Will the virtual currency Bitcoin face increasing regulation in the future? Is Bitcoin secure enough to attract mass use?

More than 400 people involved with Bitcoin heard experts discuss the evolving environment around the virtual currency at the Cryptolina Bitcoin Expo at the Raleigh Convention Center on Friday and Saturday.

Several states have weighed in differently on Bitcoin, with New York passing regulations and California formally recognizing it. Texas and Kansas have released guidance.

The U.S. Consumer Financial Protection Bureau issued a warning that Bitcoin has volatile exchange rates and has been targeted by hackers and scammers. “Consumers are stepping into the Wild West,” said CFPB Director Richard Cordray in a statement.

Bitcoin: different things in different contexts

The regulatory issues around Bitcoin and other “crypto currencies” are complex.

Part of the problem, said Andrew Beal with Crowley Corporate Attorneys on the Cyptolina Regulation Panel on Saturday, is that “Bitcoin means different things in different contexts. It can take a thousand different directions. In the future, we may not even know we’re using Bitcoin.”

Tyler Gibbons, attorney with Riser, McLaurin & Gibbons, brought up a recurring theme of the panel discussion, the need to educate lawmakers and regulators. “The worst thing you can do is regulate something before you understand it. I think the IRS (which issued Bitcoin regulations) jumped the gun.”

Carol Van Cleef, attorney with Manatt, Phelps & Phillips, noted a couple of branches of the Federal Reserve have offered some Bitcoin guidance. One even suggested a central bank might want to use this type of technology for domestic fund transfers.

It could speed check processing

Ed Moy, former director of the U.S. Mint, added “we can’t put Bitcoin in a category everyone agrees on now. It may end up being co-opted by the government. The Federal Reserve has a big job processing a large volume of checks. If the Bitcoin protocol ends up cheaper, they’ll pursue that.”

The question, Van Cleef said, is whether the system functions quickly enough. “I see the Federal Reserve struggling with that right now,” he explained. “They’re still trying to get same day settlement and they’re steps away from that, let alone instant settlement (which a crypto currency such as Bitcoin might allow).”

Attorney David Aylor pointed out that if we start to see Bitcoin flourishing and many at the conference believe that’s just a matter of time “we’ll begin to see a lot happening on the tax and reporting side.” He said the federal government is only going to be involved in some situations and “at some point the states will have to do something besides punt.”

Beal stepped in to note that regulations could cause problems down the line if “you build a business model and then regulation changes.”

Many startups are evolving to act as bitcoin payment processors, exchanges and more. A handful presented at the event Friday. Adam Draper of Silicon Valley-based Boost VC, which focuses a chunk of its capital on Bitcoin startups and Tyler Gibbons, attorney with Riser, McLaurin & Gibbons are examples.

Steep learning curve

Van Cleef said “there’s a steep learning curve, that’s what we’re dealing with. The Texas opinion was written by a lawyer with a technology background, but we don’t have those resources in many states. It’s an educational issue, getting them to understand what they’re dealing with.”

Moy agreed. “We need education. If we want better regulations the people who write them need to be more knowledgeable. We need to educated members of Congress, their staffs, and the state regulators and legislators. It’s a multi-year project and we’re looking at a fast moving industry.”

Moy suggested the Bitcoin industry needs to “self-regulate and provide transparency” to give regulators a good model to follow.

Speed of innovation vs. development of security

Jacob Hansen, CEO of CrowdCurity, a Silicon Valley-based security startup incubated by Adam Draper’s Boost VC, said that Bitcoin security is “a contest between the speed of innovation and the development of security.”

Hansen displayed a slide showing a page of bitcoin thefts before exploring the variety of security methods that have evolved in response. The problem, he said, is that if you get your new technology 99 percent secure, another startup might beat you to market with lower security.

“You have that constant cat and mouse game,” Hansen said. “You get their quicker by lowering security, but at some point, consumers are going to start demanding security, and then companies will emerge that sell their products based on security.”

One way of keeping your bitcoins secure is to use “cold storage,” in which your private key (code) never touches the Internet until you use it. Another is to require multiple signatures or multiple private keys to access your bitcoins.

Bounty for finding security flaws

Another is the CrowdCurity method of paying a group of trusted security researches a bounty for discovering security flaws in your product or service. “That gives them the same motivation hackers have,” Hansen said. “Find a flaw and get paid.”

Yet another trick is to hide a bitcoin in your software. If that gets stolen, you get an instant signal to shut down because hackers found vulnerability.

Still, Hansen said, “there are going to be a variety of security solutions. No one solution is going to work for everything. It’s difficult to prevent security issues before an exploit actually happens. You fix that and try to think one step ahead. But it’s always going to be a cat and mouse game between defenders and attackers trying to break in. That’s the nature of the world we live in.”