By Tom Simonite
Investors see riches in a cryptography-enabled technology called smart contracts–but it could also offer much to criminals.
Some of the earliest adopters of the digital currency Bitcoin were criminals, who have found it invaluable in online marketplaces for contraband and as payment extorted through lucrative “ransomware” that holds personal data hostage. A new Bitcoin-inspired technology that some investors believe will be much more useful and powerful may be set to unlock a new wave of criminal innovation.
That technology is known as smart contracts—small computer programs that can do things like execute financial trades or notarize documents in a legal agreement. Intended to take the place of third-party human administrators such as lawyers, which are required in many deals and agreements, they can verify information and hold or use funds using similar cryptography to that which underpins Bitcoin.
Some companies think smart contracts could make financial markets more efficient, or simplify complex transactions such as property deals (see “The Startup Meant to Reinvent What Bitcoin Can Do”). Ari Juels, a cryptographer and professor at the Jacobs Technion-Cornell Institute at Cornell Tech, believes they will also be useful for illegal activity–and, with two collaborators, he has demonstrated how.
“In some ways this is the perfect vehicle for criminal acts, because it’s meant to create trust in situations where otherwise it’s difficult to achieve,” says Juels.
In a paper to be released today, Juels, fellow Cornell professor Elaine Shi, and University of Maryland researcher Ahmed Kosba present several examples of what they call “criminal contracts.” They wrote them to work on the recently launched smart-contract platform Ethereum.
One example is a contract offering a cryptocurrency reward for hacking a particular website. Ethereum’s programming language makes it possible for the contract to control the promised funds. It will release them only to someone who provides proof of having carried out the job, in the form of a cryptographically verifiable string added to the defaced site.
Contracts with a similar design could be used to commission many kinds of crime, say the researchers. Most provocatively, they outline a version designed to arrange the assassination of a public figure. A person wishing to claim the bounty would have to send information such as the time and place of the killing in advance. The contract would pay out after verifying that those details had appeared in several trusted news sources, such as news wires. A similar approach could be used for lesser physical crimes, such as high-profile vandalism.
“It was a bit of a surprise to me that these types of crimes in the physical world could be enabled by a digital system,” says Juels. He and his coauthors say they are trying to publicize the potential for such activity to get technologists and policy makers thinking about how to make sure the positives of smart contracts outweigh the negatives.
“We are optimistic about their beneficial applications, but crime is something that is going to have to be dealt with in an effective way if those benefits are to bear fruit,” says Shi.
Nicolas Christin, an assistant professor at Carnegie Mellon University who has studied criminal uses of Bitcoin, agrees there is potential for smart contracts to be embraced by the underground. “It will not be surprising,” he says. “Fringe businesses tend to be the first adopters of new technologies, because they don’t have anything to lose.”
Indeed, some criminals have made significant gains from Bitcoin. The way it can make digital payments more anonymous has aided the rise of malicious “ransomware” (see “Holding Data Hostage: The Perfect Internet Crime?”). And Christin published a paper this week tracing the evolution of online marketplaces for contraband that have been partly enabled by Bitcoin. It shows that although the most notorious, Silk Road, was taken down by U.S. law enforcement in 2013, others rose in its place and together make sales estimated at around $400,000 a day.
Still, Christin notes that the scale of criminal activity made possible by Bitcoin today, and perhaps by smart contracts in the future, is tiny compared with more traditional, cash-based physical crimes. Smart contracts are also more complex to use than Bitcoin transactions, he adds. Writing a smart contract or properly understanding the terms of one takes specialized programming skills.
Gavin Wood, chief technology officer at Ethereum, notes that legitimate businesses are already planning to make use of his technology—for example, to provide a digitally transferable proof of ownership of gold, and to power a lottery system.
However, Wood acknowledges it is likely that Ethereum will be used in ways that break the law—and even says that is part of what makes the technology interesting. Just as file sharing found widespread unauthorized use and forced changes in the entertainment and tech industries, illicit activity enabled by Ethereum could change the world, he says.
“The potential for Ethereum to alter aspects of society is of significant magnitude,” says Wood. “This is something that would provide a technical basis for all sorts of social changes and I find that exciting.”
For example, Wood says that Ethereum’s software could be used to create a decentralized version of a service such as Uber, connecting people wanting to go somewhere with someone willing to take them, and handling the payments without the need for a company in the middle. Regulators like those harrying Uber in many places around the world would be left with nothing to target. “You can implement any Web service without there being a legal entity behind it,” he says. “The idea of making certain things impossible to legislate against is really interesting.”