October 2020

42 minute read

Welcome to the fifth issue of ‘This Month in Bitcoin Privacy’ newsletter. Enjoy!

"Polyphemus Moth Open Wings Close up" by Gord Bell is licensed under CC BY-ND 2.0

October 2nd - TAX AUTHORITIES DEMAND DISCLOSURES

Various tax authorities have moved to collect personally identifying information, ownership and transaction records from users of cryptocurrency businesses. At the start of the month, Tim Copeland of Decrypt reported on an email sent by Coinbase to U.K.-based account holders, following an information request by Her Majesty’s Revenue and Customs (HMRC).

The email said that HMRC originally required Coinbase to provide certain records of its UK customers, between 2017 and 2019. However, after discussions with the tax authority, the notice was revised so that it only affects users that meet some minimum requirements.

“Based on further discussions with HMRC, a revised noticed was issued with reduced scope that now requires the disclosure of customers with a UK address who received more than £5,000 worth of crypto assets on the Coinbase platform during the course of the 2019/2020 tax year,” the email stated.

Towards the end of September, the New Zealand-based business Easy Crypto had published a notice about an information request they had received from the Inland Revenue Department (IRD). CEO Janine Grainger wrote that despite seeking “multiple legal opinions” as to how they could refuse, they discovered “there are no grounds on which we can.” Her comments were featured in Radio New Zealand (RNZ).

The IRD requested all info on customers who had bought or sold crypto prior to 31 March 2020.

The info requested included customer details (name, date of birth, address) and transaction details (coin type, amount, value, address). We will make the specific information that relates to your account available on your Account page to view. Look out for our announcement about this in our next newsletter in early October.

We understand that IRD has issued this requirement to all NZ cryptocurrency companies.

We think it is likely that we will get a similar request next year for info on transactions up to 31 March 2021.

On October 13th, it was reported by Reuters that the current minister of finance in Spain, María Jesús Montero, has been “preparing a bill to oblige owners of crypto currencies to disclose their holdings and any gains booked on the assets.” This appears to be based on a press release from Spain’s Ministry of Finance, published the same day, which also mentions limitations on the size of cash payments and the “possession or marketing of so-called dual-use software” (“tenencia o comercialización del denominado software de doble uso”).

In TMIBP01, I mentioned that the IRS Criminal Investigation (CI) division was being scrutinized for “purchasing access to a commercial database that records the locations of millions of American cellphones” for the purpose of pursuing “the most serious and flagrant violations of tax law.” On September 30th, the Treasury’s inspector general for tax administration (TIGTA) responded to Wyden and Senator Elizabeth Warren on the issue:

You requested that TIGTA investigate CI’s use of commercial databases in the performance of its duties, and that TIGTA examine the legal analysis IRS lawyers performed to authorize this practice. Your concern is that CI’s use of the data described above may not be consistent with the holding of the Supreme Court in the case Carpenter v. United States.

We are going to conduct a review of this matter, and we are in the process of contacting the CI division about this review. Upon completion, to the extent allowable under the law, we will advise you of the results.

In TMIBP02, I highlighted the case of United States v. Gratkowski, which also referenced Carpenter regarding “the applicability of the third-party doctrine in the context of cell phones.” In TMIBP04, I included counter-arguments from the Electronic Frontier Foundation on the matter. The conclusion will likely impact another case, that of William Zietzke, whose information was similarly subject to a summons from the IRS to Bitstamp. This will be a hard fight, as the U.S. government’s position appears to be moving in the opposite direction. While Treasury Secretary Steve Mnuchin was “publicly fretting” about bitcoin in February 2018, Reason magazine pointed to a statement by Harvard economist and “The Curse of Cash” author Kenneth S. Rogoff, that “the government’s right to tax, regulate and enforce laws trumps individual privacy considerations.” Regarding bitcoin, he has argued “it’s the anonymity that’s really the problem.”

For further unfiltered commentary on this, see Block Digest season finale episode #240.

October 3rd - HACKERS CONGRESS PARALELNÍ POLIS

The Hackers Congress at Paralelní Polis (HCPP) is an annual conference held by the Institute of Cryptoanarchy in Prague. Founded by members of the Czech art and hacker scenes in 2014, their events cover a wide range of subjects concerning economic, social, and digital freedom. Due to the lockdowns, many of the sessions were carried out remotely and streamed via HCPP.TV, including a two-hour one that I hosted titled “How the Digital Totality Is Trying To Crush Julian Assange.” Similar to the short talk I gave in 2018, a portion focused on the practice and pitfalls of scientific journalism. We discussed the WikiLeaks grand jury and extradition trial at length, as well as the cypherpunk movement, privacy, Bitcoin, and financial surveillance:

I expect that people looking to explore the world, the universe, or the internet, those people are looking for ways to do that without making themselves beholden to someone else. People that are doing cryptographic implementations, people that are building cryptocurrencies, people that are building anonymity networks, they are all kind of in the same realm.

Slowly but surely, several of the major projects in that realm, and in general those spaces, are being swallowed up by either establishment corporate profiteers or governments. So an interesting question might be, as a follow-up, what will happen when that space is snuffed out too? That is basically the warning of ‘Cypherpunks.’ That is exactly the kind of thing that can happen, it can be snuffed out. It can be the case that people who were free to do certain things without mass surveillance, it just practically won’t be the case anymore in the future.

Other privacy-focused talks at the event included a panel with Adam Gibson, Ádám Ficsór, Yuval Kogman, István András Seres, Riccardo Masutti, and Kristaps Kaupe. Vlad Costea hosted an episode of the Bitcoin Takeover podcast with developers Jonas Nick, Peter Todd, and Alekos Filini, who talked about Bitcoin privacy, Schnorr, Taproot, and the Lightning Network.

October 5th - EUROPOL CYBERCRIME ON WASABI AND SAMOURAI

In TMIBP01, I included a Europol report that focused on Wasabi wallet. Since then, their European Cybercrime Centre (EC3) has published another report, the Internet Organised Crime Threat Assessment (IOCTA), described by executive director Catherine De Bolle as their “flagship strategic product highlighting the dynamic and evolving threats from cybercrime.”

There has been an increase in the use of privacy-enhanced cryptocurrencies and an emergence of privacy-enhanced coinjoin concepts, such as Wasabi and Samurai.

Despite being their “flagship product,” it appears they ‘spared no expense’ (the John Hammond way) in the graphic design department. The topic of cryptocurrencies is mostly covered in the section “Privacy Enhancing Wallets Emerge As A Top Threat, As Privacy Enhancing Coins Gain Popularity.” If you can get passed every mention of Samourai wallet being misspelled “Samurai,” then you may notice that it highlights the remote wipe SMS commands feature, which is still unfortunately disabled in the Google Play Store version. They assert that “while Bitcoin still remains the most popular payment method… the use of privacy-enhanced cryptocurrencies has somewhat increased albeit not at the rate expected by their proponents.”

Monero is gradually becoming the most established privacy coin for Darkweb transactions, followed by Zcash and Dash. All these privacy coins may present a considerable obstacle to law enforcement investigations, despite the competing altcoin communities uncritically favouring their implementation over the others.

Based on a paper by Trend Micro senior threat researcher Mayra Rosario Fuentes, they also claim to have observed these “Darkweb markets” upgrading their security practices, including moving to multi-signature wallets. (Fuentes’ previous employment involved work as a “cyber intelligence analyst” for Symantec, ANSER / Analytic Services Inc., the Department of Defense, and Booz Allen Hamilton.)

Administrators are also looking to upgrade their security apparatus with other new features. Some marketplaces are already shifting to wallet-less and user-less markets, adopting multi signatures on Bitcoin and Monero, lacking registration requirements and enacting no JavaScript policies. Monopoly is also a wallet-less market in which payment occurs directly between buyer and vendor, and instead of enacting transaction fees, the market receives a monthly commission. Marketplaces were observed using multi-signature wallets in their transactions⁵⁶.

October 8th - CRYPTOCURRENCY ENFORCEMENT FRAMEWORK

U.S. Attorney General William “Bill” Barr and his Cyber-Digital Task Force, established in 2018, published a report on the Department of Justice’s emerging “Cryptocurrency Enforcement Framework.” The press release for the report states:

The Framework provides a comprehensive overview of the emerging threats and enforcement challenges associated with the increasing prevalence and use of cryptocurrency; details the important relationships that the Department of Justice has built with regulatory and enforcement partners both within the United States government and around the world; and outlines the Department’s response strategies.

Similar to the FATF report highlighted last month in TMIBP04, Associate Deputy Attorney General and Task Force chair Sujit Raman argues that “decentralized platforms, peer-to-peer exchangers, and anonymity-enhanced cryptocurrencies that use non-public or private blockchains all can further obscure financial transactions from legitimate scrutiny.” Later on, under ‘Ongoing Challenges and Future Strategies,’ they warn that acceptance of privacy coins “may undermine the AML/CFT controls used to detect suspicious activity by MSBs and other financial institutions, and may limit or even negate a business’s ability to conduct AML/CFT checks on customer activity and to satisfy BSA requirements.”

Some AECs, however, offer features, such as public view keys, that potentially can facilitate the fulfillment of AML/CFT obligations, depending upon the implementation of such features.

Under the ‘Threat Overview,’ they note that examples of AECs include Monero, Zcash, and Dash. Under ‘Legitimate Uses,’ they include generalised commentary from “cryptocurrency advocates” on the value of privacy:

Cryptocurrency advocates also stress that the privacy associated with cryptocurrency, though raising significant challenges for law enforcement, can have valid and beneficial uses. For example, such advocates claim that greater anonymity may reduce the risk of account or identity theft associated with the use of traditional credit systems.

Under ‘Department of Justice Response Strategies,’ they claim that “some virtual currency exchanges have attempted to withhold data requested by law enforcement agencies,” including through “criminal grand jury subpoenas,” by invoking the General Data Protection Regulation (GDPR). They believe that “such objections to lawful requests for information” are illegitimate.

However, GDPR does not in fact bar companies subject to U.S. jurisdiction from complying with lawful requests in criminal investigations. To the contrary, GDPR explicitly permits the disclosure of data in a number of scenarios. For example, a virtual exchange that is subject to GDPR may process the requested data under GDPR Article 6(1) when “necessary for compliance with a legal obligation to which the controller is subject” or “necessary for the purposes of the legitimate interests pursued by the controller or by a third party….”¹⁷³ Similarly, under Article 49.1, international transfer of data is permitted in various circumstances, including where “the transfer is necessary for important reasons of public interest” or “necessary for the purposes of compelling legitimate interests pursued by the controller.”¹⁷⁴

Under the section on various cooperating agencies, they cite and summarise FinCEN’s guidance that was highlighted in TMIBP01 regarding whether anonymizing software providers are required to register and comply with money transmitter laws.

In particular, the guidance outlined the application of FinCEN’s regulations to persons who provide anonymizing services or who are engaged in activities involving anonymity-enhanced CVCs. According to FinCEN, anonymizing service providers and some AEC issuers are money transmitters, whereas an individual or entity that merely provides anonymizing software is not.

Of course, the effectiveness of FinCEN’s regulations and anti-money laundering policies generally have come under closer scrutiny with the ‘FinCEN Files’ publications, based on Suspicious Activity Reports (SARs) obtained by the International Consortium of Investigative Journalists (ICIJ). Neither the raw nor even redacted source documents were published, but according to their analysis, “U.S. agencies responsible for enforcing money laundering laws rarely prosecute megabanks that break the law, and the actions authorities do take barely ripple the flood of plundered money that washes through the international financial system.” This complements a study published earlier this year in Policy Design and Practice (PDP):

It finds that the anti-money laundering policy intervention has less than 0.1 percent impact on criminal finances, compliance costs exceed recovered criminal funds more than a hundred times over, and banks, taxpayers and ordinary citizens are penalized more than criminal enterprises.

The big players like Deutsche Bank would like you to believe otherwise. In response to these reports by the ICIJ and other media, they released a statement claiming that the “billions of dollars” they’ve invested to fight such financial crime “leads to increased detection levels.” This month on October 13th, they also happened to announce that the economic crimes unit of the Frankfurt Public Prosecutor’s Office “has closed its criminal investigation” – originally opened following allegations by whistleblower Howard Wilkinson and raids at their head office in November 2018 – “due to lack of sufficient suspicion in accordance with section 170 (2) of the German Code of Criminal Procedure.” The ICIJ noted that their fine of $15.8 million “is equivalent to just 0.06% of the $26.4 billion total net revenues Deutsche Bank generated in 2019.” I’m sure that no one could have predicted this.

Relatedly, on October 2nd, the European Central Bank published a report on central bank digital currency (CBDC), asserting that any CBDC “must satisfy a number of principles and requirements that are identified in this report – including robustness, safety, efficiency and protection of privacy – while complying with relevant legislation, including legislation on money laundering and the financing of terrorism.” They acknowledged a desire for a European CBDC to retain the features of cash.

Cash has distinct intrinsic features – its physical nature, the capacity to ensure privacy in payment transactions and the possibility to be used without any technical infrastructure – that are not (fully) matched by electronic payment solutions but are required by many citizens (such as population groups who are less “tech-savvy”, face barriers to access or want to ensure their privacy). Ideally, a digital euro should allow citizens to continue to make their payments much as they do today with cash.¹⁴

However, they still argued that anonymity would not be allowed, unlike with cash:

If the legal identity of digital euro users were not verified when they access services, any ensuing transaction would be essentially anonymous.⁴⁷ While that is currently the case for banknotes and coins, regulations do not allow anonymity in electronic payments and the digital euro must in principle comply with such regulations (Requirement 10). Anonymity may have to be ruled out, not only because of legal obligations related to money laundering and terrorist financing, but also in order to limit the scope of users of the digital euro when necessary – for example to exclude some non-euro area users and prevent excessive capital flows (Requirement 13) or to avoid excessive use of the digital euro as a form of investment (Requirement 8).

This month, the Electronic Frontier Foundation’s director of strategy Danny O’Brien drew attention to anti-encryption lobbying in the European Union, “encouraging the EU’s member states to agree to a new EU position on encryption in the final weeks of 2020.” Similarly, on October 11th, Barr appeared as a signatory on the “International Statement: End-To-End Encryption and Public Safety,” which seeks cooperation between technology companies and governments to “gain access to data in a readable and usable format” across “the range of encrypted services available, including device encryption, custom encrypted applications and encryption across integrated platforms.” When the “Lawful Access to Encrypted Data Act” bill was introduced in June, he also published a statement saying “I am confident that our world-class technology companies can engineer secure products that protect user information and allow for lawful access.”

For those with long memories, such letters are weighted with déjà vu. In 1991, U.S. senators Joe Biden (yes, that one), Arlen Specter, and Harry Reid co-sponsored the Comprehensive Counter-Terrorism Act, which contained a similarly worded section on ‘Cooperation of Telecommunications Providers with Law Enforcement.’ Phil Zimmerman, computer scientist and creator of the PGP encryption software, later wrote that “it was this bill that led me to publish PGP electronically for free that year, shortly before the measure was defeated after vigorous protest by civil libertarians and industry groups.”

Yuan Yang, the Financial Times’ deputy Beijing bureau chief, challenged this outdated idea of “lawful intercept” backdoors and wrote about how damaging “domestic cyber policy decreases our ability to defend against foreign adversaries.”

We must make our systems robust against a world in which bad actors, such as China’s spy agencies, will always be a threat. It is pointless to keep fretting over the rise of China — we need to prepare to coexist. To do so, governments should make their domestic cyber policies consistent with their international objectives. There is still, broadly speaking, one global internet: we have to defend it.

October 11th - BIP155 AND TOR ONIONS V3

Last year, lead maintainer Wladimir van der Laan introduced BIP-155, a proposal for “a new P2P message format “to gossip longer node addresses over the P2P network,” known as addrv2. The document included reserved network IDs for various protocols, including Tor and I2P. In July of this year, the Tor Project announced their deprecation timeline for Tor v2 hidden service addresses, with warnings to onion service operators and clients starting in September and then final obsoletion in July 2021.

To very quickly summarize why we are deprecating, in one word: Safety. Onion service v2 uses RSA1024 and 80 bit SHA1 (truncated) addresses [1]. It also still uses the TAP [2] handshake which has been entirely removed from Tor for many years now except v2 services. Its simplistic directory system exposes it to a variety of enumeration and location-prediction attacks that give HSDir relays too much power to enumerate or even block v2 services. Finally, v2 services are not being developed nor maintained anymore. Only the most severe security issues are being addressed.

As Bitcoin Optech Newsletter #110 and #119 have summarised, while Appendix B of the proposal provided instructions for upgraded Tor v3 address encoding, using them in the Bitcoin network would require implementation of addrv2. In May, contributor Vasil Dimov opened an issue to add this support, which got superseded by a pull-request in September. On October 11th, “Complete the BIP155 implementation and upgrade to TORv3” was merged; Wuille noted that Bitcoin Core v0.21, currently scheduled for release in December, “will support Tor V3 addresses, and BIP155.”

On October 16th, Bitcoin Magazine published a podcast episode with Aaron van Wirdum and Sjors Provoost discussing how Tor works in general and this upcoming release, “an important development for preserving privacy.”

On October 21st, the Bisq developers released v1.4.2. In addition to supporting SegWit addresses, the update will replace the Tor v2 seed nodes with Tor v3 seed nodes.

As highlighted in TMIBP02, the Tor Project held a one-month campaign in July to “raise awareness about onion sites.” They have since published a follow-up about “the challenges we faced and continue to face,” including reference to a security advisory criticising their priorities.

As part of these campaigns we will emphasize the importance of deploying onion services that are secure end-to-end so Tor Browser doesn’t make a wrong assumption about which data should be sent over HTTP onion connections. We’re also currently improving our documentation for onion service operators and making clear Tor Browser’s expectations of web sites.

To learn more about the importance of network privacy in Bitcoin, see the interview with Amiti Uttarwar in TMIBP01.

October 13th - BIP78 PAYJOIN RECEIVER IN JOINMARKET

In TMIBP03, I highlighted progress in implementing BIP-78 PayJoins. This month, as per the v0.7.1 release, JoinMarket has also enabled receiver support. If you have a RaspiBlitz, there is a script to manually update and try it out.

This implementation includes support for receiving BIP78 (payjoin) payments (0.7.0 introduced sending them), in Qt GUI or on command line, using either current P2SH segwit wallets (‘3’ addresses) or native bech32 wallets (‘bc1’ addresses). To support this, Joinmarket spawns a Tor onion service (“hidden service”) temporarily for payment receipt, for maximum privacy.

Later in the month, while preparing the next release v0.7.2, Gibson wrote about their testing of PayJoin. Ficsór shared an example.

The bugs fixed are things that came out of interoperability tests on BIP78.

Over the last few weeks I, Kristaps Kaupe and some people on other dev teams have been running a variety of testnet, mainnet, regtest tests of Payjoin functionality between btcpayserver, Wasabi and Joinmarket.

We found various edge cases, like hex instead of base64 being transferred (not in spec but people were doing it anyway), incorrectly shuffled output ordering (my bad!), combinations of parameters in the HTTP request that I interpreted the BIP as saying was not allowed, but btcpayserver was sending anyway (but: not always! - testing can be a real pain sometimes!) and a few more.

On October 27th, JoininBox also released their v0.1.13 update to include these changes.

October 14th - S’MORE SCHNORR AND TAPSCRIPT

On October 14th, following last month’s meeting highlighted in TMIBP04, the Bitcoin Core PR Review Club held their sixth meeting on BIP 340-342 developments. Hosted by John Newberry, they discussed a commit on implementing Taproot script validation. The next day, this commit was among those merged by van der Laan. You can read the meeting log here.

Following up on the MuSig-DN research from last month, Wuille also shared a recently published paper, “MuSig2: Simple Two-Round Schnorr Multi-Signatures,” co-authored by Jonas Nick, Tim Ruffing, and Yannick Seurin. It is “the first multi-signature scheme in the DL [discrete logarithm] setting that supports preprocessing of all but one rounds, effectively enabling a non-interactive signing process.” Wuille noted that MuSig2 “doesn’t support stateless signing like MuSig-DN, but also doesn’t have its costs.”

Most importantly, multi-signatures enjoy the efficiency of Schnorr signatures, which are very compact and cheap to store on the blockchain. Moreover, if multi-signatures can be verified as ordinary Schnorr signatures, the additional complexity introduced by multi-signatures remains on the side of the signers and is not exposed to verifiers who need not be concerned with multi-signatures at all and can simply run Schnorr signature verification. Verifiers, who are just given the signature and the aggregate public key, in fact do not even learn whether the signature was created by a single signer or by a group of signers (or equivalently, whether the public key is an aggregation of multiple keys), which is advantageous for the privacy of users.

Key takeaways from the MuSig2 paper are summarised in Bitcoin Optech Newsletter #120. Nick and Ruffing also spoke with Stephan Livera about the technical differences between MuSig, MuSig-DN, and MuSig2 for SLP222.

During the “Privacy in Cryptocurrencies” panel of last month’s Fidelity conference, which I featured in TMIBP04, Elliptic co-founder Tom Robinson said that they try to identify whether bitcoin transactions have come from the Lightning Network, similar to the “insights” they provide regarding transactions linked to mixers. “I believe Schnorr and Taproot are actually going to make that very difficult to do.” Blockstream research director Andrew Poelstra also gave a technical presentation on Schnorr and Taproot:

So there’s a scalability improvement here, certainly, which is that the verifier would only need to check one signature from one key. There is also a privacy improvement because verifiers who aren’t privy to the original spending policy, who didn’t construct the keys themselves, can no longer distinguish between the ordinary case (where bitcoins are stored by a single key) and more complicated cases (where these coins might be secured by multiple keys)… Again, with Schnorr signatures, you are able to compress even those complicated policies into a ‘single’ key, which can then be spent with a ‘single’ signature.

… The network sees one key, it sees one signature. It is none the wiser about how many participants were involved. It doesn’t see what the policy was. It doesn’t see the number of participants, it doesn’t see the identities of the participants. What’s interesting is that this key, which has been tweaked to commit to some script, the network also doesn’t see that script or even that there was a script.

On October 21st, core developer Andrew Chow wrote about some wallet-related changes coming with Bitcoin Core v0.21, including the transition from key-based ‘Legacy’ wallets to script-based ‘Descriptor’ wallets:

In contrast with Legacy Wallets, Descriptor Wallets are designed to support the Bitcoin scripting system through the use of descriptors. Descriptors explicitly give an output script (and thus address) as well as all of the keys and scripts necessary to sign them. This essentially means that Descriptor Wallets are a script based wallet, while Legacy Wallets are key based.

A Descriptor Wallet will then be able to support any kind of descriptor. Newly introduced descriptors for new script types can be easily added to the wallet by adding a new descriptor. For example, the Taproot proposal introduces a new address type and output scripts. This can be easily added to the Bitcoin Core wallet by implementing a new descriptor.

Check out Nadav Kohen’s “Introduction to Schnorr Signatures,” Lucas Nuzzi’s “Schnorr Signatures & The Inevitability of Privacy in Bitcoin,” and Bitcoin Optech’s Schnorr Taproot Workshop to learn more.

October 16th - CROWDFUNDING ATOMIC SWAPS WITH MONERO

In TMIBP03, I featured a working paper by Joël ‘h4sh3d’ Gugger on “Bitcoin-Monero Cross-chain Atomic Swap,” which was subsequently published on September 16th. Exactly one month later, the community crowdfund for 2,727 XMR to build “a production-ready client/daemon” Rust implementation of the protocol was completed. Gugger and other contributors are expecting to finish the sum of the project milestones sometime in Q2 2021.

As the paper states in the abstract, “the protocol does not require timelocks on the Monero side,” given that Monero’s ring confidential transactions (RingCT) design currently lacks support in a privacy-preserving way. On October 10th, TheCharlatan published the third in a series of blog posts about “the privacy considerations” of unlock_time “and how it can be improved by either encrypting the field, restricting its content, tweaking ring selection or removing it altogether.” He has since opened an issue in the Monero Research Lab (MRL) repository to discuss these options.

For an exploration of the overlapping or diverging privacy research goals and interests between Bitcoin and Monero, see this conversation held last month between WabiSabi contributor ‘nothingmuch’, Seth Simmons, and Justin Ehrenhofer.

October 19th - CHAINALYSIS AND CRYPTO-EXPOSED PERSONS

Chainalysis’ global head of policy Jesse Spiro published a blog about “why all banks need to be aware of their exposure to cryptocurrency, and the risk they take on by ignoring it,” highlighting a recent talk by FinCEN director Kenneth Blanco at the Association of Certified Anti-Money Laundering Specialists’ (ACAMS) AML Conference. He not only indicates that “a traditional bank can be held responsible for illicit cryptocurrency activity… even if the bank itself doesn’t provide custody for cryptocurrency,” but argues that they should be finding ways of “identifying current customers who use cryptocurrency,” based on various polls indicating that banks are underestimating this.

Banks need to create a system to detect exchanges in their SWIFT messages, ACH payments, and debit card transactions. The top cryptocurrency exchanges are constantly evolving, so banks also need to monitor them in real time for such a program to be effective. If banks started screening for these businesses in their customers’ activity today, they’d inevitably find cryptocurrency-related transactions they didn’t previously know were happening. From there, they should assess the risk of those transactions based on their current anti-money laundering policies, checking for transactions that suggest suspicious activity.

In a summary of industry commentary regarding the ‘FinCEN Files’ and “toothless regulatory environment,” Decrypt quotes Spiro as saying, “Cryptocurrency’s inherent transparency combined with blockchain analysis makes detecting, reporting, and investigation financial crime more efficient.”

Meanwhile, as I explained in TMIBP01 and TMIBP02, both governments and blockchain surveillance companies tend to underestimate ‘due diligence negligence.’ Spiro specifically is no stranger to enabling such circumstances. Prior to working for Chainalysis, he was the global head of specialized research in “Threat Finance & Emerging Risks” for Thomson Reuters / Refinitiv’s World-Check, a popular reputational risk tool for financial institutions and regulators. If you are not already familiar with this “privately-run watchlist at the heart of the system” of global financial surveillance and censorship, I recommend this 2017 talk by journalists Jasmin Klofta and Tom Wills, or this more recent documentary by Al Jazeera. In August, I wrote about the similarities between World-Check and blockchain surveillance companies:

Those who use World-Check (and pay a lot of money for access) sign non-disclosure agreements that prevent them from telling customers whether they are in the World-Check database. Hard to get off a blacklist if you don’t even know you’re on it or how you got there. This is financial cancel culture, locking people out of the financial system based on a vague and over-broad definition of ‘risky,’ and denying them any opportunity for due process. “Nonjusticiable.”

The business of blockchain surveillance companies is also to blur the line between “risky” and “illicit” when recommending how their clients should treat customers who use privacy-enhancing techniques. As with World-Check, cryptocurrency exchanges often don’t disclose what blockchain surveillance software they use, let alone how it determined that you are a “risky” customer. A policy of risky-until-proven-untainted, if you even get the opportunity to counter their decision.

Some like to claim they are “building a more open financial system.” In reality, they intensify the exclusionary processes of legacy banking. Not resisting, not just going above & beyond requirements, but actively participating in a compliance arms race that kills competition.

Spiro is not the only World-Checker to migrate to the cryptocurrency and blockchain space. It appears that watchers of so-called ‘politically exposed persons’ are eager to create a new category: the crypto-exposed person.

October 20th - BANK SECRECY ACT AND THE TRAVEL RULE

In TMIBP02, I highlighted that a working group of U.S.-based virtual asset service providers (VASPs) was recently formed to “design a collective solution for complying with Financial Action Task Force (FATF) rules on sharing customer data.” During the Global Digital Finance (GDF) Travel Rule summit in July, Coinbase chief compliance officer Jeff Horowitz had said that a whitepaper for an “inter-VASP bulletin board system” was on the way. The U.S. Travel Rule Working Group (USTRWG), “a coalition of 25+ U.S. VASPs,” published an announcement on October 20th.

The Travel Rule was designed to help law enforcement agencies detect, investigate, and prosecute money laundering and other financial crimes by maintaining an information trail of transaction originators and beneficiaries.

From the original list of at least six companies (Coinbase, Bittrex, Gemini, Kraken, BitGo, and ShapeShift) slated to become members of USTRWG, only half of them have appeared in the members directory so far. Other notable parties include ConsenSys, hardware wallet developer Ledger, blockchain surveillance companies Ciphertrace and Elliptic, and Zcash’s Electric Coin Company (ECC). The last one should not be a shock to anyone, as they already belong to a law enforcement friendly forum called the Blockchain Alliance. And Zooko is- well… Zooko. While they do not appear to have announced or engaged in public community discussion about joining the working group, they claim here:

ECC believes that well-informed and -educated policy-makers and regulators produce better regulation. To that end, we engage with policy-makers and regulators both directly (through outreach and meetings; by providing commentary and feedback on proposed legislation and regulation; and by providing education designed to improve understanding of blockchain and DLT technology, cryptocurrencies in general, and Zcash specifically) and indirectly, by supporting and contributing to the efforts of organizations like Coin Center, the Blockchain Alliance, the Blockchain Association, and Global Digital Finance.

The whitepaper states that “initially, the address-VASP lookup mechanism will support bitcoin and ether,” and that “data transmission will be conducted in a point-to-point manner, thereby limiting the receipt of customer data to the VASP who owns the receiving address.” While they do not provide even a rough timeline or deadlines for when these phases are expected to come into effect, the second and final phase involves “expand[ing] the solution beyond the U.S. to enable the sharing of Travel Rule data with qualified VASPs globally.” They clarify that this would not involve what they term “unhosted wallets” (i.e. “non-custodial wallets” and “private wallets”), which makes some of the memberships quite curious.

The solution also does not cover the cases where an unhosted wallet is involved in a transaction as either the sender or receiver. Under FinCEN and FATF guidance, VASPs are not required to send Travel Rule data to unhosted wallets as unhosted wallets are not considered to be money transmitters or VASPs (in so far as the transactions conducted through unhosted wallets are to purchase goods or services on the user’s own behalf).

Despite membership by at least two blockchain surveillance companies in USTRWG, they note that such tools are insufficient even for the task of identifying addresses owned by other VASPs, let alone individual entities:

While blockchain analytics tools offer some insight into potential ownership, they do not completely solve the “lookup” challenge of accurately identifying all transaction counterparties for Travel Rule compliance purposes.

They also acknowledge that trusted third parties can become security holes:

As the network grows and membership increases, trust will decrease and technological controls and systems must be installed to prevent bad actors from attempting to compromise sensitive Travel Rule information… Strong encryption standards and data transfer protocols are required to ensure that customer data is not compromised or leaked when it is collected, transmitted, and stored.

What’s that, you say? Strong encryption? Secure communication? A peer-to-peer private network? With a minimal data retention policy? I’m sorry, I thought those things were only being used by criminals. Whatever you do, enable Javascript and don’t forget to give the government their golden key…

Three days later, FinCEN and the Federal Reserve announced that they had “invited comment on a proposed rule that would amend the recordkeeping and travel rule regulations under the Bank Secrecy Act” to lower the applicable threshold for “transmittals of funds that begin or end outside the United States” to just 1/12 of the current standard. October 23rd happens to be the 50th anniversary of the Bank Secrecy Act’s approval.

Under the current recordkeeping and travel rule regulations, financial institutions must collect, retain, and transmit certain information related to funds transfers and transmittals of funds over $3,000. The proposed rule lowers the applicable threshold from $3,000 to $250 for international transactions. The threshold for domestic transactions remains unchanged at $3,000.

The proposed rule also further clarifies that those regulations apply to transactions above the applicable threshold involving convertible virtual currencies, as well as transactions involving digital assets with legal tender status, by clarifying the meaning of “money” as used in certain defined terms.

As financial writer John Paul Koning wrote in the American Institute for Economic Research (AIER), “Their proposed threshold of $250 would shift the U.S. from being one of the world’s most permissive nations to the least permissive nation.” Jim Harper, whose IRS lawsuit I highlighted in TMIBP02, argued in the American Enterprise Institute (AEI) that he “would also emphasize the costs to innovation. That is clearest to me in the area of cryptocurrency and ‘decentralized finance,’ where untold projects and companies have not advanced because of financial surveillance rules and other regulatory requirements.” On October 29th, Coin Center published a copy of the comments they had filed in response:

Imposing new regulatory obligations on Americans should be done only when the benefits of doing so outweigh the costs. The costs in question are costs to society, not merely to regulated parties. And the costs and benefits to be considered should include difficult to quantify values like human dignity, of which privacy is a paramount component. Requiring this kind of cost-benefit regulatory analysis not only helps agencies choose the best regulatory alternative, but it compels policymakers to “show their work” in a way that allows the public to provide meaningful comment.

The present notice of proposed rulemaking fails to do this.

While the Agencies considered the cost that lowering the threshold for certain AML obligations would impose on financial institutions, there is no discussion whatsoever of the cost that the change would impose on individuals and society. Yes, financial institutions would bear the direct costs of a change, but the greater cost may be incurred indirectly by the thousands or millions of citizens that a change would affect.⁵ That cost is not easily quantifiable because it is a cost in privacy forgone, but it should not be ignored.⁶

October 21st - COINBASE RELEASES TRANSPARENCY REPORT

In TMIBP04, I highlighted that the Electronic Frontier Foundation has been calling on Coinbase to “start releasing regular transparency reports that provide insight into how many government requests for information it receives, and how it deals with them.” While it is unknown whether reports of Coinbase’s government contracts influenced this reminder from the EFF, many people were interested in such reports due their known communication and / or collaboration with various agencies, including the U.S. Secret Service, IRS, and DEA. This month, chief legal officer Paul Grewal (who replaced Brian Brooks earlier this year) has finally published their first transparency report.

Coinbase believes in protecting the financial privacy of our customers. As part of our commitment to being the most trusted place to engage with cryptocurrency, we work every day to ensure customer information remains safe and secure from compromise, inappropriate use, or unnecessary disclosure.

The report, which only concerns requests made “during the first half of 2020,” does not provide any details about the nature of the 1,914 requests they received in this period beyond identifying the requesting country or agency. Of the ~58% that came from U.S. government agencies, they break down further that a little over 30% or 340 of these were from the FBI. About 8.8% or 98 requests came from IRS divisions, and 9.3% or 104 requests came from the DEA. Brian Armstrong commented that the volume of requests was a “tax” on “private companies, which translates into higher prices for consumers. Lots of second and third order consequences.”

On October 21st, the EFF and Tsukayama issued a response that “Coinbase’s report is an important but modest step toward the transparency reports that people should expect from their financial institutions.” She recommended further steps for improvement:

We have some ideas on how Coinbase can improve its reports in the future. First, it would be helpful for consumers and advocates to know how many requests Coinbase may have challenged, or how many accounts were shut down as a result of these requests. Other companies routinely provide that level of detail.

For future reports from Coinbase and other financial institutions, EFF would also like to see transparency reports that outline informal government requests that don’t come from a subpoena, warrant, or other legal process, such as when law enforcement agencies have bullied companies to shut down accounts through coercion. We’d also like to see more information on how companies such as Coinbase handle government requests, which companies often make publicly available. It would also be useful for financial services such as Coinbase to start publishing how many Suspicious Activity Reports they file with the Financial Crimes Enforcement Network annually, and about how many accounts.

October 22nd - HODL HODL LENDING AND THE TRIANGLE OF DEFI

As part of their marketing, BlockFi likes to claim that their platform has “proven to be at the forefront of the bitcoin lending industry, and provides its customers not only with great returns, but advanced security measures as well.” Though you may recall from TMIBP01 that their storage of sensitive customer information in a retail marketing database led to a breach in May, followed by the hiring of a new chief security officer with multiple U.S. private and public intelligence services on his résumé. The saying goes that “trusted third parties are security holes,” and they are also privacy holes.

Hodl Hodl, the Baltic based non-custodial exchange, has announced the launch of a new “Bitcoin-backed P2P lending platform” that still aims for what they consider to be the three “main properties of DeFi projects. And these are: No custody, No KYC, No fiat.”

Property one: Non-custodial. Being non-custodial is a core element for every decentralized project out there. In most cases — not only — does this approach ensure a higher level of security, but it also allows your customers to be in control of their own funds. Your keys, your coins.

Property two: Non-KYC. Property one usually leads to property two. KYC creates unneeded friction and barriers to entry, and storing your private data with a third-party is not very decentralized.

Property three: Non-fiat. Yes, you read it right. Not having fiat, with all the fiat gatekeepers out there, helps you to create a proper P2P platform. If you look at the most successful DeFi projects you will understand that they are operating without fiat involvement. Instead, fiat is replaced with stablecoins. Such an approach allows you to move the payment part into a real P2P spectrum because stablecoin payments, just like Bitcoin payments, are happening with no middleman involved. Fiat payment institutions can block, reverse, and freeze operations between peers. Removing that type of risk makes your solution more censorship resistant.

In contrast to their existing terms of service prohibition against users who are “a citizen or tax resident of the United States of America, North Korea, Iraq, Syria, and/or Sudan,” they plan to openly accept U.S.-based users for the lending platform. (I say ‘openly’ because, of course, as a no-KYC service, it would be harder for them to know your nationality anyway.)

Filling the gap of traditional fiat with stablecoins – aka crypto-fiat or ‘collateralized inflationary shitcoin pegs’ – will involve acquiring them somehow. The supported stablecoins noted so far include Tether (USDT), Coinbase’s USD Coin (USDC), Paxos Standard (PAX), and the token by MakerDAO (DAI), all of which are / have variants based on ERC-20 or the Liquid Network. While there is a small market for BTC-DAI and a potential but currently non-existent market for BTC-USDC on Bisq, most – if not all – of the exchanges listed as places to buy or sell these stablecoins certainly do not exhibit the DeFi properties emphasized above, so it remains to be seen how practical it will be to utilize the platform in a privacy-preserving way.

CEO Max Keidun discussed Hodl Hodl and the new lending platform on episode #204 of Tales from the Crypt with hosts Marty Bent and Matt Odell. Keidun said that they had started building it at the start of the year, and mentioned a tweet from Odell, also referenced in the announcement, which made him think about how peer-to-peer non-custodial lending platforms could be “way more effective, way more user friendly, and actually better than centralised custodial lending.” He reported that within 24 hours of launch, they were already seeing “half a million” in liquidity, and that they were considering adding Liquid Bitcoin (L-BTC) and RGB in the future. On October 24th, Ruben Somsen wrote about “Liquid P2P Loans” as “a variation of the Hodl Hodl contract design, but without an arbitrator (not counting Liquid itself).”

To learn more, see Bitcoin Q+A’s guide on “10 steps to your first non-KYC bitcoin (Hodl Hodl Edition).”

October 25th - LEDGER PHISHING ATTACK

In TMIBP02, I highlighted a data breach of the popular hardware wallet company Ledger, involving approximately one million customer email addresses and the “first and last name, postal address, phone number or ordered products” of “a subset of 9500 customers.” Recently, many Ledger users have been receiving well-crafted phishing emails and text messages. It has not been confirmed whether this is a direct result of the June data breach, or possibly a separate incident.

Ledger first publicly alerted users to this campaign on October 19th. From my own perusal of social media, a majority of those self-reporting being targeted with such messages appear to have received them on or after October 25th. The phishing emails claim that a “forensics team” found “malware” on “Ledger Live administrative servers” and encourage them to download a (likely compromised) new version of the app. Andreas Tasch has been sharing his attempts to get answers from Ledger regarding the extent of the data breach.

On October 29th, Ledger shared advice about spotting phishing attacks.

If you know or suspect that you were impacted by this breach, I recommend reading Kraken’s “Security Advisory: Mobile Phones,” Jameson Lopp’s “A Home Defense Primer,” and “A Modest Privacy Protection Proposal.”

October 29th - LIKE A CLBOSS: LIGHTNING PRIVACY

‘ZmnSCPxj’ announced the alpha release of CLBOSS, “an automated manager for C-Lightning forwarding nodes” to “make the transition from pre-Lightning to post-Lightning much smoother in practice.” Their work on C-Lightning has been supported by a grant from Square Crypto.

CLBOSS will automatically take up managing your existing C-Lightning node, creating channels to the network when your peers close on you, maintaining incoming liquidity, etc. I also plan to have it monitor peers for how useful they are in routing.

In explaining why CLBOSS is useful, they noted the privacy risks of so-called “private channels.”

I think the rise of unpublished channels is evil, bad for privacy and ultimately censorship-resistance, and must be resisted. Xref. the “axiom of terminus” for why unpublished channels are not private. That is, end-users of the Lightning Network should be running routing nodes, and there must not be any unpublished nodes, because unpublished nodes will have every incoming and outgoing payment recorded accurately by their forwarding node peers, which now become targets for takeover by surveillors.

Thus, the goal of CLBOSS is to make it so that even a non-specialist can just set it up on some low-power computer they can afford to keep online at all times, so they have a high-uptime routing node. The routing node can then use forwarded payments as cover for its own traffic, increasing its privacy and increasing the necessary effort for surveillors to see payments. The owner of the Bitcoins can use a remote-control, such as Spark wallet over Tor, to conveniently spend over Lightning, with reduced risk of surveillance due to their node being a public forwarding node.

In TMIBP03, I summarised some research being done to improve routing and privacy on the Lightning Network. Earlier this month, the Lightning Junkies podcast released episode LNJ037, an interview with Paralelná Polis co-founder Mário Havel. He spoke about the philosophical origins of the hackerspace in Czechoslovakia, the Decentruck, Bleskomat ATMs, and his experience “being a shepherd of onboarding people to the Lightning Network.”

First of all, it is not easy to do Lightning really privately, at least now. I think the current implementations lack a lot of privacy. As I mentioned before, the repository where you can easily just set up a Bitcoin and Lightning node and BTCPay [Server] behind Tor? This is [a good] thing, I think. You have an anonymous identity, you have a way to easily, and almost without fees, earn money. I can imagine that, I am really in favour of something like that. But I think there is still some way to go to have enough privacy on Lightning.

He is looking forward to “some interesting features” being developed with WabiSabi, “like opening channels from CoinJoin.” As I mentioned in TMIBP01, the combination of CoinJoin and the Lightning Network has been a research area of interest since at least 2018.

October 31st - HAPPY BITCOIN WHITEPAPER DAY!

My message is: the Internet never forgets, cultures change, and retroactive laws exist.

Normies and nerds in the American empire and its satellites celebrate this day as an excuse to binge on high-fructose corn syrup and brainstorm something scarier than political unrest or pandemic lockdowns. October 31st 2020 is not only the second birthday of Wasabi, but first and foremost the twelfth anniversary of Satoshi Nakamoto publishing the whitepaper to the Cryptography mailing list. Bitcoin’s creator(s) feared not ghouls and ghosts, but rather real horrors spawned by the central banking system. As a privacy-focused newsletter, I would be remiss to exclude the section of the document which assumes privacy as an important value:

The traditional banking model achieves a level of privacy by limiting access to information to the parties involved and the trusted third party. The necessity to announce all transactions publicly precludes this method, but privacy can still be maintained by breaking the flow of information in another place: by keeping public keys anonymous. The public can see that someone is sending an amount to someone else, but without information linking the transaction to anyone. This is similar to the level of information released by stock exchanges, where the time and size of individual trades, the “tape”, is made public, but without telling who the parties were.

As an additional firewall, a new key pair should be used for each transaction to keep them from being linked to a common owner. Some linking is still unavoidable with multi-input transactions, which necessarily reveal that their inputs were owned by the same owner. The risk is that if the owner of a key is revealed, linking could reveal other transactions that belonged to the same owner.

As advised here, for those who wish to protect their anonymity despite transaction records being public, it is vital to avoid systems and services that force or seduce you into giving up sensitive personally identifying information to (un)trusted third parties, lest your financial life become even easier to surveil than before.

Of course, if you should have learned anything from my newsletter thus far, it is not only that you may encounter a variety of risks, but one tool or strategy will not address them all. The actors and threats may change. The fruit of your efforts may not be visible for many years to come – there is no chart for the gains or losses made here. But if you find the resolve to defend your liberties, then you will soon understand that the scariest and most toxic candies to crush are the ones that tell you to cease fighting back at all.

Thanks for reading! Feel free to bookmark or subscribe to catch the next edition of ‘This Month in Bitcoin Privacy.’

That One Privacy Girl