Over the weekend, the European Union announced a collaboration between 15 European cyber-security bodies that will attempt to undo the blockchain’s protections at will, breaking the personal security that has allowed it to underlie cryptocurrencies like bitcoin. And the E.U. is promising that its project, known Tools for the Investigation of Transactions in Underground Markets (or TITANIUM), will accomplish the task without violating the privacy of innocent users in the process of investigating criminals.
But they may be promising too much, as the ability to kick the financial legs out from under the dark markets and cyber-criminals, without unlawfully exposing thousands of non-criminal users, has proven elusive. If the history of similar plans in North America is any guide, E.U. legislators are going to have a seriously hard time protecting both their citizens, and their citizens’ rights.
Details are still scarce, because they don’t yet have a plan. “The consortium will analyze legal and ethical requirements and define guidelines for storing and processing data, information, and knowledge involved in criminal investigations without compromising citizen privacy,” TITANIUM coordinator and Austrian Institute of Technology researcher Ross King said.
This statement, with its focus on storage and then processing of information, gives a glimpse into the basic plan. It’s still technologically impossible to decrypt a particular anonymous connection after it’s been encrypted, and thus after it’s been deemed relevant to an investigation. As such, if law enforcement wants to check blockchain activity only after receiving a warrant, it will need an unencrypted copy of the blockchain to read from. This would make the plan roughly similar to U.S. government schemes for dealing with private and encrypted information: collect the information before agents are even really allowed to look at it. In that case, a warrant doesn’t allow for the collection of data, but the viewing of data that has already been blindly collected and stored.
In the United States, the NSA maintains legal-illegal databases like this, and the privacy of the people they contain is basically watched over by the honor system. Whenever that system has been checked, its effectiveness has been found seriously wanting. Though the NSA is in charge of reporting its own missteps, even that lax level of oversight has produced reports of NSA agents using government databases to do things like track their old romantic flames. Two senators who are charged with intelligence oversight have disputed the claim that such a system is necessary for security — though to be fair, these critics can’t name any other way for police to get through the modern computer encryption that protects both secure email services and blockchain transactions.
TITANIUM is an extension of the E.U.’s long-time interest in attacking the blockchain. This plan comes on the heels of the WannaCry ransomware attack, and a similar E.U. statement of intent to figure out how constitutionally sound blockchain policing might theoretically work.
If TITANIUM represents the best such system the E.U. can muster, then it seems that breaking the blockchain’s security could be impossible without also breaking the blockchain itself.