Is Bitcoin targetable?
A little more than a week ago an excellent Vox article recounted how North Korea is using “bitcoin to get around US sanctions” – a report that comes on the heels of others indicating that terrorists, criminals, and Russia are exploiting the cryptocurrency for malicious purposes. Here’s the obvious question: to stop them can nation-states lawfully ‘target’ bitcoin and other cryptocurrencies for destabilization or even destruction? The answer seems to be a qualified “yes.”
What are Bitcoins?
A little background: Investopedia says there are “no physical bitcoins” and none are “issued or backed by any banks or governments, nor are individual bitcoins valuable as a commodity.” According to the IRS, although virtual currency (like bitcoin), is “a digital representation of value that functions as a medium of exchange, a unit of account, and/or a store of value…it does not have legal tender status in any jurisdiction.” (The Marshall Islands are reportedly planning to issue cryptocurrency as legal tender along with the dollar.)
Bitcoin depends upon a technology called “blockchain,” which involves public online ledgers “used for verifying and recording transactions…at the heart of bitcoin.” Making bitcoins requires very complex calculations that demand a huge amount of computing power to perform. (Parenthetically, these computational tasks consume an enormous amount of electricity. See CNN’s report “Bitcoin boom may be a disaster for the environment”).
Why are rogue states, terrorists, and criminals using Bitcoin?
The short answer is that Bitcoin helps to conceal wrongdoing. How? The Guardian informs that bitcoins are easy to use and, “by operating as a decentralized currency, in which people pay each other without a middleman (like a bank or credit card company), it provides a lot of anonymity.”
Unsurprisingly, a variety of malefactors are increasingly trying to use bitcoin. In fact, Jason Bloomberg argued in Forbes last year that “the underlying value of Bitcoin really has little if nothing to do with its artificial scarcity or popularity as a medium of speculation.” Rather, he contends, “the only reason Bitcoin has value to anyone is because of the underlying value as a medium of exchange for lawbreakers.”
Rand analyst Antonia Ward warns that “[c]ryptocurrency is perfect for decentralized activity and anonymity, affording terrorists protection and making the tracking of transactions incredibly difficult.” And terrorists are attempting to take advantage of that fact. The Meir Amit Intelligence and Terrorism Information Center in Israel said in December that:
During the past year there were reports about the use ISIS and other terrorist organizations make of Bitcoins. According to the reports, the advantages of Bitcoins are the following: they is anonymous, readily available as a virtual currency and can easily be transferred anywhere around the globe (including to and from remote areas in Afghanistan, Yemen and Africa) without exposure. That leads terrorist organizations to make extensive use of them.
Closer to home, the Department of Justice (DoJ) announced late last year that Zoobia Shahnaz was indicted for “defraud[ing] numerous financial institutions” in a scheme where she subsequently “converted [the proceeds] to Bitcoin and other cryptocurrencies.” According to DoJ, she “then laundered and transferred the funds out of the country to support the Islamic State of Iraq and al-Sham (“ISIS”).”
Is the value of Bitcoin vulnerable?
Bitcoin does seem to have vulnerabilities, which may help explain its price volatility. For example, Mr. Bloomberg recently reported on various law enforcement techniques that now can be used to ferret out illicit uses of Bitcoin and other cryptocurrencies. In addition, it appears that bitcoin value might be compromised by cyber-attacks on Bitcoin “wallets” (which are software programs that “facilitate sending and receiving Bitcoins and gives ownership of the Bitcoin balance to the user.”) More strategically, the MIT Technology Review says that security experts believe that “the massive calculating power of quantum computers will be able to break Bitcoin security within 10 years.”
There seems to be another vulnerability of bitcoin: the psychology of the trust that underpins its value. In early December my colleague, Lawrence Baxter, wrote an op-ed in the Wall Street Journal about bitcoin in which he observed that:
[B]itcoin is too volatile to be a reliable store of value. National currencies rest on the real productivity and fiscal capacity of citizens. With bitcoin there is no there there—only some kind of euphoric trust. But this trust is undermined by hackers who have breached bitcoin repositories.
Beyond law enforcement operations, what techniques, if any, can nation-states lawfully employ to destabilize or even destroy Bitcoin value in order to counter its malevolent use by rogue nations, terrorists, or criminals?
Actually, the method chosen to do so matters. If it involves kinetic force – such as blowing up the computers in bitcoin mining locations in another country – it would typically require legal justifications much the same as for any other use of force in the international environment. This would usually require a UN Security Council resolution under Chapter VII of the UN Charter or facts sufficient to authorize an act of self-defense in accord with Article 51 of the Charter.
If, however, a non-destructive cyber methodology was used to somehow corrupt Bitcoin in order to deny its value to a hostile entity using it, it’s unlikely doing so would violate the UN Charter. This is true even though Article 2 (4) of the Charter states that “All Members shall refrain in their international relations from the threat or use of force against the territorial integrity or political independence of any state, or in any other manner inconsistent with the Purposes of the United Nations.”
Why wouldn’t the destruction of the value of Bitcoin violate Article 2 (4) of the UN Charter as an illegal use of force?
Putting aside the intangible nature of Bitcoin as well as its lack of nationality, the rule in international law is that economic coercion – even by one nation-state against another – is generally not considered a prohibited use of force.
The Tallinn Manual 2.0 on the International Law of Cyber Operations explains (p.351) that during the drafting process of the UN Charter (and later), the question of economic coercion as a ‘threat’ or ‘use of force’ was considered. The Manual expounds upon why “certain categories of coercive operations are not uses of force” under international law:
“At the 1945 UN Charter drafting conference in San Francisco, States considered and rejected a proposal to include economic coercion as a use of force. The issue arose again a quarter of a century later during the proceedings leading to the General Assembly’s Declaration on Friendly Relations. The question of whether “force” included “all forms of pressure, including those of a political or economic character, which have the effect of threatening the territorial integrity or political independence of any State” was answered in the negative.”
Still, sometimes coercive actions below the use of force threshold can nevertheless engage issues of sovereignty under international law. As one writer recently wrote:
Actions not constituting a use of force may still be unlawful as a form of interference. Sovereign non-interference is implicit in the doctrine of sovereign equality, enshrined in Article 2(1) of the Charter…. Interference may be understood as a lesser-included offense of intervention. The controlling expression is contained in the International Court of Justice’s (ICJ) landmark 1986 Nicaragua decision. In Nicaragua, the Court emphasized the right of all states to decide upon issues inherent to state sovereignty, to include a state’s political, economic, social and cultural system and the formulation of its foreign policy.
Of course, here’s where the unique nature of bitcoin comes into play: it lacks physicality, and it is not controlled by, or an “inherent” aspect of, the sovereignty of any state. Simply because a non-destructive act intentionally causes economic loses does not, ipso facto, make it a use of “force”. As the Tallinn Manual notes (p. 331):
Neither non-destructive cyber psychological operations intended solely to undermine confidence in a government, nor a State’s prohibition of e-commerce with another State designed to cause negative economic consequences, qualify as uses of force.
Accordingly, the UN Charter would not seem to preclude as an unlawful threat or use of force a purely cyber-operation to devastate the value of Bitcoin as a means of economic coercion against rogue nations or other illicit actors. Indeed, even a purely psychological operation – such as announcing to the world that the U.S. intended to undermine Bitcoin operations in some way – could be enough to send prices tumbling as the “trust” upon which its value depends is shaken.
Still, what about “innocent” bitcoin holders whose investment might be lost in such a cyber or psychological operation?
At the outset, it’s worth noting that “most of the Bitcoin in the world is owned by a tiny group of people.” Moreover, Bitcoin and other cryptocurrencies are already unstable “digital representations” whose value – presumably – already takes into account potentially price-disruptive actions by governments. For example, just yesterday in an article (“Bitcoin Drops Another 25%, Plunging to a One-Month Low”) Money sought to explain the capriciousness of Bitcoin valuations:
Lately, investors could be scared off by the prospects of the IRS cracking down on crypto traders—who may owe significant taxes on their profits—and new regulations announced this week by the Securities and Exchange Commission (SEC). The value of Bitcoin promptly dropped around 10% in one 24-hour period this week soon after the SEC said it would require digital asset exchanges to register with the agency, CNBC reported.
There is nothing in international law to suggest that even those using Bitcoin in a fully lawful and transparent way would be entitled to any compensation or other consideration as a result of these government activities. Regardless, economic coercion aimed against rogue states and other illicit users of Bitcoin does not mean that other, lawful users are entitled to recourse. Economic sanctions, for example, may adversely affect any number of trading partners and business enterprises in third countries, but that does mean they have a legal remedy.
What about wartime?
The law of war says that “[a]ttacks must not be directed against civilian objects.” Generally speaking, “the law of armed conflict does not assign a status — civilian or military — to money,” and the circumstances under which it can be lawfully targeted are limited. But those rules apply to currencies issued by nation-states whose physical qualities make it indisputable that they are “objects.”
However, since Bitcoin only exists as data and doesn’t have a corporeal existence, is it an “object” as that term is used in the law of war? The best answer seems to be “no” under current international law.
In a recent article the International Law Association Study Group on the Conduct of Hostilities in the 21st Century [SG] points out that “the majority of the group of experts drafting the Tallinn Manual – and one body of opinion within the SG – there is, at present, not sufficient evidence that data may be considered as an object.”
This majority view is not without controversy, however, as some contend that operations against data “could quickly bring government services and private businesses to a complete standstill.” The article added, however, that:
[O]ther members of the SG pointed out, however, that this interpretation would mean that many types of cyber operations, such as intelligence and information operations which routinely alter or destroy data currently undertaken by a number of States on a regular basis, would be illegal and could potentially constitute a war crime. At present, the matter is probably unsettled in international law and the SG could reach no consensus on it as a general matter.
It isn’t necessary to resolve this issue for every possible data set in order to conclude that the specific nature of Bitcoin data does not amount to an “object” for law of war analysis. Among other things, it is not that kind of data whose loss “could quickly bring government services and private businesses to a complete standstill.”
Would a non-violent cyber operation that devastates the value of Bitcoin or other cryptocurrency amount to an “attack” as that term is used in the law of war?
Again, the best answer seems to be “no.” A cyber “attack” is defined by the Tallinn Manual (Rule 92) as a cyber operation “reasonably expected to cause injury or death to persons or damage or destruction to objects.” A cyber-attack against data is an “attack” only where it “foreseeabl[y] results in the injury or death of individuals or damage or destruction of physical objects” or “a loss of functionality of physical objects.”
Thus, for example, the Tallinn Manual says that “a State’s prohibition of e-commerce with another State designed to cause negative economic consequences” does not qualifiy as a use of force (p. 331). In other words, if it is only the data that’s impacted (in the case of Bitcoin, its digital representation of value) it is not an “attack.”
The definition of “object” and “attack” is so important because of the rule of proportionality that limits operations in armed conflicts. As the International Committee of the Red Cross puts it:
Launching an attack which may be expected to cause incidental loss of civilian life, injury to civilians, damage to civilian objects, or a combination thereof, which would be excessive in relation to the concrete and direct military advantage anticipated, is prohibited…(Emphasis added).
This means, for example, that in the traditional kinetic attack to gain a military advantage, a commander must ensure that any incidental damage to civilian objects is not “excessive.”
However, in the case of Bitcoin and other cryptocurrencies this limiting “proportionality” requirement simply does not apply because virtual currencies are not “objects,” and non-violent psychological or cyber operations are not “attacks” within the meaning of the law of war. Thus, there is no law-of-war requirement to calculate the effect on civilians of a non-violent cyber operation against Bitcoin that wrecks its value.
That said, although the U.S. Department of Defense Law of War Manual advises that cyber operations not amounting to “attacks” under the law of war “generally would not need to be directed at military objectives, and may be directed at civilians or civilian objects,” it does counsel (¶ 16.5.2)::
“Nonetheless, such operations must not be directed against enemy civilians or civilian objects unless the operations are militarily necessary. Moreover, such operations should comport with the general principles of the law of war. For example, even if a cyber operation is not an “attack” or does not cause any injury or damage that would need to be considered under the principle of proportionality in conducting attacks, that cyber operation still should not be conducted in a way that unnecessarily causes inconvenience to civilians or neutral persons.”
Of course, there may be many reasons the U.S. (or other nation-states) may choose not to conduct operations against Bitcoin or other cryptocurrencies. However, if it did choose to do so in order to disrupt that illegal activities of rogue nations, terrorists, or other criminals, the international law governing the use of force in peace or war would not seem to be an insuperable impediment. The mere possibility of such an operation may be yet another reason to heed the warning of my colleague Lawrence Baxter that Bitcoin is “neither stable nor secure.”
Still, as we like to say on Lawfire, check the facts, assess the law, and make your own decision!