True to its name, the Bitcoin blockchain is mostly used for conducting transactions in Bitcoin. Users typically download the entire blockchain and can enter into transactions and participate in the generation of new blocks.
The Bitcoin blockchain also allows users to store bits of information on the blockchain itself. Because each copy of the blockchain is constantly checking with other copies to automatically update when new blocks are added, this stored information becomes part of the automatic updates that impact every copy of the chain. Because of the public availability of the blockchain software, this information is typically stored in encrypted form or is otherwise disassembled.
A team of German researchers has been working to decrypt or reassemble some of the stored information in order to analyze how the Bitcoin blockchain is impacted by this storage capability. This team recently discovered that it is possible to extract questionable and potentially illegal information from the Bitcoin blockchain, including materials that may violate copyright, contain personally identifiable information, and even contain links to child pornography websites.
The publicity of this finding is certain to cause some instability in today’s multi-billion dollar cryptocurrency markets. What do users of Bitcoin, and providers of Bitcoin-related services, need to know?
What does this mean for Bitcoin users?
Only persons who have downloaded the entire blockchain will be in possession of this stored information. As such, consumers and other end users of Bitcoin are unlikely to be affected by this discovery, provided they purchased Bitcoin through a wallet service that does not require downloading the entire chain.
Do I need to delete my copy of the blockchain?
Persons who have downloaded the Bitcoin blockchain should consider applicable local law and the current political climate. That said, based on the current law and the facts that are being disclosed now, it is far from certain that possession of the Bitcoin blockchain would be viewed as possession of the embedded illegal content.
Even if a person has downloaded the entire blockchain, the additional content on the blockchain itself is typically in “hashed” form or is otherwise difficult to find. Hashing is a form of “one-way” cryptography, meaning that content of any size can be used to create an alphanumeric string called a “hash,” and the same content will always create the same hash (so you can check to ensure that the content has not changed), but there is no easy way to determine the content from the hash.
Even the files identified by the German research team as readable (i.e., not hashed) were scattered in various small pieces across the blockchain and needed to be laboriously reassembled in order to make any coherent sense. Because the Bitcoin blockchain can only hold a limited amount of additional data in a single transaction, any substantive data must be spread over multiple transactions, and it takes significant work to extract information even if that information is not encrypted.
What is the impact of this discovery on the average end user? Clearly the most worrisome of these discoveries regards potentially embedded child pornography, possession of which is strictly regulated and heavily punished. Federal law prohibits the “knowing possession of” and “knowing access with intent to view” child pornography, and does not require a specific intent to harm the children being exploited. 18 U.S.C. §§ 2252, 2252A. (State law also restricts possession of child pornography and can vary from state to state.) Unfortunately, this is an area in which the clarification of controlling law lags significantly behind the technology. There is a logical and persuasive argument that persons who are not cryptographic research experts do not have “possession” of this material in any meaningful sense, much less “knowing possession.” That said, evolving public and political knowledge of complex emerging technologies, such as cryptocurrency and blockchain, are always vulnerable to a groundswell of suspicion, which will certainly not be helped by discoveries such as this. Accordingly, it is impossible to know at this time how the law will develop or be applied in any particular instance.
What does this mean if I want to store information on the blockchain?
The results of this research – and the fact that this research is being undertaken at all – underscore that the Bitcoin or other public blockchains are not secure places to store confidential information. University researchers are not the only persons with the tools to extract information, and the public nature of the Bitcoin blockchain means any hacker, anywhere, can mine it for information. Even if the information is hashed, the possibility still exists that computing power will develop that can break the hash encryption functionality.