Posts this month
A blog on financial markets and their regulation
I have always believed that the greatest tail risk in finance is a threat to its cryptographic foundations. Everything in modern finance is an electronic book entry that could suddenly evaporate if the cryptography protecting it could be subverted. Such a cryptographic catastrophe would make the Lehman bankruptcy five years ago look like a picnic.
Global finance should therefore be alarmed by the Snowden disclosures earlier this month that the large technology companies have been collaborating with the US government to actively subvert internet encryption. It is claimed that backdoors have been built into many commercial encryption software and that even the standards relating to encryption have been compromised.
I do not think this is about the US at all. It is very likely that large technology companies are extending similar cooperation to other governments that control large markets. A decade ago, Microsoft publicly announced that it had provided the Chinese government access to the Windows source code. Blackberry’s long resistance to the Indian government’s desire for access to its encryption suggest that the Indian market is not large enough to induce quick cooperation, but I would be surprised if the US and China were the only countries that are able to bend the large technology companies to their ends. Countries like Russia and Israel with proven cyber warfare capabilities would also have achieved some measure of success.
In this situation, financial firms around the world should consider themselves as potential targets of cyber warfare. Alternatively, they could just become collateral damage in the struggle between two or more cyber superpowers. In my view, this is an existential threat to the modern financial system.
The saving grace is that there is nothing to suggest that the mathematics of encryption has become less reliable. The problems are all in the implementation – commercial routers, commercial operating systems, commercial browsers and commercial encryption software may have been compromised but not the mathematics of encryption, at least not yet.
Perhaps, finance can still escape a cryptographic meltdown if it embraces open source software for all cryptography critical applications. As computer security expert Bruce Schneier explains: “Trust the math. Encryption is your friend. Use it well, and do your best to ensure that nothing can compromise it.”