The Logicoins Resort Project
A report commissioned by secretive distributed ledger consulting group R3CEV and authored by bitcoin developer Peter Todd has raised questions about the ability of the Ripple protocol to serve the needs of global financial institutions in its current iteration.
The release notably comes at a time when Ripple Labs, the corporate entity overseeing the network, has been increasingly attracting the attention of legacy financial institutions interested in bitcoin and the wider blockchain ecosystem. Ripple Labs has raised $37m to date, and partnered with Commonwealth Bank, Fidor Bank and Western Union.
In a companion report, R3CEV researcher Jo Lang asserts that the intent of the effort is to provide clarity to financial institutions as they conduct due diligence on companies and solutions in the nascent industry.
Though critical of some aspects of the company’s approach, Lang ultimately found that the problems identified in Ripple’s consensus algorithm are not unique to its protocol, writing:
“When taken as a whole, the risks and indirect incentives discussed in this and the companion paper have the potential to position Ripple Labs as a new trusted third party within the global payments landscape.”
The wording of the report suggests that other evaluations will soon follow, all with the intent of providing a deep dive look into the technological capabilities of the industry’s most well-known blockchains and ledgers.
R3CEV’s team is led by former Wall Street financial markets expert and managing partner David Rutter, and the group boasts Perkins Coie senior counsel Jacob Farber, Open Mustard Seed chief architect Patrick Deegan and bitcoin industry critic and pundit Tim Swanson as advisors.
Although it includes praise for Ripple Labs, the R3 companion report to Todd’s research identified a number of “areas of concern” for large financial institutions regarding the open-source technology offered by the company.
Specifically, R3 highlighted its belief that if more than 20% of Ripple’s network nodes do not agree, the system’s ledger would effectively fork. This issue, the report said, would be compounded at scale due to the differing settlement needs of the financial institutions potentially seeking to use its payment network.
Perhaps most troubling given the decentralizing nature of the technology, R3 concluded Ripple would not likely result in any significant changes to the currently centralized settlement model.
“The highly centralized model that the Ripple Network encourages fails to eliminate any need for a trusted third party but rather creates a new type of third party,” the report reads.
R3 also suggested that the use of a cryptographic token (XRP) by the consensus algorithm effectively creates an “incentive misalignment” that puts it at odds with nodes operating on the Ripple network.
“Ripple still holds the majority of XRP, and it is in their favor for its value to increase,” the report continues. “Ripple justifies XRP as an ‘anti-spam mechanism’ to deter transactions… However, as the volume of transactions increases the server load, transaction speed is slowed while the cost of the transaction and the amount of required XRP continues to increase.”
Further, R3 suggested that Ripple lacks a “clearly defined validator incentive” that would encourage the number of nodes on the network overseeing transactions. Ultimately, the report added, financial institutions would have to weigh these pros and cons when seeking to leverage the company’s solutions.
In his 16-page analysis, Todd begins by explaining the overall architecture of Ripple, providing an overview of how it has evolved from its original concept of attempting to record debt relationships to a global ledger of transactions and account balances.
After explaining the architecture of Ripple’s ledger, Todd dives into a list of open questions that remain regarding the company’s approach to network consensus.
In particular, he contends that it is not clear how account balances on the Ripple network can be negative, if it supports single payment verification (SPV) or if there is the ability to shard the Ripple blockchain so that it becomes a series of independent, yet interoperable blockchains, an attribute he argued would be beneficial for the protocol’s scalability.
Embedded throughout are insights into how Ripple differs from the bitcoin blockchain, its distributed payment network, such as how the network requires changes to codebase for technology that can be implemented through software elsewhere.
“For instance, while on bitcoin the implementation of multisig was possible without modification to the protocol in Ripple the lack of extension capabilities such as scripting require a consensus-critical change,” Todd writes.
Todd concludes that the blockchain technology underpinning Ripple is “relatively uninteresting”, but that it is currently unclear whether there is the proper alignment of incentives for the network to come to a global consensus on activities carried out on the ledger.
“A key question that should be answered in future work is if the goals of the Ripple system need global consensus at all? If global consensus can be avoided, or at least its use minimized, many of these issues may go away,” he adds.
Todd next walks readers through a number of theoretical attacks that could take place against the Ripple protocol, discussing his estimates of the cost, scope, duration and probability of the scenarios.
Those discussed include the risk of a “consensus split”, whereby Ripple is unable to process transactions or a fork is created that allows the attacker to execute invalid transactions. Todd projects that Ripple could survive a consensus split that is either malicious or accidental “fairly quickly”, due to the ability of the bitcoin network to overcome the scenario in 2013.
A “transaction flood” is also discussed, though Todd details how the Ripple protocol’s use of a native token, XRP, could deter such efforts. Any attacker wanting to flood the network would need to purchase XRP to execute the transactions, driving up fees in the short term.
Perhaps the most glaring, Todd’s writing infers, is the damage that could be done due to a “software backdoor”, as he finds that Ripple “does not provide a secure way to download any of their software”.
“This is a serious omission that has lead to significant monetary losses in the past. Ripple Labs should be following industry best-practice by signing git commits and tags as well as PGP signing their Ubuntu packages,” Todd added.
Todd ends by highlighting the potential real-world implications of these attacks in an elaborate scenario involving a dispute between the Russian government and Shell Oil, forecasting how these parties might attempt to achieve their aims through coercion on the network.
While concerns were raised, however, the report was viewed by some contributors as “the first serious, non-malicious attempt at pointing out perceived weaknesses in the system”.
Other commenters took issue with the criticism that it is unclear what the incentive is for nodes to participate in the ecosystem and pointed to potential problem areas that are being worked on by the development community.
The legal battle over roughly $1m in disputed funds continues between Ripple Labs and founder and ex-employee Jed McCaleb, with a flurry of new court filings over the past month setting the stage for conflict between the two sides.
In total, $1,038,172 is currently being held by digital currency exchange Bitstamp, an amount that both Ripple Labs and the Stellar Development Foundation, McCaleb’s current employer, are now seeking.
Both sides have weighed in on whether the court should grant Bitstamp’s request to be discharged from the case after it filed a complaint for interpleader on 1st April. As part of that request, dated 13th May, Bitstamp asked the court for permission to transfer the funds to Stellar.
Bitstamp stated at the time:
“In the alternative, in light of Ripple’s cross-complaint indicating that its dispute with McCaleb and [McCaleb’s cousin Jacob] Stephenson is a simple contract dispute to which Bitstamp is not a party, Bitstamp requests dismissal of the action.”
Bitstamp argued in its original complaint that it was unable to determine whether Ripple Labs or defendant Jacob Stephenson, McCaleb’s cousin, was the rightful owner of the disputed funds.
Stephenson sold the XRP– the native currency of the Ripple network – to Ripple in a sale on Bitfinex, an action that Ripple argued was done on McCaleb’s behalf in violation of a settlement agreement.
In its request, the exchange suggested that it faced the threat of litigation owing to its continued role in the lawsuit.
The fight entered a new phase last month when US District Judge William Orrick ordered a temporary freeze on the disputed funds.
That order, according to court documents dated 15th May, also granted Ripple Labs expedited discovery, during which time McCaleb and Stephenson, would sit for deposition.
Ripple Labs first responded to the suit in a cross-complaint filed on 29th April, alleging breach of contract against McCaleb and claiming, among other items, that McCaleb is currently the subject of a US Department of Justice investigation. Ripple also sought to prevent McCaleb from selling any additional XRP for a period of 150 weeks.
In filings since Orrick’s 15th May order, the defendants have argued that the dispute should be handled via arbitration, citing stipulations in the agreement that governs McCaleb’s XRP sales. McCaleb and Stephenson have also contested the order to sit for deposition.
Additionally, the Stellar Development Fund has asked to be entered into the suit as an intervenor-defendant.
The defense has also questioned the basis of Bitstamp’s original complaint for interpleader itself. In Stellar’s 22nd May motion to intervene, the organization echoed past defense filings by stating that Ripple never had claim on the funds in the first place, a statement which it says is backed up by Ripple and Bistamp’s own filings.
The filing states:
“Bitstamp clearly knew from Ripple’s own statements, as alleged in the complaint, that Ripple did not have a claim that the particular funds contained in the r3Q and rPQ accounts (a total of $1,038,172) belonged to Ripple. Rather, Bitstamp knew that Ripple was asserting only that McCaleb had breached a contract with Ripple, and that Ripple might be entitled to damages in the amount of funds paid by Ripple in the transaction.”
Orrick will hear both Ripple’s request for a preliminary injunction and Bitstamp’s request for discharge during a 10th June hearing, according to court documents.
Recent court filings from both sides suggest that the fight over the disputed funds is far from over, as each was asked to submit a response to Bitstamp’s request to be discharged by 28th May. Bitstamp has until 4th June to submit its own response, according to a recent order by Orrick.
A filing submitted by McCaleb and Stephenson, as well as the Stellar Development Fund, called for the suit to be dismissed by disagreeing with Bitstamp’s request for discharge. The filing alleged a conflict of interest involving Ripple counsel George Frost, who is representing Bitstamp in the case.
Frost acts as counsel for Ripple Labs generally, and is said to be advising Arthur Britto in a different lawsuit against McCaleb over alleged breach of contract.
The defendants also called attention to the relationship between Ripple and Bitstamp.
“Moreover, Ripple and Bitstamp are significantly intertwined. Britto is both a board member of Bitstamp and one of Ripple’s first officers,” the filing reads. “Greg Kidd, an officer of Ripple, is a significant investor in Bitstamp and is financing Britto’s lawsuit. Kidd has also been represented by Frost concerning actions against McCaleb.”
In its own response to Bitstamp’s request for discharge or dismissal, Ripple asserted that the defendants are actively seeking to circumvent the court’s jurisdiction, as well as the order signed by Orrick on 15th May, stating:
“McCaleb, Stephenson, and Stellar (McCaleb’s purported ‘foundation’) have gone to great lengths to prevent this court from evaluating the merits of this dispute. They want to avoid discovery into their actions at all costs. Their profound aversion to discovery is almost certainly due to the government’s criminal investigations of McCaleb.”
Ripple also asked that the disputed funds, currently held by Bitstamp, be deposited with the court.
At press time, Bitstamp’s response to these replies, if submitted, was not available for public viewing. Both Ripple and Bitstamp’s requests will be heard at the 10th June hearing next week.
CoinDesk will continue monitoring this court case and provide updates as they become available.
Digital currency startup Ripple Labs has appointed Donald Donahue, former CEO of the Depository Trust & Clearing Corporation (DTCC) as an advisor to the company.
In his role as COO and then CEO, Donahue is thought to have led the DTCC’s efforts in stabilising the financial system following the 2007-08 market crash.
Donahue said in a company statement:
“I am very interested in the capabilities distributed payment technologies seem to offer for improving the safety, soundness and cost effectiveness of global payments and settlement infrastructures.”
Donahue also worked with the US Treasury Department and other governmental and private sector groups to improve physical and cyber security in the financial sector following the attacks on the World Trade Centre on 11th September 2001.
Digital Assets, founded by entrepreneurs Sunil Hirani and Don Wilson in 2014, is likely to disrupt some of DTCC’s market share as it sets out to revolutionise the traditional, centralised financial model by enabling customers to convert traditional securities – and other financial products – into digital assets which can be stored on the blockchain.
The Commonwealth Bank of Australia (CBA) announced this week it will use Ripple technology to facilitate payments between its subsidiaries, describing distributed protocols as “the way of the future”.
Last May, Germany’s Fidor became the first bank to integrate Ripple’s protocol into its payments infrastructure, with two US banks, CBW Bank and Cross River Bank, following suit four months later.
Whiteing said he sees no reason why bank accounts could not be used to store fiat money, cryptocurrencies and other assets like store loyalty points in the future.
“Bitcoin is a protocol which is now being replicated by non-asset based vendors like Ripple and others. We absolutely see that’s where it’s going to go. The bank has a role to play in that.”
A spokesperson confirmed to CoinDesk that the CBA has been performing tests with cryptocurrency technologies.
The organisation will begin a wider experiment with one of its offshore subsidiaries to explore the benefits of intrabank transfers using these protocols, they said, adding:
“The idea is to test in a controlled environment what a bank-to-bank internal transfer might look like using crypto rather than existing payment providers. We are ensuring our testing remains internal within Commonwealth Bank Group and we continue to comply with all legal and regulatory requirements.”
The 104 year-old banking group is one of Australia’s ‘big four’. According to its 2014 Annual Report, it made AU$8.65bn ($6.84bn) profit and has over 44,300 full-time employees.
CBA recently acquired a digital banking-related business in South Africa, Tyme Capital.
Whiteing made several references to mobile banking and payments solutions, especially in Africa where 1.2 billion people have far greater access to mobile phone services than traditional banking networks.
The CBA’s mobile banking app in Australia already supports up to 15 international currencies, allowing its 3.5 million users to make instant payments in whichever one they choose. It “shouldn’t be that difficult” to add cryptocurrencies to that list, he said.
Ripple Labs and its subsidiary XRP II appeared to be going through a rocky period after being fined $700,000 by the US Financial Crimes Enforcement Network (FinCEN) for non-reporting of certain transactions in 2013-14.
As part of its expansion efforts, Ripple Labs announced at the beginning of April that it would open subsidiaries in the Asia-Pacific region to focus on the over $3tn in intra-Asia trade, which is expected to surpass European trade flows to be the world’s largest by 2016.
Jared Marx is an attorney at Washington, DC law firm Harris, Wiltshire & Grannis. He advises companies about bitcoin-related regulatory law and represents companies and individuals in civil and criminal proceedings.
Here, he discusses what cryptocurrency businesses should consider if they find themselves face-to-face with a US government subpoena, interview or search warrant.
Cryptocurrency businesspeople are a hearty bunch. They deal not only with the ordinary anxieties of running a startup, but also with a lack of clarity on a whole range of fundamental legal issues. (Remember when people were still asking whether bitcoin was even legal?)
One upshot of this is that a number of companies – including many who have tried hard to comply with applicable laws – have found themselves either receiving investigative subpoenas or subject to civil or criminal enforcement action.
Since regulatory uncertainty is likely to persist for some time, here’s a primer on things to consider when the US government knocks at your door (either figuratively or literally).
Virtually every US government agency has the power to demand documents from businesses that operate under its regulatory supervision. Generally speaking, the way that the government does this is by issuing a subpoena (sometimes styled as the essentially-identical ‘civil investigative demand’).
Importantly, while the government doesn’t need to go to a judge (or anyone else) to issue a subpoena, an agency must go to a judge to enforce a subpoena. That means that when a party doesn’t respond to a subpoena, the agency must first convince a judge that it issued a valid subpoena before anyone will compel the target to produce documents or items.
However, when a party ignores a subpoena, the agency likely will go to a judge, and that will almost certainly make things worse. An agency who asks a judge to enforce a subpoena because it has received no response usually gets what it wants, even if the subpoena was overly broad.
“US regulatory law is stunningly broad, and the consequences of an investigation gone wrong can be crippling.”
Indeed, if there’s a criminal investigation in play, the agency may change its mind and seek a search warrant rather than a subpoena, and raid the offices where it’s looking for files. That’s definitely worse.
On the other hand, the fact that subpoenas aren’t self-enforcing also means that they’re negotiable.
Most agencies issue cookie-cutter subpoenas, asking for broad and often burdensome productions of documents. Truth be told, those agencies would rather not try to justify an overbroad subpoena to a judge. Just as often, they only issued a broad subpoena because they weren’t sure what they wanted in the first place.
The first step that experienced companies usually take after receiving a subpoena is to have their lawyer call the agency to ask what they’re really after. Especially in the cryptocurrency space, where government actors may or may not fully understand the technology, there’s a good chance of getting the government to agree to a ‘narrowing letter’, which limits what’s being asked for in the subpoena.
Only very seldom can lawyers convince the government to simply go away, but a narrowing letter often saves a lot of time and money by significantly limiting the subpoena’s reach.
When a subpoena is truly out of line, parties can also go to court to ‘quash’ (or cancel) the subpoena as improper or overly broad. But that’s a lot easier to do when the challenging party is the first one to the judge, and the agency hasn’t already been there complaining about how the target thumbed its nose at them.
US federal law makes it a felony to intentionally lie to government agents. It’s like being under oath any time you talk to a government agent – except that it’s actually worse: if you testify in a courtroom, a stenographer records your testimony in open court. But when you talk to an FBI agent, the only record of your conversation are the notes that the agent writes up back in their office.
So the first problem is obvious: the agent conducting the interview may hear only what they wants to hear, or they may simply make honest – but ultimately harmful – mistakes in recording the interview.
Moreover, federal agents are permitted to, and regularly do, lie to suspects or witnesses when conducting an investigation. So the mere act of engaging in conversation with an agent can be treacherous.
Even if – and maybe especially if – a person has “nothing to hide”, most defense lawyers will agree that the safest bet when an agent asks for an interview is to treat the agent respectfully and politely, but to decline an interview at that time.
A lawyer can then follow up with the agent, and if an interview truly is in the person’s best interest, the lawyer will also arrange to be present for it.
Finally, in criminal matters, the government sometimes skips subpoenas and gets a search warrant from a court.
Unlike a subpoena, a search warrant gives the government the power to search a party’s premises itself and remove items (including computers) listed on the warrant.
At the moment agents show up with a search warrant, the target can’t do much to stop the ensuing search. But many parties (and their lawyers) nevertheless stay for the whole search, because staying can help set the stage for what comes next. This is primarily because there are many laws about what constitutes a proper search, and sometimes a party’s eyewitness testimony describing a search can be helpful if the government does something wrong.
One risk of staying for the search is that this puts important players in the presence of government agents for a long time, which means that there’s more opportunity for agents to try to engage targets in conversation.
The challenge here is not only remaining disciplined about not engaging, but also continuing to be polite to the agents conducting the search. However, this is not an insurmountable task.
Another risk of staying for the search is that the government can ask a party who is present for permission to conduct searches beyond what’s in the search warrant. Consenting to that kind of enlargement is not required, and doing so is very seldom worth the associated risk of unintended consequences. Simply knowing this, however, reduces the risk that a party will thoughtlessly consent.
With some luck and ingenuity, most cryptocurrency businesses may hope to avoid unwanted government scrutiny. However US regulatory law (and, even more so, criminal law) is stunningly broad, and the consequences of an investigation gone wrong can be crippling.
So when luck’s not enough, smart lawyering and some preparation can make the difference between a government investigation that is a mild headache and one that is a train wreck.
Disclaimer: The views expressed in this article are those of the author and do not necessarily represent the views of, and should not be attributed to, CoinDesk.
UPDATE 6th May 1:30 UTC: Ripple Labs’ official response to the FinCEN settlement has been added below.
Western Union has formally responded to statements suggesting it is taking concrete steps toward using distributed ledger technologies via a partnership with Ripple Labs.
Long cited as a technology that could enable more cost-effective cross-border payments, Western Union has, as commentators have noted, what is perhaps one of the more evident vested interests in exploring digital currency offerings.
A spokesperson told CoinDesk:
“We have had preliminary discussions with Ripple regarding a pilot settlement project, but it is too early to discuss details at this time.”
The revelation suggests Western Union may be looking to use a system like Ripple to move fiat payments between customers in a similar manner as Align Commerce, which uses the bitcoin blockchain as means to remit payment across borders where it is exchanged locally.
Elsewhere, prominent companies working on cross-border payments include Kenya’s BitPesa and the Ghana-based startup Beam, each of which is focused on promoting the technology in select African markets.
Global remittance giant Western Union is reportedly working on a pilot program with distributed payment protocol provider Ripple Labs.
The news was first revealed in a tweet by Ripple Labs promoting CEO Chris Larsen’s appearance at Global Conference 2015, an annual event held by non-profit think tank the Milken Institute.
The pilot was further confirmed by Monica Long, VP of marketing and communications at Ripple Labs, who told CoinDesk that while Western Union is “exploring a pilot project using Ripple”, no further details on the initiative were available.
Long did, however, suggest that Western Union was interested in Ripple due to its existing value propositions, stating:
“In general, financial institutions and networks use Ripple as a technology that powers real-time settlement in any currency to lower the cost of liquidity and compliance.”
Representatives for Western Union did not immediately respond to requests for comment.
Should such a project come to fruition, the partnership would seem to mark a transition for Western Union, which has traditionally been dismissive of the digital currency ecosystem.
First discussed in a 2013 conference, Western Union chief information officer (CIO) John “David” Thompson would later tell CoinDesk that the company didn’t believe the technology was ready for today’s market.
The comments came as part of an interview that sought to frame the technology as novel, but perhaps too fraught with regulatory challenges for the company’s consideration.
Still, Thompson did admit to having mined bitcoin and to an interest in the technology’s future implications for Western Union. “That doesn’t mean that we aren’t looking at it, how we enable [usage] legally, what licenses we need in addition to what we have,” he said at the time.
It remains to be seen whether the announcement marks a change from what Thompson characterized as the company’s “watch and learn” approach.