August 2022

53 minute read

Welcome to the twentieth issue of ‘This Month in Bitcoin Privacy’ newsletter. Enjoy!

“Elephant Hawk-moth” by naturalengland is licensed under CC BY-NC-ND 2.0.

OVERFLOW

This section is for stories that would have been included for the months of May, June, and July:

May 2nd - FINANCIAL CRYPTOGRAPHY AND DATA SECURITY 2022

In TMIBP07 and TMIBP08, I highlighted Bitcoin privacy-related research that was featured at last year’s Financial Cryptography and Data Security (FC21) conference. This year’s FC22 event took place during the first week of May, and once again there were a few papers focused on privacy. István András Seres (TMIBP01, 05, 07, 10) co-authored a paper on Fuzzy Message Detection (FMD). Two of the papers in ‘Session 6: Mostly Payment Networks’ focused on privacy, “Hide & Seek: Privacy-Preserving Rebalancing on Payment Channel Networks” by Zeta Avarikioti et al., and “Resurrecting Address Clustering in Bitcoin” by Chainalysis software engineer Malte Möser and Princeton associate professor Arvind Narayanan, in which they “tackle several challenges of change address identification and clustering” and “develop new techniques to predict change outputs with low false positive rates.”

It is worth noting that the latter was funded by the Ripple University Blockchain Research Initiative (UBRI), which is known to be pushing poorly supported anti-Bitcoin ‘research’, and that event sponsors include platinum-tier CipherTrace and gold-tier Chainalysis.

May 6th - ZK-ROLLUP RESEARCH FELLOWSHIP UPDATE

In TMIBP19, I included the Human Rights Foundation’s research fellowship into zero-knowledge (ZK) rollups for Bitcoin. John Light opened a research library “where I’ll be dumping links as I come across interesting resources.” He shared an extensive post by developer Trey Del Bonis on the subject:

While current rollup implementations are very dependent on how Ethereum-style contracts store state and represent settlement, there is no fundamental reason that a UTXO-based ledger cannot support rollups. In this article I aim to explore and sketch out some designs for how a zk rollup might function on a future version of Bitcoin that supports some additional script primitives.

… If the rollup involves a small set of parties that make many transactions and for some reason “just using Lightning” isn’t an option, then it may make sense to have an alternate spending path that just takes a signature from all of them and they can all consent to the state transition without having to rely on the chain to enforce the logic. This would be improved by using a taproot output which increases privacy and chain space. Failing that, we could still rely on script to encourage liveness.

May 8th - JOINMARKET ADDS ONION-BASED MESSAGING

The v0.9.6 release of JoinMarket now makes it a requirement to run Tor, because they are replacing their reliance on IRC servers with “quasi-p2p onion-based messaging.” Adam Gibson wrote a guide on “how to setup onion message channels in JoinMarket.”

The TLDR is that makers serve Tor onions, and after initial rendezvous on “directory nodes”, most of the transaction negotiation can happen peer to peer. IRC is still configured and will be for some time. All the message channels are used redundantly.

On May 14th, v0.6.8 of JoinInBox (TMIBP01, 03, 05, 10) was also released. (Note: As of publication time at the end of August, the latest releases are now v0.9.7 and v0.7.2 respectively.)

Similarly, on May 29th, the Lightning and onion-based exchange RoboSats announced that they had “just implemented the most transparent and easy to audit E2E chat” based on the OpenPGP standard.

Every robot avatar has a pair of PGP keys. These are encrypted with your high entropy token, the same token that is double hashed to generate the avatar. Of course, only you know your token! On the chat, every message you send is encrypted for your peer’s public key and signed with your private key. Only he can reads them. Same for his messages: only you can read them.

With single click on the ‘Export’ button you save the PGP credentials and messages (encrypted, decrypted and signature checked). In case of a dispute, your counterpart won’t be able to tell a different story to the staff… you can prove otherwise: you have his signed messages!

The coolest thing is that you can copy or export every PGP key and message into any other OpenPGP tool (GnuPG, OpenKeychain…). And verify for yourself every message if you do not trust the RoboSats client app (Don’t trust, verify)

May 12th - PLAID CLASS ACTION LAWSUIT UPDATE

In TMIBP02 and TMIBP06, I covered class action lawsuits and anti-trust complaints against Plaid Inc., a financial technology and identity verification company. The final approval hearing for settlement occurred on May 12th, “where the Court may hear arguments concerning the approval of the Settlement.”

Under the Settlement, Plaid has agreed to minimize the data it stores going forward, to delete certain previously retrieved data, and to improve and maintain certain already-implemented enhancements to Plaid Link. Class Members are also able to view and manage the connections they’ve made between their financial accounts and chosen applications using Plaid, and delete data stored in Plaid’s systems by creating a Plaid Portal account, at my.plaid.com.

In addition, the Settlement establishes a $58 million Settlement Fund, to be used for cash payments to Class Members who submit valid claims for compensation, after deducting the costs of the settlement administration, court-approved attorneys’ fees and expenses, and Service Awards for eleven Class Representatives.

May 26th - MINING POOL INTEGRATES PAYNYMS

The small Vancouver-based Bitcoin mining pool operator Lincoin Technologies announced that they had integrated BIP-47 PayNyms (TMIBP03, 06, 09, 10) for their reward payouts, with the goal of “setting new standards for the industry.” In the following days, they published instructions for how to enable them, and tweeted about why PayNyms were superior to static addresses or xPubs (TMIBP03):

Static Address: This is the most insecure method that breaches your privacy. The Spy, by monitoring that address, will know exactly how your performance have been and how much money you have made.

Xpub: By providing your Xpub to a pool they will be able to generate a new address of your wallet every time they send you a payout. But they will be able to track all your activities across any network (coin) in the past and in the future.

PayNym: This method is known to fulfill privacy between two parties without giving access to an external party to track them. In this method you provide the pool with a payment code which will be used to generate a new address every time they send you a payout. The pool won’t be able to track any other transactions/addresses outside the scope of your relationship and that is why it is considered the best practice.

On July 21st, they shared that they had “acheived 20% adoption [among] our users and have paid hundreds of payouts to PayNym addresses.”

In TMIBP19, I included Somsen’s proposal for Silent Payments. On May 24th, ‘w0xlt’ published a tutorial for testing this new scheme on signet; they have also created a test library for the reusable Taproot addresses (TMIBP18). If you would like a breakdown of “the mechanics of Taproot,” check out this recent demonstration by BitMEX Research.

Check out Seth’s list of “Bitcoin proposals and ideas to improve privacy that are still a work in progress, were abandoned or never implemented, or failed to make a noticeable impact.”

June 2nd - CBDCS IN MAJOR MARKET ECONOMIES

In TMIBP05, TMIBP08, TMIBP12, TMIBP14, and TMIBP17, I have followed exploration, promotion, and criticism of central bank digital currencies (CBDCs). In the last TMIBP19, I cited a research paper from the U.S. Federal Reserve on the subject, which has since received over 1,500 public comments. On June 2nd, Nicholas Anthony, a policy analyst for the Cato Institute’s Center for Monetary & Financial Alternatives (CMFA), reported that “76% of commenters … oppose the idea of a CBDC,” and showcased a selection of responses concerned with financial privacy.

Out of all the concerns, the American Civil Liberty Union (ACLU) may have taken the most concise stance when it wrote, “Anonymity is not negotiable when it comes to digital cash.”

On June 15th, the international affairs think-tank Atlantic Council’s report “Missing Key: The Challenge of Cybersecurity and Central Bank Digital Currency” included several “principles for future legislation and regulation,” and the second principle is that “privacy can strengthen security.”

… privacy-preserving CBDC designs may also be more secure because they reduce the risk and potential harmful consequences of cyberattacks associated with data exfiltration, for example. CBDCs with stronger privacy rules may generate and store less sensitive data in the first place. In turn, potential attackers have a smaller incentive to infiltrate the system. If an attack is successful, the impact would be less severe. Our research also shows that CBDCs can offer cash-like privacy while potentially providing more efficient oversight options to regulatory authorities. To build a CBDC, policy makers in the US Congress and their colleagues around the world should carefully examine the relationship between privacy and security. They should weigh the findings of this report before making foundational decisions about a CBDC’s level of privacy that will filter through to the digital currency’s design and determine its cybersecurity profile.

They regard controls “about which personnel can search repositories of CBDC data” as a necessary feature, particuarly because “other government databases have experienced problems when a rogue government employee has complete discretion to perform universal search queries across millions of sensitive records, for example, about a former spouse, an ex-girlfriend, or fellow employee.” In July, Politico technology reporter Vincent Manancourt would write about the Eve Doherty case in Ireland (the ‘rogue’ got to keep her job), in the context of mass surveillance and data retention regimes thriving despite rulings by the European Court of Justice.

On June 22nd, Congressman Jim Himes announced a proposal for a Federal Reserve-issued CBDC, with a “critical role in preserving the dollar’s role as the global reserve currency of choice.” In the sections on ‘Privacy’ and ‘Domestic and National Security’, Himes asserts that there should be a “careful alignment of expected privacy and anonymity, along with strong financial crime enforcement,” especially the Bank Secrecy Act.

To achieve these goals, the Fed should experiment with a wide range of encryption proofs and privacy solutions that safeguard consumer data and collect only the information necessary to validate transactions. The Fed and other financial regulators should consider testing methods that shield identities and transaction amounts and prevent the aggregation of consumers’ financial history without proper legal justification. The Fed should undertake this consideration with significant public participation, education, and outreach to ensure that consumers and market participants are made aware of testing results and understand how a CBDC is and is not comparable to physical cash. Regulators and Fed officials should examine the possibility of making CBDC test design structures open source to allow academics, computer scientists, and privacy advocates to confirm the software’s efficacy and legitimacy. Congress should implement strict notification requirements so that officials tasked with oversight and civil liberties enforcement are regularly informed of CBDC privacy violations and operational risks.

.. Security standards and best practices for a U.S. CBDC should be consistent with the goals of the Bank Secrecy Act, particularly with regard to documentation, record‐keeping, employee training, audit cooperation, and internal policies. Because a CBDC should be difficult to use for illegal activities, it will require substantial oversight, done under the auspices of strict confidentiality. Intermediaries must be required to make similar efforts to monitor CBDC funds as is currently required to monitor commercial bank money, such as currency transaction reports and suspicious activity reports.

On June 26th, the Bank for International Settlements (BIS) published their annual report on “the progress we have made to support central banks’ pursuit of monetary and financial stability.” It emphasizes that “CBDCs, grounded on trust in the central bank, offer the unique advantages of central bank money to the general public. CBDCs should be based on digital identification, with institutional and technological safeguards to ensure privacy.”

On July 8th, the European Central Bank (ECB) “invit[ed] technology experts to take part in online technical talks” with the digital euro project team about CBDCs, with a “focus on the large-scale application of privacy-enhancing technologies in settlement of retail payments.” In August, they published a working paper by Director General of Market Infrastructure and Payments (DG-MIP) Ulrich Bindseil and George Pantelopoulos titled “Towards the Holy Grail of Cross-Border Payments.” Under the “potential drawbacks of stablecoins,” they include “market power and network effects.”

A successful global stablecoin which would perform well in terms of universal reach would have significant market power across international borders, presumably giving it leeway to eventually exploit this market power in one way or another. BigTechs could also store, use and sell payments data, raising privacy concerns.

The United Nations Conference on Trade and Development (UNCTAD) also published a summary of three recent policy briefs” they’ve offered on the “risks and costs” of cryptocurrencies. In “All That Glitters is Not Gold” from June, they argue – together with bans and restrictions on decentralised finance – that developing countries especially should be “creating a public payment system to serve as a public good, such as a central bank digital currency.” In “Public Payment Systems in the Digital Era,” they say further that “curbing the spread of cryptocurrencies is not an easy task,” and “the best national payment systems provide stability, safety, efficiency, affordability and integrity; and protect privacy.” They cite the Nigerian Central Bank (yes, the same one that censored the bank accounts of the Feminist Coalition that supported non-violent demonstrations against police brutality) as an example of a good balance between financial inclusion and preventing “illicit financial transactions”:

Currently, the electronic naira currency is provided only to people with a bank account and, therefore, in possession of an identification document. The Central Bank plans to expand access to this currency to anyone with a mobile telephone, which would include undocumented populations. To minimize the risk of illicit transactions, accounts linked to identification documents are permitted to hold higher values, of up to ₦5 million (around $12,000) and anonymous accounts are limited to lower values, of up to ₦120,000 (around $300). Such graduated access should be a temporary solution, however, with authorities reducing barriers to citizens in accessing the payment system, including through the universal provision of identification documents.

A similar threshold scheme has been suggested by the ECB in their ‘digital euro’ presentation (TMIBP19). The UNCTAD’s final brief, published this month, is “The Cost of Doing Too Little Too Late.” They urge for “a comprehensive [global] system of information sharing on cryptocurrency holding and trading,” echoing Travel Rule compliance initiatives, and “imposing higher taxes on them in comparison to other financial assets to discourage holding and transacting,” even when used to “facilitate remittances,” because “a broad range of households could potentially use [them] as a hedge against exchange rate and inflation risk and as a channel for capital flight.”

The fundamental question that I have, and which I asked during our panel at the Oslo Freedom Forum in May, is: would any of these CBDCs pass the WikiLeaks test? Could a journalistic publishing organisation protect their freedom of speech from extra-judicial censorship through financial blacklisting by nation states, if digital currency infrastructure was even more under the thumb of those same states? Since June 2011, WikiLeaks has been able to do just that with bitcoin, despite fear that doing so would bring too much attention on the nascent currency in its infancy. I suspect that the answers from most or all others will be “no,” and I for one have no patience left for “no.”

June 10th - RIDDLE ME THIS

Adam Gibson published an outline for “Ring signature based IDentities using Discrete Log Equivalence” (RIDDLE), which he subsequently migrated to a blog post. Two days later, he summarised it to the mailing list as “a suggested protocol for doing anti-Sybil that isn’t too demanding for the users, but actually keeps a decent level of privacy.” Ruben Somsen and Chris Belcher, among others, have made comments. Essentially, the idea is to provide a proof that you own a unique unspent transaction output (UTXO) corresponding to a set of Taproot public keys, using ring signatures for anonymisation. He writes that this was developed from PoDLE in JoinMarket (TMIBP01).

This problem is seen in sign ups for websites, for example, or comment posting, or public API usage. It also becomes a particularly keen problem in Bitcoin protocols like Lightning Network or Joinmarket where we want participants to be able to participate but are open to spam and snooping attacks, and sometimes have to make unfortunate privacy tradeoffs.

This document introduces, and argues for, usage of a cryptographic mechanism which is already well known (to experts, if not the general public), as a potential solution for this problem in a wide variety of contexts, leveraging Bitcoin’s utxo set.

We would caution that this is not an identity system; it cannot identify individuals (we hope!) and has nothing to say about distributed or centralized naming services (at least, not as described here). It’s basically about anonymised and lightweight rate limiting.

… (the name is appropriate in suggesting that this mechanism creates a very difficult, usually unsolvable puzzle for the adversary .. also, one could imagine, whimsically, a UI presenting this to a user as “your wallet is solving the riddle”, like a captcha).

The proposal was featured in Bitcoin Optech Newsletter #205:

Although the RIDDLE protocol does provide privacy advantages over other anti-sybil mechanisms, Gibson does warn that information from use of the system can be combined with other available information to potentially reduce the user’s privacy. He writes, “there is no possibility that this kind of system can provide iron-clad privacy guarantees. If protecting the location of the real signing utxo is a matter of life and death, on no account use a system like this!”

On the Lightning-Dev mailing list, developer ZmnSCPxj suggested RIDDLE might be an option for separating LN’s anti-sybil mechanism from UTXO-based channel identifiers which, in the era of taproot and signature aggregation, unnecessarily disclose which onchain transactions are LN channel opens and mutual closes.

On July 15th, Gibson also wrote about “how to create a log-sized ring signature on taproot utxos” and why Taproot is needed for the construction. On August 11th, he sent an update on this to the mailing list, concluding that Sarang Noether and Brandon Goodell’s Triptych constructions should be used, which is “a family of linkable ring signatures without trusted setup that is based on generalizations of zero-knowledge proofs of knowledge of commitment openings to zero.”

June 11th - COIN CENTER CHALLENGES TREASURY

Why is that review of BSA constitutionality relevant to our discussion of §6050I? Because §6050I reports are also deputized surveillance but there is no third party. One person to a two person transaction is obligated to collect a load of sensitive information from her counterparty and hand that to government officials without any warrant or reasonable suspicion of wrongdoing.

… An obvious question remains: why does the third-party doctrine described in the BSA cases apply when there literally are only two parties involved? Why is it constitutional for the police to force one American to collect information from their fellow citizen when they could not collect that information themselves directly without a warrant?

Coin Center announced that they have filed a complaint “in federal district court against the Treasury Department in a facial constitutional challenge to the amendment of Section 6050I of the Tax Code that was part of the Infrastructure Investment and Jobs Act passed last summer,” which is scheduled to take effect on January 1st, 2024. If you are unfamiliar with Section 6050I and how it will “likewise discourage the use of digital assets and encourage the use of banks and financial institutions,” read adjunct professor Abraham Sutherland’s piece on it from last year:

Today, when you file an IRS Form 8300, you’re also filing a FinCEN Form 8300 that’s governed by BSA rules. It’s literally the same form. But FinCEN — the Financial Crimes Enforcement Network, another part of the Treasury Department — can use it in ways the IRS cannot.

So, when the local chief of police or a foreign government wants to know more about your suspected history of lavish cash spending, they don’t have to deal with IRS rigmarole on confidentiality and privacy. Instead, they go to FinCEN and request all the FinCEN Forms 8300 where you’re named in connection with large cash transactions.

But there’s a new twist. Congress just amended 26 USC section 6050I to include digital assets. But it did not also amend 31 USC section 5331.

So, the Internal Revenue Code mandates digital asset reporting (under section 6050I, the authorization for IRS Form 8300), while the Bank Secrecy Act (under section 5331, the authorization for FinCEN Form 8300) does not.

… note how the requirement will encourage the use of banks and other “financial institutions” that are regulated under the Bank Secrecy Act. Transactions handled by financial institutions are generally exempt from 6050I reporting, and these financial institutions take care of all the reporting required under the BSA. This includes banks handling dollars, of course, but it also includes “money transmitters” such as Coinbase that handle Bitcoin and other digital assets.

Coin Center’s director of research Peter van Valkenburgh had written in September 2021 about why “the §6050I reporting provision is a draconian surveillance rule that should have been ruled unconstitutional long ago,” and therefore “it will be ripe for a constitutional challenge and Coin Center is prepared to take on that challenge.” With two “co-plaintiffs in this case, Dan Carman, a consultant who helps set up businesses to use Bitcoin, and Raymond Walsh, a Bitcoin entrepreneur, along with his mining company Quiet Industries,” their complaint concerns violations of the First (pg. 49-58), Fourth (pg. 41-49), and Fifth (pg. 58-65, 68-69) Amendments, as well as “recent Supreme Court jurisprudence.” They happened to file it on the same day that Treasury deputy secretary Adewale “Wally” Adeyemo spoke at CoinDesk’s Consensus 2022 event, regarding “how the Treasury Department is approaching the digital assets landscape, and the role of regulation in promoting the kind of innovation we need to maintain U.S. leadership of the global financial system.”

On June 13th, Anthony reported via the Cato Institute about the case and noted that this “will open the door for additional long‐needed changes to strengthen Americans’ constitutional protections.” He had also recently warned that this financial surveillance has not been adjusting for inflation: “The $10,000 threshold was set 50 years ago. If it were adjusted for inflation all this time, the threshold would be nearly $75,000 today.” Norbert Michel, vice president and director of their Center for Monetary & Financial Alternatives (CMFA), had written back in April that “two current Supreme Court Justices have signaled a willingness to revisit some of the constitutional questions raised by the Court in the early 1970s.” Michel and co-author Jennifer J. Schulp had just released a working paper on the subject, “Revising the Bank Secrecy Act to Protect Privacy and Deter Criminals.” The final version was published on July 26th.

Although it’s unfortunate that this surveillance has survived for so long, it’s good that it’s being thrust into the spotlight now. The Supreme Court did not hold that the BSA violated citizens’ rights to financial privacy in the 1970s, but the Justices did recognize that technological change could easily mean that the BSA would violate those rights. And today’s financial world is much different, a fact acknowledged by current Supreme Court Justices Gorsuch and Sotomayor.

In TMIBP02, TMIBP05, and TMIBP09, I have followed Jim Harper’s lawsuit against the IRS “for violation of my Fourth Amendment and Due Process rights” in relation to the sharing of his financial data by a third-party service, Coinbase. In December 2021, Harper’s case went before “a three-judge panel of the 1st U.S. Circuit Court of Appeals in Boston [which] sharply questioned why, under a recent U.S. Supreme Court decision, cryptocurrency expert Jim Harper was barred from pursuing his lawsuit accusing the IRS of violating his privacy rights.”

[U.S. Justice Department attorney Kathleen] Lyon warned that a ruling against the IRS could open the floodgate to other lawsuits by taxpayers under audit. “There’s nothing to keep that from happening,” she said.

In August 2021, Harper had also commented on the Infrastructure Bill:

I cited the privacy and security risks of having all this data go to the IRS. I think one can put a sharper point on it by saying that the benefit of increased tax compliance is speculative and uncertain, while the cost in risk to taxpayers is fairly certain. If the IRS were to produce its tax-compliance research, perhaps it could validate collecting all this information. Until we know more, this is not a tax compliance rule, but a data collection rule with an unknown relationship to tax compliance.

On May 4th 2022, Harper testified before the U.S. Senate Judiciary Subcommittee on Privacy, Technology, and the Law on “Privacy and Other Challenges for Mandated Internet Platform Disclosure,” where he outlines “eight distinct values” for the word ‘privacy’ and how most people care about them:

In survey research I recently published,³ I found that financial security (i.e., prevention of identity fraud) is foremost in people’s minds when asked an open-ended question about privacy concerns. When prompted to address the eight values listed above, financial security remains a top priority, joined by personal security, reputation, and autonomy. Lower-tier values, in descending order, are control, fairness, peace and quiet, and anti-commercialism.

… I will focus here on what I believe to be the strongest sense of the word “privacy”: control of information about oneself. A legalistic definition of privacy in the control sense that I worked up some years ago has held up fairly well. Privacy is “the subjective condition that people experience when they have power to control information about themselves and when they exercise that power consistent with their interests and values.”⁴ We all hide and share information about ourselves to portray ourselves as we wish to be perceived by others. Most people do so inarticulately, following social customs and the occasional lessons of trial and error.

Importantly, privacy is subjective. Each person chooses what to share and what not to share (again, inarticulately) based on their own interests, values, customs, and so on. Overriding their choices deprives them of control and thus privacy.

June 23rd - TELEPORT TRANSACTIONS IMPLEMENTATION

In TMIBP01, TMIBP03, TMIBP07, TMIBP09, and TMIBP18 I have followed Chris Belcher’s development of a working CoinSwap protocol. Bitcoin Developers host Conor Okus interviewed Belcher before a live demo of CoinSwap on regtest. Belcher agreed that his proposal should eventually become a Bitcoin Improvement Proposal (BIP), and that CoinSwap would either be a software library that could be integrated with a user’s existing wallet or become a standalone client like JoinMarket, which uses a similar maker-taker model.

Privacy is really important for Bitcoin; not just good for users, but for the whole system. Bitcoin as a money requires every unit to be fungible, so that it’s always possible to be paid with a bitcoin without having to do loads of analysis on where that coin came from. It should be that every coin is exactly the same as every other.

CoinSwap is a protocol. People might be familiar with CoinJoin. They’re both protocols that improve the privacy of bitcoin transactions, and they’re both non-custodial, e.g. they can be done in a way where nobody can get their money lost. Way back in the history of Bitcoin (and they’re still sometmes used today), there were centralised mixers where you send a coin to ‘some guy’ and he pinky-promises to send another coin back to you. Of course he might not do that, he might steal your money. CoinJoin and CoinSwap are non-custodial, a user can’t get their money stolen doing this.

CoinSwap works by having two or more people swap their coins. For example, Alice has 2 BTC and Bob has 2 BTC, and when they follow the CoinSwap protocol, Alice’s coins will [become] possessed by Bob, and Bob’s coins will be possessed by Alice. The reason that improves privacy is because this swap is not visible on the blockchain. Anyone analysing the blockchain, they won’t realise this has happened. They may see, Alice’s coin has gone here / been sent to this address, but unbeknownst to them, that actually belongs to Bob.

… The way CoinSwap actually works on a technical level- It’s quite similar if people are familiar with how Lightning works. You create an off-chain contract. First the coins are locked up in a multi-signature, then you create an off-chain contract, and that creates a situation where: ‘if Alice gets her money, Bob can’t fail to get his money,’ and ‘if Bob gets his money, then Alice will also necessarily get her money.’ Because no one can be cheated, the cheapest and easiest thing to do is for Alice and Bob to just hand over their keys.

June 29th - COINBASE ON ICE UPDATE

In TMIBP01, TMIBP02, TMIBP04, TMIBP05, and TMIBP16 I have followed Coinbase’s contractual relationships with, and data disclosures to, government agencies. Last year, they were awarded at least two contracts for Analytics from the U.S. Immigration and Customs Enforcement (ICE) branch of Homeland Security. Thanks to a freedom-of-information (FOI) request by Tech Inquiry, we now know more about the nature of their service.

The FOIA response pertains to the Coinbase Analytics offering as of July and August 2021. While the customer is specifically the ICE Baltimore field office, contracting officer Tracy Riley within the Dallas Office of Acquisition Management (OAQ) administered the solicitation (“request for quote”) and purchase order; due to redactions, we can only see that the first name of the Coinbase representative she’s emailing is “Jordan.” The emails reference that licenses were also purchased by the Drug Enforcement Administration (DEA) (TMIBP01) and Police Nationale France. The “list of included services” states that their software works on at least ten cryptocurrencies in addition to Bitcoin and “all ERC-20 tokens,” can perform “transaction demixing and shielded transaction analysis,” “cross-chain capabilities,” and “Lightning Network investigation.” If that last item is true, then they beat Chainalysis to it (TMIBP18). Interestingly, they also list “historical geo tracking data.” According to CoinDesk and The Intercept, both Coinbase and ICE refused to answer questions about this, except to “den[y] that the information provided by the analytics software is the exchange’s customer data”:

An email released through the FOIA request shows that Coinbase didn’t require ICE to agree to an End User License Agreement, standard legalese that imposes limits on what a customer can do with software.

When asked about the ICE contract and the data involved, Coinbase spokesperson Natasha LaBranche directed The Intercept to a disclaimer on its website stating “Coinbase Tracer sources its information from public sources and does not make use of Coinbase user data.” LaBranche did not answer questions about how ICE is using Coinbase Tracer, how it sources location data, or if the company imposed any limits on ICE’s use of the tool.

… Homeland Security Investigations, the division of ICE that purchased the Coinbase tool, is tasked not only with immigration-related matters, aiding migrant raids and deportation operations, but broader transnational crimes as well, including various forms of financial offenses. “The contract provides a tool that supplements an HSI capability to investigative traffickers of deadly opioids on the dark web and cyber criminals who seek to attack critical infrastructure,” an ICE spokesperson wrote in a statement to The Intercept. “This tool does not reveal any sensitive personally identifiable information, is only referenced in criminal investigations, and it is not utilized in civil immigration enforcement.” The spokesperson did not respond to questions about how precisely it has used Tracer or might in the future, including the use of location data, noting “the agency does not provide specifics on investigative techniques, tools, and/or ongoing investigations or operations.”

On March 10th, Electronic Frontier Foundation (EFF) policy analyst Matthew Guariglia wrote about a unit within ICE getting caught using administrative subpoenas to acquire “6.2 million financial records, including personal information such as names and addresses.”

All of the information was entered into a database called Transaction Record Analysis Center (TRAC), which is run by a non-profit and facilitates law enforcement access to bulk financial data for 5 years. According to Sen. Wyden, HSI terminated the program in January 2022 after his office contacted HSI about it.

… this kind of bulk surveillance is illegal. By statute, these administrative subpoenas must seek records “relevant” to an agency investigation. Simply put, there is no way these broad requests for bulk records would turn up only documents “relevant” to specific investigations; instead it put everyone who transferred money, including U.S. persons, under surveillance.

On May 11th, Reason criminal justice reporter C.J. Ciaramella published an article reviewing an investigation into ICE’s domestic surveillance practices by Nina Wang, Allison McDonald, Daniel Bateyko and Emily Tucker at Georgetown Law’s Center on Privacy & Technology:

Our two-year investigation, including hundreds of Freedom of Information Act requests and a comprehensive review of ICE’s contracting and procurement records, reveals that ICE now operates as a domestic surveillance agency. Since its founding in 2003, ICE has not only been building its own capacity to use surveillance to carry out deportations but has also played a key role in the federal government’s larger push to amass as much information as possible about all of our lives. By reaching into the digital records of state and local governments and buying databases with billions of data points from private companies, ICE has created a surveillance infrastructure that enables it to pull detailed dossiers on nearly anyone, seemingly at any time.

… ICE has built its dragnet surveillance system by crossing legal and ethical lines, leveraging the trust that people place in state agencies and essential service providers, and exploiting the vulnerability of people who volunteer their information to reunite with their families. Despite the incredible scope and evident civil rights implications of ICE’s surveillance practices, the agency has managed to shroud those practices in near-total secrecy, evading enforcement of even the handful of laws and policies that could be invoked to impose limitations. Federal and state lawmakers, for the most part, have yet to confront this reality.

As a result of these and numerous other reports, private companies responsible for the “provision of surveillance technologies to and contracts” with ICE have been reevaluating those relationships and their human rights impact, including Thomson Reuters (see pg. 119-120). Unfortunately, ICE isn’t the only U.S. intelligence agency whose abuses and “wide-ranging overreach” are yet to be rectified.

In TMIBP01, TMIBP06, TMIBP16, and TMIBP19 I have also reported on Coinbase’s acquisition of Neutrino “and its eight staff” for blockchain surveillance software. (It should be noted that, among other skills, at least two of those staff members – Alberto Ornaghi and Marco Valleri – had once authored a patent for “a method and a device for monitoring and manipulating network traffic and, in particular, for installing applications on remote terminals.”) Their tools were later rebranded to ‘Coinbase Analytics’ and finally ‘Coinbase Tracer’ this past April. The offering from 2021 appears to be a combination of ‘Analytics’ and their yet-to-be-announced ‘Coinbase KYT (Know Your Transaction)’ API. Both services and TRUST are now advertised as compliance solutions.

Coinbase has previously filed a few patents for a “compliance determination and enforcement” platform and its components, including a “self learning knowledge repository,” a “training set selector [and] flagging module,” “an interface for investigators to take further corrective action,” and a “corrective action system [that] allows for determining, for each one of the accounts that is flagged as non-compliant, whether the account is bad or good.”

A plurality of factors are stored in association with each of a plurality of accounts. A factor entering module enters factors from each user account into a compliance score model. The compliance score model determines a compliance score for each one of the accounts based on the respective factors associated with the respective account. A comparator compares the compliance score for each account with a compliance reference score to determine a subset of the accounts that fail compliance and a subset of the accounts that meet compliance. A flagging unit flags the user accounts that fail compliance to indicate non-compliant accounts. A corrective action system allows for determining, for each one of the accounts that is flagged as non-compliant, whether the account is bad or good, entering the determination into a feedback system and closing the account.

June 30th - EUROPEAN UNION TRILOGUE NEGOTIATIONS UPDATE

In the last TMIBP19, we looked at events leading up to the first trilogue meeting regarding the adoption of the Markets in Crypto-Assets (MiCA) regulation and the application of the Funds Transfer Regulation (FTR) / Transfer of Funds Regulation (TFR) to crypto-assets. Many parties, including the German government, opposed the “comprehensive verification of the identity of principals and recipients” and “suspicion-independent reporting to authorities for transactions with unhosted wallets above a certain threshold amount.”

On June 29th, the Council announced “a provisional agreement” on extending the ‘Travel Rule’ to transfers of crypto assets, and partial agreement on the creation of “a dedicated Anti-money laundering Authority (AMLA)” that will “directly supervise certain types of credit and financial institutions, including crypto asset service providers, if they are considered risky.” On June 30th, they then also “reached a provisional agreement on the markets in crypto-assets (MiCA) proposal… The provisional agreement is subject to approval by the Council and the European Parliament before going through the formal adoption procedure.”

To avoid any overlaps with updated legislation on anti-money laundering (AML), which will now also cover crypto-assets, MiCA does not duplicate the anti-money laundering provisions as set out in the newly updated transfer of funds rules agreed on 29 June. However, MiCA requires that the European Banking Authority (EBA) will be tasked with maintaining a public register of non-compliant crypto-asset service providers.

… Under the provisional agreement reached today, crypto-asset service providers (CASPs) will need an authorisation in order to operate within the EU. National authorities will be required to issue authorisations within a timeframe of three months. Regarding the largest CASPs, national authorities will transmit relevant information regularly to the European Securities and Markets Authority (ESMA).

Meanwhile, on the same day, the FATF released a “Targeted Update on Implementation of FATF’s Standards on VAs and VASPs,” which found that “jurisdictions have made only limited progress in introducing FATF’s Travel Rule.. As of March 2022, while 29 out of 98 responding jurisdictions reported having passed Travel Rule legislation, only 11 jurisdictions have started enforcement and supervisory measures.” They conclude that this “demonstrates the urgent need for jurisdictions to accelerate implementation and enforcement.” Parliament and Committee on Economic and Monetary Affairs (ECON) member Ernest Urtasun, who was involved in the EU negotiations, shared that the “Travel Rule will come into application when the MiCA Regulation will apply, 18 months after the entry into force,” and that it was “fast-tracked regarding the rest of the AML package.” On July 4th, the Financial Times (FT) reported that the ECB would “warn eurozone countries of the dangers of national regulators getting ahead of pending EU cryptocurrency rules” and “raise the urgent need for ‘harmonisation’” during the supervisory board’s meeting on Tuesday.

Roman Reher and Joe Martin of the German-language Bitcoin education channel Blocktrainer published an open letter, in English and German, arguing that “the legal regulations that are planned or implemented [..] we believe, do not benefit and potentially harm EU citizens.”

These regulatory security gaps include the potential direct or indirect compulsion to place Bitcoins in the custody of a custodian, as is currently being discussed in the EU under the „Travel Rule“. That leads to creating a new Eldorado for hackers who can steal investors‘ Bitcoins and steal and abuse personal data and content from newly emerging data pools. Bitcoin must therefore be treated like cash, with appropriate exemption limits that, on the one hand, do not dictatorially restrict the individual’s freedom and amount to an Orwellian surveillance tool, but at the same time serve to prevent money laundering in the interest of everyone’s security. The discussed proposal to fully identify transaction partners from the first cent is unrealistic and extremely dangerous. Such a direct or indirect requirement will stifle innovation and potentially push investors, innovators and entrepreneurs abroad, where conditions for the Bitcoin-industry are much more liberal. It also puts everyone under general suspicion and installs a surveillance mechanism that cannot be controlled. The freedom and security of the citizens of the European Union are recklessly put at risk.

July 12th - BETA LAUNCH OF TUNNEL SATS

In TMIBP05, TMIBP07, TMIBP08, and TMIBP16 I have followed the Tor v3 transition and the importance of network privacy. Since June, the Tor network has been under a distributed denial-of-service (DDoS) atack that remains unresolved. Given that a high percentage of Bitcoin and Lightning nodes, as well as a number of other applications, are reachable via Tor, this will continue to impact connectivity. On July 12th, a new paid service called Tunnel Sats was launched “to address the growing pain-points running your Lightning Node with Tor only, or exposing your home IP.”

Tunnel⚡️Sats provides pre-configured setup scripts for lightning nodes enabling hybrid mode through clearnet & Tor connectivity and offers paid VPN servers in various continents and fixed periods of time. Our VPNs come with automatically enabled forwarding ports used to connect with other lightning nodes.

The available regions currently include North America, Europe, and Eurasia, for one-, three-, six-, or twelve-month periods. As with many other VPN services, the per-month rate is discounted the more time you purchase. In their FAQ, they illustrate the network setup and state that they are “specializing VPN usage for the sole purpose” of running Lightning nodes. “If you are looking for a privacy-preserving, lightning-payment enabled VPN provider, we recommend to take a look at LNVPN.net.”

July 14th - U.K. CONSULTATION ON MONEY LAUNDERING

In the U.K., Her Majesty’s Treasury / Exchequer “conducted a consultation between 22 July - 14 October 2021, inviting views and evidence on the steps the government proposed to take to amend the Money Laundering Regulations (MLRs),” including changes impacting the ‘cryptoasset sector.’ The results of that consultation, and the government’s decisions, were finalized in June and released on July 14th. Responses came from “AML/CTF supervisors, industry, civil society, academia,and several government departments.”

The sixth chapter of the consultation response concerns ‘Transfers of Cryptoassets,’ specifically “the proposed approach of tailoring the provisions of the Funds Transfer Regulation (FTR) to the cryptoasset sector.” If you recall, the FTR belongs to compliance with the Travel Rule (TMIBP19) and “applies to a transfer of funds, in any currency, sent or received by a PSP, or an intermediary PSP, established in the EU or any of the three additional countries of the EEA (Iceland, Liechtenstein, and Norway).”

Some respondents to Question 57 suggested that the volume of data that would need to be processed is disproportionate, and alternative methods should be used to achieve the goals of the Travel Rule. In particular, there were concerns that the public nature of the blockchain combined with the sharing of personal information such as names, addresses and personal identification numbers presents a risk to privacy. It was suggested that Zero Knowledge Proofs[⁴] could be used to demonstrate that customer due diligence checks had been performed whilst obviating the need to share confidential information on the originator and beneficiary with each cryptoasset business involved in the transaction.

… Some respondents also argued that the ability of firms to use blockchain analytics to detect illicit transfers rendered the information sharing requirement unnecessary.

… Whilst acknowledging the concerns regarding data security and privacy, the government has decided to maintain the information sharing requirements as set out in the consultation. For the avoidance of doubt, only one of the originator’s address, date and place of birth, and passport number will need to be sent with a cross-border transfer that is above the de minimis threshold.

The information to be collected reflects FATF requirements and cannot be changed unilaterally whilst remaining compliant with FATF standards. As similar requirements will be in place in other jurisdictions, it would also not be workable for the UK to adopt significantly different requirements, as firms would then be faced with inconsistent regulatory requirements for cross-border transfers.

They clarify that this “only applies to intermediaries that are cryptoasset exchange providers or custodian wallet providers and will not capture others, like software providers.” Regarding non-custodial a.k.a. “unhosted wallets,” the government “modified its proposals” for “requiring the collection of beneficiary and originator information.”

.. cryptoasset businesses will only be expected to collect this information for transactions identified as posing an elevated risk of illicit finance. The minimum factors that firms should consider when making such a determination of risk will be set out in the legislation. The government does not agree that unhosted wallet transactions should automatically be viewed as higher risk; many persons who hold cryptoassets for legitimate purposes use unhosted wallets due to their customisability and potential security advantages (e.g. cold wallet storage), and there is not good evidence that unhosted wallets present a disproportionate risk of being used in illicit finance. Nevertheless, the government is conscious that completely exempting unhosted wallets from the Travel Rule could create an incentive for criminals to use them to evade controls.

They also state there will be a 12-month grace period before the amendments take effect on September 1st 2023, “during which cryptoasset businesses will be expected to implement solutions to enable compliance with the Travel Rule.”

The Financial Action Task Force (FATF) recently published a report on “commercially available or emerging technologies that facilitate advanced AML/CFT analytics within regulated entities or collaborative analytics between financial institutions, while respecting data privacy and protection.” These “technologies” include: homomorphic enryption, zero-knowledge proofs, secure multiparty computation (SMPC), differential privacy, machine learning (supervised, unsupervised and reinforced learning), federated learning, deep learning, natural language processing, robotic process automation, network analytics, trusted execution environments (confidential computing), secure cloud technology, distributed ledger technology, and… application programming interfaces (APIs), which they define as “an interface that allows regulated institutions to submit data.”

Proceed with caution in reading this report any further if you have an ounce of technical literacy. Symptoms that may arise include: excessive laughter, facepalming, and disbelief in the authority of unelected bureaucrats.

They explain that the term “data pooling” (a buzzword with multiple definitions) is “not an entirely new topic to the FATF,” and in the context of financial surveillance pertains to financial institutions sharing customer information, information related to red flags and transaction data, in order to “examine aggregated activity of an actor across different borders and platforms.”

Some of the FATF’s Recommendations include elements related to private-to-private information sharing. For example, Recommendation 18 requires information sharing within the context of financial groups for customer due diligence (CDD) purposes and ML/TF risk management. Such sharing includes information and analysis of transactions or activities which appear unusual (if such analysis was done); and could include a suspicious transaction report (STR), its underlying information, or the fact that an STR was submitted.

I have been following the FATF’s ‘Travel Rule’ and related “know your customer’s customer” (KYCC) policy developments (TMIBP02, 04, 05, 06, 07, 10, 11, 12, 13, 14, 17, 18). On May 24th, Coinbase announced that their Travel Rule Universal Solution Technology (TRUST) solution, which had launched in February, “has now gone live in Canada and Singapore, and is actively working to expand to other global jurisdictions, including Europe.”

As more countries begin to implement Travel Rules, TRUST is focused on providing its top-tier compliance services to virtual asset service providers (VASPs) around the globe, including its critical security safeguards.

During the previous month, they enacted a KYCC policy for users in Canada, Japan, and Singapore “to comply with local regulations in those countries.” From June 27th, they will similarly “introduce a few changes for customers in the Netherlands… We are required to collect additional information for all transactions where a customer in the Netherlands sends crypto from their Coinbase exchange account to an address that is not controlled by Coinbase.” The additional information consists of the “recipient’s full name,” “purpose of transfer,” and “recipient’s residential address.” BitFlyer, a Japanese exchange and member of TRUST, announced that this would apply to “all customers (personal and corporate accounts)” starting on June 29th. However, as noted well by Notabene, another startup focused on ‘Travel Rule’ compliance products and services:

The Crypto Travel Rule is not mandated in the Netherlands. However, non-custodial wallets are subjected to similar requirements due to the Sanctions Act (Sanctiewet 1977 – Sw) and the Regulation on Supervision pursuant to the Sanctions Act 1977 (Regeling toezicht Sanctiewet 1977 – RtSw). Both stipulate that providers of crypto services must take measures to ensure they adequately check, at the minimum, the identities of the persons or legal entities with whom they have a business relationship in their records, in compliance with the sanctions regulations.

… The Netherlands has not published their own minimum threshold to send PII to comply with the Sanctions Act of 1977 – its comparable Crypto Travel Rule legislation. However, the Netherlands will likely defer to EU standards, which have a threshold of EUR 1000.

As of their first quarterly report for the year, Coinbase claims to hold “$256 billion in custodial fiat currencies and cryptocurrencies on behalf of customers.” (Sidenote: They also declare that “in the event of a bankruptcy, the crypto assets we hold in custody on behalf of our customers could be subject to bankruptcy proceedings and such customers could be treated as our general unsecured creditors.” Now that’s trust for you!)

August 1st - CHAINCASE CLOSED

In TMIBP11, TMIBP12, TMIBP13, TMIBP16, and TMIBP19, I have featured progress with Chaincase, an iOS client based on Wasabi. This month, lead developer Dan Gould announced that they will sunset the app on November 1st because “the most promising opportunity to solve the surveillance problem lies beyond iOS.”

In hundreds of conversations with enthusiastic iOS Beta users, we discovered what we believe to be the fundamental bottlenecks on bitcoin privacy. Having an iOS app is not one of them. Early adopters, we thank you sincerely. Your feedback is shaping the bright future of bitcoin privacy.

Since the most promising opportunity to solve the surveillance problem lies outside of iOS, we’ve decided to shut the app down. The Chaincase iOS Beta will expire on November 1, 2022. Funds must be moved before then. Chaincase support will be available on telegram at t.me/chaincase to facilitate the transition. We are excited to share bitcoin tech that plugs into popular software so that everyone has access to better privacy. Stay tuned.

Towards the end of July, Gould had tweeted about the privacy potential of combining pay-to-endpoint (P2EP) PayJoins and Lightning. On August 3rd, they opened a poll for applicable acronyms, concluding with the winner ‘LOIN.’ On August 13th, Gould added a draft of their “Chaincase Lightning PayJoin Roadmap” as a comment on GitHub. On August 16th, he published a blog on “Lightning Powered PayJoin,” breaking down the benefits in terms of not only privacy but also speed and cost. “Funny nobody connected these together. It’s easy to do.”

Meanwhile, Bitcoin developer Ben Carman used his early-stage Lightning Vortex software to generate a testnet transaction opening two Lightning channels via a CoinJoin. In February, he had stated: “With the way things are looking we are gonna need every tool we can get.”

August 3rd - THE FOG OF ANALYSIS

Wired senior technology writers Lily Hay Newman and Andy Greenberg published an article about the defense of Roman Sterlingov, “a 33-year-old Swedish-Russian national, [who] was arrested by Internal Revenue Service criminal investigators at the Los Angeles airport” in April 2021 and “accused of creating and operating Bitcoin Fog, a bitcoin ‘mixing’ service on the dark web.” He has been in pre-trial detention since his arrest, with a motion for release denied in November.

Now, Sterlingov’s legal team, led by the well-known hacker defense attorney Tor Ekeland, has fired back: They’re claiming in a series of legal motions filed late yesterday that Sterlingov is innocent and vowing to take his case to trial. In doing so, Sterlingov’s defense says, they plan to show not only that he never ran Bitcoin Fog but also that the blockchain analysis techniques used to pin the case on him were faulty, leading to his wrongful arrest and a lost year of his life.

“I did not create Bitcoin Fog. I was never an administrator of Bitcoin Fog,” Sterlingov told WIRED, speaking from a Northern Virginia jail. “I’ve been here for more than a year now. I’m really perplexed at the system that could put me in here, at what they can do to an innocent man. It’s a Kafkaesque nightmare.”

While the statement of facts was assembled by the IRS Criminal Investigation (CI) division, the prosecution is represented by Justice Department attorneys Christopher Brodie Brown of the U.S. Attorney’s Office for the District of Columbia (USAO-DC) and Catherine Alden Pelker of the Criminal Division Computer Crime and Intellectual Property Section (CCIPS). Ekeland, who specialises in the Computer Fraud and Abuse Act (CFAA), national security issues, and government surveillance, shared the article along with his own quote about how blockchain analysis is “junk science.” According to discovery documents, the ‘analysis’ supporting Sterlingov’s prosecution was performed by Chainalysis and Excygent, “a government contractor specializing in cybercriminal and cryptocurrency investigations, which Chainalysis acquired in 2021.” According to public procurement records, Excygent has received funding from the IRS for “CCU CASE SUPPORT” (‘CCU’ likely being the Cyber Crime Unit) under the Product and Service Code (PSC) category of ‘R423: Support-Professional: Intelligence.’ The law firm soon published a donation address and summary of their client’s case, noting at the bottom that they were “the first law firm in the country to accept BitCoin as payment” since 2012.

This prosecution puts every person who uses cryptocurrencies at risk. The Government should only use scientifically sound, peer-reviewed, accepted, verifiable forensics techniques – and they haven’t done that here.

Meanwhile, Greenberg has authored the forthcoming book “Tracers in the Dark: The Global Hunt for the Crime Lords of Cryptocurrency,” which has already been optioned for “a scripted adaptation, a documentary and a podcast.” The promotional text describes it as “the propulsive story of.. major players in federal law enforcement and private industry” who use “the right mixture of technical wizardry, financial forensics, and old-fashioned persistence” to achieve “technological one-upmanship” against “digital black markets” and cryptocurrency. While yours truly will certainly review it, the summary already sounds just as overdrawn as the surveillance software it praises.

August 8th - OFAC SANCTIONS TORNADO CASH

As governments increasingly use unilateral sanctions to pursue foreign policy objectives, it has become common for banks and other financial service providers to over-comply with them to reduce legal, regulatory or business risks associated with inadvertent violations. Yet over-compliance with such sanctions has harmful effects on the entire range of human rights.

Over-compliance is a form of excessive avoidance of risk… De-risking (avoiding risk) and over-compliance with the requirement of unilateral sanctions by banks force companies and individuals to look for alternative ways to transfer money, making the mechanisms of financial transactions opaque, increasing costs and time for transferring money and goods, creating a flourishing underground economy, giving rise to smuggling, fostering corruption and criminal activities, within the borders of targeted countries but also often outside them in neighboring countries.

… She underscore[s] the illegality under international law of imposing secondary sanctions or threat[en]ing with secondary sanctions, civil and/or criminal penalties for non-compliance with their sanctions regimes, which are often extraterritorial.

— “Guidance Note on Overcompliance with Unilateral Sanctions and its Harmful Effects on Human Rights” by Professor Alena Douhan, United Nations Special Rapporteur on Unilateral Coercive Measures (June 2022)

The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) announced that they had designated Ethereum-based mixer Tornado Cash as a sanctioned entity pursuant to Executive Order (E.O.) 13694, on allegations that the service “launder[ed] more than $7 billion worth of virtual currency since its creation in 2019.”

As today’s action demonstrates, mixers should in general be considered as high-risk by virtual currency firms, which should only process transactions if they have appropriate controls in place to prevent mixers from being used to launder illicit proceeds.

The Dutch Fiscal Information and Investigation Service (FIOD) arrested the purported developer of Tornado Cash on August 10th, and claimed that their Financial Advanced Cyber Team (FACT) had been conducting a criminal investigation since June. They did not reveal his name and declined to confirm or comment on the suspect’s identity when asked, but it was soon independently confirmed as Alexey Pertsev. On August 24th, Pertsev’s request for bail was denied, despite the absence of formal charges, “but the court nonetheless set an 90-day time limit within which an initial public hearing must take place.” Further speculation as to his associations and prior employment has been aired, under the tired category of “don’t write privacy tools while Russian.”

Due to the Treasury’s reminder that “all transactions by U.S. persons or within (or transiting) the United States that involve any property or interests in property of designated or otherwise blocked persons are prohibited unless authorized by a general or specific license issued by OFAC, or exempt,” at least one trickster began dusting the accounts of public persons in the industry, including Anthony “Sassal” Sassano, who opined that he was subsequently blocked from using a liqudity service due to the unsolicited association.

Fight For The Future (TMIBP07, TMIBP15) campaigns and communications director Lia Holland soon issued a statement that the “Treasury’s sanctions were meant as a warning shot to projects attempting to build anonymous digital assets, and an attack on the first amendment right to code.”

Treasury did not only sanction the individuals or corporations involved with the Lazarus Group; they sanctioned all the mechanisms — ethereum addresses — by which the Tornado.cash protocol provides its blending service, because that service was used by bad actors. This is a rough equivalent to sanctioning the email protocol in the early days of the internet, with the justification that email is often used to facilitate phishing attacks.

… Already, the Internet is feeling the chilling effects of this choice: the open source code used to run Tornado.cash has been taken down from Github. And unfortunately it seems that such an effect is exactly what the US government was seeking.

… We ask that the Treasury focus more carefully on targeting bad actors — rather than attempting to criminalize building and using privacy tools or the simple act of writing or running open source software code.”

Jerry Brito, and Peter van Valkenburgh from Coin Center also published their preliminary analysis of the legal situation, stating that “this particular usage of OFAC raises heightened constitutional concerns.” Their full analysis and detailed Tornado Cash explainer in the following weeks expanded on this concern.

As such, today’s action does not seem so much a sanction against a person or entity with agency. It appears, instead, to be the sanctioning of a tool that is neutral in character and that can be put to good or bad uses like any other technology. It is not any specific bad actor who is being sanctioned, but instead it is all Americans who may wish to use this automated tool in order to protect their own privacy while transacting online who are having their liberty curtailed without the benefit of any due process.

… Even worse, because of the nature of blockchain transactions, an American who is sent money through the Tornado.cash address is not even able to reject the transaction, and yet may be, at that moment, technically in violation of OFAC rules.

… In this case, the sanctions laws are being used to create a limitation on spending money not merely with some person who has been found guilty of a crime or even suspected of terrorism. This is a limit on any American who wishes to use her own money and a freely available software tool to maintain her own privacy — including for otherwise entirely legal and personal reasons.

Brito and Valkenburgh cite a key distinction made in guidance published by the Financial Crimes Enforcement Network (FinCEN) between “anonymizing service providers” versus “an individual or entity that merely provides anonymizing software” (TMIBP01, TMIBP05). They explicitly determined that “an anonymizing software provider is not a money transmitter,” and therefore not subject to Bank Secrecy Act (BSA) obligations. On the basis of these and other arguments, Coin Center “will seek to engage OFAC” and be “exploring with counsel a court challenge to this action,” while “the DeFi Education Fund has announced that it will be petitioning OFAC to issue a ‘general license’ that would cover all affected persons without each having to file individually.” The EFF (TMIBP04, 06, 07, 08, 15) eventually tweeted that they were also “deeply concerned.” On August 22nd, deputy executive director and general counsel Kurt Opsahl wrote similarly about the legal issues around confusing sanctions against “an entity and the software itself.” He also stated that the organisation would be “representing Professor Matthew Green, who teaches computer science at the Johns Hopkins Information Security Institute,” after Green created “a fork of the code, and posted the replica so it would be available for study.” You will find it here.

On August 23rd, Congressman Tom Emmer, who put forth “The Blockchain Regulatory Certainty Act” bill in January 2021, publicly shared a letter to Treasury Secretary Janet Yellen regarding the sanctions. Among many relevant questions, Emmer inquired:

Mr. Nelson cited Tornado Cash’s alleged failure to impose controls for illicit activity. I understand measures were taken to filter the tornado.cash front-end. Given that the Tornado Cash back-end will operate unchanged as an anonymizing technology as long as the Ethereum ntwork continues to operate, who or what entity did OFAC believe was reasonably responsible for imposing controls on the Tornado Cash blockchain contracts?

We know from TMIBP12 that OFAC requested a subscription to use the services of Chainalysis, to “specifically support cyber sanctions implementation undertaken by OFAC.” In the last TMIBP19, I had logged an April tweet from Tornado Cash that they were using a “@chainalysis oracle contract to block OFAC sanctioned addresses from accessing the dapp. Maintaining financial privacy is essential to preserving our freedom, however, it should not come at the cost of non-compliance.” I assume that this is what Emmer was also referring to, and it leads me to ask - if the integration of a compliance tool from one of the largest blockchain surveillance companies is not enough to protect the creator(s) of privacy-enhancing software (for Ethereum, Bitcoin, or whatever else) from criminal allegations and prosecution for facilitating money laundering, then what is? Is this not an indictment of their folly (TMIBP18), and the indulgence of surrender? (TMIBP19) Remember the first lesson in professor Timothy Snyder’s “Twenty Lessons from the Twentieth Century,” which reads: “Do not obey in advance.”

Most of the power of authoritarianism is freely given. In times like these, individuals think ahead about what a more repressive government will want, and then offer themselves without being asked. A citizen who adapts in this way is teaching power what it can do.

Check out Bitcoin Optech Newsletter #198, #199, #200, #201, #202, #203, #204, #205, #206, #207, #208, #209, #210, #211, #212, #213, #214, and #215 for other recent technical developments beyond Bitcoin privacy. And congratulations to them on reaching their 200th newsletter during this time!

Thanks for reading! Feel free to bookmark or subscribe to catch the next edition of ‘This Month in Bitcoin Privacy.’

That One Privacy Girl