You could be forgiven for wondering whether there’s anything actually legitimate about cryptocurrencies. 

If 2017 was the year that Bitcoin, and other cryptocurrencies such as “Ether,” broke big as mainstream phenomena, 2018 was the year crypto’s risks became commonplace. 
As ZDNet’s Charlie Osborne has related, crackers last year increasingly broke into “wallets,” the software programs that store Bitcoin and other currencies, absconding with funds, and compromised exchanges, where traders of currency meet to place buy and sell orders.
In a sign of the spread of confusion and chaos, one cryptocurrency software startup, Taylor, which has been trying to create improved programs for trading currencies, was entirely cleaned out of its investment backing, all held in virtual currency, by a cracking attack. The craze for “initial coin offerings,” or ICOs — the issuance of novel currencies — ran into serious trouble in 2018 as some efforts collapsed amidst accusations of fraud on the part of the offering parties. 
The chaos caused the price of Bitcoin, which soared at the end of 2017, to plunge in 2018, dropping from a high price for each Bitcoin equivalent to over $19,000 to a low of under $4,000. Bitcoin is the coin of the realm, as they say, and represents over half of all trades by value, so it sets the standard. Other currencies followed the decline. The COVID-19 pandemic really pumped up Bitcoin, whose spot price has rebounded strongly: as of December, 2020, it currently trades for just under $23,000. Nvidia, a computer chip maker, and competitor Advanced Micro Devices, both of whose graphics processing units are the basis of crunching the codes for crypto, saw their publicly-traded stocks buffeted in the past year by the volatility in the crypto market.  
In spite of that chaos and in spite of what seems outright fraud, a lot of activity still happens with cryptocurrencies, billions of it on a daily basis, in fact. There is an estimated $643 billion worth of all cryptocurrencies in circulation, and over $184 billion worth of the things changing hands around the world every day. Crypto potentially has tons of benefits for business: the ability to create trading technologies for conducting transactions unique to a given industry, without the need for a central authority, is one of the biggest promises.   
It makes sense to keep an eye on the action, as the sheer volume of activity means that crypto will find some role in business and society for years to come. The announcement by Facebook that it will introduce its own cryptocurrency, the “Libra,” some time next year, cements the significance of the field. 

What follows is a review of the basics and the leading edge of crypto that you need to know. 
Benefits: What is cryptocurrency?
The best way to think about Bitcoin, and Ether, and other currencies, is as a contract between buyer and seller. They represent tacit agreements to conduct an exchange between counterparties, just as the U.S. dollar and other fiat currencies have always been representations of the implicit promise of governments to uphold transactions. 
The big appeal is that crypto money doesn’t need to be issued by banks, and exchange rates don’t need to be controlled by a central bank. A company can create its own contracts, just like creating a new programming language. As long as counterparties will agree to uphold the contract, a whole system of transactions can be set in motion without having to be ruled by the processes of normal monetary and banking authorities.
It’s often said that Bitcoin is three things all rolled into one:
It’s a store of value, first, in that one can convert fiat currencies — money issued by governments, such as the U.S. dollar — into a corresponding amount of Bitcoin, as well as storing the value of other items by exchanging them for Bitcoin. 
It’s a means of enacting transactions, in that one can present Bitcoin in exchange for goods and services, where it is accepted. 
And thirdly, it’s a record of transactions, given that each Bitcoin comes out of the operation of computers that track the global flow of all transactions in Bitcoin, via the digital ledger software called blockchain. 
See: Coin Dance’s resources for getting started with 
Bitcoin and things like it are dubbed “crypto” because at the heart of the global software system of the blockchain is a cryptographic function that encodes successive transactions as “hashes,” which are codes formed with cryptographic functions that transform the data of successive transactions in such a way that no single computer can reverse the process. It is this transformation, by multiple computer users, that serves as a third set of books to keep two parties to a transaction honest without a central authority. 

The idea that started everything: all the world’s bitcoin transactions recorded one after another in a long chain of interlocking cryptographic hashes. This is the underlying technology that maintains the integrity of crypto-currencies.
Bitcoin.org
Bitcoin alternatives
Although Bitcoin dominates cryptocurrency activity, like any software program, it has strengths and weaknesses; some would prefer a contract between participants that has different attributes from what Bitcoin has. Some don’t like it as a store of value, or a means of transactions, and so alternatives have been proposed. There are now thousands of new currencies, and more keep being made, including another version of Bitcoin, called “Bitcoin Cash”; Ether, introduced in 2014 by a developer Vitaly Dmitriyevich as part of a new distributed application platform; “EOS,” a coin that comes with a new computing protocol, from the Hong Kong-based startup Block.one; “Litecoin,” created by a Google engineer; and “Ripple,” created by startup Ripple Labs, to name just a few of the most prominent. 
See: A tiny tutorial on cryptocurrencies

Each of these has its appeal, the same way one or another programming language attracts followers. According to data gathered by popular news site CoinDesk in its “Crypto-Economics Explorer,” a kind of almanac of crypto, there are only a few currencies whose volume of trading, total value, and interest by developers comes anywhere close to Bitcoin, among them EOS, Ether, and Ripple. Most others have tiny fractions of the market capitalization as measured in dollar-denominated assets placed into them. The various offerings can have different advantages, such as being able to transact faster. 
One big thing to keep in mind is that less-popular currencies will naturally have lower liquidity in cryptocurrency exchanges. As a result, it may be harder to cash out of them when you want to exchange them back for fiat currencies. 
Accepting Bitcoin at some point will be an important decision for many businesses simply because of the sheer volume of fiat currencies placed into these instruments. $260 billion or so worth of dollars and euros and pounds sterling means there is opportunity for a business that accepts payment in crypto to reap some of the money looking to be transacted.
Getting started with wallets
The easiest way to get involved with Bitcoin, Ether or another currency is to get some digital wallet software. The wallet program gives you a unique “public key,” a string of characters, which serves as an address you can give to a counter-party to which they can send you Bitcoin or other money, much the way you would give out an email address. Wallets such as Mycelium and Coinomi are available on mobile devices running Android and iOS. 
There are also desktop programs such as Electrum, and web-based wallets you can use through a browser, such as the one offered for free by a Google-backed, Silicon Valley startup named Blockchain. (Blockchain also has a mobile app version of the wallet.)
Facebook’s forthcoming wallet software, for use with its proposed Libra currency, will be called “Calibra,” the company said. It’s useful to try out some wallets to get a sense of what’s involved before Facebook’s offering lands.
Because you can load these wallets up with tiny amounts of money, you try several of them for a nominal expense and see how you like the user interface. Testing the user interface is an important element in selecting a program given that you want to be very clear about how and when you are placing orders to purchase or sell crypto. 
In the wallet you will see a list of accounts. This starts with an initial public key address, but you can have the program create new public keys if you want to store money received in separate keys. Some wallets, in fact, propose generating multiple addresses as a way to separate and to cloak transactions, a practice that will be useful to anyone wanting to obscure their total record of transactions, given that the global blockchain records transactions by public key address. 

Splash screen for the Coinomi mobile wallet for iOS. The first task will be to create the wallet words that will secure your wallet and then to back them up. 

×
coinomi-wallet-startup.png

Coinomi generation of random wallet words — record them somewhere else so you can always recall them if needed, and don’t show them to anyone! (Unlike this article is doing!)

×
coinomi-wallet-words.png

When you first install a wallet program such as Mycelium or Coinomi, they will ask you to record a unique string of several words whose combination will be used if you ever need to recover a wallet, such as if you lose your phone with the program on it. You should carefully note the words and record them in a safe place, as these words are the only way to recover a wallet, and without them, your wallet account and any money you have in the wallet will be lost. Once you’re through that procedure, you will create a password of your own invention, which is the normal kind of procedure. The password is what you use with the wallet on a day-to-day basis, and is separate from your recovery set of words. 
To receive bitcoin, you give someone your public key or keys, a string of characters you can see in the program. To send money, you enter into the program a public key that someone provides to you. In this way, you can also use multiple wallet programs and transfer funds between them. 
With each transaction, either sending or receiving, a fee is extracted. The fee goes to the global “mining” community, those computer users who form the third party, the blockchain, that participate in verifying all transactions for a given currency. When you send or receive, it takes some time for the amounts to be verified by miners, hence, your wallet may show grayed-out amounts until they are final. This can take up to several minutes for each transaction. 

The public key, which you give to a counter-party, either by reading off the combinations of characters at the top of the screen or by having them scan the barcode. 

×
coinomi-wallet-public-key.png

Given that the spot price for a single Bitcoin is around $23,000 today, your first purchase will show only a fraction of one bitcoin in your wallet, something like “0.001” Bitcoin for a $10 purchase, after fees. Other currencies are cheaper but it still can cost hundreds of dollars for a single coin of any currency. 
Be aware that that software wallets can be hacked. Crackers have used approaches such as sending false notice of software updates, to install malicious code. A wallet can be secured via two-factor authentication, such as a one-time passcode sent to a phone, however, crackers have compromised such authentication by what’s known as “SIM swapping,” getting a phone company to assign your cellular account to them, so that they can intercept such one-time codes. There’s no way to absolutely prevent such attacks, one just has to be vigilant for any sign of things irregular, such as sudden notices of password renewal messages or sudden interruptions in phone service. As explained in the next section, such attacks can be limited or they can be exacerbated by the use of crypto exchanges. 
The world of Bitcoin ATMs
Wallets only allow you to send and receive the crypto-currencies, they are not for converting fiat money into crypto. If you don’t have a counter-party from whom to receive your first Bitcoins or Ether coins, an easy way to get some is to locate one of the several thousand crypto ATMs installed in various cities, which will convert bills of fiat currency into crypto of your choice, depending on what the machine offers. These things often hang out in small shops, such as grocery stores, similar to normal ATMs.

A General Bytes Bitcoin ATM.
A directory of such machines is maintained by CoinATMRdar, with details about the features of the machines and whether a machine is in working order, updated by crowd-sourced reports. Using the machine starts with inserting money just like a slot machine. You then take out your smartphone wallet and bring up the bar code in the app that represents your public key. You hold the screen of the phone up to the machine’s barcode reader for it to be scanned. Within a few seconds, your crypto shows up in the wallet, with a record of the details of the transaction including the fees charge, and lots of technical details about the blockchain process that probably will not be that interesting to you in the beginning. 
Such machines can vary quite a bit, but you can get a sense of the features by checking out the product literature of one popular manufacturer, General Bytes. Most machines are one-way, bills to crypto only, so you can’t cash out of Bitcoin and the rest, although newer machines from General Bytes incorporate that option. 
The cold storage alternative
Because accounts can be compromised, you may want to consider turning to what’s known as “cold storage,” a device that’s not connected to a network. Startups have created physical USB tokens, similar to a thumb drive, such as Trezor and KeepKey that you plug into a computer, and that ingest your crypto assets, acting as a hardware wallet that can be kept physically remote from your day-to-day activities. 
Bear in mind that the companies offering such devices have somewhat vague and incomplete user documentation, which means knowing who is selling you the device and all the details about how it works can involve some extra web searches or Reddit discussions. 

The Denarium gold coin comes pre-loaded with specified amounts of Bitcoin, as a “hard wallet” that’s off the grid, for cold storage of your money. 
Finnish startup Prasos has a somewhat unique take on the whole matter: silver, platinum and gold coins, called “Denarium,” that are shipped by the company with an embedded hologram that counts as the tamper-resistant record of your collected coins. These are one-time devices, as once you rip open the cover of the hologram, if you want to spend it, the physical token loses its crypto value (though it’s still precious metal, for what that’s worth.)
Another curious artifact is the “CryptoSteel,” from British firm Sword Ltd. The $79 steel slab, about the size of a credit card, comes with a set of tiny metal characters. You assemble the wallet words for your digital wallet by placing the type pieces into the grooves in the slab, rather like an old-fashioned type-setter laying out a print newspaper. It’s a durable, simple way to make a record of wallet words that secures your wallet. 
Working with exchanges 
At some point, being strictly peer-to-peer, exchanging Bitcoin and the other money with single individuals, may seem too limiting. You may be ready to check out one of the numerous exchanges that bring together buyers and sellers, places such as Bitstamp, Kraken, and Coinbase. (Bitcoincharts is one starting place to see the selection of exchanges out there.)
These institutions theoretically inject liquidity into the system, by making it possible for counter-parties to come together, although they carry a whole other set of risks as well.  
Connecting from your wallet to an exchange is a matter of setting up an account on the exchange and then copying a unique public key address as the address to use in the wallet as the target for transferring your coins.
You may have to wait up to two months to deposit fiat currencies while your identity is verified by the exchange. This is so the exchange can comply with anti-money laundering and similar rules. For individuals, it’s a matter of standard proof of identification, proof of bank account, and proof of address.  

Example trading screen from exchange Bitstamp. 
Once your account is set up, depositing money with which to buy and sell on the exchange introduces its own wait time. A wire transfer is required to put U.S. dollars and other fiat currencies into your exchange account. It can take 48 hours to submit the paperwork just to get the ball rolling, and another five business days for the wire transfer to actually go through and the funds to show up in your account. 
The exchange method can vary quite a bit. Places such as Bitstamp feature “Buy” and “Sell” buttons for placing trades, much like online trading software. These exchanges support trading in a variety of different coins, not just Bitcoin, and they offer different quotes for both the spot price of a given coin — its value in fiat currency — as well as the fees that will be charged for each transaction.
Also: Want a job in bitcoin or blockchain? These 10 companies have the most openings TechRepublic 
A somewhat different approach is a service called LocalBitcoins. It’s a kind of marketplace of buyers and sellers rather than a true exchange. It lets sellers of currency post listings of what currencies they will sell and for how much. When you go to buy the currency, or if you become a seller, any exchange of fiat currency with the other party is done via a variety of transfer mechanisms that can include Western Union, MoneyGram, or traditional bank transfers, so it expands your options for funding your trades. You can drill down into details about the counter-parties as well, if you want to geek out on the reputations of the other party. 
Taking out funds when you want to cash out to fiat currencies can take a week to two weeks, depending on the internal processes of the exchange you use. It’s especially important to keep in mind these time frames for opening, funding, and cashing out, as they will be a drag to your momentum.
In addition to individual trading, exchanges have been adding capabilities for enterprise accounts. These can include dedicated network connections and co-located server equipment for trade processing. 
How to pick exchanges
There are tons of different exchanges, and picking one will involve a mix of assessing features and assessing operating history. On the first score, exchanges vary by the currencies they support, the prices they list for buying and selling, the volume of trading they offer (a proxy of liquidity), and, for companies, the enterprise features they offer. 
In the latter case, some time spent with the exchanges is required to get a sense of the true security they can offer over time.
Exchanges bring both safety and risk. On the one hand, professionals who manage infrastructure could keep your holdings safer than you would as an individual or a company, because it’s their job. And some exchanges can insure deposits as a practice. 
See: Will blockchain be mainstream by 2025?
One the other hand, it is possible for the virtual currencies of exchanges to be compromised, something that has happened with many exchanges on numerous occasions. Just last month, an exchange named Binance was cleaned out of $41 million worth of Bitcoin because of a massive security breach, echoing attacks in past such as the 2013, $350-million theft that shut down exchange Mt. Gox.
In many cases, exchanges continue to function, despite past problems. The example of Bitfinex, an operation run by Hong Kong-based iFinex Inc., is salutary. The company in the summer of 2016 suffered a loss of over $60 million in customer funds. Bitfinex has also been accused of artificially inflating the price of Bitcoin, and the New York Attorney General obtained a court order in April against parent iFinex enjoining the company against continuing certain actions that may have defrauded customers.
Risks: How to make cryptocurrency safer
Given risks to both individual wallets and exchanges, it’s important to consider best practices to mitigate the disasters that can happen. Those best practices include starting with only nominal amounts in crypto, to gain a convincing history of the quality of both wallet software and trading platforms. Consider experimenting with the offerings over a period of time that may be several months to a year. As a contract, a cryptocurrency, including both Bitcoin and newer offerings, is established via the evidence of stability over time. 
Given that the biggest risks have come from things that are all too common in the software world, such as cracked passwords and backdoor software installs, it’s important to both observe best practices in the maintenance of secrets but also to test out various offerings to establish the quality of programs and platforms.
And perhaps the best thing one can do is to avoid the mindless urge known as “fear of missing out,” or FOMO. A good part of the danger in crypto comes from the continually shifting nature of currencies and technologies. Jumping into anything increases risk. Avoiding rushing into anything crypto that is new simply because it is new will most likely greatly reduce the headaches and the heartache.
The future of crypto: An evolving landscape
Understanding the landscape of crypto is only ever partial, as things continue to evolve. The currencies are evolving, the technology is evolving, and the rule of law is trying to evolve. 
On the currency front, people continue to come up with new coins, especially for the purposes of supposed stability. Startup Tether, Ltd., which is owned by iFinex, promised to back all “Tether” coins in circulation with more hard currency than the dollar value of the coins, over $2 billion in assets. With the A.G.’s action in New York, others are rushing in to propose alternative ways to make such “stable coins,” as they’re called.
Also: Your systems, their profit: How IT rights can be abused for shadow mining of cryptocurrency TechRepublic 
A competitor, Anchor AG, claims the real challenge is to make trading more stable. It proposes to do so by tying its novel currency, the “Anchor” coin, to the total economic production of the world. Anchor is promoting something called the “Monetary Measurement Unit,” or MMU, which the company claims is calculated based on global gross domestic product using a unique, proprietary algorithm. 
That’s all well and good, but as mentioned with Facebook’s Libra, larger parties are getting into the crypto game. The company’s blog post claims Libra will be “stable” because it is “backed by a reserve.” 
A companion white paper offers a lot more detail. The reserve will be created via a private placement of a second class of coin, which is a way to inject initial funds into the reserve. Facebook says this reserve will limit the extent of the fluctuations in Libra, though whether it prevents the wild swings seen with Bitcoin and the rest is an open question.
There are whole other bunch of changes coming with Libra. Facebook’s crypto will come with a whole new programming language, called “Move,” and there will be an association of founding member companies, such as Visa and Mastercard and Vodafone, that will control the mining of new coins, unlike Bitcoin, where anyone with enough computing power can mint new currency.

Bottom line, Facebook’s entry looks to be a seminal event for crypto, and will have an impact on the other coins in circulation and the future directions for existing wallet software and exchanges. With other tech giants besides Facebook offering technology related to crypto, such as Amazon’s blockchain service, and Apple’s “CryptoKit,” there could be a wave of major-party crypto offerings. After all, cryptocurrencies are little more than a digital contract, something big tech should be able to provide to its loyal user base. That could lead to a fractured landscape, or perhaps some organization like Libra’s will unite the various efforts.
See: Amazon Managed Blockchain now generally available
The evolution of the mining community, those computer users who spend compute cycles on maintaining the blockchain, will be another continuing matter in coming years. Recent years have seen the concentration of compute power in the hands of single parties such as AntPool, Bixin, and CoinGeek. Their dominance of the blockchain for currencies feels long in the tooth and ripe for innovation. 
Regulation and taxes
And then there’s regulation. The wave of popularity in 2018 has resulted in a wave of scrutiny. The city of Vancouver, British Columbia, the site of the very first Bitcoin ATM, is considering a ban on crypto ATMs, which police say is an “ideal money-laundering vehicle,” following a raft of theft incidents with the machines. 
China, whose government has banned crypto trading, is reportedly considering outlawing mining activity, which would be a big development, given that China is where the majority of mining takes place. 
And don’t forget taxes. Crypto today is treated as capital gains, which basically means a 15% tax on users’ profits. The U.S. Internal Revenue Service issued long-awaited guidance on crypto in October of 2019. The IRS  has been getting more aggressive this year in going after people about their holdings. If you exchanged Bitcoin, or another crypto currency, into fiat currency, you will have a complex process of calculating a “cost basis” for your holdings. You may want to start with the IRS’s FAQ to know what’s expected of you.
It’s entirely possible that tax rates will change as legislation evolves to reflect the expanding practice of trading in crypto.  
When it comes to crypto, keep an open mind but be careful. This is an immature technology, and an immature marketplace, so keeping your head amidst the chaos is essential. 
Related coverage More

Saudi human rights activist Loujain al-Hathloul has filed a lawsuit against spyware maker DarkMatter Group and three former US intelligence operatives for their role in helping the United Arab Emirates hack into her iPhone and track her movements. al-Hathloul is one of several people the DarkMatter Group hacked, and three executives at the firm — 49-year-old Marc Baier, 34-year-old Ryan Adams and 40-year-old Daniel Gericke — were fined by the Justice Department in September for their role in helping oppressive governments like the UAE violate several US laws. 

The three were part of Project Raven, an effort by the UAE to spy on human rights activists, politicians, journalists, and dissidents opposed to the government during the Arab Spring protests. In 2019, both Reuters and The Intercept conducted in-depth investigations into the work of Project Raven and DarkMatter after members of the team raised concerns about the hacking UAE officials were requesting. The case sparked widespread concern about how former officials at the National Security Agency (NSA) and other US spy agencies were spreading the tactics they learned while hacking for the US government. al-Hathloul’s lawsuit was filed by the Electronic Frontier Foundation (EFF) and law firms Foley Hoag LLP and Boise Matthews LLP. EFF said DarkMatter was working for the UAE but hacked al-Hathloul’s iPhone on behalf of the Kingdom of Saudi Arabia, noting that the DarkMatter used an iMessage vulnerability to monitor people’s devices. EFF attorney Mukund Rathi said this is a “clear-cut case” of device hacking, where DarkMatter operatives broke into al-Hathloul’s iPhone without her knowledge to insert malware, with horrific consequences. 

“This kind of crime is what the Computer Fraud and Abuse Act was meant to punish,” Rathi said, adding that the lawsuit includes claims that DarkMatter is liable for crimes against humanity for helping the UAE hack many human rights defenders.Baier, Adams, and Gericke bought the malicious code from a US company during their time building out the UAE cybersurveillance program, according to EFF. “No government or individual should tolerate the misuse of spy malware to deter human rights or endanger the voice of the human conscious. This is why I have chosen to stand up for our collective right to remain safe online and limit government-backed cyber abuses of power,” al-Hathloul said. “I continue to realize my privilege to possibly act upon my beliefs. I hope this case inspires others to confront all sorts of cybercrimes while creating a safer space for all of us to grow, share, and learn from one another without the threat of power abuses.”al-Hathloul gained prominence in 2014 when she pledged to drive across the border from the UAE into Saudi Arabia, where it was illegal for women to drive until 2018. She was stopped at the Saudi border and detained for 73 days. al-Hathloul also campaigned for women’s rights in Saudi Arabia, where women face significant discrimination and violence in addition to legal rules mandating male permission for work and travel. In the lawsuit, EFF lawyers said al-Hathloul’s iPhone was hacked by DarkMatter in 2017, violating the Computer Fraud and Abuse Act because the malicious code was directed to Apple services in the US. DarkMatter gained access to all of al-Hathloul’s emails, texts and real-time location, according to EFF. al-Hathloul was eventually arrested while driving in Abu Dhabi and extradited to Saudi Arabia, where she was jailed, electrocuted, flogged, and threatened with rape and death. “Companies that peddle their surveillance software and services to oppressive governments must be held accountable for the resulting human rights abuses,” EFF civil liberties director David Greene said. “The harm to Loujain al-Hathloul can never be undone. But this lawsuit is a step toward accountability.”The Justice Department faced backlash in September for not imposing harsh enough penalties on Baier, Adams, and Gericke after their work was revealed by several news outlets. The three “entered into a deferred prosecution agreement” that allows them to avoid prison sentences in exchange for paying $1,685,000 “to resolve a Department of Justice investigation regarding violations of US export control, computer fraud, and access device fraud laws.”Baier will be forced to pay $750,000, Adams will pay $600,000, and Gericke will pay $335,000 over a three-year term. All three will also be forced to cooperate with the FBI and DOJ on other investigations and to relinquish any foreign or US security clearances. They are also permanently banned from having future US security clearances and will be restricted from any jobs involving computer network exploitation, working for certain UAE organizations, exporting defense articles, or providing defense services.EFF Cybersecurity Director Eva Galperin noted that Project Raven went beyond even the tactics deployed by the NSO Group, which has been caught repeatedly selling its spyware to authoritarian governments.”DarkMatter didn’t merely provide the tools; they oversaw the surveillance program themselves,” Galperin said.  More

This article was originally published in July 2015, updated in 2017, 2018, and now, in 2020. A few years ago, I moved off of Office 365 and Outlook and onto Gmail. Many of you thought I’d regret the move, but I have to tell you that Gmail has been a nearly frictionless experience. I don’t […] More

Enterprise software giant Oracle published an urgent security alert last night, urging companies that run WebLogic servers to install the latest patches the company released in mid-April. Oracle says it received reports of attempts to exploit CVE-2020-2883, a vulnerability in its WebLogic enterprise product. WebLogic is a Java-based middleware server that sits between a front-facing […] More

A new report from the Government Accountability Office (GAO) has found that the controversial Stop Enabling Sex Traffickers Act (SESTA) and Allow States and Victims to Fight Online Sex Trafficking Act (FOSTA) have been used just once since becoming law in April 2018.The GAO report, issued by GAO director of the Homeland Security and Justice team Gretta Goodwin, said that criminal restitution has never been sought and civil damages have not been awarded at all under section 3 of FOSTA.  Before being passed by Congress, the laws faced bitter opposition from advocacy groups, some members of the US Justice Department and even some US Senators, who warned that the law would force sex trafficking and prostitution operations even deeper underground while also making it harder for law enforcement to disrupt groups involved. Others said the law disrupted legitimate avenues for safe sex work and endangered those voluntarily involved in the industry. Federal authorities made news in 2018 when they seized backpage.com, the largest online platform for buying and selling commercial sex.But the GAO now says the closure of backpage.com and the passage of the laws “led many who controlled platforms in this market to relocate their platforms overseas.” “Additionally, with backpage.com no longer in the market, buyers and sellers moved to other online platforms, and the market became fragmented. The current landscape of the online commercial sex market heightens already existing challenges law enforcement face in gathering tips and evidence,” the report said. “The July 2020 Polaris and April 2019 childsafe.ai reports state that since backpage.com was removed from the market, there has been fierce competition among platforms for market share, and no single platform has emerged as dominant at the national level. DOJ officials confirmed this assessment,” the report added. 

Federal law enforcement agencies are now struggling to gather tips and evidence because online platforms have relocated to platforms overseas, use complex payment systems and have “increased use of social media platforms,” according to the GAO, which spoke with Justice Department prosecutors, FBI officials and many others within the government. Those involved in the illegal sex trade are increasingly using “hobby board platforms,” according to FBI officials cited in the report. Hobby boards “are designed around preserving legitimacy and reputation, and even have built-in mechanisms whereby users moderate content on the platforms,” according to the report, which added that the boards provide more information than what is available on advertising platforms. “For instance, in addition to reviews from other buyers, buyers may be able to see a detailed list of services provided and a graphic description of the provider’s appearance. Further, provider profiles contain contact information and pricing information with detail that is often banned on advertising sites, such as rates and location, according to the April 2019 childsafe.ai report,” the report said. “Thus, the childsafe.ai CEO said, although buyers may still shop on advertising platforms, they are increasingly relying on hobby board platforms both to shop and to ensure they will be receiving the services they will be paying for.”The use of “sugar dating” platforms for this purpose has also increased since 2018 because it doubles as a way to service those already involved in the online commercial sex market as well as people who “would otherwise not be,” according to the GAO.Multiple organization provided information to GAO indicating that the search functions on these sites intentionally provide users with the content they are looking for, with some profiles “clearly insinuating that sex is part of the sugar dating commercial arrangement.”FBI officials also told GAO representatives that they were having issues with information gathering because many social media or messaging platforms are now encrypted, allow for anonymity or have features that allow messages to be deleted instantly. As of March, the only case brought forward by the Justice Department under the criminal provision established by section 3 of FOSTA relates to a June 2020 case against the owner of cityxguide.com. USA v. Martono is still ongoing. Federal prosecutors defended not using the law enough by saying racketeering and money laundering charges are more successful in court.The GAO report questions why more victims have not brought more civil cases under section 3 of FOSTA but explains that representatives from the Human Trafficking Institute said victims “may not want to bring cases years after crimes took place because doing so might open old wounds for which they do not want to relive the trauma.” “Successfully bringing a civil case could be easier when there has been a related criminal conviction, and there have been no criminal convictions for aggravated violations of section 3 of FOSTA,” the report said. “Victims and their attorneys may not have the resources to gather sufficient evidence to prove that injury was suffered as a result of an aggravated violation of section 3 of FOSTA.”Dirk Schrader, a vice president at New Net Technologies, told ZDNet the GAO report was another manifestation of a larger issue. “There is no common approach to cybercrime in the laws of the countries of the world, and the cross connects between real-life serious crimes and the cyber world have not been understood nor embedded into such laws,” Schrader said. “As long as there is no common ground for what is good or bad in the cyber world across the majority of legislations in the world, these kinds of laws enacted in a certain country will always have shortcomings when it comes to enforcement and application. Cyber crime has many facets, and only a few of them can be addressed with a technical solution.” Others cited a warning issued by US Senator Ron Wyden in 2017 that predicted many of the GAO’s findings and said the law’s “approach will make it harder to catch dangerous criminals.”Sarah Roth-Gaudette, executive director of advocacy group Fight for the Future, said the report confirmed the organization’s worst fear. She called FOSTA-SESTA a “complete disaster” and said lives were put in danger as people were forced into the darkest corners of the internet.”And now we learn that the law has only been used once in its three-year history,” Roth-Gaudette said. “Until we fully study the unintended consequences of amending Section 230, by investigating the impact of FOSTA-SESTA, we cannot pretend that uncareful changes to Section 230 will not harm the most vulnerable and marginalized members of society.”  More