Bitcoin Forum

Let's say the IRS wants to be able to confiscate bitcoins from tax evaders. So they go to the US courts to get this. A judge ends up ordering the bitcoin.org dev team to include a government backdoor so the IRS can take funds away from those who don't pay taxes.

The devs would be forced to comply right?

no because most of the world will simply not use such a client.

Open source software makes it so that every change is visible.  

Currently the Bitcoin-Qt/bitcoind release is signed by the Bitcoin Foundation ... which means the release won't work for Windows 8 and Mac users (as an update) unless Bitconi Foundation signs it.   This makes it difficult for some other dev team members who are not a party to this hypothetical IRS backdoor demand to be able to release updates to the client without this backdoor themselves.   It would probably have to be a fork with a different name (and signed by some other organization).

But the developers don't have final say as to what changes are accepted for the Bitcoin protocol.  It is the economic majority who decides:
 - http://en.bitcoin.it/wiki/Economic_majority

But bitcoin.org would be forced under court order to offer it?

then someone else will take the lead

In other cases the people were ordered to not talk about this change. People from unaffected countries have to review the patches, find the backdoor and publish this information.

Signed binaries is a bad idea in this case, because there is a central instance that control a BLOB and is not allowed to talk about the details. Almost no chance for the user of this signed binary to find the backdoor.

you would not necessarily know that there is a backdoor.

standard procedure is a NSL that prevents you from even mentioning the existence of the order.

the us gov also reserves the right to control the content of all .com/.org/.net domains. (http://www.wired.com/threatlevel/2012/03/feds-seize-foreign-sites/)

therefore it is essential that the source and corresponding binaries are matching up and as many people as possible are watching the source closely.

also if you see gavin blinking -. ... .-.. that should give you a hint.

Would the judge pay the devs for the backdoor programming from his own pocket?

For an experienced programmer who reviews Bitcoin code on a daily basis it should be trivial to spot such a backdoor.

Git is such an extremely powerful tool to review exactly who does what and when. It will be almost unfeasible to put a backdoor in Bitcoin, currently.

This

Also, if such a backdoor exists, you would need 51% of the network to upgrade to the bugged software for it to actually be implemented. The bug would be found before then.

The devs are not forced to comply because they can simply abandon the project. They have no obligation to contribute to the project.

If the government want to add a backdoor, they can always hire a programmer to work on that. They can also confiscate the bitcoin.org and put their version of bitcoin there.

However, people can still contribute to the original bitcoin project anonymously, e.g. through TOR network. In that case, a hardfork will happen: the original bitcoin and censored bitcoin

Its less about the source code itself but more about the Bitcoin binary that everyone is downloading. I understand a lot of people watch the code but how many people are comparing the compiled binary to what the code is on Github?

If they put a backdoor into Bitcoin it will be in the binary only and it will never be in the source code. (The binaries are built by people, and are not automatically generated from the Github source.)

Who is comparing the compiled binary to the binary that should exist if compiled from the source code. Does anyone even check this? Is there a chance the binary we all have sitting on our computers is slightly modified from the Github source code?

Why dont you have a look  :D

Check out gitian and build your own binaries.

But how would I confirm that the official binary is compiled from the source on Github? Little point in running my own binary if 95% of all the nodes are from the official website and have a backdoor.

Build with same versions of g++ and qmake, same architecture, same dependency (if any, I don't know) and compare
Maybe I forget something to check

How will you confirm?  With gitian, like he said.  I admit I don't know much about it either, but this is near the the top of the page of the first Google result for "gitian":


The official binaries are built this way, so you can build your own and verify that you get the exact same binary.  That is how you will know the official binary is really built from the public sources.

Bitcoin uses gitian? Great

Ah thanks, so the official binaries are built this way? Thats good to know. If we can verify the binaries then getting a back door in will be extremely hard if not impossible. :)

Life is good again!

Getting the gitian build system working is not a trivial task.  New releases are typically delayed for several hours while the dev team waits for more people with working systems to show up to verify the hash of the resulting binary.

If anyone is looking for a way to get involved and help the project, setting up another build environment and hanging out in the dev channel on release days would be a good way to do it.

Also, all the alternative clients developers will have to understand the Bitcoin-qt code, some of them will notice it if there is anything wrong.

+1

 - http://en.bitcoin.it/wiki/Release_process#Bitcoin_Open_Source_Release_Process
 - https://github.com/bitcoin/gitian.sigs

Very unlikely scenario, but in that case I would be happy serving you an alternate implementation.

Bitcoin is a protocol, not an implementation and even less a binary.

Edit: Thinking through the technical implications, this would end up in a fork since older or alternate clients would not accept the transactions confiscating funds. The resolution of the fork would unlikely be a vote for a version that has these features.

Pieter and Wladimir are not US citizens, so a US judge can't order them to do anything.

If I was ordered to insert a backdoor, I'd just resign as lead developer and find something else to work on.

But this whole scenario sounds like a paranoid delusion; has there EVER been a case where a judge has ordered a software developer to do anything other than stop distributing their software (because of some copyright or patent issue) ?

Not AFAIK.

Usually it is tried at least somewhat surreptitiously, e.g.

     Report of FBI back door roils OpenBSD community
     http://news.cnet.com/8301-31921_3-20025767-281.html

This one has not been confirmed.

And thousands people probably already looked at the code, because the case is like what 5 ? 10 ? years old ?

Not exactly on point, but this was just out this afternoon from the Washington Post:

http://www.washingtonpost.com/investigations/us-intelligence-mining-data-from-nine-us-internet-companies-in-broad-secret-program/2013/06/06/3a0c0da8-cebf-11e2-8845-d970ccb04497_print.html


The National Security Agency and the FBI are tapping directly into the central servers of nine leading U.S. Internet companies, extracting audio, video, photographs, e-mails, documents and connection logs that enable analysts to track a person’s movements and contacts over time. ...

I would worry more about backdoors in ASIC mining hardware.

If we end up in a situation where most of the ASIC miners needed to be competitive in the mining business come from a few suppliers in China that might reason to worry. Especially in the light of the recent allegations of government installed backdoors in telecoms equipment from Huawei and ZTE.

See: http://www.zdnet.com/former-pentagon-analyst-china-has-backdoors-to-80-of-telecoms-7000000908/

The bitcoin software is easy to audit. The mining hardware? not so much.

Folks are asking the wrong questions.  The more interesting questions are:

If it were so ordered, how might it be done?

If it were done, how could it be kept hidden to stop it being circumvented?  (given that the point of bitcoin is that people are supposed to be a validating node.. right?)

What would they really want, anyway?  A copy of transactions? (like the public block chain? oh wait..)  Map addresses to people?  (That's what the FinCEN MSB/etc stuff is for)


Backdoors like registering private keys or even public addresses would never work (too many alternative clients, a huge can of worms - people would remember Clipper quickly)

Backdooring miners is academic - all they're doing is gathering signature transactions into a blockchain.  You need to private keys (see above) to take somebody's BTC.  They can't tamper with the blockchain, it would be rejected by the rest of the network.  The block chain is to provide consensus of which version of transaction is the right one, it doesn't make actual transactions.


No, its far easier and more practical to raid your home at first light, seize everything you have, and present you with alternatives so horrible that you'll cave.  A bit of shock and awe goes a long way to keep people in line.

There's no gain for "the government" to backdoor the bitcoin code when there's far more effective tactics.  Be more worried about the highly effective, low tech attacks.  Its hard to spend your bitcoins if you're in prison.

Rubber Hose!

If your wallet is protected by a 64 character alphanumeric pass phrase, they will use a $5 wrench to extract it from you.

If the hardware just does hashing then you can't really have a backdoor.  You tell the hardware what header you want it to hash and what nonce range to use.

A miner that is more complex and builds up its own blocks would be different.

Well, you could easily append stuff to the merkle root I guess... The problem is that the coinbase transaction is unknown to the miner itself and that is the one and nearly only one that matters to miners.

You could make them "break" at a certain point of time though for example.

An interesting concept would be an ASIC that spends e.g. 1 BTC for each block it produces from a known address to the ASIC developers and that gets distributed for free. One that address runs dry (hacked or simply enough blocks mined), the ASICs stop working. It is in the best interest of miners then to transfer some BTC to this address again to pay for their ASICs that way. It's not 100% possible right now (as the ASIC would need to know about a new unspent output in that address) but it might be a possibility at least maybe in the future.

By the way:
What about a guide/script to do the following:
Get a vanilla LTS Linux distro (e.g. Ubuntu)
Install something like Jenkins or buildbot
Install gitian
Configure Jenkins or buildbot to build every commit in the bitcoin github repo via gitian
Provide a way to sign and publish the output of these builds

I would love to help verify builds for various platforms but setting all these things up is a bit much to ask and surely has already been done by some people. If there is a guide (or even better: a simple commented shellscript that already installs all required dependencies etc. from a vanilla installation/liveDVD) somewhere then I'd be happy to donate my CPU time + HDD space towards this. I don't really want to "donate" hours of my time though to make gitian, buildbot and whatever you use for signing this (maybe Bitcoin and/or Bitmessage private keys? :)) run if there could be already a standard platform for doing so.

TL;DR: Give me a shellscript that "just works"(TM) with a specific liveDVD of some Linux distro that builds Bitcoin binaries and I would love to verify signatures.

Rubber hose is useless if they cannot prove that the data is there.

http://en.wikipedia.org/wiki/Plausible_deniability
http://www.truecrypt.org/
http://www.truecrypt.org/docs/?s=plausible-deniability

This right here is 100% on point. Why bother with the hassle of installing a backdoor on the code when they can simply arrest you threaten you and your spouse with 20 years in prison and tell you if you surrender your coins they will let your wife off and knock your sentence down to 10-15. That doesn't work? Ok you're now declared an enemy combatant(who needs justification, that's why we have the patriot act), no legal rights, and deported to guantanamo. Oh Guantanamo is finally closed? You think that means you get a break? Nope, now you get to go rot in some hell hole jail set up in one of our "allied" (ie colony) third world nations. Enjoy rotting in prison in Turkmenistan.

Exactly. Or just use a truecrypt hidden container so they think they've retrieved your wallet but just have it empty.

It has happened to the JAP project (http://en.wikipedia.org/wiki/Java_Anon_Proxy)


AFAIK they handled the situation by putting in the code, openly labeling it as what it is, and when asked about it they just said "we can't talk about that..." and everybody knew what was going on.
It pretty much killed the project, though, which was about to be overtaken by tor at the time anyway (at least from my point of view).

Regarding bitcoin, I don't think it would take more than an hour to be the topic of discussion on IRC if Gavin did actually commit something like that. Let alone release it.
And, as he already said, our developer community is spread over several countries/continents so it's extremely hard to put them all under legal pressure simultaneously.

Maybe it would be nice to better track / display who reviewed what code. I know you can count the ACKs in the github discussions, but maybe it would put some minds at rest if there was a website listing commits/tags/builds along with green badges representing valid signatures from the core devs.

i don't get this why does it need to be signed, just copy the cod, take out signing requirement bit and release....what am I missing

what if they get to git, to not compare this code, mod git just for BTC, in some update, that would trick you as you had being relying on git to find the difference.

Not so sure you need to be US citizen, extradition is the favored tool theses days, even by other means, eg Assange.

Also I think that various protocols, and programs have been ordered modified by Judges, though mainly in patent suits, though this prism thing is perhaps a more pertinent example. If a program was somehow effect on national security I think Judges may order the programer change it, or face contempt. Sorta like journalist who elect to not give up their sources. They don't get to go, oh well I'm not a journalist any more, or working for this paper/story. I disagree with all of this by the way, but never underestimate how flexible the law is against the individual in the hands of the Government.

This is very relevant to this thread:

  Open-source Governance in Bitcoin
  https://freedom-to-tinker.com/blog/felten/open-source-governance-in-bitcoin/

not sure this guy understand bitcoin, eg I skim read his paper
http://www.weis2013.econinfosec.org/papers/KrollDaveyFeltenWEIS2013.pdf

as he appears to completely miss the re-target function of bit coin to make it easier to mine if hash leaves,

he also fails to make connection that specialization by asic miners does not equal distribution increase, in fact, quite the opposite ,eg now we are seeing usb miners, and one person noted that almost any heat producing need could also be mining.

more complex computer chips has been coupled with more uptake.

While I agree with you on his paper, please keep that separate from his blog post, which directly addresses $subject.

call me a guy with a tinfoil hat again, but as a guy who spent a big part of his life coding C, I dare to say that it is fairly easy to sneak into such a big source code a backdoor, i.e. in a form of some exploitable stack overflow.

if the attacker is smart, it is as simple as changing one innocent character, at some place in the code he's made, to hide the actual purpose though still suggesting just a mistake.
like putting "," instead of ".", "O" instead "0" or "l" where you needed "1"... I've wrote so much code in C that I could think of tons of expressions that would actually work completely different than one thinks they do at the first sight.

this is especially dangerous when they have just included a few tens of pull requests, so no sane person is really going to go carefully through all of them.

corrupting binaries would be the most stupid way to go, since this one can be actually found quite easily, thanks to bitcoin's fine gitian building solution.

The government doesn't need a backdoor. They can walk in the front door, ie, the open transaction ledger. Also, if a particular actor wanted to influence the course of any open-source project, he could simply join the project and contribute code (assuming some degree of subtlety in crafting pull requests, of course). The beauty of the process is that harmful contributions are weeded out, and if the worst-case scenario comes to pass, the project can be forked with a new lead developer.

You are a guy in a tinfoil hat. Again.

Thanks to code analysis tools (and there are many powerful, free & extremely expensive commercial ones) plus git, such a mistake can be easily spotted.
Remember that you don't review whole code at once (large). You just review latest changes (small).

There are many smart (and i even dare to say: genius) people looking for backdoors in the Bitcoin code , so that wouldn't be very smart to add backdoors, even if you are a genius yourself.

I'm just saying.
feel free to get adventage of whatever tools you find useful to find it, but trust me, if I had an actual incentive and a proper access, I bet I can beat them all, starting from the most expensive ones. it's just a matter of time
people indeed is a harder part, though as I said, ppl ale subjective to different illusions that you can use in a source code.
especially those ppl who don't care, because they have such a great tools

the thing is that walking in the front door each time they'd like to check is just to expensive.
plus some people have guns

1. Bitcoiners would find an alternative wallet without backdooring
2. The official bitcoin wallet is open source, so one could remove the backdoor