Search engines, Deep web & the Darknet

In this article we will focus on mainly how the search engines work. Thereafter, we will discuss indexability, and the differences between surface web, deep web and the darknet.


Pre-internet period

There was a time when goods and services important to us would either appear on the newspaper classifieds’ section or on the Yellow Pages. There also used to be those bulky BSNL/ MTNL telephone directories offered for free on taking a new connection.

These indices used to have exhaustive contact information about all sorts of legitimate businesses. Needless to say, they did not contain contact information of businesses working outside the purview of public policy. Guns, pornography, drugs, etc. had no place in these public directories.

Worth noting, is the fact that there were no mechanisms to collect user preference, or user data. Users of these directories had no role to play in the economy other than paying money to buy one.

Then came the millennium, businesses started getting online, directories got online as well. Google had indexed close to 60 million pages in a span of three years,1 starting 1995. Along with many other search engines who had the same competitive advantage of starting early.


Search engines

Google was nothing innovative when it started. It was based on the same algorithms its competitors were using. That is scraping sites and counting hyperlinks.

Scraping is the usage of automated softwares to read websites and store their information. To be able to scrape a website you need to know the link to the website. There exist no other method to find a website if you do not know the link.

The algorithm will take a popular website as a starting point where people share links to their own website. It will scrape the website for unique website links. Once done it would visit those website links to scrape and find out further links to other websites.

Over time it would create a list of websites through this method and allocate them a rank. The rank is calculated on the basis of how many other websites link to one specific website.

For e.g.: If three people link to and ten people link to, then would get a higher rank.

This rank is useful when websites contain similar information. The search engine would show the highest ranked websites at the top of their search results.

Search engines do not like to be scraped though, they use technologies like rate-limiting, browser detection, etc. to defend against automated softwares. This is why the internet is actually not free.

Internet Economy

The more information you scrape the more business you get. And here we are talking of petabytes of information. The largest search databases get the most amount of visitors and the opportunity to show them ads. The ads are from those websites which would not have appeared at the top of search results. These ads earn revenue for the search engine and accord footfall to the advertiser.

That is how the internet works. The moment you visit a popular search engine like Google or Bing, you become a part of this economy, where the goods being sold is you (and your search preference).

However, in a bid to keep the reality as it were pre-internet, there are some search engines which do not collect user information. DuckDuckGo (largest and secure), (private but uses Google to google) and WolframAlpha (popular for scientific usage) are among the few.

Surface Web

On the basis of search engine indexability the internet is classified into three areas. This classification is intentionally made analogous to the oceans.

That is surface web, deep web and darknet.

Pages and websites which can be found and indexed by search engines are known collectively as the surface web. Their links are popular, documented on other indexable websites, freely accessible and not closed down by law enforcement agencies yet.


Deep web

While there exist the surface web, easily visible and indexed by most search engines. That is only the tip of an iceberg. Rest of the internet is made up of the deep web where probing is difficult.

Deep web makes the 99% of the internet. The owners do not want their web properties to be publicly available and they requested search engines to remove their links from search results.

For e.g: Universities into research keep their research databases online, however it is protected by user IDs and passwords. In such a case, there is a treasure of information which is just not freely accessible, and search engines could not index them because of the same reasons.

Estimates say that the deep web is several magnitudes larger than the surface web. One estimate of 2001 says that deep web is 400 to 550 times larger than the surface web.2

One thing worth noting is deep web properties do not need to change their links or server addresses, as they do not store illegal or criminal elements.

That’s about deep web.



The last bit of the internet justifies the name being used to describe it, it is as dark and inaccessible as the lower reaches of an ocean.

The darknet is a coined term first used by ARPANET to mean web properties that are extant but unresponsive to prevalent network protocols. These unlike the deep web are additionally inaccessible along with being unindexed.

They can be accessed only through frequently changing domain names, IP addresses, network protocols, etc. They have to keep changing their configurations to avoid detection by governmental agencies.

The Tor Network

One of the most popular modern day method is to build a site on the Onion also known as the Tor network.

The Tor network constitutes of more than 7000 nodes spread across the globe to anonymise user access data. It defends against organised surveillance, censorship and helps protect freedom of speech and expression.

Incidentally, it was a US Government funded project, which, given its tendencies, may surprise you. It started out as a network anonymiser tool for confidential communication at the DARPA and US Navy.

As of now a branch of the U.S. Navy uses Tor for visiting and studying web resources during intelligence gathering.3 Law enforcement agencies use Tor in order to keep their footprints clean and leave no government IP addresses in web logs of the host.

Eventually it was open-sourced and it has grown as a liberator in the face of surveillance and censorship.

Upon installing the Tor software on a server, the host is granted a randomly generated domain, which may look like this:

http://3g2upl4pq6kufc4m.onion/ DuckDuckGo’s onion site

https://www.facebookcorewwwi.onion/ Facebook’s onion site

Governments of countries like China and Egypt do not want outside internet to affect their citizens, they constantly track down and block these websites. Therefore, the domain names look randomised as they keep changing automatically. Once the Tor network detects a blockage it can easily assign another domain name.

And the best part of this is that the entire network is usable free of cost.

Drugs, Demons and the Darknet

While the earlier subheading went into the introduction and the good work the Tor network has done for the global internet. There exist a lot unsaid.

This is best expressed in pictures:

Alphabay market homepage showing Weapons, Drugs, Malwares etc. on sale.
Whatever you (may ever) want
Zion market showing a listing of a bitcoin ransomware. Priced at $12
How about a bit of free money through ransomwares?
Alphabay drug listing page showing MDMA, Valium, Oxycodone, Cannabis, etc
Or the crystals?

Yeah, that’s about it? No. It has also got new AK47s, Rocket Launchers, Shotguns, etc.

Alphabay Glock 17 with silencer priced at $3700 USD
Glock 17 with Silencer
AK-47 Unlimited quantity with promotional offers at USD 2065 price and USD 27.5 shipping to Brazil and Europe
AK-47 Unlimited with promotional offers

The delivery of these goods are done using secretive packaging at a high delivery cost. However, police across the globe are pretty adept at tracking these suspicious packages, making sure the society stays safe.4

And although I have personally not come across nastier stuff than these, some quarters say slavery, human trafficking, illegal organ markets and child pornography as well are available on some domains.

Accessing the Darknet

Irrespective of your reason to access banned websites, you should know that they are banned because they do not align with the current law and order of our countries.

They are not banned unreasonably, most of these websites harbor all sorts of malware. These malware can remotely access your computing device and use it in furtherance of all sorts of cyber crime. And you would never get to know about it, till it is very late.

However if you are in China, and you are missing Facebook, here is what you have to do:

  1. Install Orbot and Orfox on your phone from Google Play store
  2. Start Orbot and click Browse
  3. Once you see the “Congratulations. This browser is configured to use Tor” message you may visit this onion URL: https://www.facebookcorewwwi.onion/
  4. You can also search DuckDuckGo for websites which have indexed useful .onion sites

Similarly, you may visit other onion URLs as and when you discover them. Most of these URLs keep changing over time.




If you liked the article please share it with your followers. If you have doubts or questions about any part of this article, please feel free to leave a comment below or ask questions directly to the author here: Ask Questions.

WannaCry: What is a Ransomware and how does it work?

A ransomware is a software which scrambles information stored on a computer system to make it inaccessible. The process of scrambling is done through known methods of encryption. The purpose is to then ask for an amount of money to decrypt valuable information.


So how does ransomware work?

How does it get through?

Imagine you hired the best architects and got a palace built for your yourself. Little known to you or the architects, there exists a weak wall near your garage. This can be broken by application of minimal force and people can get in through that and steal your expensive car. They can also disrupt your telephone and gas lines to cause you further harm. Or worse even, plant a bomb below your bedroom. Scary isn’t it?

Something similarly keeps happening with all software companies. They hire the best developers to write the most intricate codes, and little known to them they leave out vulnerabilities which can be brute forced and broken. Now people can get in and cause all sorts of mayhem.

If these vulnerabilities are unknown and not solved, they are called ‘zero-day exploits’. I will write a detailed post on zero-day right after this one, so stay tuned, or better subscribe from the right sidebar >>

A ransomware may or may not use a zero-day exploit to leverage the attack. A ransomware might just promise you a lottery ticket, free coupons, facebook or gmail hacking, etc.


What does it do?

A ransomware is a simple software which encrypts and decrypts data based on a condition. Once the ransomware is loaded onto the computer using a vulnerability, it will instantly encrypt and make the data unusable.

It may ask for a password to decrypt. Or, It may show a message communicating the condition for decryption. It may also ask for payment, it may ask for release of a prisoner, it may ask for change in politics, anything.

Once the condition is met, a password is provided which can be used to unscramble the information and make it usable again.


What is WannaCry?

Just last month I was thinking there is not much interesting things to write about. I was not wrong but impatient.

WannaCry gets onto the system through common phishing tactics. An email containing an attachment is circulated. Upon downloading the attachment it instantly freezes the system and asks for a payment of $300 in BTC. If not paid within three days, the payment amount is doubled to $600.

However, it promises to hold events (time periods) when data can be decrypted for free by clicking the decrypt button, after expiry of six months. This is for poor people 🙂

WannaCry got first reported on Friday the 12th of this month (May, 2017), and within a day it spread over to a quarter of a million computers across the globe.


How did it start?

WannaCry reportedly used a vulnerability on older Microsoft Windows operating systems. Mostly Windows XP and 7 attacks were reported. Microsoft held that systems running updated versions of Windows 7 and above were immune to it.1 There has been no reports negating this.


Who got affected?

It started with the crippling effect on Britain’s National Health Service. Unlike in the US where people pay for healthcare in hefty bills, medical service in UK is free of cost. Therefore, outdated systems dying for lack of attention.

While Microsoft ended support for Windows XP in April 2014 many UK agencies missed that. A Freedom of Information Act request by Citrix in December, 2016, reported 90 percent of UK hospitals had computers running outdated Windows XP.2

As it was not a targeted attack, it spread on to many other parts of the globe, some reports on Middle Eastern banking systems also surfaced.




To Microsoft’s credit they had already released the security updates back in March, here is a compilation of all the relevant security updates.3 If you have not updated your system you should go through them.

Code Name Solution
EternalBlue Addressed by MS17-010
EmeraldThread Addressed by MS10-061
EternalChampion Addressed by CVE-2017-0146 & CVE-2017-0147
“ErraticGopher” Addressed prior to the release of Windows Vista
EsikmoRoll Addressed by MS14-068
EternalRomance Addressed by MS17-010
EducatedScholar Addressed by MS09-050
EternalSynergy Addressed by MS17-010
EclipsedWing Addressed by MS08-067

Microsoft also released a malicious software removal tool specifically for WannaCry on 22nd May for a permanent resolution.


Other quirky solutions

A young cyber security expert from London figured that the WannaCry malware repeatedly tries to connect with a website. If the website responds it shuts down. So he bought the website and made it respond.

For instance, a malware may check if is live or not. Depending on that there can be further instructions for the malware to commit.

This shows that WannaCry was not remote controlled. It means it is an independent malware which is supposed to run and spread all on its own.


Global Politics

It would be unfair to not talk about National Security Agency of the United States, Shadow Brokers, and the lesser known philosophy behind hacking.

A lot of internet develops due to constant work by different anonymous groups. As soon as one attack is launched, and gets enough attention, the global internet fortifies against it. Much like our bodies’ immune systems. Therefore, more the attacks, better the internet gets in the long run.

Sometimes attacks are just attention-seeking in nature, and sometimes they are deadly. In my opinion, WannaCry was seeking attention towards larger societal flaws. If it meant to cause real damage it would not have been made into a ransomware virus asking for $300 to $600. Also total revenue from WannaCry is said to be around $50,000 at max. It uses technology which can be used to target core banking companies and siphon off millions of dollars never making it to global media. Or worse, target nuclear plants where a lot of devices still run on outdated Microsoft products.

Attention sought for what?

The National Security Agency of the United States has been in the offensive since its inception. It is unofficially known that 90% of NSA’s budget goes into development of offensive weapons. The NSA constantly researches and adds to it’s library weapon grade software. The EternalBlue vulnerability used in WannaCry is just one among million options that NSA has for itself. Other deadly offensive weapons released in the past include the billion dollar STUXnet virus, which was recently linked to NSA.

Especially in EternalBlue’s case, NSA had found it long back but decided not to report it to Microsoft. It was the Shadow Brokers group who stole a considerable part from NSA library and reported it to Microsoft. Enabling it to release an update in March 2017, much before the breakout of the virus.

When hacker groups like Shadow Brokers get hold of such software they either report it for money or release it on the internet. The public quickly gets immune to it, thereby spoiling the weaponry NSA spends millions to build. And the best part is that NSA does all of it legally.

Anonymous Internet groups across the globe are fighting against orchestrated surveillance, censorship and rogue government agencies. One thing that’s for sure, our immune systems may make us feel sick, but if we fight our immune systems we will be dead faster.

What is Cloud Computing? Architecture and Data Security

Cloud computing is an architecture engineered for providing computing services via the Internet. The key features of a cloud computing service are the presence of an on demand and pay per use usage facility to a pool of shared resources, namely networks, storage, servers, services and applications. It’s a completely Internet dependent technology where client data is stored and maintained in the data center of a cloud service provider like Google, Amazon, and Microsoft etc. Nowadays, several industries like banking, healthcare and education are switching to cloud computing, as it has minimal infrastructural requirement and is highly efficient and mobile in its functioning.

The National Institute of Standards and Technology (NIST), defined cloud computing as follows: Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.


Essential Characteristics of Cloud Computing

On-demand self-service: A consumer can manually configure his requirements of server time and network usage, without requiring the assistance of service providers at each step of his usage.

Broad network access: A cloud-computing server can be accessed using the available network capabilities through standard mechanisms. That is, through the heterogeneous thin or thick client platforms (e.g., mobile phones, laptops, and PDAs).

Resource pooling: The service provider’s computing resources are pooled to serve multiple consumers using a multi-tenant model, with different physical and virtual resources dynamically assigned and reassigned according to the consumer’s demand. There is a sense of location anonymity in which, the customer generally has no control or knowledge over the exact location of the host server. Examples of such resources include storage, processing, memory, network bandwidth, and virtual machines.

Rapid elasticity: The provision for rapidly responding to the increasing consumer demand, can be facilitated by the service provider, through this model.

Measured Service: Consumer’s resource usage can be monitored, controlled, and reported through this model.1

Software-as-a-Service (SaaS): SaaS can be described as a process by which Application Service Provider (ASP) provides different software applications over the Internet. This helps in eliminating the need for installing and operating the application on one’s own computer and also eliminates the tremendous load of software maintenance, continuing operation, safeguarding and support.2 The SaaS vendor automatically assumes the responsibility for deploying and managing the IT infrastructure (servers, operating system software, databases, data center space, network access, power and cooling, etc) and processes (infrastructure patches/upgrades, application patches/upgrades, backups, etc.) required to run and manage the full solution. The SaaS, features a complete application offered as a service on demand. Examples of SaaS include:, Google Apps.

Cloud Platform as a Service (PaaS): PaaS is the delivery of a computing platform and solution stack as a service without software downloads or installation for developers, IT managers or end-users. It provides an infrastructure with a high level of integration in order to implement and test cloud applications. The user does not manage the infrastructure (including network, servers, operating systems and storage), but he controls the deployed applications and, possibly, their configurations. Examples of PaaS include:, Google App Engine and Microsoft Azure.

Cloud Infrastructure as a Service (IaaS): It refers to the sharing of the hardware to make resources such as servers, network and storage more readily accessible by applications and operating systems. It primarily makes use of the Application Programming Interface (API) for interaction between the hosts, switches and routers along with the capability of adding new equipment in a simple and transparent manner. In general, the user does not manage the underlying hardware in the cloud infrastructure, but he controls the operating systems, storage and the deployed applications. The service provider owns the equipment and is responsible for housing, running and maintaining it. A client typically pays on a per-use basis. Examples of IaaS include: Amazon Elastic Cloud Computing (EC2), Amazon S3, GoGrid.


The Cloud Computing Entities

Cloud providers and consumers are the two main entities in the business market. But, service brokers and resellers are the two more emerging service level entities in the Cloud world. These are discussed as follows:

Cloud Providers: Includes Internet service providers, telecommunications companies, and large business process outsourcers that provide either the media (Internet connections) or infrastructure (hosted data centers) that enable consumers to access cloud services. Service providers may also include systems integrators, that build and support data centers hosting private clouds and they offer different services (e.g., SaaS, PaaS, IaaS, and etc.) to the consumers, the service brokers or resellers.3

Cloud Service Brokers: This includes technology consultants, business professionals, service organizations, registered brokers and agents, and influencers that help guide consumers in the selection of cloud computing solutions. Service brokers concentrate on the negotiation of the relationships between consumers and providers without owning or managing the whole Cloud infrastructure. Moreover, they add extra services on top of a Cloud provider’s infrastructure to make up the user’s Cloud environment.

Cloud Resellers: Resellers can become an important factor of the Cloud market when the Cloud providers will expand their business across continents. Cloud providers may choose local IT consultancy firms or resellers of their existing products to act as “resellers” for their Cloud-based products in a particular region.

Cloud Consumers: End users belong to the category of Cloud consumers. However, also Cloud service brokers and resellers can belong to this category as soon as they are also customers of another Cloud provider, broker or reseller.4


Security Concerns In The Cloud

Cloud computing comes with numerous possibilities and challenges. Of the challenges, data security and data location5 are considered to be a critical barrier in path of its success.6 Although location transparency is one of the prominent flexibilities in cloud computing, however not knowing the specific location of data storage, is a serious concern.7

In terms of customer’s personal or business data security, the strategic policies of the cloud service providers are of highest significance.8 Another concern is trust, which raises the issue of credibility of the cloud service,9 for the reason that it’s directly related to the credibility and authenticity of the cloud service providers. Developing a trust in cloud computing, might be dependent on a number of factors among which are, automation management, human factors, processes and policies.10

All kinds of attacks that are applicable to a computer network and data transmission are equally applicable to all cloud based services. Some threats in this category are man-in-the-middle attack, phishing, eavesdropping, sniffing and other similar attacks. DDoS (Distributed Denial of Service) attack is also one of the common cloud computing attacks.11 The security of the virtual machine will define the integrity and level of security of a cloud environment to a greater extent.12

The techniques of accounting and authentication, as well as using encryption, falls within the practice of safe computing, which can be well considered as a part of the security concerns of cloud computing.13

However, it is important to distinguish between risk and security concerns in this regard. Other examples of business risks of cloud computing could be licensing issues, service unavailability, provider’s business discontinuity that do not fall within the security concerns from a technical viewpoint. Also like any other network scenario, the provision of insider-attack remains as a valid threat for cloud computing. Any security tools or other kinds of software used in a cloud environment might have security loopholes, which in turn would pose security risks to the cloud infrastructure itself. The problems with third party APIs as well as spammers are also a threat to the cloud environment.14

As cloud computing normally means using public networks and subsequently putting the transmitted data visible to the world, cyber attacks in any form are anticipated in cloud computing. The modus operandi of cloud computing has made it prone to both information security and network security threats.15 Also a third party relationship might emerge as a risk for the cloud environment along with other security threats inherent in infrastructural and virtual machine aspects. Factors like software bugs, social engineering, human errors make the security for the cloud a dynamically challenging one. The issue of intrusion detection is also one of the most important network monitoring techniques to reduce security risks. If the contemporary IDSs (Intrusion Detection Systems) are inefficient, the resultant consequence might be an undetected security breach for the cloud environment.

The facets from which the security threat might be introduced into a cloud environment are numerous ranging from database, virtual servers, and network to operating systems, load balancing, memory management and concurrency control. Data segregation and session hijacking are two potential and unavoidable security threats for the cloud users. The issue of privacy and its underlying concept in cloud computing might significantly vary in different regions and thus it may lead to security breach for cloud services in specific contexts and scenarios. Besides, multi-tenancy model is also an aspect that needs to be given attention. Also, security in the data-centres of cloud service providers, are also a cause of concern, as a single physical server would hold many clients’ data making it a common shared platform in terms of physical server or operating system. The storage security at the cloud service providers data centres are also directly linked with the security of the cloud services. Therefore, threats to a cloud infrastructure are applicable both to the data as well as the infrastructure.

Similarly, the different modes of data transfer and communication means (e.g. satellite communication) also needs to be taken into account. Huge amounts of data transfer along with the communication technology used and the security concerns of the adapted communication technology also becomes a security concern for the cloud computing approach. Therefore, the broadcast nature of some communication technology is a core concern in this regard. Also, the arbitrary intermittent intrusion needs to be taken into account. Some authors have argued that using Internet technologies is not a must for cloud computing but the cost efficiency and globalization trends will enforce and motivate almost all the businesses to admit the Internet and its associated technologies to be the ultimate means towards the cloud computing approach.

The wide transition to mobile computing practices in recent years has made it imperative to include mobile computing and its associated technologies as an essential part of cloud computing. Resource scarcity, as well as other constraints of mobile computing poses a barrier to cloud computing. The demand of huge data processing is a problem for mobile end-user devices which has been further complemented by the security concerns of mobile cloud computing. For mobile cloud computing, the device level limitations has inspired researchers to suggest the inclusion of another level of cloud termed as ‘mobile cloud’ to aid the processing of the specific computing and processing for mobile computing devices. The hierarchical arrangement of cloud computing, facilitates the different level of extensibility for the cloud users with varying degree of associated security issues. Thus, using cloud products or services may lead to security concerns for the consumers if they are not well aware with the type and particulars of the products or services they are procuring or using in a cloud environment.16


Breaking: Smart Contracts (blockchain) legalised in Arizona


On March 29, (2017) Arizona Governor Doug Ducey signed the bill HB 24171 into law. As covered earlier by IndiaTechLaw on Smart Contracts, this bill seeks to amend the current law and bring legal validity to blockchain signatures.


What are blockchain signatures?

Blockchain is a unique method to publicly maintain one single database of all financial transactions. It is also called the Triple Entry Accounting and Distributed Ledger Technology. This is maintained by collecting digital signatures from the parties during authorisation. The digital signatures create bind financial transactions to their parties.

Digital signatures are undeniable evidence of involvement. You can read more about digital signatures and their legal validity in India.

The digital signatures in the blockchain model are stored permanently in a single dimension, chronological order, and are available for public scrutiny. This creates an undeniable publicly available record of financial affairs. Anyone can monitor these financial records to ascertain ownership of assets.


What are smart contracts?

Smart contracts are technically softwares which software developers write in high-level programming languages, like Solidity, Python and Go. The blockchain protocol is used to store a log of all transactions between smart contracts. Smart contracts are used to facilitate, verify, or enforce the negotiation or performance of an agreement between two or more persons. The automated nature of the smart contracts essentially makes them partially or fully self-executing, self-enforcing, or both.



The new law provides that the digital signatures recorded through the blockchain protocol are valid electronic signatures covered under Arizona law. This accords smart contracts the much required legal recognition to make it legally enforceable. The House and the Senate approved the bill nearly unanimously recognising blockchain-based technology as a form of recognized legal commerce.

Although Arizona has legalised smart contracts, the neighbouring states have not. Both the federal and the state governments of the USA would need to clarify the enforcement practices across different jurisdictions.

Another point of consideration is that the reformation in law would bring in huge participation from the public. The translation of traditional contracts to their bytecode form would create a different relationship between lawyers, their clients, and computer programmers.



If you liked the article please like and share it with your followers. If you have doubts or questions about any part of this article, please feel free to leave a comment below or ask questions directly to the author here: Ask Questions.

Breaking: Bitcoins legalised in Japan – legal framework and tax treatment

The Japanese have brought into force a new legislation treating digital currency as a legal payment method, from the beginning (1 April 2017) of this fiscal year. Bitcoins are now legal tender in Japan and are at par with other fiat currencies. This has been made possible by the passing of a new law called the Virtual Currency Act by the Diet. The Financial Services Agency announced that it is going to treat cryptocurrencies as legal tender from April 1st, 2017.


The Virtual Currency Act

This bill was primarily to revise portions of the Banking Act. The Virtual Currency Act serves to account for changes to the economy. It also strives to keep economy at par with technological developments.

Section 3 of this bill now includes wording on virtual currency and is being tentatively called the “Virtual Currency Act.”

According to global law firm DLA Piper, the amended parts of the Payment Services Act, which is a part of the Banking Act, defines digital currencies as “property of value,” that is useful for payment to unspecified persons, and is purchasable from and sellable to unspecified persons.

Important to note, the law does not require users of bitcoins to reveal the parties they transact with. This provision may be used to deal with ‘unspecified’ and probable criminals. This is in consonance with the legal theory that no one shall be compelled to be a witness against himself.1

The law explicitly finds a distinction between digital currency and electronic money. ‘digital currency’ is not the same as ‘electronic money’ because the former has no issuers and is usable by any accepting individual, whereas the latter has a specific issuer and is only usable by the issuer or authorized persons.


Bitcoin exchanges

The new law seeks to regulate bitcoins and bitcoin exchanges by equipping the Financial Services Agency with the authority to conduct on-site inspections and issue administrative orders as and when needed. All bitcoin exchanges shall be required to register with the Financial Services Agency.

The recognition automatically brings in obligations to be fulfilled by banks, financial institutions and cryptocurrency exchange platforms. These institutions would be required to comply with stricter anti-money laundering and additional KYC requirements. The law also provides for annual audits in finance, technology and consumer protection principles.

Digital currency exchanges also have to comply with a few other restrictive regulatory requirements. One of them being the requirement to hold, at minimum, liquid capital of ¥10 million yen, worth approximately US$90,000. Also, exchanges have to prove that they possess requisite technology infrastructure, with measures in place to prevent leakage, identity theft, loss and damage of funds and other information.

Recall The Mt. Gox incident – the largest bitcoin hack ever? This legislation was drafted long back in 2013 and had been in abeyance for the past few years. Although Japan’s large population is technologically adept, and is already used to sending tokens and coupons between their smartphones, most Japanese had still not heard of Bitcoin until the Mt. Gox fiasco. Many were introduced to Bitcoin by seeing Mark Karpeles’ face on TV at courtroom trials.


Tax treatment

Any profits arising from trading in cryptocurrencies can be considered “income from business activities or miscellaneous income”. The asset-like nature of bitcoins and other cryptocurrencies means that capital gains tax are applicable upon them in Japan.

Interestingly, the practice of levying 8% consumption tax on sale and purchase of bitcoins and other cryptocurrencies would not be leviable in Japan from 1st of July, 2017. This is due to the efforts of the Japanese government to reform its tax laws.

DLA Piper explains that “the taxation of virtual currencies is undergoing many developments in Japan,” and new accounting standards detailing the treatment of digital currencies for tax purposes are “anticipated in the near future.”

“While bitcoin exchanges would be exempt from consumption tax, the exchange of virtual currency for assets or services (i.e., when someone pays virtual currency to a seller of assets or services) is still subject to consumption tax in the same way as those transactions which are paid in traditional currency.”
-DLA Piper


Entry to the bitcoin market

The bill also revises the ‘Act on Prevention of Transfer of Criminal Proceeds’ requiring exchanges to implement a stricter KYC process. Consequently, opening an account at a bitcoin exchange has gotten more difficult.

New users would now need to answer a list of prescribed questions, things like profession and purpose fall within the purview. Users need to submit identification documents and wait a few days during which their profile is vetted. Registered address of new customers shall be verified by sending a postcard with a verification code.

Further, from the enactment date all exchanges are required to voluntarily apprise their user base with detailed corporate information, including but not limited to, their trading name and address, registration number, transaction content, as well as disclose all fees and costs to users. They must also keep separate accounts for fiat money and digital currencies, as well as undergo a regular audit. The auditing is to be done by a public certified accountant or audit firm at least once a year.

The Payment Services Act also introduces regulations “for the registration of all virtual currency exchange businesses,” DLA Piper explains, citing how this regulation is “consistent with the declaration made at the 41st G7 Summit at Elmau in 2015.”

“Currently, most Bitcoin-cash exchange services available in Japan are operated by Japanese companies. However, the amendment to the Act could be an opportunity for foreign VC-cash exchange service providers to expand their business into Japan, because the new registration system is also open to foreign entities.”
– DLA Piper Law Firm



All in all, a brave government has paved the way for a brave technology to take effect. Wishing more acceptance to blockchain and it’s users.


If you liked the article please like and share it with your followers. Please feel free to leave a comment below or connect directly with the author here: Ask Questions.


Value of bitcoins; RBI on bitcoin; legality of bitcoin transactions in India

Bitcoins are numbers you can trade with. People would be ready to exchange goods and services with bitcoins as they value the bitcoin numbers. Compared to currency which is made out of thin air by a central bank, bitcoins and other digital tokens, require massive computational power to generate, and have a base in global energy prices.

This idea of using a set of protocol to transact and create new bitcoins securely was published by an Anonymous author using the pseudonym of Satoshi Nakamoto. The paper was titled: Bitcoin: A Peer-to-Peer Electronic Cash System by Satoshi Nakamoto

The global bitcoin economy is maintained by consensus among its users on who owns how much bitcoins. It relies on a system of decentralised ledger technology and triple entry accounting to prevent fraudulent entries. The bitcoin protocol is used to communicate with each other on the network.

The bitcoin economy has a unique system of rewarding bitcoins to anyone who would maintain the global bitcoin accounts. The rewarding mechanism of bitcoins creates an incentive for people to deploy computational resources to maintain the economy. This requires accounting for bitcoins according to a set protocol. The bitcoin protocol therefore requires ‘proof of work’ from its users in order to reward them with new bitcoins. The ‘proof of work’ is resource intensive and requires huge computational power. To learn more about how it is done, you may read my previous article on what are bitcoins – what is so different than fiat money?



Humans needed a strong, tamper-proof, irrefutable and immutable method of accounting. An accounting method which no amount of intelligence can influence. It was an awaited concept. People across the world were waiting for a panacea of accounting. And Indians needed it the most. The most corrupted countries needed the most amount of accounting.

On came the blockchain technology. It can be used to create a permanent record of transactions, which are mathematically undeniable. Even people cannot deny the entries, because people would need to digitally sign each and every transaction.

The problem was simple, the solution is complex. And it works. It works so much that the current valuation of transactions of all bitcoins has surpassed USD 16 billion.

NSA of USA is used to say that, “if you have nothing to hide, you have nothing to worry”. Well it is time for the governments to come clean. If governments have nothing to hide, they should accept the blockchain technology for transparent and open accounting.

Read more on this accounting principle: How blockchain is changing the finance industry: Triple Entry Accounting


What is ‘proof of work’?

‘Proof of work’ in the bitcoin protocol simply means a proof of expending resources towards maintaining the bitcoin economy. The more resources you expend would mean more seriousness about the accuracy of transactions.

This proof of expending resources requires solving quadrillions (1016) of intricate mathematical calculations. The result of which would be verified by the bitcoin protocol.

The bitcoin protocol maintains a level of difficulty and the reward amount, proportionate to the number of bitcoins in circulation, to treat the proof of work. The difficulty level keeps changing according to the number of bitcoins in circulation. More bitcoins in circulation would mean more numbers of calculations required to claim the reward amount. Along with the difficulty, the reward also keeps changing. More bitcoins in circulation would mean lesser reward and vice versa. In the beginning (~2006) the reward was 50 BTC per solution, as of now it is 12.5 BTC.

Mining is the act of solving mathematical calculations in order to receive bitcoins as reward. A hash is one of these mathematical calculations (read about hashing). You need 2,107,420,200 trillion hashes 1 to earn the bitcoin reward of 12.5 BTC as of today: 13th March ’17.


The value of bitcoins

Very sophisticated equipment are required to perform these mathematical calculations. The best equipment I would recommend for mining as of now is the Antminer S9 it costs USD 2400. The S9 runs on a 1.4 KWh electrical input. It can solve thirteen trillion hashes in a second. It would take 162109246 seconds or ~45000 hours to get the promised reward.

So, to earn 12.5 bitcoins you will need to expend about 63,000 KW as of now. The price of 1 KW in Ahmedabad on a High Tension Maximum Demand line as of now is 260 INR.2 63000 KW would therefore set you off by ~INR 1.64 crores.

Include the component of the cost of the mining hardware, and it would not make business sense for an Indian. However consider INR 5 to 20 per KW of hydroelectricity in northern China.

Therefore if we ever have to, we can only buy bitcoins from those who produce it cheaply. You can buy one bitcoin at INR 93,519 from Unocoin today.3

This global disparity in energy prices is driving energy advantaged nations to own more bitcoins than they should have. And although the makers of bitcoins sought decentralisation of economic power, it is nonetheless the way it is.

The disparity thus creates relative acceptance of bitcoins across the globe. Some countries are better placed to accept bitcoins than others. Not surprisingly Chinese people own 58% of the current global bitcoin circulation.4


Hacking, fraud and crimes with bitcoins

Although there has been a spurt in usage of bitcoin for criminal activity, it was more pronounced at a time when mining bitcoin was fairly easier, and the price of bitcoin averaged below 100 USD a piece. It happened that people could mine their own bitcoins, and once you have that capability you are answerable to no one. The scenario changed soon after.


Government intervention

Fortunately, or unfortunately, the circulation of bitcoins rose, and the per bitcoin value increased due to increase in difficulty to generate one bitcoin. While this might sound unwelcoming, but yeah INR/BTC touched the 1 lakh mark.

Interesting things happened due to the massive success. The difficulty of mining increased, not everyone can generate bitcoins now, it has narrowed down to only huge bitcoin farms, having investments of millions of dollars. When someone invests so much on a technology, they actively lobby for government attention and for legal sanctions.

SO, as of now, all those who mine bitcoins also seek legal sanctions and they put in all possible efforts to get the government to recognise bitcoins as legitimate currency.

Bitcoin companies also wanted the government to restrict mining of bitcoins, by restricting entry to the market. Governments came up with KYC norms for bitcoin users, and all over the world bitcoin usage got some sense of legitimacy. KYC puts in a legitimate but difficult hurdle for new bitcoin companies who do not have market reach.

As of now, you are free, and it is perfectly legal to buy, sell and transact in bitcoins in India if you are ready to furnish your identification documents. Just search ‘buy bitcoin India’ on Google.

And as bitcoins are permanently and publicly trackable, KYC binds your bitcoins to your legal identity, exposing you to legal troubles if you abuse BTC. It is getting fairly difficult to abuse BTC everyday.


Blockchain analysis firms

As I told you earlier, that the technology gives us an irrefutable new method of accountancy. The blockchain technology which we use to trade in BTCs, is nothing but a permanent publicly available ledger. So anyone and everyone can go through the ledger to find out transactions which ever happened on the platform.

So this new set of fintech firms arrived, who built softwares to go through the BTC ledger and find out bitcoins which have been used for illegal purpose. They coined the term ‘dirty bitcoins’ and ‘dirty accounts’ to refer to bitcoins which have at least once been used for illegal purposes.

These firms track down criminals and their bitcoin accounts5 and sell the data to law enforcement agencies who were not so equipped to handle BTC abuse6. So we have to be careful that the BTC we use is not a dirty BTC, otherwise we might get into trouble.

Chainalysis is one firm which is doing good in this business. They have a tool through which if you have a specific customer that you are interested in, or a ransom note with a Bitcoin address, the tool will automatically find connected dirty bitcoins and bitcoin wallets.


Did/Can bitcoins replace fiat money?

No not yet, governments have legitimised bitcoin transactions, that does not mean it is a legal tender which the central bank needs to respect. To understand why BTC cannot even replace fiat money, we have to find out why the RBI respects the INR and not any other currency on earth.

There are so many better and stronger currencies lying around, say the USD or JPY, or even the GBP. Much less prone to demonetisation 😀 However, they are also not legal tender because the law does not say so.

But what is legal tender? We may decide to settle our transactions with anything as we please. I might offer you 34kgs of carrot for your smartphone. And it is recorded in Indian History that we have used spices and seashells as currency.

It is in this perspective that we distinguish between currencies of different types with legal tender. ‘Legal tender’ is a status accorded to any currency by the law of the land. Acceptance of legal tender for discharge of debt is the mandate by law. By the power of the law no one can deny acceptance of the new pinky 2000 INR notes.

The RBI Act of 1934, which gives the Reserve Bank of India the sole right to issue bank notes, states that “Every bank note shall be legal tender at any place in India in payment for the amount expressed therein”.

The Finance Act and the other relevant laws of India accord legal status of currency to INR only.

To get BTC recognised at par with INR, we have to first make sure that the interests of all BTC users are aligned with the Indian economic and political interests. Is that possible? The answer is no, unless we as Indians are cool with the global order of things.

INR gives us a personalised and customised sense of security, we know if anything goes wrong we still have the power to correct it via the RBI. That is missing with the BTC, USD, JPY and other currencies.

We need to be cool with the fact that BTC is only for international transactions, and the high volatility of the BTC is not what we want our economy to go through.


Future/s in BTC

We have been trading in futures for a long time now, futures of every currency is available. Mt. Gox started out as a future trading platform for BTC with other currencies.

The future of BTC is supposedly much neater. Irrespective of all sensational media reports India is never going to criminalise BTC.7 It would only harm us when other nations use it. It is a game among all heads of states, of who gets to get the most out of BTC.

Although taxes, and other hurdles may get put in place depending on how smart our lawmakers are.


How does secure socket layer (SSL/TLS) work? Why do retail websites require https?

To answer what is secure socket layer and how it keeps websites secure it is important to understand the making of the Internet. The internet in turn is an abstract concept meaning the interconnected network of computers across the globe. Computers interact with each other to create services necessary for us.

To start off, you just need to know that there has to be a physical cable between two computers for interaction to happen between them.


A physical cable

Yes, a physical cable is the most important component of the internet. There has to be a cable between your computer and this computer for you to be able to read this. Cables a lot of them! So many cables and of such enormous scales that it is a trillion dollar industry.

The primary object of companies like Airtel, Vodafone, AT&T, etc. is to lay cables, cable of all types: coaxial, heliax, twisted pair, optical fibre, so on and so forth.

Cables can be terrestrial, hooked on to cable posts, or dug deep into the ground, or even submarine. You can visit this site to see the current distribution of submarine cables across the globe: Submarine Cable Map



Our world is not technically wireless. Wireless over long distance has a failure rate thousand times that of a cable. Wireless is fun and frequent in short distances. Ultimately, all such wireless access points are connected together by cables.


Interception and hacking

The problem with wires, wireless and communication in general is interception. If it is a wire, you can cut in between the two ends to intercept. If it is wireless you can do what the receiver is doing and no one would know that they are being heard.

Although hacking has not been defined in any legal text, it is in simpler language nothing but finding out clever ways of interception. If it is too obvious then it is not considered hacking 😀



The solution is then to hold communication in a way only the sender and receiver would understand. The US Army employed the native American tribal people to hold secret conversations over long distance radio.

It is obviously quite difficult to invent new languages every time we need to hold a secret conversation, therefore, encryption of prevalent languages.

You can read more about encryption and different forms of encryption here:

A brief history of the internet, cryptography, cryptanalysis and encryption laws of India

Encryption and Symmetric Cryptography – How is data secured electronically?

Understanding Asymmetric Cryptography, Public Key, Private Key and the RSA Algorithm


Secure Socket Layer (SSL)/ Transport Layer Security (TLS)

SSL is not a device or a physical socket, it is just a protocol or a set of mathematical rules to hold encrypted communication.1 The protocol is amended periodically to make it more robust. SSL was renamed TLS at the release of version 4. So TLS is basically the fourth version of SSL and uses the same basic technology.

SSL certificates can be generated by oneself or bought from service providers. These certificates contain passwords which can be used to encrypt communications between a website and it’s visitor.



When we buy goods from an online retailer, our credit card and other identification details are sent over the network to effect such transactions. If the retailer does not have SSL enabled on it’s website all communication can be tapped into and sensitive data can be intercepted by third parties.

The retailer might not face any injury, but the buyer may have to face identity theft, fraudulent transactions, etc.

From January onwards, Google Chrome browser is showing a “Not secure” message on all websites with password and credit card form fields that are not protected with an SSL/TLS certificate. Google has also been promoting SSL enabled sites by according them higher search rankings.


The Mt. Gox incident – the largest bitcoin hack ever

An American software developer named Jed McCaleb founded a platform in 2006 named Magic: The Gathering Online eXchange. He set up the platform for secure exchange of trading cards used in a video game by the same name, using the domain name This platform allowed cards to be bought and sold like stocks.

Some quarters say that it was this underlying technology of trading imaginary cards securely that formed the basis of bitcoins. Although McCaleb never released the original code written by him for Mt. Gox, it is true that the bitcoin technology is similar to such card exchange technology. It is also in popular notion that the anonymous author of the Bitcoin paper,1 Nakamoto, is probably McCaleb himself.

It is important at this juncture to understand how the bitcoin and blockchain works. I would recommend you to go through my earlier post on What are bitcoins / cryptocurrency / blockchain – what is so different than fiat money?

While China as of now, owns 58% of the global bitcoin circulation, it was not so until 2013 when the Japanese were leading the bitcoin race and Mt. Gox owned 70% of all bitcoins.


The origin

Mining is the act of maintaining and validating global bitcoin transactions by solving mathematical calculations. New bitcoins are created to reward the miners. Mining is the only way for creating new bitcoins.

Whoever, may be the author of the idea behind bitcoins, people found value and confidence in the literature, and joined in. People developed independent networks based on the paper and it grew at a time when mining was comparatively easy.

By 2008, people had bitcoins and they did not know what to do with it, just like money and stocks lying around. When money lies idle, you would need a banking system where you can put your money in return of an interest or for putting money to any use. And when shares of companies are idle you would want to trade them through an exchange.

So in 2010, to fuel the bitcoin economy through transactional exchanges and bring in new entrants, McCaleb used the domain to create a bitcoin trading exchange named Mt. Gox and incorporated it in Tokyo by the name MtGox Co., Ltd. It quickly found acceptance among Japanese bitcoin users. Mt. Gox was the first entity to hold bitcoins in large scale.


The Hack

On 19 June 2011, an account of an official auditor at Mt. Gox was compromised. His password was stolen by a hacker who manipulated the system and illegally transferred a large number of bitcoins to himself. He then went on to sell all these bitcoins at a very low rate using the exchange’s software, creating a massive “ask” order at any price. People globally bought these bitcoins at very cheap rates (some were sold at as low as 1 cent).

Although the price of bitcoins stabilised in minutes to its earlier rate, this hack resulted in loss of around 850,000 (750,000 of investors and 100,000 of its own) bitcoins to Mt. Gox, worth USD 473 million at that time. Compared to the global circulation of ~6,850,000 bitcoins at that time.

A lot of bitcoins were randomly dispersed by the hacker. He sent thousands of bitcoins to accounts which did not exist. These bitcoins can never be withdrawn or transacted with, as it is impossible to access without a password. The bitcoins were permanently lost from the global economy. This opened up a lot of flaws in the system. One of them being the inherent flaw in failing to check existence of accounts before transferring value.

Interesting to note that the hacker could not compromise the bitcoin technology, however, he could steal the password of an official auditor.


The cover-up

No one acknowledged the hack for years. It was only on 28 February, 2014, Mt. Gox finally acknowledged the three-year old hack. The company would not have revealed it had there been no need to file for bankruptcy.

Even after the 2011 hacking event bitcoin trading went on at Mt. Gox and in 2013 Mt. Gox came to own almost 70% of all global bitcoin circulation. However, the loss still needed to be accounted for.

Mt. Gox in the meantime kept looking for the missing bitcoins and could track and recover about 200,000 of the 850,000 bitcoins.



The company supplanted the loss of bitcoins by using its own store of bitcoins and the recovered amount. This costed the company about USD 473 million and it finally led the company to fail its payments to its creditors. CoinLab which was servicing the Mt. Gox investors in the North America region filed a lawsuit of USD 75 million. The lawsuit demanded Mt. Gox to transfer the accounts of its North American investors from Mt. Gox to CoinLab as per a contract they had entered earlier.

Neither did Mt. Gox have the money to transfer the accounts nor did it have the money to pay for the lawsuit. That is when it finally filed for bankruptcy protection in Tokyo on 28th February, and later in USA on 10th March.

On 16th April, 2014 Mt. Gox finally gave up its plan of restructuration and applied for liquidation.

Out of all this mess the CEO of Mt. Gox, Mark Karpelès, who bought 88% of the Mt. Gox business from McCaleb in 2011, was prosecuted in 2014. He was tried on the grounds of fraud, perpetration of fraud, manipulation of public data, and stealing of over USD 1 million from Mt. Gox. He had been arrested in Tokyo on a different set of allegations and was granted a bail in 2016. He is not allowed to move out of Japan as of now.

While the investigation on every aspect of the hack is still going on.


Lessons Learnt

Government regulations

People globally filed a lot of lawsuits, protests and demonstrations took place in Tokyo and the public conscience did get a jolt from the seemingly revolutionary technology.

Governments across the world realised that it was high time they need to interfere and regulate bitcoins.


Currency is irreplaceable

It was clear that no amount of technological innovation could render the responsibility a government or a central bank can assume in terms of human losses. A trusted middle man who can insure, validate and take legal action on a transaction is a requirement of any stable economy.


Failure of anarchy

In all types of anarchies, society somehow coagulates around the smartest or the strongest. The socio-legal and political fabric of such a system needs to be highly developed. A strong state machinery is therefore required in order to contain the exigencies of such systems.


So that’s how it ended. The largest bitcoin exchange which could have owned 60% of all bitcoins in circulation today, ended. Consequently, the concentration of bitcoins then changed hands from the Japanese to the Chinese due to their huge mining farms.


If you liked the article please like and share it with your followers. If you have doubts or questions about any part of this article, please feel free to leave a comment below or ask questions directly to the author here: Ask Questions.

Canadian Securities Law (OSC statement) on Distributed Ledger Technologies (blockchain)

The Ontario Securities Commission (OSC) put up a press release on Wednesday (March 8th) containing cautionary advice against use of Distributed Ledger Technology or commonly the blockchain.1

In the press release OSC advises businesses using blockchain to offer securities, falling under the Ontario Securities Act, to consider registration as a dealer, adviser and/or investment fund manager.

“Many uses of distributed ledger technologies have the potential to increase transparency and efficiencies in our capital markets, and we are keen to support this type of innovation,” said Pat Chaukos, Chief of OSC LaunchPad. “Because this is a novel area, businesses may not be aware that some uses of this technology could trigger securities law requirements. We encourage these businesses to speak with us about securities law and investor protection requirements that may apply.”

Blockchain introduces the triple entry accounting system which is the latest innovation in accounting practices. This can be used as the underlying technology in trading, clearing and settling securities transactions.

Companies may also issue shares in digital tokens which can be traded over the internet using the blockchain technology.

The law remains neutral to the technology and is equally applicable on all use cases of blockchain on securities transactions.

How blockchain is changing governance: Permissioned Blockchain

Permissioned blockchain arose out of the need of the public to interfere in private transactions. It is fundamentally the same concept as with the blockchain technology I previously wrote on. While the original blockchain allows all members to transact and verify transactions, in permissioned blockchains, the right to verify transactions is available only to a permissioned few.

This model is all set to revolutionise e-governance across the globe.


What is blockchain?

For a much clearer idea of permissioned blockchain I recommend that you understand the original blockchain model in depth. Here are some of my previous articles on:

What are bitcoins / cryptocurrency / blockchain – what is so different than fiat money?

How blockchain is changing the legal industry: Smart Contracts

Mining is the process through which new transactions are verified, processed into blocks and added to the blockchain network. Those who do it are called miners. They are rewarded with new digital tokens. The reward is the only way of creating new digital tokens on the network.

In a much simplistic expression, blockchain is the method of maintaining a public ledger of who owns how much money. It is novel because transactions can take place between two persons without the involvement of the traditional system of banking. The members themselves verify and record the transactions permanently on the ledger in an immutable form.

Blockchain therefore does away with the need of a middleman like the bank.

The blockchain model promises us a future free from middlemen. Intuitively, we have always hated middlemen as they invariably increase transaction costs. Middlemen include, music distributors, cab aggregators, lawyers, accountants, banks, so on and so forth.

Imagine sending ten lakh rupees from USA to India at a total cost less than fifty rupees, or paperless real estate transactions, or never having to hire an accountant and never having to fight a commercial dispute!


Why permissioned blockchain?

As of now, humans cannot prosper in peer-to-peer economies, we need strict hierarchies to co-exist and to differentiate between the right and wrong. There needs to be one central axis for guidance towards one direction.

Governance, peerages, bureaucracy, at least that is how it has been till now, and surely we will take at least another century to learn to deal in complete privacy. While all new technologies are prone to abuse, only those which adjust to the human nature thrive and grow in the long run.


The problems of the original blockchain model and bitcoins

In the original concept of the blockchain network the bitcoin model incentivises the act of mining by rewarding the miner with fresh tokens. Therefore, mining and miners would not and cannot distinguish between legal transactions and criminal transactions. On this system all transactions are equally good and it is just a flawless method of accounting.

This is when the trouble starts. The onset of bitcoins saw a huge spurt in criminal activities, especially the most heinous of them. Criminals found a great way of settling their accounts with each other. With more and more acceptance of bitcoins globally the value of the criminal transactions also increased.

Hence, no government would ever want to officially recognise the bitcoin currency. The acceptance would directly mean that they are either ignorant of or totally fine with the huge criminal aspect bitcoins reveal everyday. Unnecessarily, blood money gets equated to good hard-earned money.

Furthermore, those who were happy working hard and paying taxes, would never want to deal in currency which is equally being used by criminals. As a result, the growth of bitcoins invariably prove the criminal affinity of the human society and of the profiteering others who want to cash in on the growing value of it.

People have asked me if they should invest in bitcoins, I say the trajectory of bitcoins will depend on the frequency of crimes taking place through the network. More the wrongdoings, lesser the probability of it scaling globally. The frequency of bitcoin related crimes in the global media would ultimately decide its fate. If you are a part of the network and you want it to grow, stop abusing it.


The permissioned blockchain model

After all, in its originality, blockchain never guaranteed usage coherent with established law of the society. It only delivers immaculate accounting through the triple entry accounting system.1

Even one drop of blood on the bitcoin network should not be tolerated. What do we have to guarantee the usage of the blockchain model according to established law and order? Is there any way to make sure of that?

Fortunately, yes!

Permissioned blockchain networks creates a group of participants in the network who get the express authority to validate new transactions and to participate in the consensus mechanism. Consequently, this creates a system of hierarchy where two or more types of members have different set of rights on the network.

Theoretically, one type of membership can hold the right to allow or deny new entrants to the network based on their legal identities. Another type of membership can hold the right to verify new transactions according to the law of the land. A separate membership can be introduced for taxmen who would be credited with taxes the moment a transaction happens.

This system of hierarchy brings in legal accountability and prevents criminal transactions from happening. Miners and mining need not be deprecated, mining in its original sense may still maintain the transactions and the economy. However, mining of only verified transactions shall take place.

Or, mining can be limited only to the central bank and government who can use the privilege to manage the economy and do public spending.


How to create a permissioned blockchain network?

A Digital Signature Certificate Authority (‘DSCA’) may issue Digital certificates to distinguish between members. The DSCA shall store the digital certificates along with their public keys of all members.2

A DSCA may issue different classes of certificates according to the nature of the membership. A specific class of certificate for a specific government agency. Say, the Income Tax department for taxation, judges for attachment of property, police for verification, UIDAI for biometric identity, so and so forth.

Instead of a PAN Card or an Aadhar card, a DSCA may issue a network identity to everyone for the rest of their lives.



Voting and referendum

In a big country like India, collecting public opinion is difficult due to lack of technology infrastructure. The permissioned blockchain model may serve to make referendums real in India.

Everyone can hold one VoteCoin and transfer the VoteCoin to a political party of choice to cast their vote. The party emerging with the most number of VoteCoins in a specific period of time would be the winner.

Attachment of property

Court officers may prevent transaction of an attached real estate property by not validating the transaction on the network.

Cab drivers

Cab drivers may be issued the permission to run ‘smart contracts’3 of driving. Consequently, those not having the permission would not be able to enter smart driving contracts.

Sectoral regulators

Companies may issue digital tokens instead of shares. State agencies like the Securities Exchange Board or the Competition Commission would hold the sole right to validate such issuance.

Municipality of a district can validate or deny transaction of real estate in the concerned locality.

Stamp Duty

A notary can verify and levy stamp duty on a smart contract on the blockchain network.

Corporate governance

A company can create private network based on a permissioned blockchain model. CEOs and Board of Directors may hold the sole right to verify and make transactions on this network.


In a crowd-sourced media house, editors may reserve the right to publish content.


Finally, there is no end to the application of the permissioned blockchain model!


If you liked the article please like and share it with your followers. If you have doubts or questions about any part of this article, feel free to leave a comment below or ask questions directly to the author here: Ask Questions.