Bruce Schneier Is Right About Blockchain’s Biggest Flaw—and Completely Wrong About Its Long-Term Significance Bruce Schneier Is Right About Blockchain’s Biggest Flaw—and Completely Wrong About Its Long-Term Significance
02.07.2019

Yesterday Wired published a harsh takedown of blockchain tech and its potential, titled “There’s No Good Reason To Trust Blockchain.” Dismissals of bitcoin and blockchain are a dime a dozen, and few of them show truly deep understanding of the technology itself, much less its real potentials or real problems. But this particular attack was written by Bruce Schneier, one of the most respected digital security and cryptography experts in the world. He’s the author, along with several mass-market books about computers and society, of 1993’s Applied Cryptography, a widely-used textbook in the field. He has even previously written about the need for workable digital currency.

You would expect Schneier, then, to be enthusiastic about blockchain’s potential, or at least cautiously hopeful. But from its headline on down, his piece asks to be read as a full-on declaration that blockchain tech is pointless and, implicitly, not worth devoting more resources to developing. On Twitter, reaction has included words like “scathing”.

But is it really?

Schneier sprinkles his essay with secondary critiques, but his real focus is the relationship between humans and machines in establishing trust in the broadest sense. As Schneier rightly points out, “trustlessness” has become the default, one-word pitch for the importance of blockchains, both digital currencies and other forms of (still largely hypothetical) shared databases.

“Blockchain doesn’t eliminate the need to trust human institutions,” he writes, in a fair summation of his thesis. “There will always be a big gap that can’t be addressed by technology alone.”

He’s absolutely right about that. But it’s hardly a fatal blow—in fact, it’s a point that’s already well-understood by many serious blockchain architects.

As a technologist, he should be expected to understand that novel systems come with novel risks, and that those risks are mitigated over time with changes both in user interfaces and user habits. Blockchain will never entirely be risk-free, because personal responsibility is inherently a double-edged sword. But there are almost certainly substantive solutions to these issues.

Before delving into that, let’s tackle Schneier’s biggest secondary point: the frequent failure of exchanges, wallets, and other ways of interacting with the blockchain. The recent happenings at the exchange QuadrigaCX show how real this concern is. Major investors and promoters have been personally hacked repeatedly, sometimes for millions of dollars.

Related: QuadrigaCX Shutters, Claiming It Lost Access to Crypto Accounts After CEO’s Mysterious Death

At the risk of being glib, though, this is not a fundamental critique of blockchain, and it’s disappointing that Schneier presents it as such. As a technologist, he should be expected to understand that novel systems come with novel risks, and that those risks are mitigated over time with changes both in user interfaces and user habits. Blockchain will never entirely be risk-free, because personal responsibility is inherently a double-edged sword. But there are almost certainly substantive solutions to these issues.

Let’s put it in historical perspective: Until not so long ago, most humans lived in a world where much of their wealth was either in goods or cash. Bank robbery, now almost quaint, used to be commonplace (I’m personally curious whether the decline of physical cash has contributed to historical declines in violent crime in the U.S.). A rickety wooden building burning down could destroy huge amounts of wealth. Humans have dealt with violence, theft, and bad luck for centuries, and we’ve slowly learned to mitigate it. That a radically novel form of digital cash has parallel weaknesses isn’t a reason to give up its global reach, privacy, and other huge practical advantages.

Now, back to trust. The main targets of Schneier’s critique are declarations such as “code is law” or “in math we trust.” Certainly, some blockchain proponents envision a world entirely free of governments and institutions, where all decisions are immutable and made by machines. Schneier is absolutely right to attack those oversimplified ideas. But stripped of ideology, the “trustlessness” touted by blockchain advocates exists on the level of day-to-day usage and routine transactions, and it’s still very much worth pursuing.

Schneier is writing for a general audience, so he doesn’t delve into the specific concept most relevant to his critique: smart contracts. These form the basis of Ethereum and its various imitators, and were beautifully described by their conceptual godfather, Nick Szabo, as digital vending machines. Smart contracts provide a predictable output for a specific input, and their operation is transparent and verifiable. In a very simple example, distributed games like CryptoKitties will reliably give you one kind of digital asset for another, with no direct human involvement.

Physical vending machines do malfunction (god knows), and sometimes you lose a buck or two. When smart contracts malfunction, as Schneier rightly points out, users can lose a lot more. The perennial example is Ethereum’s DAO, a would-be automated investment vehicle that turned out to have a giant security flaw. It resulted in the loss of more than $50 million in ether, and wound up having to be rolled back in a controversial, human-engineered fork of Ethereum.

This drives home Schneier’s main point: That all systems used by humans require some interface with human decision-making to actually be trustworthy. The world is a complex place, and there are always exceptions to any supposedly complete set of formal rules (in fact, that’s been mathematically proven). But that’s ultimately not a meaningful rebuttal of the usefulness of blockchains and smart contracts. There are, after all, regulators, businesses, and tens of thousands of people responsible for maintaining America’s soda vending machines. There are even systems, formal and informal, responsible for returning customers’ money when the machines fail. But the existence of those secondary trust systems doesn’t make the vending machine any less of a meaningful advance in convenience and efficiency, in aggregate.

So you have to give Schneier his due—he has identified a widespread flaw in how blockchain advocates envision the future. The pure anarchist vision of open-source, fully decentralized, ambient law-machines may someday thrive in a few edge cases, and for particularly dedicated power users. But secondary systems, reliant on the judgment and social consensus of human beings to maintain and correct automated systems, will likely be widespread.

But this is not news to many blockchain developers and architects. Both the DAO hack and the chaotic struggle over bitcoin’s block size have driven home the necessity of well-designed, formal systems to answer questions and solve problems that smart contracts can’t. But Schneier’s essay doesn’t touch at all on the many blockchain projects hard at work searching for new, distributed, but very human-driven ways to govern distributed platforms. Perhaps the clearest example of this is Decred, a currency moving towards a collective voting system that guides decisions about upgrades and the spending of development funds. Another example, though less inspiring so far, is EOS, which seems set on rebuilding English Common Law from the ground up.

Schneier is not attacking a straw man here. “Code is law” is a meme, making it subject to widespread oversimplification. There are also people who genuinely believe that it is a worthy goal to strive for in that simplified form, as exemplified by the story of Ethereum Classic. But most people actually building blockchain systems for the real world are grappling with the much subtler question of where the law of code ends and the law of humans begins. It will be a long and rocky journey, but that doesn’t mean it’s not one worth making.