are simply a method by which Senators gather information to inform legislation, oversight, or investigations. The Cryptocurrency Hearing featured a panel of people in-the-know explaining cutting-edge fast-moving technologies to Senators who are well past dry behind the ears. The three experts offered a better understanding of a subject Senators intended to legislate. Of course, political kabuki lingers. Some Senators arrive at the hearing less curious or inquisitive and more pugnacious and demonstrative than others. The experts were a professor, an advocacy group representative, and the chair for an altcoin's foundation: Professor Angela Walch, Professor of Law, St. Mary’s University School of Law, Research Associate, UCL Centre for Blockchain Technologies; Mr. Jerry Brito, Executive Director, Coin Center; and Ms. Marta Belcher, Chair, Filecoin Foundation. A full video of the hearing can be found here:
Senator Menendez's Questioning on Ransomware
Midway through the hearing, Senator Menendez fretted that a portion of ransom payments could also cause targeted businesses to violate US sanctions. Yes, by the way, this is the same Senator not only for whom a 2018 Senate Select Committee declared had 'knowingly and repeatedly accepted gifts of significant value … without obtaining required Committee approval' but who was indicted for corruption but for which no subsequent conviction could be obtained. Mr. Brito rejected the entire premise.
(Video @ ~1:09.00) He reminded that the FBI has advised businesses 'for years' not to pay ransoms, ever. So that would be the way for companies not to violate sanctions. He stressed how companies simply required sufficient cybersecurity and would need to backup files. Professor Walch was even stronger. She explained that widespread lax cybersecurities practices have resulted in too many vulnerabilities, which are in turn being exploited. And she pointed the finger back at Congress.
(Video @ ~1:10.00) She characterized an overall immunization of liability for software developers through clickwrap licenses and legal framework as "pretty much, there's no liability even if your software is terrible and has lots of bugs, and any obligation to make good software is disclaimed in the license." She concluded with a call for an overall revisit of the liability framework governing software development.
Senator Tester's Choleric Return to the Topic
Senator Tester returned to ransomware, perhaps not content with or persuaded by the answers provided to Senator Menendez's queries. He asked Filecoin's Marta Belcher what he should tell a constituent concerned about Bitcoin after an attack on critical infrastructure, such as the Colonial Pipeline, occurs. Marta did not flinch: Ransomware is not a crypto problem but a cybersecurity problem.
(Video @ ~1:28.00) Senator Tester did not appreciate that. He interrupted her to insist that it was indeed a cryptocurrency problem, but even as he did so, he also acknowledged that, well, maybe we did retrieve the Bitcoin in that Colonial Pipeline ransom, though. Marta Belcher replied simply that many crimes are committed through cash too, but since cash has no association to a transparent public ledger, ransoms so paid may not be recovered. And she closed reminding Senator Tester that law enforcement appreciates the public and traceable nature of blockchain.
(Video @ ~1:29.00) Senator Tester also sputtered about the Chinese spy menace hidden in miners fleeing Bitcoin bans, later awkwardly thanking the committee following his display of antagonism.
Expert Consensus: Ransomware results from a series of cybersecurity failures
All three experts arrived at a rejection of the sloppy association of cryptocurrency development with ransomware. And Professor Walch, the member of the panel most skeptical of cryptocurrency, went so far as to blame at Congress itself and its laws for spawning the vulnerabilities across America's critical code. The cryptocurrency industry now has a ready and informed expert answer to the FUD of ransomware: Congress should first lift immunity from software developers for their terrible code product. Only then should it come and blame cryptocurrency for recording transactions on a public ledger which allows for law enforcement to retrieve the very proceeds criminals nabbed from targets with lax cybersecurity and slovenly backup procedures. Cryptocurrency will not serve as a scapegoat for the centralized middle-aged web's externalities.