Facebook’s rumored cryptocurrency project hasn’t even launched, and yet it’s already a punchline for the tens of thousands of security professionals, cryptographers, and researchers gathered at the annual RSA conference.
On March 5, in the San Francisco Moscone Center, the hotly anticipated Cryptographers’ Panel met to discuss the future of cryptography, the internet, and e-commerce. Of course cryptocurrency came up, with a mention of the so-called Facebook Coin drawing perhaps the biggest laugh of the talk.
Speaking of the problems inherent in putting even great research ideas into practice, panelist and cryptography expert Paul Kocher (known for, among other things, co-discovering Spectre) told attendees that the blockchain only makes things trickier.
“[The] idea of combining Bitcoin’s theft mitigation and Facebook’s privacy seems particularly toxic for users.”
“When you add the froth of blockchain into there, these just sort of things that seem crazy just keep amplifying,” he explained. “I think the latest one that I saw is one where you can take Bitcoin where you can lose your money, Facebook you can lose your privacy, and now there’s ‘Facebook Coin.’ And it’s not even a joke, it’s apparently coming.”
Just to make sure that no one misunderstood him, he continued. “So, not going to buy any of that.”
While it’s a little difficult to hear in the below recording, I was in the room, and the audience laughed hard at that last line. It would seem that no one, at least not the security researchers and cryptography experts at RSA, takes the idea of a Facebook cryptocurrency very seriously.
The relevant part of the discussion begins around the 32:40 mark of the video below.
We followed up with Kocher to get a better understanding of his views on a possible cryptocurrency project from the largest social media company in the world, and, if anything, he expressed even more skepticism over email than he did on stage.
While emphasizing that he hasn’t seen the specifics of any Facebook plan, Kocher was still able to highlight some obvious red flags.
First, he observed what he saw as a general failure of cryptocurrency. “Payment systems need to protect users against fraud,” wrote Kocher. “Bitcoin and other cryptocurrencies have fared badly in this regard, resulting in numerous major thefts.”
“[Our] medical procedures, personal relationships, health problems, bad habits, hopes, and fears are all reflected in how we spend money,” he continued. “If abused, this information can harm users in both obvious ways (e.g. job discrimination, etc.) and more subtly (e.g. showing offers for higher-interest credit cards or lower quality health insurance). Given this, the idea of combining Bitcoin’s theft mitigation and Facebook’s privacy seems particularly toxic for users.”
Kocher was quick to add that potential promises of user privacy and good intentions shouldn’t sway us when it comes to using any digital currency from Facebook.
“Doubtless Facebook would try to claim that they’d do the ‘right’ thing, but their track record reflects a pattern of disregard for user privacy,” he observed. “More broadly, Facebook’s business model has intrinsic conflicts between their interests and those of their users (and perhaps society as a whole) which would be challenging to navigate for a company whose leadership had a strong moral perspective (which, frankly, Facebook hasn’t demonstrated).”
Which, yeah. We don’t think we’ll be buying any Facebook Coin, either.