Category: Cryptocurrency

Blockchain: Catalyzing Revolution in the Copyright Law

Posted on by Tech Law Forum @ NALSAR

[This post has been authored by Ujjawal Bhargava, a fourth-year student at the Institute of Law, Nirma University, Ahmedabad.]

Copyright is a right provided to the creators of literary, artistic, dramatic and musical works as well as to the producers of sound recordings and cinematographic films. The rights of the creators include inter alia, right of reproduction, adaptation, and translation of work and communication to the public. However, despite the bundle of rights to provided to the authors, they are infrequently utilized even their copyright is infringed. The reasons for the this include lack of transparency about the legal status of copyrighted work, lack of knowledge about the right owner and piracy, etc. The status quo can be appropriately described “like having the keys and title to your car, but not knowing where it’s parked: in theory you own it, however in practice you cannot use it in the intended way.”

Read more

Metadata by TLF: Issue 16

Posted on by Tech Law Forum @ NALSAR

Welcome to our fortnightly newsletter, where our reporters Kruttika Lokesh and Dhananjay Dhonchak put together handpicked stories from the world of tech law! You can find other issues here.

Union Consumer Affairs Minster issues E-Commerce Rules to shift the focus onto consumer protection

In an increasingly globalised world, major retail companies like Amazon have reached even the most inaccessible places. The consumers that are exposed to e-commerce companies can only be protected in the presence of increased accountability. The newly issued E-Commerce Rules set up a Central Consumer Protection Authority to police companies that violate consumer rights. Misleading ads and unfair trade practices are prevented as e-retailers have to mandatorily disclose return, refund, warranty, exchange, guarantee, delivery and grievance redressal details. Henceforth, prices of products cannot be manipulated to produce unreasonable profits for companies. These rules apply to retailers either registered in India or abroad.

Read more

Post-Crypto-Writ Judgement: How(ey) to regulate the ICOs?

Posted on by Tech Law Forum @ NALSAR

[This post has been authored by Harshit Goyal, currently in his 3rd year at National Law School of India University, Bangalore.]

Imagine that you get to know about a cryptocurrency that had been launched recently and has been selling like hotcakes. The price of this token has been on a steep rise, and thus, you also decide to invest a dear amount in it. How will you feel if the value of this cryptocurrency plummets the very next day to rock bottom? Worse, how will you feel if you get to know that the law had done absolutely nothing to prevent such a situation?

Read more

Indian Government’s Stance on Cryptocurrencies: An Analysis

Posted on by Tech Law Forum @ NALSAR

This post on the recent recommended ban on cryptocurrency has been authored by Shivani Malik, a final year law student at the Vivekananda Institute of Professional Studies.

Current Scenario

The Ministry of Economic Affairs in its recent press release dated July 22, 2019, prepared a report on the Committee on Virtual Currencies, which proposed a ban on the so-called “private cryptocurrencies”.

The Government of India had constituted an Inter-Ministerial Committee (IMC) on November 2, 2017 under the Chairmanship of Shubash Chandra Garg (Secretary, Department of Economic Affairs) in order to study the issues related to virtual currencies and propose specific action to be taken in this matter. The committee recommended that all private cryptocurrency like Bitcoins should be banned due to the volatile nature of their price. Additionally, a fine of INR 25 Crore may be levied and imprisonment of up to 10 years may be awarded for carrying on activities associated with cryptocurrencies in India.

The report garnered a lot of negative attention, with the crypto community taking the view that it was extremely backward looking and had a regressive approach to such a futuristic concept. In order to recognize the impact of the announcement, it is necessary to first understand what virtual currency is.

What is Virtual Currency?

A virtual currency is a digital representation of value that can be digitally traded and functions as (a) a medium of exchange, and/or (b) a unit of account, and/or (c) a store of value, but does not have legal tender status. A virtual currency is a private medium of exchange that does not in any way reflect a sovereign guarantee of the value or legal tender status. Virtual currency is therefore distinguished from the FIAT currency of a country that is designated as its legal tender. Cryptocurrencies are a subset of virtual currencies that is decentralized and protected by cryptography. Bitcoin is an example of a cryptographic virtual currency, and was the first of its kind.

Currently, the term “legal tender” finds expression under Section 26 of the RBI Act, which states that, “every bank note shall be legal tender at any place in India in payment or on account for the amount expressed therein, and shall be guaranteed by the Central Government”. The main point of difference between fiat currency and virtual currency is that while the former is expressly guaranteed by the Central Government, the latter does not provide for the same. In order for any virtual currency to be declared as legal tender, it would need to be expressly guaranteed by the Central Government. Only in that scenario would the parties be legally bound to accept it as a mode of payment.

In the third chapter of the report committed projected the idea of Central Bank Digital Currency (CBDC) that shall be the “Digital Rupee” to be the sole cryptocurrency in India having the following key attributes-

  1. Issued by Reserve Bank of India
  2. Variant to Cash and Reserve Money
  3. Possibility of being served as a competitor to cash.

View of the Committee

Having discussed the above, the Committee appreciated the regulatory concerns associated with virtual currencies. The topics relating to Distributed Ledger Technology (‘DLT’) and Blockchain were delved into deeply and their complexity duly recognized. DLT refers to technologies that involve the use of independent computers to record, share and synchronize transactions in their respective electronic ledgers. Keeping such distributed ledgers obviates the need for keeping the data centralized as is done in a traditional ledger, which is why DLT is extensively utilized by virtual currencies.

Primarily, a transaction under DLT refers to the transfer of ‘value’ from one to another, which could be a record of ownership of assets— money, security, land titles, etc. — or the record of specific information such as information about one’s identity or health. Blockchain, on the other hand, refers to a specific kind of DLT which uses codes to encrypt transactions and stack them up in blocks, creating Blockchains.

As mentioned above, the IMC recognizes the potential of DLT and Blockchain and acknowledges that the application of DLT is being explored in the areas of trade finance, mortgage loan applications, digital identity management or KYC requirements, cross-border fund transfers and clearing and settlement systems. To that effect, the Committee advised the Department of Economic Affairs to take necessary measures to facilitate the use of DLT in the entire financial field after identifying its uses, and further suggested that regulators such as RBI, SEBI, IRDA, PFRDA, and IBBI explore the idea of evolving appropriate regulations for development of DLT in their respective areas.

Consequently, the IMC is of the view that it “would be advisable to have an open mind regarding the introduction of an official digital currency in India”. It is pertinent to note that that the RBI Act has the enabling provisions to permit the central government to approve a “Central Bank Digital Currency” (CBDC) as legal tender in India.

Reasons for attracting the ban

While the use of technology in virtual currencies has multiple upsides, it is not without grave risk. The IMC was of the view that private cryptocurrencies lack the necessary attributes of a currency, such as a fixed nominal value that characterizes legal currency.

Another concern plaguing the committee is that non-official virtual currencies can be used to defraud consumers, particularly unsophisticated consumers or investors. The IMC gives the example of the Rs. 2,000 crore scam involving GainBitcoin in India where investors were duped by a Ponzi scheme. In addition to the above, it has been observed that certain volatility exists when dealing with such currencies. In a country where lakhs of traders get involved in such currencies, this could have huge implications. Secondly, the IMC is worried that if private cryptocurrencies are allowed to function as legal tender, the RBI would lose control over monetary policy and financial stability, as it would not be able to keep a tab on the money supply in the economy.

Also, the anonymity of private digital currencies poses a risk to law enforcement, due to the potential for its use in illegal activities such as money laundering and terrorist financing activities. The lack of grievance redressal mechanisms is another major issue, due to the irreversible nature of such transactions.

The Road Ahead

The IMC report promulgates that the government should consider an official digital currency in lieu of private virtual currencies or crypto coins and tokens. On the other hand, the committee notes the risks involved and volatility in the prices of private cryptocurrencies, which inevitably led to them recommending a ban on cryptocurrencies in India and imposing fines and penalties for carrying on of any activities connected with cryptocurrencies.

This has been subjected to backlash from private traders who have sharply criticized Section 2.7 of the Recommendations which states that “the Committee notes with serious concern mushrooming of cryptocurrencies almost invariably issued abroad and numerous people in India investing in these cryptocurrencies. All these cryptocurrencies have been created by non-sovereigns and are in this sense entirely private enterprises.”

The IMC has opined that these crypto-assets are not backed by any intrinsic value, which have not been recognized as a legal tender in any jurisdiction, but that’s not entirely true. Many cryptocurrencies, these days, are backed by petroleum, gold, as well as the US dollar in the case of Facebook’s Libra. The IMC does not make any differentiation among cryptocurrencies that are not backed by any central banks. The report presents energy consumption as an issue in the context of Bitcoin mining, however, the report does not delve into the numerous solutions suggested world over to curb this consumption. Cryptocurrencies have never been used as a legal tender or currency in India, nor was it the expectation of any crypto startup. It has always been traded as an asset, which is now being banned.

In reference to the same, the panel has asked the government to consider the launch of an official government-backed digital currency in India, to function like banknotes, through the Reserve Bank of India. Authorities in various countries are considering how to regulate cryptocurrencies, particularly after Facebook announced plans to launch one called Libra, because of risks to the financial system and consumer data. According to recent reports, Libra will not be launched in India due to the current Indian regulation of not endorsing private cryptocurrencies. While Libra is likely to have a massive impact on global e-commerce, it is in the money transfer space where it could be a potential game-changer.

Aside from an extremely brief inspection of the application of DLT in India, the report also includes the proposed bill banning crypto assets that will be presented to the Supreme Court as well. It remains to be seen whether the Supreme Court accepts or rejects the same in toto or comes up with their own guidelines on the issue.

Read more

Metadata by TLF: Issue 3

Posted on by Tech Law Forum @ NALSAR

Welcome to our fortnightly newsletter, where our editors put together handpicked stories from the world of tech law! You can find other issues here.

Uber likely to start bus service in India

The San-Francisco cab-aggregator giant, Uber is working on to kick-start an AC bus service in India. With the introduction of AC bus service, Uber is trying to inch closer toward its goals of reducing individual car ownership, expanding transportation access and helping governments plan transportation. Pradeep Parameswaran, Uber India and South Asia head said that “we are in the process of building the product and refining that. Some pilots are live in parts of Latin America and the Middle East. So they are the archetype of markets that would look like India”.

Uber bus will allow commuters to use the Uber app and reserve their seat on an air-conditioned bus. Uber will scan other passengers travelling in the same direction as the rider and hence reaching the destination with fewer stops. Through its bus service, Uber is emphasizing on educational campuses and business centers. Earlier Ola, Uber’s direct competitor, had launched similar kind of bus service in limited cities in 2015 but was stopped in 2018. At present, Gurgaon based Shuttl provides app based bus service to offices. Uber bus service in India is expected to become a reality in mid-2020.

Further Reading:

  1. Moupiya Dutta, Uber will be starting a bus service in India by 2020, TechGenyz (8 August 2019).
  2. Shreya Ganguly, Uber mulls launching bus service in India, Medianama (9 August 2019).
  3. Tenzim Norzom, Ride-hailing major Uber to soon launch bus service in India, Yourstory (7 August 2019).
  4. Hans News Service, Uber to start bus service in India, The Hans India (8 August 2019).
  5. Priyanka Sahay, India may see Uber buses plying on roads in a year, Moneycontrol (8 August 2019).

WhatsApp Hack Can Alter Messages and Spread Misinformation

The Israeli Research Company, Check Point recently revealed that WhatsApp could be hacked causing serious potential security risks to users at the Annual Black Hat Security Conference on 7thAugust, 2019. According to Roman Zaikin and Oded Vanunu, they were able to change the identity of a sender, alter the text of someone’s reply on a group and even send private messages to another member in the group as a public message, such that the reply is visible to all the participants of a group. They were able to exploit the weaknesses of the application, after they reverse-engineered the source code in 2018 and decrypt its traffic. Since then Check Point has stated that it found three ways to manipulate and alter conversations, all of which are exploited through its quoting feature. The creators did warn WhatsApp in 2018 that the tool could be used by ‘threat actors’ to create and spread misinformation and fake news. Facebook has responded stating that the risk is not serious, and to alter the application would mean having to store data about the sender, leading to lesser privacy for its users.

Further Reading:

  1. Davey Winder, WhatsApp Hack Attack Can Change Your Messages, Forbes (7 August 2019).
  2. ET Bureau, WhatsApp hack attack can change your messages, says Israeli security firm, The Economic Times (7 August 2019).
  3. Shreya Ganguly, Messages and identity on WhatsApp can be manipulated if hacked: Check Point Research, Medianama (9 August 2019).
  4. Mike Moore, Hackers can alter WhatsApp chats to show fake information, Tech Radar (9 August 2019).

Facebook’s new entity Calibra raises attention of privacy commissioners

Several privacy commissioners across the world raised concerns over the privacy policy of Facebook’s new Libra digital currency. The countries which have raised concerns are US, UK, EU, Australia, Canada, Albania and Burkina Faso.

Calibra is the new subsidiary of Facebook and its cryptocurrency is called Libra. Calibra hopes to build a financial service on top of the Libra Blockchain. The privacy concerns raised go beyond the question of financial security and privacy because of the expansive collection of data which Facebook accumulates and has access to. Calibra issued a statement that user information will be shared in only certain circumstances but there is no definite understanding of what such situations are. 

Apart from privacy concerns, the joint statement issued by the countries includes several concerns on whether Facebook should be given the right to get involved in the banking sector. If they did, they should seek a new banking charter and should be regulated by all the banking laws. These were few of the concerns raised by privacy commissioners.

Further Reading:

  1. Soumyarendra Barik, Privacy commissioners from across the world raise concerns over Facebook Libra’s privacy risk, Medianama (6 August 2019).
  2. Nick Statt, Facebook’s Calibra is a secret weapon for monetizing its new cryptocurrency, The Verge (18 June 2019).
  3. Reuters, Facebook’s cryptocurrency project raises privacy concerns, asked to halt programme, tech2 (19 June 2019).
  4. Jon Fingas, US, UK regulators ask Facebook how Libra will protect personal data, engagdet (8 May 2019).
  5. Harper Neidig, Global privacy regulators raise concerns over Libra, The Hill (8 May 2019).

EU General Data Protection Regulation exploited to reveal personal data

University of Oxford researcher James Pavur successfully exposed a design flaw in the GDPR, as a bogus demand for data using the “right to access” feature of the regulation saw about one in four companies reveal significant information about the person regarding whom the request was made. Data provided by the companies contained significant information including credit card information, travel details, account passwords and the target’s social security number, which was used by the researcher as evidence of design flaws in the GDPR. Pavur also found that large tech companies did well when it came to evaluating the requests, whereas mid-sized business didn’t perform as well despite being aware of the coming into force of the data protection regulation.

Further Reading:

  1. Leo Kelion, Black Hat: GDPR privacy law exploited to reveal personal data, BBC (8 August 2019).
  2. Sead Fadilpasic, GDPR requests exploited to leak personal data, IT ProPortal (9 August 2019).
  3. John E Dunn, GDPR privacy can be defeated using right of access requests, Naked Security by SOPHOS (12 August 2019).
  4. Understanding the GDPR’s Right of Access, Siteimprov (14 June 2019).

Apple to suspend human review of Siri requests

Human reviewers will no longer be used to study conversations recorded by Siri, according to a recent announcement by Apple. The move gives users a greater degree of privacy over their communications, and analysis of recordings will be suspended while the “grading” system deployed by the company is reviewed. The system refers to the manner in which contractors grade the accuracy of the digital assistant’s voice recognition system, with the primary task being to determine the phrase that triggered action by i.e. whether the user had actually said, “Hey, Siri” or if it was something else.

Further Reading:

  1. Hannah Denham and Jay Greene, Did you say, ‘Hey, Siri’? Apple and Amazon curtail human review of voice recordings., Washington Post (2 August 2019).
  2. Jason Cross, So Apple’s going to stop listening in on your Siri requests. Now what?, Macworld (2 August 2019).
  3. Rob Marvin, Apple to Halt Human Review of Siri Recordings, PC Mag (2 August 2019).
  4. Kate O’Flaherty, Apple Siri Eavesdropping Puts Millions Of Users At Risk, Forbes (28 July 2019).

Read more

Metadata by TLF: Issue 2

Posted on by Tech Law Forum @ NALSAR

Welcome to our fortnightly newsletter, where our editors put together handpicked stories from the world of tech law! You can find other issues here.

US Justice Department’s Big Tech Antitrust Scrutiny

The past month saw a slew of antitrust investigations being opened against big tech companies such as Facebook, Google, Amazon, etc. From the EU’s announcement of an investigation into Amazon’s use of third-party retailers’ data, to the CCI’s order against Google for abusing its dominance in the Android market—the wave against Big Tech’s threats to fair competition has spanned jurisdictions.

In the latest development, the US Justice Department has decided to open a broad investigation into Big Tech companies. The investigation follows bipartisan calls from lawmakers for reigning in the threats posed by big tech to the competitive market. According to the agency, the effort aims to explore grievances raised by consumers and business regarding search, social media and online retail services. This could lead to a heightening of calls for Amazon, Google and Facebook to be broken up. Such companies, especially Facebook, have already faced heat for the way they handle vast amounts of data and jeopardise privacy of individual people.

Further Reading:

  1. Tony Romm, Elizabeth Dwoskin & Craig Timberg, Justice Department announces broad antitrust review of Big Tech, The Washington Post (23 July 2019).
  2. David McLaughlin, Did Big Tech Get Too Big? More of the World is Asking, The Washington Post (26 July 2019).
  3. The Editorial Board, US Justice Department Must Make Antitrust Fit For the Age of Big Tech, Financial Times (28 July 2019).

Australia Competition and Consumer Commission Suggests Crackdown on Google and Facebook

Spelling further trouble for Big Tech, The Australia Competition and Consumer Commission (ACCC) submitted the Digital Report Inquiry on 26 July, 2019 which limits the market dominance of major players including Facebook and Google. The report had 23 recommendations to promote competition and increase privacy of consumers due to the lack of informed consent of consumers that presently exists. Josh Frydenberg, the treasurer of the ACCC, stated that a new division would “lift the veil” on the advertising and marketing algorithms being used by these companies. The division would also be able to conduct public inquiries and require companies to furnish any relevant information. Inquiries can be held about supply of ad services, sufficient transparency over prices and the existence of competition within the market. The report also recommended the implementation of the Australian Law Commission Report, which suggested the introduction of a statutory tort for serious invasions of privacy and a general prohibition on all unfair trade practices. Additionally, the Chairman of the ACCC, Rod Sims, stated that five investigations were underway against Facebook and Google and more could follow.

Further Reading:

  1. Josh Taylor, Facebook and Google face tighter rules in Australia as ACCC releases report, The Guardian (26 July 2019).
  2. Aditi Agarwal, Australian Anti-Trust Challenges Market Dominance of Google and Facebook in Advertising and Online News, Medianama (26 July 2019).
  3. Holistic, Dynamic Reforms Needed to Address Dominance of Digital Platforms, ACCC (26 July 2019).
  4. Tom Westbrook, Australia to ‘lift veil’ on Facebook, Google Algorithms to Protect Privacy, Reuters, (26 July 2019).

POCSO Amendment Bill expands child porn definition

The Protection of Children from sexual Offences (POCSO) Amendment Bill, 2019 introduced in Rajya Sabha by the Women and Child Development Minister Smriti Irani widened the definition of child pornography that now goes beyond videos. The amended definition now involves any photography, video, digital or computer-generated image indistinguishable from an actual child, and image created, adapted, modified, but appears to depict a child. A new section 15 has also been introduced, which proposes penalties for storage and possession of pornographic material involving children. Although the bill succeeded in garnering support from across the political spectrum, but few MPs criticised the bill for overtly emphasising on punishing the offenders and neglecting the measures to curb sexual assault of children and child pornography.

Further Reading:

  1. PTI, POCSO Amendment Bill, With Death Penalty for Aggravated Sexual Assault, Gets Rajya Sabha Nod, News18 (24 July 2019).
  2. Deepshikha Ghosh, Derek O’Brien shares sex abuse story, Smriti Irani praises his courage,     NDTV (24 July 2019).
  3. FP Staff, RS passes bill amending POCSO Act: A look back at case of Dhananjoy Chatterjee, last murderer-rapist to be hanged in country, Firstpost (25 July 2019).
  4. PTI, Rajya Sabha passes POCSO (Amendment) Bill, 2019, The Hindu (24 July 2019).
  5. Soumyarendra Barik, POCSO Amendment Bill expands child porn definition to ‘any visual depiction of sexually explicit content involving children, Medianama (26 July 2019).

Committee recommends Ban on Private Cryptocurrencies in India

The Indian cryptocurrency market received a major jolt on 22nd July 2019, with the Inter-Ministerial Committee set up under the Chairmanship of Economic Affairs Secretary Subhash Chandra Garg recommending a ban on the use of such cryptocurrencies in India. Set up to look into the legality of cryptocurrencies and blockchain technology, the Committee submitted that private currencies should be completely banned in India, and drafted the Banning of Cryptocurrency & Regulation of Official Digital Currency Bill, 2019 which mandates a fine and imprisonment of up to 10 years for offences involving the use of such currencies. However, the Committee approved of the advantages of the underlying blockchain technology and floated the idea of an official RBI-backed cryptocurrency in the future, perhaps suggesting that the future of cryptocurrencies is yet to be resolved.

Further Reading:

  1. Asit Ranjan Mishra, Panel favours cryptocurrency ban in India, Livemint (22 July 2019).
  2. Mike Orcutt, India might ban cryptocurrency and give its users jail time, MIT Technology Review (25 July 2019).
  3. Amol Agrawal, Private crypto ban: Has India gone overboard?, Moneycontrol (23 July 2019).
  4. Vikash Kumar Bairagi, Proposed Ban on Cryptocurrency In India: An Analysis Of ‘Banning Of Cryptocurrency & Regulation Of Official Digital Currency Bill, Livelaw (28 July 2019).
  5. Suprita Anupam, The Aftermath Of India’s Cryptocurrency Ban: Start-ups, Investors Poke Holes In Govt’s Plan, Inc42 (23 July 2019).

Byte dance to invest USD 1 Billion in India over the next three years

Proclaimed to be among the most valuable start-ups in the world, ByteDance plans to invest USD 1 Billion in India over the next three years. ByteDance is the parent company of TikTok, a Chinese video making app which allows users to create and share videos online. On July 17th 2019, the cyber e-security arm of the Ministry of Electronics and Information Technology sent a notice to TikTok and Helo raising issues related to anti-Indian activities. They were given an ultimatum to respond by July 22nd or face severe consequences. Previously, they had also faced a one week ban in April 2019. Despite all these encumbrances, ByteDance has a promising plan for India. It plans on investing USD 1 billion over the next three years. They would also be increasing the number of employees in India to 1000 by the end of this year. ByteDance implemented several regulatory and safety measures in order to comply with the cultural and political ideologies of the country.

Further Reading:

  1. Ananya Chaturvedi, TikTok and Helo promise to collaborate after India threatens ban, Quartz India, (18 July 2019).
  2. Aditi Agrawal, Byte Dance to open a data centre in India, Medianama, (22 July 2019).
  3. PTI, TickTocks parent Byte-Dance plans USD 1 Billion investment in India in next 3 years, The Economic Times, (19 April, 2019).
  4. IANS, How TickTock made Modi popular among young voters, The Economic Times, (25 May 2019).
  5. PTI, TikTok’s parent ‘very optimistic’ on India, to invest $1-bn in next 3 yrs, Business Standard, (19 April 2019).

Read more

Blockchain and Virtual Reality—A Heavenly Merger?

Posted on by Tech Law Forum @ NALSAR

[Ed Note : The following post has been authored by guest contributor Davor Gasparevic. As Davor puts it, he is a writing virtuoso with several years of experience across a wide range of online industries, and has established himself as a crucial contributor for several online businesses and startups.]

At first glance, the convergence of Virtual Reality (VR) with Blockchain might seem like the most unnatural merger in technological history. On one hand, you have two fast-rising superstar platforms that both fascinate and capture the imagination of millions, but on the other, the two technologies started as completely disparate in terms of their aims and scopes.  After all, blockchain started out as a decentralized ledger system for tracking cryptocurrency, and VR was developed for entertainment purposes. Combining them and creating something truly unprecedented might be seen as a once in a lifetime opportunity.

Read more

Muting the ‘Immutable’ – The Curious Case of Cryptcurrency Mining Pools

Posted on by Tech Law Forum @ NALSAR

Editor’s Note: In a longer read, Viraj Ananth explains how the existing regime of regulations for Cryptocurrency Mining Pools is inadequate.

Viraj Ananth is a third-year student at NLSIU. He currently serves as the Deputy Chief Editor of the Indian Journal of Law and Technology and is the Founding Editor of The Boardroom Lawyer. He has served as an invited member of the Karnataka Government’s Consultation Team on Innovation and Regulatory Sandboxes where he co-authored the Karnataka Innovation Authority Bill, 2018.

Cryptocurrencies (“CCs”) have gained wide acceptance and popularity as a common medium of exchange, largely due to their decentralised nature, which runs in stark contrast to traditional mediums of exchange. Most popular CCs utilise Blockchain technology and serve as distributed, decentralized ledgers, with transactions taking place directly between users (or nodes) and without the presence of an intermediary. The absence of a centralized entity makes the system trustless, such that users no longer need to rely on or trust a central entity which has the power to prioritize its own interests over that of its users. This decentralized nature also guarantees the authenticity of transactions and prevents flaws from entering into the permanent record.

Lately, there have been numerous reports of attacks on major CCs, most notably the attacks on ZenCash and Bitcoin Gold, causing significant losses to users. Such attacks are an unfortunate consequence of the widespread proliferation of mining pools in recent times, and accordingly, the increasing centralization of power in the hands of such pools. The term ‘mining pool’ refers to a group of people who mine a particular CC, i.e. who pool together their computational power over a network and in turn, share profits upon successfully verifying a particular transaction in a CC network.

What is ‘Mining’ and ‘Proof-of-Work’?

Mining is the process by which CC transactions are confirmed, using a distributed consensus system or proof-of-work (“POW”). Each miner in the network independently attempts to verify an incoming transaction and creates a bblock uponsolving the CC’s POW algorithm. Once a block is created, the same is notified to the rest of the network of miners for verification. Such verification entails repeatedly altering the block’s field value (or nonce) and cryptographically hashingthe same to obtain a value equal to or less than the mathematically necessary threshold (or target).

Once such value is reached, the block is accepted as valid and added to the blockchain. This process of altering the nonce is completely random and involves making guesses of numerical inputs until the desired hashed output value is obtained. Upon successfully mining a block, miners are rewarded with a unit of the concerned CC, and mining thus essentially amounts to a race between miners to mine blocks first. Accordingly, the hash rate, or in simpler terms, the number of guesses that can be made per unit time, is determinative of the success of a miner, and is, in turn, determined by the computational power utilized by the miner.

The structural set-up of POW CC mining is hence such that large computational power is required to mine quickly, and vast amounts of electricity are needed to support such computing. This has made the process largely inviable for individual miners, and contributes to the growing trend of such individuals joining mining pools. This trend has become particularly concerning in recent times, with the overall hash rate of numerous pools, such as GHash.io, for example, reaching uncomfortably close to 50%, which would de-facto render the CC centralised. Accordingly, any such entity would be able to exercise significant undue influence over the network.

Why is Centralisation Problematic?

Centralization hits at the heart of the principles and assumptions on which POW CCs are founded, and correspondingly, has wide-ranging consequences. In POW CCs, honest miners may generate one chain of legitimate blocks and dishonest miners may, at the same time, generate a parallel chain of fraudulent blocks. Since POW CCs operate on the principle of longest chain and on the assumption that majority of computational power is controlled by honest nodes, the chain to which the most computational power is dedicated, or the longest chain, is assumed to be the legitimate one. Therefore, as per the POW adjudication rule, the shorter (and in this case, honest) chains are pruned.

The malicious actors, who possesses more centralized power than the rest of the miners, are able to flood their private chain with fraudulent blocks, and pass off their corrupt but longer chain as the legitimate, public one. Accordingly, the malicious actor can spend his CCs but refrain from recording any such transactions in the fraudulent chain, essentially allowing the actor to double-spend.

The malicious actors may even prevent new transactions from getting confirmed and added to the blockchain, effectively monopolizing the mining of any new blocks, and claiming all rewards for themselves. Overly centralized pools may exercise unwarranted influence on the system in numerous other, indirect ways. For example, they may exercise lobbying power, essentially refusing to mine and stalling the entire network until they are paid high transaction fees. If any case, even if we assume that all mining pools are not subsumed with malicious intent, merely the risk of an attack jeopardises the absolute stability of the network, which is the distinguishing factor of CCs, and consequently, such centralisation calls for regulation.

Moving Forward

A solution commonly proposed is that of mandating miners to sign off on blocks with their public key and programming the network such that it will not accept simultaneous blocks from the same miner. However, this solution is largely fallacious for two reasons: first, there is no certain manner of preventing the same miner from acquiring numerous keys, as a centralized mechanism will be required to keep track of the same. Second, even if every miner in a pool is uniquely registered, it is unlikely that subsequent blocks will be successfully mined by the same individual miner. Accordingly, unless the mining pool itself is given a unique identifier, which applies uniformly to all miners in the pool, mandating individual registration of and signing with public keys would be futile.

Following the 51% attack on the HorizenCC, it released a white paper, introducing the concept of fork acceptance delay. The magnitude of this ‘delay’ is determined by the amount of time that has passed between the adoption of the current public chain and the introduction of the new (and in our case, malicious) chain. Using a mathematical function, such lapse in time is translated into an additional number of blocks that must be mined on the malicious chain for it to be accepted as legitimate. Accordingly, the fraudulent miner is required to spend greater resources to successfully execute his attack and legitimate miners are given more time to address the malicious chain prior to its final adoption.

The centralization problem may also be addressed by transitioning from CCs based on the POW algorithm to the proof-of-stake (“POS”) algorithm. In POS based CCs, the probability of selection of a node for validation of a transaction is dependent on the amount of stake held by the node in that particular CC. As a result, nodes are not expected to behave in a manner that would devalue the CC and their stake in the same. However, this would still not completely crop out the problem, especially in cases where malicious actors are able to offset the loss in value of their stake but sufficiently double-spending, for example.

This issue (popularly known as ‘Nothing at Stake’) is exactly what the Ethereum team sought to tackle through the introduction of the Casper protocol. As per this protocol, nodes seeking to validate transactions must stake a certain amount of their CC, as a form of security deposit. In case the validator acts maliciously, by unduly delaying a validation, for example, the new algorithm would penalize them by automatically slashing such stake. Accordingly, a move to POS based CCs, with such appropriate security protocols, may be the answer to the worrisome centralization of power in the hands of POW CC mining pools.

Nonetheless, if all else fails, countries seeking to protect their citizens may be forced to resort to the unorthodox Chinese approach of charging significantly higher tariffs on, and restricting the sale of, electrical power to increasingly centralised mining pools, essentially restricting the computational power of such pools.

Conclusion

POW CCs are structured such that they incentivise centralization of power, and this runs in stark contradistinction to Satoshi Nakamoto’s vision of eradicating the very same enemy. As pools continue to accumulate the coins awarded for mining successfully, they are able to purchase more sophisticated mining equipment, further cementing their position. Harnessing increasingly sophisticated equipment also reduces the number of malicious individual actors required to execute an attack. The consequences of such centralisation are hence wide-ranging and hit at the promises of absolute stability and security of such systems, which have attracted millions of users globally.

Looking ahead, there are clearly no easy answers. Traditional forms of regulation have a high propensity to fail in the context of POW CCs simply due to the decentralized nature of the same, ironically, the very same nature originally touted as the all-encompassing solution. Even if one country outright bans the involvement with mining pools, it will only (if at all) restrict individuals from that country. Mining pools would, by and large, still flourish and wield as much centralization power. Accordingly, an answer either lies in a collated international response, or in the technology itself, through a move to POS CCs.

Read more