Don’t Produce Private Keys
By Joshua McDougall on ALTCOIN MAGAZINE
TL;DR Suddenly, both parties now hold the same private key(s) which have authority over disputed assets, and the assets move. Which party authorized the transaction? We no longer know.
Productions vary in all sorts of shapes and sizes but their content is the key focus. Confidential documents, redacted pages, metadata fields, all bundled together meticulously to deliver to another, possibly friend but more than likely foe.
Most of the concepts are pretty heavily standardized at this point, how your bates stamping is formatted, how families are linked, when native documents are and are not included, and what files are used as conduits for the data — be them OPTs, DATs, and the occasional TXT. When it comes to producing data relating to blockchains networks, assets, and transactions, the best practices are far less explored and there are certainly some unique issues that arise which attorneys, paralegals, and technologists all need to be aware of.
Yes, productions are inherently sensitive in nature. They can be the delivery of confidential data, trade secrets, Personally Identifiable Information (PII), Protected Health Information (PHI), even privileged documents, or communications that are downright embarrassing and a potential PR nightmare. We know productions are something that demands care in preparing and handling, so what makes the addition of blockchains such a tale of caution and confusion?
New Concepts & Components
First and foremost, much of the technical details and basic lingo surrounding blockchain technology are still completely foreign to the general public. Without understanding what a technology does, or why any person or business would put it to use, it will certainly make it difficult to review and analyze let alone understand what pieces would be relevant to an opposing party.
Consider how long we’ve used chatrooms and text messages, either personally or for business. This isn’t even a technically difficult concept to understand but only in the last two or three years have we begun to appreciate best practices for the review and production regarding short messages.
Understanding how to deal with this new technology will similarly take time. Many of us in the industry will be forced to learn via a trial by fire, and mistakes will likely be made. Unfortunately, with blockchain-based assets, the one core concept that many will learn the hard way is that we don’t have the luxury of undo.
Need to prove your knowledge before getting on the stand? The CryptoCurrency Certification Consortium (C4) provides an exam for candidates to earn their Certified Bitcoin Professional (CBP) designation. If you can pass this exam, you have a solid foundation of knowledge applicable to all blockchains.
Public Vs. Private Data
Another interesting detail about providing blockchain data in a production is that much of the data is available publicly for all to view and analyze as they see fit. Historically, publicly available data (such as that on facebook, or news sources) would still need to be properly collected and hashed by forensic technologists to ensure its integrity, but keeping data integrity is actually a key feature of networks such as Bitcoin and Ethereum.
Since all users in a blockchain network can download and validate the full history, transferring transactional data within a production is completely possible but does it make sense?
Should a full encoded transaction be produced?
0200000001ca2657cb538d0745d5449f5d782416efe63d0768c68573ed7095c81948cac8f5010000006a47304402201f9915484ae5dcbe1532300a917468a978bb0d8108c65ae4772d65a25780b979022004a801cbbbff8ba19c72c5a8a027ae6dad37fedc20e13ef09b3483d62f4e705301210211190e2043435b8419342ff0f779a8c265ec7e3365746c23ec91c8203f88980afeffffff0200c915a8000000001976a91418a90b675928380bff6974a5bcbf0f2dd674beb888ac40d5b200000000001976a914c2b5c55ee7fc9977e9b21ddd12a8d036a2aff49288acf6e81000
Maybe a full decoded transaction?
{
"txid": "a1d45c3edf071b5a459...04e580c0f65169c530949",
"version": 2, "locktime": 1108214,
"vin": [ { "txid": "f5c8ca4819c89570...44d545078d53cb5726ca",
"vout": 1, "scriptSig": {
"asm": "304402201f9915484...ec91c8203f88980a",
"hex": "47304402201f9915484ae...8980a"
}, "sequence": 4294967294 }
],"vout": [ {
"value": 28.2, "n": 0, "scriptPubKey": {
"asm":"OP_DUP OP_HASH160 18a...beb8 OP_EQVRFY OP_CHCKSIG",
"hex": "76a91418...eb888ac",
"reqSigs": 1, "type": "pubkeyhash",
"addresses": ["D7PVGHPLF2eCD3WC9uujKNyxR95yxgUbhd"]
}
},{ "value": 0.1172,"n": 1, "scriptPubKey": {
"asm": "OP_DUP OP_HASH160 c2b...f492 OP_EQVRFY OP_CHCKSIG",
"hex": "76a914...49288ac",
"reqSigs": 1, "type": "pubkeyhash",
"addresses": ["DNtdP9DyBPujircDPSA9zNRbBRAjx3r7RD"]
} } ] }
Or is the only detail needed in production the TXID? With the value below, each of the above details can be found unchanged by any user of the specific blockchain network.
a1d45c3edf071b5a45962817b6f920c4f1b301bb19704e580c0f65169c530949
Since this is a distributed ledger that we can all download and validate, for the detail-oriented it is better for your business to host your own verified version of the chain data rather than rely on what is being provided by the other side. With this in mind, I don’t believe it’s out of the question for most law firms and/or eDiscovery service providers to have their own chain instances of popular networks in the near future, or at least have a trusted partner willing to put their name on an affidavit to assert the validity of the data.
So what data may be relevant to include alongside a transaction? As with a lot of eDiscovery, it’s all about the metadata!
- TXID — Consider it like a Bates ID on a blockchain. Once confirmed by the network, it’s not changing.
- Network(s) — Is this the Bitcoin network? The Bitcoin Cash? Maybe it’s an Ethereum transaction, or maybe it’s multiple.
- Associated Custodian — Do you know which of your custodians(s) initiated/authorized the transaction?
- Wallet/Service/Software — Any additional details about the software or hardware used to authorize the transaction
- Wallet Label — Any freeform name given to the wallet by the custodian or service.
- Destination — Do you know the actual service, organization or individual that the transaction was sent to? The pseudo-anonymous “Address” destination will be visible in most transactions but our own review my uncover the proper identities involved.
- Conversion Rate — Are you aware of the conversion rate of the asset to a local currency at the time of the transactions, especially if it was one the custodian was confirmed to have used?
Dynamic Data
To further complicate the matter, while quite a bit of the data is fundamentally immutable, there is also the possibility of adding new data always being generated. If you provide the addresses from a case, as well as transactions, it’s possible that new transactions relating to those addresses will be broadcast on the network post-delivery. Does this mean a supplemental production is needed each time or is providing the addresses enough for the other side to perform their own monitoring?
Price data is another finicky detail here. The price of an asset at the time of a transaction, or any other point in history including now, may each be relevant to the case. Pricing fluctuates wildly for many of these assets and can also be considered substantially different dependent on pricing sources for the same time period. Rather than providing pricing data, it may make more sense to agree upon a methodology and source(s) for price discovery rather than providing documents or records that indicate a specific value.
“Let’s use the 24h weighted value based on the Gemini exchange”
“Let’s use the spot price at the time of the transaction based on the Coindesk Bitcoin Index”
Both likely to find subtly (or completely) different prices, but consistency across both parties may be positive, or pricing may be the exact point of contention to be disputed — but now you know there can be differences!
Security Concerns — High Risk Data
Some files, even paper documents, may represent a massive security concern, putting everyone at risk. Your client, the opposing side, their firm, your firm, your investigator, your reviewers, everyone. I can’t stress this enough unless you fully understand what a private key is and the exact need for it to be produced, do not produce private keys.
I’m not a lawyer, so take this absolute with a grain of unauthoritative salt, at best it is a word of caution from a security consultant. Don’t produce private keys. Don’t process them into a review environment if you can filter them out. Don’t even collect them unless you fully appreciate what you are collecting. Most of all, don’t produce private keys. Don’t ask for others to produce them either.
Why? We deal with sensitive data all the time. We’re professionals. Companies and individuals trust us with their most sensitive secrets constantly, why would this one data type be so special?
Data theft has never actually been theft, it has been replication — a malicious copy and paste. Stealing my word document doesn’t mean I lose possession, only that the attacker gains it. This is not the case with most blockchain-based assets, especially cryptocurrencies.
Theft of a cryptocurrency means theft, not photocopies. It is the irreversible removal of one's authority over the asset.
The truth is that these assets can be difficult to secure, which is made obvious by articles like this Forbes piece that details $4 billion in stolen cryptocurrencies during 2019 alone. Unless your business is prepared to meet the requirements of an asset custody provider, it may not be the business you want to get into and is best outsourced.
It’s also critical to appreciate that a private key is best when only one actor has access to it. If only one custodian has a copy of a private key and a transaction is broadcast to the Bitcoin network, we can be fairly certain who made that transaction. As more copies of the same private key are created, we lose that relationship. Suddenly, both parties hold the same private key(s) which have authority over disputed assets, and the assets move. Which party authorized the transaction? We no longer know.
By maintaining a private key to single actor relationship, the attorneys can ask to have consequences enforced should actions/transactions occur outside of the courts direction.
The solution? Producing an Address or Public Key provides all the same information needed to understand the transactions associated with a custodian or specific wallet, without the authority to move assets.
Please don’t produce private keys.
Not sure if this is relevant to an ongoing engagement? Check out Tokens.FYI for the latest keywords relating to blockchains, cryptocurrencies, software, slang, and services.
This article is a follow-up to my Relativity Fest 2019 presentation Blockchain Assets: Identification, Analysis, and Review. The slides of which are online.