In the decentralized, peer-to-peer Bitcoin network, there are no central institutions that protect individuals from fraud or loss. Sovereign Bitcoin users must look after their own security, which makes it critically important that they are able to identify which products and services are trustworthy and safe to use.
The first step Bitcoin organizations should take in order to be considered credible is to be fully open source under the proper licensing. Open source projects are more likely to be secure because, given an active development community, a greater number of individuals are involved in inspecting and contributing to their code.
Bitcoin is an ecosystem built on a foundation of free and open source software and ideas. Progress in Bitcoin is made as we build on each other’s work. Bitcoin users must have full freedom over the hardware and software infrastructure they use – freedom to fork, freedom to change, freedom to run the programs they want without any intermediaries.
This article will explain why open source development is both more efficient from a security perspective and the only viable way forward for Bitcoin.
Civil Liberties in Hardware and Software
To understand why open source is critical for Bitcoin users, it helps to have some historical context about how the movement’s ideals emerged. Before the Copyright Act of 1976 ruled that computer programs could be considered intellectual property, software programs had often been bundled and sold together with hardware. This created a development environment in which programmers worked primarily out of passion for their field and cooperated with one another in a free-flowing, non-restrictive way.
However, after the 1976 changes to IP law, companies began working on proprietary software that could be sold on its own. This marked the beginning of a trend that gained full momentum by the early 1980s and which eventually resulted in the walled garden ecosystems we see today.
The irony for many of the originators of the technology that had enabled the personal computing era was that they believed foremost in the civic duty of sharing information for public benefit. A staunch advocate for freedom of access and development in software among this generation of creators was Richard Stallman. His writings voiced the idea that it was not enough to protect the practical aims of open information sharing – philosophical aims conducive to a virtuous society also had to be respected in software.
To reflect the importance of individual freedoms, Stallman wrote the GNU General Public License (GPL) series of copyleft licenses that protect the rights of software users, rather than owners.
In addition to all the practical benefits of open source development, the terms “Free and Open Source Software (FOSS)” and “Free and Open Source Hardware (FOSH)” imply that a product upholds basic individual freedoms and civic duty. Here, “free” refers to freedom, rather than whether or not the product is free to use.
In his writings on “nonfree” software, Stallman describes how privatization and black-boxing of code erodes our spirit of self-reliance and consequently runs contrary to the principles upon which democracies like the United States are founded. Without the ability to analyze, modify, or redistribute the software we use, we are ultimately passengers in the digital world, unable to take agency for ourselves or on behalf of our fellow citizens and neighbors.
Without the ability to analyze, modify, or redistribute the software we use, we are ultimately passengers in the digital world, unable to take agency for ourselves or on behalf of our fellow citizens and neighbors.
Bitcoin was not built to resemble the walled garden digital economy, but instead to provide a path for restoring our sense of self-sufficiency and sovereignty. In today’s world of sweeping centralization, over-organization, and lack of transparency, it is more important than ever to protect the ideals that Bitcoin stands for. The only way to work towards a future for Bitcoin in which freedom and autonomy are preserved is to support projects that are free and open source under FOSS and FOSH licenses.
Not Compromising on Open Source
In the same way that we trust the Bitcoin protocol because it is free and open source software, we can more confidently trust products that are free and open source. FOSS and FOSH licenses can help the Bitcoin community identify and give recognition to projects that uphold the full standards of transparency as well as reflect the spirit of free software and hardware.
As new waves of users enter the Bitcoin market, bringing us ever closer to mass adoption, there will also be unprecedented interest from malicious actors. In order to avoid thefts or loss of funds, a majority of new Bitcoiners may continue to consign key ownership to large exchanges or engage with Bitcoin through trusted third parties.
The custodial decisions made by new Bitcoiners will have a tremendous effect on the future of financial sovereignty in Bitcoin – and whether centralized institutions and players that have no concern for the foundational principles of Bitcoin may come to dominate the space. It is our hope that the strength of free and open source projects in the industry will incentivize and inspire new users to opt to take control of their sovereignty.
Transparency is Better than Obscurity
The way forward for the Bitcoin community—if it wants to stay true to its ideals—is the same model of open source development adopted by the original Bitcoin protocol and software. Bitcoin is a paradigm that clearly thrives on communal development, cooperation, and progressively building on shared work.
As Richard Stallman writes, “In any intellectual field, one can reach greater heights by standing on the shoulders of others. But that is no longer generally allowed in the software field—you can only stand on the shoulders of the other people in your own company.” A notable advantage of a decentralized system is in coalescing the work created by a diverse community of developers and entrepreneurs and enabling anyone to expand or improve upon that work.
A world in which we are not able to build on the intellectual progress of others is a world that would be less innovative and less secure. The hardware wallet industry is a quintessential example of how building on top of each other, rather than building from scratch, enables rapid innovation. We at Foundation are deeply appreciative of the open source projects – like MicroPython, Coldcard, and Trezor – that helped us bring Passport to market.
A world in which we are not able to build on the intellectual progress of others is a world that would be less innovative and less secure.
It is much more efficient to build in concert with developers across an active community than to draw only from the development resources of one’s own company. When a product’s open source code attracts a larger and more diverse group of contributors to verify that it functions as intended and is not susceptible to critical flaws, consumers can have more confidence that it can be trusted. The cross-referencing of the opinions of experts is a much more credible source of information to depend on than the reputation of a centralized institution.
Recent notable hacks of proprietary hardware and software illustrate how detrimental black box development can be to the security of users. Just last year, Apple’s T2 co-processor, which handles encrypted storage and secure boot capabilities, was cracked by a team of researchers who found it was vulnerable to the same “checkm8” exploit that had been used to jailbreak Apple’s A10 processor. The fact that this vulnerability originated from T2 being based on the A10 is a telling example of how developers limited to the resources of their company are less likely to understand and recognize flaws in their product. Researchers found that attackers can gain access to the T2 chip of MacBooks produced from 2018 to 2020 if they have physical possession of the device or are able to swap out one of the owner’s cables for a modified lookalike specifically engineered for the attack. The failure of these generations of MacBooks is not a good look for Apple, a company that has long projected an image of itself as more secure due to its walled garden approach.
Also last year, Intel’s Software Guard eXtensions (SGX), a security system marketed as a highly isolated enclave for safeguarding private keys, fell victim to yet another security vulnerability. The latest crack involved two separate side channel attacks capable of stealing sensitive information, and came just after Intel sought to mitigate previous vulnerabilities by modifying app-layer code. The fact that large hardware manufacturers like Apple and Intel can struggle to provide consumers with secure black box private key storage solutions is further indication that open, auditable code can be a stronger security model.
The fact that large hardware manufacturers like Apple and Intel can struggle to provide consumers with secure black box private key storage solutions is further indication that open, auditable code can be a stronger security model.
Implications for Hardware
Hardware is a delivery mechanism for software, and free and open source hardware is absolutely fundamental to creating a decentralized digital economy in which users can find trustable products – and in which rapid innovation can occur. This is why we believe meeting the criteria for free and open source software and hardware is not only beneficial for security and product improvement, but necessary for the future of Bitcoin.
To understand the specifics of the CERN OHL v2 hardware licenses and GPLv3 firmware licenses that classify Passport as FOSH, look out for our next article!