"Argema mittrei" by Erland Refling Nielsen is licensed under CC BY-NC 4.0 .
“Happened stories are all alike, every unhappened story is unhappened in its own way… Can the past be resurrected or re-member-ed again? Should it be? And how much past can a person bear?”
― Georgi Gospodinov, “Time Shelter” (2022)
“[Jesse Thistle:] ‘.. I’m helping re-member. Not just remember, like a memory. Like re-member, reassemble this history that has been disembodied by the state and forgotten.’”
― Gabor Maté, “The Myth of Normal” (2022)
This moth, whose homeland is history, flutters ahead through a pitch-█████ hollow, alighting ███████████ upon pillars of streaming, cascading electronic waves. Reflecting a rainbow of pixelated droplets, the moth’s eyespots seem to wink at you. ██████████ columns of radiant data lure the tiny creature more than ██████. After each brief landing, the wings pulse ███ shed soft scraps of note paper █ artfully burned around the edges like a lining of mascara. Too many for one ██████ to catch ██ to hold, ███ alone read. Stalagmites grow slowly in the wake of your pursuit, █████ the meandering waters of digital light may someday lap at a new edge of darkness. Choose your pillars wisely…
:information_source: Are you an open-source contributor to Bitcoin or related infrastructure? Consider applying for a grant at Open Sats, a 501(c)(3) non-profit organization. In July, we opened a new long-term support (LTS) program. We want to create a sustainable, independent, and consistent ecosystem of funding for free and open-source software and projects. In the United States, all gifts and donations are tax-deductible to the full extent of the law.
On May 16th 2023, hardware wallet maker Ledger had announced the approaching launch of “an optional paid subscription service” for Nano X users called ‘Recover.’ If enabled, the user would first submit some form of identification to Ledger’s partner, Coincover, a U.K.-based “crypto insurance platform” founded in 2018. Once the identity verification process is complete, the user’s Ledger device will then “duplicate, encrypt and fragment your private key into three parts [using Shamir Secret Sharing] within the Secure Element chip… These encrypted fragments are securely sent to three independent providers – Ledger, Coincover, and EscrowTech that will store them in Hardware Security Modules (HSMs).”
Since the announcement, Ledger and Coincover have jointly published six detailed articles on how ‘Recover’ will work. The fourth post, released on September 7th, focuses on the identity verification (IDV) step, which involves a combination of providing a government-issued identification document and passing a “biometric test” / comparison with a live selfie and video. Ledger is also a ‘backup provider’ and “relies on Tessi services to validate your identity when you request a restore.” Tessi is a “Business Process Services partner” offering ‘solutions’ in digital identities and know-your-customer (KYC), among other things.
What is the difference between Ledger Recover identity verification and KYC? Identity verification is not the same as KYC. Identity verification inherently collects much less information compared to KYC. To go through Ledger Recover identity verification you need a valid, government-issued document and be the rightful owner of that document. KYC involves ID verification but it can also include revenue information, record of criminal activity, citizenship check, etc. Again, Ledger Recover uses identity verification, not KYC.
While Ledger claims these operations are “not KYC”, it is still rather clear how the ‘IDV’ acronym originates from, and that these services support, efforts to introduce digitized and often more intrusive KYC requirements in response to anti-money laundering (AML) regulations. For example, Plaid, the financial technology company that faced class action lawsuits and anti-trust complaints (TMIBP02, TMIBP06, TMIBP20), offers identity verification and explicitly includes ‘IDV’ as part of their AML screening process. Should you fail the first two IDVs with Ledger ‘Recover’, then a third manual IDV can be performed through Coincover, but involving “another independent service provider IDNow,” a identity verification, screening and compliance platform. Ledger says that “in accordance with our data retention policy, your IDV data is securely retained until you unsubscribe from the service and then archived in a database with strict limited access for litigation purposes only.” Their privacy policy states that this retention period is at least 7 years.
The issue is that the code which instructs the device to export the keys is part of the new OS, without an opt-in system. The Ledger Recover system introduces the possibility of third party risk that didn’t exist before. You can opt-in to using the service, but you cannot opt-in to having that function installed on your device unless you choose not to update, which ultimately can cause problems on devices because updates are used to push security and functionality updates.
― “Ledger Recover Saga” by Pamela Morgan
Blockchain Commons founder and executive director Christopher Allen commented that the crux of the controversy was “in large part because we didn’t expect seeds to ever leave the Ledger device.”
As it turns out (as all hardware wallet designers already know), all it requires is a signed firmware update, and seeds can go wherever they want. Why? The problem is that no existing SE chips can do secp256k1 (the curve used by Bitcoin & Ethereum) natively and safely in semiconductor logic. This isn’t an issue with Ledger; it’s an issue with all current chips used by wallets today. This means that in order to do secp256k1, a SE has to hand a key off to a code execution process in the SE or to an MPU. That’s what opens the doors for doing unexpected things with that key — things that most didn’t expect from a personal hardware wallet.
In other words, the public might have had the expectation that keys weren’t going to ever leave the Ledger, but that expectation is actually impossible to support today, because keys already have to leave the most trusted part of the Secure Enclave to be used!
On October 19th, CEO Pascal Gauthier began “the countdown for our launch” and shared the published code for ‘Recover’ (the majority of their operating system remains closed-source). On October 24th, they announced that it was “now available for Ledger Nano X users,” though only those with a national identity based in the U.S., Canada, and Europe. According to the dedicated page, ‘Recover’ costs “9,99€ per month after the first free month.” Why such a not-KYC process should require government identification, and not possibly work with various alternative forms of identity or web-of-trust proofs, is a question left to the reader:
Ledger Recover availability depends on the country in which your passport, national identity card, or driving license was issued. At the moment, a passport/national identity card issued by the European Union, the United Kingdom, Canada, and the United States, or a driving license issued in the United States, is required to subscribe to the service. We will be covering more countries and adding support for more documents. Stay tuned.
In TMIBP02, TMIBP05, TMIBP09, and TMIBP20, I have followed Jim Harper’s lawsuit against the IRS “for violation of my Fourth Amendment and Due Process rights” in relation to the sharing of his financial data by a third-party service, Coinbase.
At issue in this case is whether either the U.S. Constitution or federal statutes impose meaningful restrictions on Internal Revenue Service authority to gain surreptitious access to a taxpayer’s confidential financial records without providing the taxpayer any opportunity to object and without showing a substantial need for the information.
On May 26th 2023, District Judge Joseph N. Laplante granted the IRS’ motion to dismiss the case. On October 13th, Harper filed his opening brief to appeal the dismissal, followed so far by amicus curiae briefs from the Americans for Prosperity Foundation, National Taxpayers Union Foundation, the “research-driven investment firm” Paradigm, research and advocacy group DeFi Education Fund, and Coin Center. NTUF senior attorney Tyler Martinez explained:
This case tests whether the IRS met the safeguards of 26 U.S.C. § 7609(f) and under the Due Process Clause. The asserted interest is one of privacy — and once information is disclosed, it cannot be remedied any more than a bell can be unrung. This Court has a chance in this case to clarify that only pre-confiscation process is adequate to protect privacy rights — especially where, as here, the IRS sought the records of thousands of accounts.
… John Doe warrants are dangerous tools that should only be used in limited circumstances against a cognizable limited pool of potential targets. The provision was not designed to allow for thousands of innocent taxpayers’ data to be handed over to an IRS agent in the hopes of finding a wayward file or two. Americans have substantial rights in the privacy of their data and should not be presumed to be tax cheats simply for using new technology like cryptocurrency.
… Privacy is unlike other property interests in that, once disclosed, the harm cannot be undone. Due process before disclosure is the only way to protect privacy.
In June, Harper had written about the consequences of introducing so-called artificial intelligence (e.g. more algorithmic account analysis) into anti-money laundering investigation. “Our nation was founded in rejection of the ‘general warrant’ to rummage people’s things that King George III’s agents enjoyed in the colonies. Today’s overweening sovereign rummages via customer service agents.” In September, he also explored the topic of whether or how data should be treated as property.
In TMIBP22, we saw Dan Gould’s proposal for “Serverless Payjoin” and the launch of the new Payjoin Software Development Kit (SDK). On June 27th, Gould formalized the PayJoin SDK with Martin Habovštiak (TMIBP14, TMIBP18, TMIBP19) and outlined its progress so far.
You might think Payjoin is just bitcoin, so it belongs in BDK. When you take a look at the
bdk
crate you see that it’s a wallet abstraction. That is meant to manage key material and synchronize apps with the network. Payjoin in contrast is an interactive transaction building protocol with some networking parameters. The two compliment each other well, and while the day where PDK’spayjoin
crate compiles as part ofbdk
may well come soon, in order to provide well engineered and reviewed components, PDK lives in its own repository for specialized scrutiny so each effort can focus on their individual strengths.
In mid-May, Gould had briefly discussed the similarities between PayJoin and splicing with Core Lightning developers Lisa Neigut and ‘Dusty Daemon’, who proposed the splicing specification back in April 2021. Last year, Gould had already shifted focus towards combining PayJoin and Lightning (TMIBP21), so there was mutual interest in interoperability.
Splicing is a new feature that is being added to the lightning protocol that allows you to update an active lightning channel. This means that you can add or remove funds from a channel without closing it. This is a very powerful feature because it allows you to have a channel that is always open and still be able to do on-chain transactions with the present balance. It also builds off of dual-funded lightning channels using the same interactive-tx protocol. This allows for peers to interactively construct bitcoin transactions together that will result in a splice of the peers channels.
… Splicing can enable remixing for lightning channels. This can allow for lightning channels to even further intermingle and be indistinguishable from other on-chain utxos. This means that we can have a lightning channel that is always open, but is constantly changing its on-chain history, and is constantly being remixed with other utxos. With this, we can boostrap potentially all lightning liquidity to a single coinjoin liquidity pool.
― “Channel Coinjoins” by Lightning Privacy Research
On July 11th, the Paris-based ACINQ – which had already added a custom splicing prototype to their Eclair implementation in June – announced that their mobile Phoenix Wallet now supports splicing. “Splicing makes the distinction between on-chain and off-chain really blurry.”
Another way to look at it is that we are moving from N UTXOs/user to 1 UTXO/user. It is simply the current optimum for self-custody on Bitcoin. Further reducing the on-chain footprint implies sharing UTXOs amongst users, either in a simplistic trusted way (custodial wallets), or by introducing concepts like virtual UTXOs.
We believe that the efficiency gains brought by splicing are so phenomenal that all wallets will eventually implement it. That is why this technological improvement marks the beginning of a new generation of self-custodial wallets.
On the same day, SLP490 was released with ‘Dusty Daemon’ further explaining the benefits of splicing. The end of the announcement hinted that ‘blinded paths’ and ‘Taproot’ were among the next upcoming privacy-related changes for Phoenix Wallet. CTO Bastien Teinturier was the primary developer on route blinding (TMIBP10, TMIBP18, TMIBP22), which was merged into the BOLTs in March of this year. Teinturier was also interviewed for SLP513 in September. As fellow privacy researcher Seth has pointed out, an immediate benefit of blinded paths would be more payment privacy protection from their default routing node.
Disclosure: I am a board member of the non-profit Open Sats and in July, we announced that we would support ‘Dusty Daemon’ with a grant and listing of his splicing work on our website.
On July 17th, Gustavo Echaiz, who contributes to an informational website about CoinJoin, published a blog post with Wasabi about “why Lightning Network-enabled coinjoin transactions is a powerful idea that is already possible with Vortex, and how a future WabiSabi implementation combining both technologies could differ and solve some caveats.” On August 5th, a browser-based Lightning wallet called Mutiny was formally released in beta by Tony Giorgio, Ben Carman, and Paul Miller. Among the primary features, they highlight that “Mutiny Wallet and Vortex will join forces, integrating on-chain and lightning privacy tools.. Ben Carman’s Vortex coinjoin project is ready, but needs the vertical integration to really succeed” (TMIBP20). There are a few open pull-requests to enable PayJoin sending & receiving, but support for the PayJoin SDK was already merged on September 25th; Gould tried it out on tesnet.
On August 9th, Gould shared an intermediate draft of the Serverless PayJoin proposal “before opening a draft on GitHub for the BIP editors, and before this exact specification has a complete reference implementation.” On August 12th, the draft was submitted as a pull-request.
On October 31st, Voltage frontend engineer Brandon Lucas published a long-form article titled “Payjoin for a Better Bitcoin Future,” summarising “current attacks on Bitcoin privacy, the history of payjoin from the perspective of privacy, how it works and how it can provide so many benefits with no changes to Bitcoin, and the current state of adoption.”
In TMIBP19, TMIBP20, TMIBP21, and TMIBP22, I have followed Ruben Somsen’s ‘Silent Payments’ proposal, “a new scheme for private non-interactive address generation without [extra] on-chain overhead.” On June 29th, the Bitcoin Improvement Proposal (BIP) draft by Somsen and Core contributor Josie Baker was assigned a number, BIP-352. It remains an open pull request in the BIP repository as the community reviews it. As of October 19th, BIP-352 was voted as a top-three “priority project” within the next six months of Bitcoin Core development and review.
Project priorities are those which the frequent contributors to this project have voted on to have more focused review on until the next feature freeze (or until they are completed). They will become permanent topics in our weekly IRC meetings so that we can get updates on the progress of each project and determine the next step to move them forward.
On July 27th, Human Rights Foundation (HRF) chief strategy officer Alex Gladstein opened, among others, a bounty worth “2 BTC for a mobile wallet which can send and receive Silent Payments in a private manner without requiring the user to run a full node.”
Disclosure: I am a board member of the non-profit Open Sats and in August, we announced that we would be supporting Baker with a Long-Term Support (LTS) grant, which includes his “work on BIP-352: Silent Payments, focusing on adoption in wallets outside of Bitcoin Core and supporting mobile clients.”
In TMIBP05, TMIBP07, TMIBP08, and TMIBP16 I have followed the Tor v3 transition and the importance of network privacy. Between June 2022 and the spring of 2023, the Tor network was under a distributed denial-of-service (DDoS) attack (TMIBP20). In TMIBP04, TMIBP06, TMIBP21, and TMIBP22, I highlighted that the Tor Project was considering “a token-based approach” for “prioritiz[ing] good clients over malicious clients when a denial of service attack is happening,” with support from the Onion Services Resource Coalition. On August 23rd, they announced that they “are officially introducing a proof-of-work (PoW) defense for onion services designed to prioritize verified network traffic as a deterrent against denial of service (DoS) attacks with the release of Tor 0.4.8.”
The inherent design of onion services, which prioritizes user privacy by obfuscating IP addresses, has made it vulnerable to DoS attacks and traditional IP-based rate limits have been imperfect protections in these scenarios. In need of alternative solutions, we devised a proof-of-work mechanism involving a client puzzle to thwart DoS attacks without compromising user privacy.
Proof of work acts as a ticket system that is turned off by default, but adapts to network stress by creating a priority queue. Before accessing an onion service, a small puzzle must be solved, proving that some “work” has been done by the client. The harder the puzzle, the more work is being performed, proving a user is genuine and not a bot trying to flood the service. Ultimately the proof-of-work mechanism blocks attackers while giving real users a chance to reach their destination.
The stable release of 0.4.8.4 includes more detailed notes on how it works.
Disclosure: I am a board member of the non-profit Open Sats and we are part of the Onion Services Resource Coalition, supporting bitcoin donations to the Tor Project.
On April 20th, MEPs approved the Markets in Crypto-Assets (MiCA) regulation and the application of the Funds Transfer Regulation (FTR) / Transfer of Funds Regulation (TFR) to crypto-assets.
― TMIBP22, “EU CASP Reporting and Transaction Restrictions” (April 2023)
In early August, Dutch engineer, financial history consultant, and Human Rights in Finance (HRiFEU) founder Simon Lelieveldt (TMIBP11, TMIBP14, TMIBP21) wrote about his intention to challenge the constitutionality of the application of the Travel Rule to crypto-assets in Europe; under the rules of annulment, “parties can request the Court of Justice of the European Union (CJEU) to rule on the legality of EU acts.” On August 14th, he outlined the basis of his claim, mainly focused on the lack of proportionality, and confirmed that he was “coordinating and executing the efforts to create the right setting for this annulment action.” On August 23rd, the deadline for filing any actions, he sent a letter to then Dutch Minister of Finance and first Deputy Prime Minister Sigrid Agnes Maria (S.A.M.) Kaag.
On August 24th, Lelieveldt and digital identity expert Jacob Boersma established the foundation with the aim “to keep banks and governments in check, preventing them from going too far with their violation of fundamental rights and their actual investigative behavior and regulations.”
On September 4th, the foundation formally submitted documents “that mark the beginning of a cancellation procedure” at the Registry of the General Court. On September 13th, the Amsterdam-based Privacy First foundation announced they were supporting the annulment action, under the Article 263 EU Working Treaty, on the basis that the “Regulation was blindly copied from international recommendations and insufficiently tested for fundamental rights.”
In TMIBP05, 08, 12, 14, 17, 19, 20, and 21, I have followed exploration, promotion, and criticism of central bank digital currencies (CBDCs). In February, a team composed of myself, Matthew Mežinskis, and Nick Anthony were awarded a fellowship to build an online resource that tracks CBDCs around the world “and flags their risks for civil liberties” (TMIBP22), in collaboration with Johns Beharry and Marina Spindler from Peak Shift. At this year’s Oslo Freedom Forum (OFF), the website and promotional video were premiered: cbdchumanrights.org :purple_heart:
As of this writing, we are just days away from the full launch of the global map that will combine economic stats like the status of CBDC research, development, and implementation, and the human rights risks in each particular country or region that could be exacerbated by the imposition of a CBDC. While our fellowship ends with this publication, we intend to have it continually updated, and my investigation of CBDCs will build upon this work.
According to the results of a Bank for International Settlements (BIS) survey published in July, “there could be 15 retail and nine wholesale CBDCs publicly circulating in 2030,” and “60% of surveyed central banks reported that they have stepped up their CBDC work in response to the emergence of cryptoassets,” particularly “stablecoins such as Tether and USD Coin.”
On May 8th, the non-profit Regulatory Transparency Project (RTP) hosted a panel discussion about CBDCs and financial privacy with U.S. Representative Tom Emmer (TMIBP07), Jim Harper, Electric Coin Company (ECC) head of U.S. public policy and strategic advocacy Paul Brigner, former FinCEN director Michael Mosier (TMIBP08, TMIBP11, TMIBP19), former DOJ associate deputy attorney general and current ConsenSys director of global regulatory matters William ‘Bill’ C. Hughes, and associate professor of law J.W. Verret. Emmer compared the development of CBDCs to the creation of the U.S. Foreign Intelligence Surveillance (FISA) Court and its potential to “be abused” and “weaponized against American citizens,” and implied that there was also non-public resistance to CBDCs among members of the Democratic Party despite the Biden administration’s support for them. A Cato Institute 2023 CBDC National Survey found that “Republicans are slightly more familiar (34%) than Democrats (25%) and independents (25%). However, Democrats are about twice as inclined (22%) to support adopting a CBDC than are Republicans (11%).”
Mosier, consistent with his comments to a Senate committee in March 2022 (TMIBP19), advocated for minimising data collection as much as possible, that pegging it to the policy decisions of any given administration was “just too fragile,” and cited the conclusions of Project Hamilton, a multi-year joint research effort between the Federal Reserve Bank of Boston and the Massachusetts Institute of Technology (MIT) “into the technical feasibility of a potential central bank digital currency” that completed in December 2022.
Any payment system’s architecture is influenced by the design choices made around data privacy, access, and retention, and achieving robust privacy requires making explicit architectural choices at each layer of a system’s design.
― “A High Performance Payment Processing System Designed for Central Bank Digital Currencies” by James Lovejoy, Cory Fields, Madars Virza, Tyler Frederick, David Urness, Kevin Karwaski, Anders Brownworth, and Neha Narula (2022)
On the question of whether CBDCs were competition for cash or cryptocurrencies, it was argued that the primary opponent is actually stablecoins, though Harper thinks they are still “small potatoes”; he later wrote about European Central Bank (ECB) president Christine Lagarde’s comments during a BIS event panel in March, on “the digital euro as more privacy-protective than competitive alternatives such as stablecoins offered by Big Tech companies.”
Her comments are a classic illustration of the transatlantic divide on privacy. Americans see privacy as a liberty value and distrust government. Europeans see privacy as a dignity value and distrust companies — perhaps especially American ones.
RTP has published short animated informational videos about CBDCs and the Bank Secrecy Act (BSA) with Norbert J. Michel and Jennifer Schulp (TMIBP20, TMIBP21).
On September 12th, Emmer (MN-06) reintroduced the “CBDC Anti-Surveillance State Act,” which he had originally drafted back in January 2022. On September 14th, the House Financial Services Committee held a hearing titled “Digital Dollar Dilemma: The Implications of a Central Bank Digital Currency and Private Sector Alternatives.” On September 20th, the bill was considered and agreed to during a markup session by the Committee. Emmer described it as “a historical step in defending against an ever-expanding government surveillance state.”
Specifically, the CBDC Anti-Surveillance State Act prohibits the Federal Reserve from issuing a CBDC directly to individuals, ensuring the Fed cannot mobilize itself into a retail bank able to collect personal financial data on Americans. It prohibits the Fed from indirectly issuing a CBDC to individuals through an intermediary, preventing the Fed from launching a retail CBDC through our two-tier financial system. Finally, it prohibits the Fed from using any CBDC to implement monetary policy, ensuring the Federal Reserve cannot use a CBDC as a tool to control the American economy. The legislation protects innovation and any future development of digital cash.
From May 8th to June 19th, the Bank of Canada (BoC) held “an online public consultation on the features that could be included in a digital Canadian dollar.” On May 25th, only a couple weeks into the survey, the BoC tweeted that “no decision has been made” to issue a CBDC. “The decision rests with the Government of Canada, not the Bank. We don’t see the need to issue one right now, but we have to be ready for whatever the future holds.” On June 22nd, following the end of the consultation period, the BoC reported that they had received over 85,000 responses. As of writing, their summary report is yet to be published.
The BoC first published staff research about the possibility of issuing a CBDC back in November 2016, with “Central Bank Digital Currencies: A Framework for Assessing Why and How.” They observed that a number of so-called ‘foregone transactions’ – defined as “those that are economically beneficial (i.e., improving the welfare of the transacting parties) but do not occur because of various frictions” – were due to privacy concerns around “how their payment information is stored and transferred.” Therefore, a CBDC with a “higher level of anonymity may protect privacy and thus promote adoption and usage.” In a subsequent discussion paper one year later, “Central Bank Digital Currency: Motivations and Implications,” a footnote suggested that “a central bank could consider issuing both an anonymous benchmark CBDC (with a cap on the maximum amount that could be held) along with an I-CBDC (with no cap on balances).” In June 2020, they published an analytical note on “what is technologically feasible for privacy in a central bank digital currency (CBDC) system.”
A CBDC system is required to comply with regulations (e.g., KYC and AML). This can dictate the level of privacy and the selection of privacy techniques. KYC may require entities to store personal data with proper classification. Generally, achieving high levels of privacy while complying with regulations is complicated. A designer, however, could build a system with hybrid privacy levels. In this, unregulated holdings and transactions (offering maximum privacy to users) would be permitted within limits (e.g., a maximum amount) alongside regulated ones without limits.
A key difference in the justifications for issuing a CBDC, compared to those in Europe or the United States, is (a lack of) consideration for the unbanked, let alone the debanked. In “Is a Cashless Society Problematic?” the staff cite the results of a “Methods-of-Payment Survey” from 2013, in which “besides cash, 98% [of respondents] have a debit card, while about 82% have a credit card.” This is consistent with other multi-year public surveys, though it should be noted that the proportion of unbanked is noticeably higher for indigenous Canadians: “there is an estimated rate of 15% of individuals without bank accounts in First Nation communities.” Instead, this paper focused on issues with “seigniorage, monetary policy, payments and financial stability,” such as the stark contrast in the quantities of ‘inside’ vs. ‘outside’ money. Interestingly, they believe that “Bitcoin can also be considered outside money, although it is private money (e.g., Garratt and Wallace 2016).”
As noted above, almost all of the money used in a modern economy is inside money created by the banking system. Therefore, one way to interpret the prospect of a cashless society is that a particular kind of outside money (cash) falls into disuse and even greater reliance is placed on inside money (deposits), which already accounts for almost all of the money in Canada.
You can follow a feed of BoC research regarding CBDCs and related topics here.
On May 26th, the European Central Bank (ECB) published a summary of the prototyping exerciese conducted between July 2022 and February 2023, as part of the investigation phase for the digital euro project. The design scope of the prototype included that the centralised “settlement engine which processes digital euro payment and funding/defunding transactions,” called N€XT, was “based on a UTXO data model.” Apache Kafka, “an open-source messaging technology, serves both as the inter-service communication platform and as a multi-site sharded data store for transactions and UTXOs.” They argued that this model was advantageous for privacy:
One of the advantages of a UTXO-based data model is in fact the ease of implementing a centralised ledger that does not allow balances to be associated with any given individual. The N€XT prototype natively supports one-time UTXO addresses and does not need to know which wallet holds the UTXOs, nor the identity or pseudonym of their owner, in order to process UTXO transactions. Thus, the prototype showed that the Eurosystem would be able to perform the settlement tasks without being able to know the balance or to infer the payment patterns of any user. However, this approach will require intermediaries to manage one-time addresses and to implement certain features such as checks on holding limits. Furthermore, it would require the incorporation of procedures to ensure that end users can recover their funds if their intermediary suddenly ceased to operate.
They also claimed that ‘market particpants’ were “experimenting with innovative approaches, such as self custody wallets, which could potentially allow for more privacy – pending legislative developments.” They support the idea of “tiered due-diligence checks” and “specialised identity verification service providers” as gatekeepers, without specifying what degree of identification will be expected.
The main learning with regard to these checks was that it is technically feasible and potentially advantageous to unbundle checks that are dependent on the user’s identity (such as AML/CFT11 checks) from the payment flow, so that they can be either skipped for low-value payments – if permitted by legislation – or potentially performed by different entities. In such a set-up, the use of the digital euro would come closer to the use of cash from a privacy perspective, and benefits could be achieved by relying on specialised identity verification service providers who would ideally adhere to harmonised pan-European standards, rather than relying on intermediary-specific identity solutions.
The FAQ page managed by the European Commission also states, regarding “limits on the amount of digital euro you can hold,” that “holding limits would be set by the European Commission for the use of digital euro offline, in order to limit money laundering and terrorism financing risks.”
On June 28th, the Directorate-General for Financial Stability, Financial Services and Capital Markets Union (DG FISMA) department of the Commission published a draft regulation package with a proposal for a new Payment Services and Electronic Money Services Directive (PSD3) and “a new Payment Services Regulation (PSR),” to create “an efficient and integrated market for payment services in the EU.” Though it does not appear that the proposals mention a digital euro, the ECB’s fourth report cites them as “facilitating the possible introduction of a digital euro.” On the same day, the Commission also adopted a legislative proposal “on the legal tender of euro banknotes and coins, to safeguard the role of Euro cash.”
This proposal is also consistent with the European Accessibility Act, which covers ATMs, and with the Union’s policy efforts to support social inclusion, including in the context of the European Pillar of Social Rights. It aims to ensure that everyone in the euro area has sufficient and effective access to cash. This is particularly relevant for vulnerable groups with a dependency on using cash for payments, which typically include older people, those with a disability who may have difficulty inaccessing digital payments, people with limited digital skills and/or income. These groups tend to have a strong preference to use cash to settle their payments over electronic means of payments. Furthermore, financially excluded people, such as the unbanked, asylum seekers and migrants, who may not be able or willing to use means of payment supplied by the private sector, also rely on cash as their payment method. Moreover, evidence shows that the main reasons why cash is preferred are that (i) cash is considered to make one more aware of one’s own expenses, and (ii) cash is perceived as anonymous (and therefore protects privacy)7, whilst it has the unique feature of allowing for direct payments with immediate settlement without the need for a third party. In terms of preserving cash as a payment option, the 2022 ECB SPACE study8 shows that 60% of consumers still considered the option to pay with cash to be important or very important. It confirms that “despite the impact of the pandemic and related lockdown measures and self-reported preferences, an increasing share of euro area consumers would like to have cash as a payment option”9.
In mid-July, the ECB published their fourth progress report for the investigation phase. They still believe it is feasible that “a digital euro could work both online and offline, using independent designs,” “thereby also increasing the resilience of the digital euro ecosystem.” The four core principles of the compensation/ funding model include:
The Eurosystem is of the opinion that a digital euro should offer basic services to citizens free of charge, reflecting its status as a public good and in line with users’ experience with cash. To foster network effects, the Eurosystem believes that intermediaries should be compensated for the services they provide, as they are for comparable electronic payments, while legislative safeguards should prevent merchants from being overcharged by intermediaries. The Eurosystem would bear its own costs, as it does today for banknotes.
On July 11th, the ECB hosted a ‘civil society seminar’ featuring Evelien Witlox and José Ignacio Terol Rodriguez, managers of the digital euro project, with deputy head of public communication Ronan Sheridan moderating. Regarding the holding limit, Witlox confirmed it was still likely to be set around €3,000 because then “there would be no impact or concern for financial stability.. just to avoid that, in a time of crisis, there would be a big outflow of liquidity [from] the bank in one go.” The limits would be finalized closer to the date of issuance. She also said that the offline version would “be indeed something like a bearer instrument.” Terol Rodriquez added that it “would only be available for proximity payments,” like typical cash transactions. Regarding ‘inclusion’, their slides state that the digital euro “will be designed to take on board people with no access to a bank account and low digital or financial skills, as well as people with disabilities.”
On August 16th, I attended a talk at Chaos Communication Camp 2023 by Epicenter.Works executive director Thomas Lohninger. His civil rights organisation has been paying close attention to both the digital euro project and the related development of the European Digital Identity Wallet under an updated international electronic identification (eID) system and reformed ‘Electronic IDentification, Authentication and Trust Services’ (eIDAS) regulation; their counter-lobbying efforts have contested, delayed, or even removed the inclusion of undesirable features, such as unique and persistent identifiers. Recently, Lohninger and more than “409 scientists and researchers from 33 countries” signed an open letter to the Parliament and Council, opposing certain elements of the near-final text of the eIDAS reform because it “radically expands the ability of governments to surveil both their own citizens and residents across the EU by providing them with the technical means to intercept encrypted web traffic, as well as undermining the existing oversight mechanisms relied on by European citizens.” I highly recommend watching his presentation.
On October 18th, the ECB announced that the governing council had decided to move on to the “preparation phase following conclusion of two-year investigation phase.” The ECB has recently updated their FAQ page and opened a promotional page of the ‘key’ planned features. You can follow all publications from the ECB about the digital euro project here.
The next phase of the digital euro project – the preparation phase – will start on 1 November 2023 and will initially last two years. It will involve finalising the digital euro rulebook and selecting providers that could develop a digital euro platform and infrastructure. It will also include testing and experimentation to develop a digital euro that meets both the Eurosystem’s requirements and user needs, for example in terms of user experience, privacy, financial inclusion and environmental footprint. The ECB will continue to engage with the public and all stakeholders during this phase. After two years, the Governing Council will decide whether to move to the next stage of preparations, to pave the way for the possible future issuance and roll-out of a digital euro.
On the same day, the European Data Protection Board (EDPB) and Supervisor (EDPS) Wojciech Wiewiórowski issued a joint opinion on the design proposals so far, including a “call for clarifications on the processing of these identifiers” and “strongly recommend[ing] to introduce a ‘privacy threshold’ for online transactions, under which neither offline nor online low-value transactions are traced.”
In addition to the highly speculative nature of the purported benefits, CBDCs raise considerable privacy and surveillance risks. A new digital pound would collect sensitive payment and user identity information and simultaneously be programmable and traceable, thereby carrying potentially disastrous consequences. Examples of CBDC development abroad paint a cautionary tale: China’s digital currency development has been linked to an increase in population surveillance,11 whereas Nigeria has explored ways to “keep full control”12 of its CBDC despite the rollout of the new currency receiving public backlash and a legal intervention.13 The possibilities of state surveillance and financial control that a centralised digital currency can bring are deeply concerning and incompatible with the rights and freedoms integral to democratic British society. As Danny Kruger MP said during a Treasury Committee evidence-gathering session on CBDCs, “if we get this wrong, it is catastrophic”.14
In May, the U.K. civil liberties non-profit and campaign group Big Brother Watch launched “NoSpyCoin” (similar to the ‘NoSpyCash’ campaign in the U.S.), opposing “the Government’s plan to pilot a Central Bank Digital Currency by 2025” and encouraging citizens to contact their members of Parliament. They had already submitted their response to a February 2023 consultation paper on the ‘digital pound’ (aka “Britcoin”) issued by the Digital Pound Taskforce, a partnership between the Bank of England (BoE) and HM Treasury. The paper claims that:
.. the digital pound is at least as private as current forms of digital money, like the money in a commercial bank account or e-money. Digital pound users will be able to make choices about the way their data is used. We are supportive of, and encourage, firms to offer services that enable holders to opt for enhanced privacy functionality and exert greater user control of personal data.
… Neither the Government nor the Bank would have access to digital pound users’ personal data except for law enforcement agencies under limited circumstances, prescribed in law, and on the same basis as currently withother digital payments. The digital pound would not be anonymous because the ability to identify and verify users is needed to prevent financial crime.
Public comment and questions – of which they reportedly received more than 50,000 – were accepted until June 30th, and as of writing they are still being analysed. You can follow this filtered news feed for updates on their activity.
On September 6th, London-based Financial Times (FT) banking and fintech correspondent Siddharth Venkataramakrishnan published an article about how discussion and development of CBDCs is being thwarted by “culture warriors,” that this “risks undermining adoption and entrenching fears about government surveillance.” Yet in his own article, he cites the Nigerian ‘eNaira’, and how the ‘e-yuan’ “offers greater control and surveillance,” based on the same February 2021 article in the FT that explicitly argues it is “tied up in the Communist party’s drive to maintain its control over society and the economy. The technology is partly designed to reinforce its surveillance state.” He also quotes experts who acknolwedge that there is legitimate fear and distrust:
A series of financial scandals this year have exacerbated distrust, says Aoife Gallagher, a senior analyst at the Institute for Strategic Dialogue. “Events like the Coutts saga [in which the private bank closed former Brexit party leader Nigel Farage’s bank accounts] and the Silicon Valley Bank collapse serve as further justification within these communities,” she says.
:information_source: For more perspective on the history and nature of CBDCs, check out economic anthropologist Brett Scott’s “Zen and the Art of CBDC Analysis.”
In March, the Bank for International Settlements (BIS) announced that they would be collaborating with the central banks of the Netherlands (DNB) and Germany (DBB) on Project Atlas, “a data platform that sheds light on the macroeconomic relevance of cryptoasset markets and decentralised finance (DeFi).” On October 4th, they published their first project report on the proof-of-concept.
Project Atlas provides data tailored to the needs of central banks and financial regulators. It fuses data gathered from crypto exchanges (off-chain data) with data from public blockchains (on-chain data) gathered from nodes. By connecting various sources, Atlas allows for data vetting, giving users tools to evaluate these markets’ economic significance more accurately.
The report notes that the Vienna-based Iknaio Cryptoasset Analytics GmbH is the ‘private sector partner’ that provides “the aggregation of proprietary attribution data on crypto exchanges.” The service commented that they are “proud to support this initiative.”
With clustering heuristics, it is possible to construct the entity network, representing asset flows between address clusters probably controlled by the same real-world entity. A single entity can control several address clusters. Building on the entity network abstraction, blockchain addresses are de-anonymised and linked to real-world entities using public and proprietary information, referred to as attribution data. Attribution data include information on the acting entity, such as the name of a crypto exchange. The strength of the approach lies in combining address clusters with attribution data. One data point that attributes a single address to a real-world entity can identify a large address cluster. This way, the approach can at times even deanonymise a couple of hundred thousand addresses with a single data point.
However, generating attribution data is usually expensive since it relies on sample interactions with a particular crypto exchange, crawling for published addresses or other more elaborate data-gathering procedures. There are public sources for attribution data (eg walletexplorer.com or etherscan.io). In addition, private companies increasingly offer attribution data as part of their business model. Therefore, comprehensive attribution data are often proprietary information. While the focus often lies on forensics or transaction screening, Atlas employs attribution data focusing on macroeconomic relevance. Atlas employs public attribution data combined with proprietary data provided by Iknaio research, which is also based on third parties that specialise in cryptoasset data or indirectly collected attribution data.10 The platform updates data from different repositories and can incorporate further sources of attribution data.
The report did not offer much insight into what they have used it to study, beyond that “an initial analysis of data collected by the platform indicates that cross-border flows are substantial in economic terms and unevenly distributed across geographical regions.” They also state that their purpose is to “serve as a starting point for preliminary assessments and inform the drafting of data reporting requirements and regulation of crypto market actors.” It should also be noted that ‘walletexplorer.com’ is operated by Chainalysis and has surreptitiously associated visitor IP data and addresses, which was then fed to law enforcement (TMIBP06, TMIBP22). With that in mind, it is undeniable that the BIS is now directly engaging in blockchain surveillance.
As you consider whether and how to incorporate blockchain analysis into your investigative strategy, be forewarned: There may be myriad challenges — legal and practical — to admitting blockchain analysis evidence at trial. For example, some analytical tools may incorporate sensitive or proprietary techniques that cannot be readily presented in open court. As discussed further below, these difficulties are hardly insurmountable, but a savvy prosecutor may conclude that employing tools in other ways that avoid undue litigation risk may be the more prudent course.
― “Using Blockchain Analysis From Investigation to Trial” by C. Alden Pelker, Christopher B. Brown, and Richard M. Tucker in the ‘Technology and Law’ issue of the Department of Justice (DoJ) Journal of Federal Law and Practice, Vol. 69, No. 3 (May 2021)
The legal presumption, as applied in practice, has exposed widespread misunderstanding about the nature of computer failures – in particular, the fact that computer failures are usually failures of software – because of the naïve belief that computers were just ‘mechanical instruments’. The presumption has been the cause of widespread injustice.
… We propose that the presumption that computer evidence is reliable be replaced with a process where if computer evidence is challenged, a party must justify the correctness of the evidence upon which they rely. The proposed process, summarised below, requires the disclosure of documents that would already exist in any well-managed computer system. The procedural and evidential safeguards of the kind we propose would probably have avoided the disastrous repeated miscarriages of justice over the past 20 years. The Post Office Horizon scandal is not unique.3
― “Briefing Note: The Legal Rule That Computers Are Presumed To Be Operating Correctly – Unforeseen and Unjust Consequences” by Nicholas Bohm, James Christie, Peter Bernard Ladkin, Bev Littlewood, Paul Marshall, Stephen Mason, Martin Newby, Steven J. Murdoch, Harold Thimbleby and Martyn Thomas CBE in Digital Evidence and Electronic Signature Law Review, Vol. 19 (October 2022)
In TMIBP20 and TMIBP22, I highlighted the case of Roman Sterlingov, accused of creating and operating Bitcoin Fog, a centralised proto-mixing service. He was arrested on April 27th 2021, and has already spent over 900 days in pre-trial detention. A key point of contention in the case has been the accuracy and validity of the blockchain surveillance processes used by the IRS Criminal Investigation (IRS-CI) agent(s), namely the software services of Chainalysis. There have been three significant developments.
Firstly, on July 18th, Chainalysis’ head of investigations for government solutions Elizabeth A. Bisbee filed a declaration with the court concerning their “clustering methodology,” which included the following statements [emphasis added]:
Chainalysis clustering methodologies have not been peer-reviewed in the sense that an academic paper would get peer-reviewed with data and methodology(ies) reviewed in a separate study by other scientists. However, every single clustering heuristic in the system has been reviewed by numerous Chainlaysis data scientists, intelligence analysts, and investigators that specialize in blockchain analytics.
… If the information were incorrect, the exchange receiving the legal process would respond that the address does not match or be [sic] controlled by them. Chainalysis does not know how often this happens but this is extremely rare otherwise law enforcement customers would not be able to use Chainalysis tools to further their investigations.
… Historically, Chainalysis has not gathered and recorded in a central location false positives / false negatives because there is design to be more conservative in the clustering of addresses. In response to the Court’s inquiry, Chainalysis is looking into the potential of trying to collect and record any potential false positives and margin of error, but such a collection does not currently exist.
“Looking into the potential of trying to” do science, how lovely! These admissions were all further confirmed in-person during the Daubert hearing on June 23rd, where Bisbee and Federal Bureau of Investigation (FBI) staff operations and virtual currency specialist Luke Scholl were questioned on the subject.
Secondly, on August 8th, Ciphertrace director of investigations and intelligence Jonelle Still filed a 41-page expert report “reveal[ing] errors, omissions, and a lack of methodological rigor” in the so-called evidence provided by Chainalysis and TRM Labs, “calling the Government’s conclusions into serious doubt.”
For the reasons discussed below, Chainalysis’ attributions are unverifiable and should not be used in a Court of law. These data have never been verified externally nor independently, have not been audited, utilize novel algorithms, are based upon experimental research, and, as expert witness Elizabeth Bisbee, from Chainalysis, testified at the Daubert Hearings, there are no known error rates, false positive rates, false negative rates, or any scientifically peer-reviewed inquiry validating the accuracy of Chainalysis’ data application of its models. Therefore, I cannot verify the vast majority of Chainalysis’ attribution as presented by the Government.
… Blockchain forensics should only be used to generate investigatory leads. Standing alone, they are insufficient as a primary source of evidence. What is striking about this case is the conclusions reached without any corroborating evidence for the blockchain forensics.
The blockchain forensics and tracing tools used in this case were misused to erroneously conclude that Mr. Sterlingov was the operator of Bitcoin Fog when no such evidence exists on-chain.
The failures in the blockchain analysis in this case highlight some of the structural problems with this space. To prevent wrongful arrests like this one, and failures in compliance, like with FTX, it is recommended that Chainalysis, and their methodologies of blockchain analysis be independently audited.
In September, I gave another presentation on “the overlap between blockchain analysis companies, private spyware firms, and government intelligence agencies” at the Baltic Honeybadger conference in Riga, Latvia, as a follow-up to the one I gave at Paralelní Polis in October 2022 (TMIBP21, TMIBP22). It focused on the risk of “becoming legally sandwiched between a new category of ‘junk science’ in forensics and the non-judiciability of many cases that fall under counter-terrorism law / policy.”
Thirdly, despite much resistance from Chainalysis, it now seems possible that an expert witness may be allowed to access and evaluate their software on behalf of the defense. On August 31st, within a notice to the court, Chainalysis offered to “voluntarily provide the government with the following information which the government may produce to the defendant: (1) the specific assumptions and logic tests used by heuristic 2 (behavioral clustering) for the results in this case; (2) information on how heuristic 1 (co-spend clustering) detects and controls for CoinJoin; and (3) information regarding whether any manual alterations were applied to heuristic 3 (intelligence-based clustering).” They are still otherwise resisting the requests to disclose their source code in part or in full, arguing that “a protective order would be insufficient to protect the proprietary source code” and disclosure to the “Defendant, Defense counsel, or their suggested expert” would “cause irreparable harm to Chainalysis’ business.” Bisbee and attorney William Frentzen filed supportive declarations to that effect. However, on September 12th, they still filed two drafts for a “Heuristic Information / Code Protective Order” that would bar anyone from using or disclosing information about their software outside of closed court proceedings; they subsequently also requested the inclusion of “a five-year noncompete requirement.” On September 13th, Judge Moss accepted the proposed protective order draft that Still would be subject to if chosen as the reviewer, and “the new trial start date tentatively is set for February 12, 2024.” Still declined the invitation, given that this could “subject Ciphertrace to extensive potential intellectual property and other claims by Chainalysis” and disrupt “her ability to work for future employers in blockchain related fields.” She “is still available to testify based on her review of the discovery and her expert report produced to the Court.” On September 29th, Ekeland and Hassard protested that “this leaves Mr. Sterlingov’s attorneys as the only ones currently able to review this specific, produced, novel material evidence… Mr. Sterlingov cannot meaningfully and effectively participate in his own defense.”
This ban on Mr. Sterlingov’s personal review of the evidence directly relevant to a core issue in this case – the inaccuracy of Chainalysis Reactor software and its lack of scientific validity – violates Mr. Sterlingov’s Fifth Amendment due process rights, particularly his right to put on a complete defense, and his Sixth Amendment rights to effective assistance of counsel and to confront his accusers.
Bonus ‘What Is Wrong With This Picture?’ Moment: On November 2nd, FTX CEO Sam Bankman-Fried was found guilty on all charges of wire fraud, wire fraud conspiracy, conspiracy to commit money laundering, conspiracy to commit commodities fraud, and conspiracy to commit securities fraud; the remaining charges from the indictment, of “conspiracy to defraud the Federal Election Commission and commit campaign finance violations,” may reportedly still be prosecuted at some future date. Back in April, New York Times (NYT) technology reporter David Yaffe-Bellany, writing about the United States v. Ryan Felton case (coincidentally where Bisbee’s testimony apparently “helped secure Felton’s guilty plea”), stated that “Chainalysis has come to occupy an increasingly important position in the industry.”
After the FTX exchange imploded, its bankruptcy lawyers hired Chainalysis to disentangle the web of entities at the center of Sam Bankman-Fried’s empire and track the $400 million in crypto that a hacker stole from FTX’s accounts. Chainalysis has also been conducting some light diplomacy: In April, it hosted a conference in Manhattan to bring together government officials and the newly chastened crypto executives who are trying to win back their trust. Guests received socks stitched with the Chainalysis logo.
… In 2021, an official at TRM emailed the Treasury Department to question its decision to award an exclusive contract to Chainalysis, according to email logs obtained through a public records request.
The TRM representative asked for a “rationale as to why this procurement isn’t following a competitive bid process,” according to the emails. “There are multiple providers with analogous capabilities that meet” the requirements, the representative wrote. By early last year, TRM had secured its own contract with the Treasury Department, according to a company spokeswoman. And TRM was hired alongside Chainalysis to work on FTX’s bankruptcy.
According to the testimony of attorney and FTX’s new CEO John J. Ray III to the House Financial Services Committee in December 2022, Chainalysis was involved in the ‘Asset Protection & Recovery’ operations of the bankruptcy proceedings, which they have indeed offered as a service since at least November 2020. Neither the NYT article nor the testimony mentions the fact that Chainalysis was not only a creditor of FTX, but their compliance partner while they were still operating, monitoring “all deposits and withdrawals” as well as on-chain “flows into and out of” the exchange (TMIBP21). :ok_woman::computer: Control
+Shift
+V
Cat-Monkey meme.
In TMIBP20, TMIBP21, and TMIBP22, I covered the designation of Ethereum-based mixer Tornado Cash as a sanctioned entity, the subsequent arrest & pre-trial detention of developer Alexey Pertsev in the Netherlands, and related lawsuits challenging the criminalisation of mixing software. Pertsev’s trial is currently scheduled for March 26-27th 2024.
Having been released from pre-trial detention in April, Pertsev and his lawyer Keith Cheng were able to personally attend the ETHDam community conference and hackathon on May 21st at Pakhuis de Zwijger in Amsterdam. Introduced by Pertsev, Cheng gave the first mainstage talk of the event on “insight into the Tornado Cash case in the Netherlands.” Supporting the argument that Pertsev and the other contributors had ‘no criminal intent’, Cheng pointed to their incorporation of Chainalysis’ sanctions screening oracle tool within about a month after its free release in March 2022 (TMIBP19).
The fact that Tornado Cash includes a compliance tool demonstrates the developers’ commitment to responsible use.
Regarding Joseph Van Loon et al. v. Department of the Treasury, on May 18th, an additional amicus curiae brief was filed by the D.C.-based Bank Policy Institute (BPI), this time in support of the Treasury. The BPI argues that “the regulated financial system.. provides safe, efficient, and privacy-protected financial services to billions of customers around the world,” “ever-increasing inclusion for its current and prospective customers,” and “that our citizens’ right to privacy is extensive but must be subject to the limited oversight necessary to protect them.” Further, “any insinuation that banks and other regulated institutions as an industry engage in discrimination or otherwise ignore their legal obligations is untenable.” (:eyes: Say what?) On August 17th, Judge Robert Lee Pitman granted the Treasury’s motion for full summary judgement. “The Court finds that Tornado Cash is an entity that may be properly designated as a person under IEEPA,” that “the smart contracts constitute property, or an interest in property,” that “OFAC’s designation of Tornado Cash does not exceed its statutory powers,” and the “Plaintiffs have not shown that the government’s action in any way implicates the First Amendment.” Pitman “ordered that Plaintiffs’ claims against the government are dismissed with prejudice.” On September 18th, the plaintiffs filed to appeal the decision.
The parties’ filings frame three issues — (1) whether OFAC exceed[ed] its statutory authority by designating Tornado Cash’s core software tool; (2) whether the designation was arbitrary or capricious; and (3) whether the designation violated the First Amendment.
… In sum, because foreigners (e.g., Tornado Cash’s founders, developers, and DAO) have a financial “interest” in the increased use and popularity of the Tornado Cash service as a whole, OFAC did not exceed its statutory authority by designating all of the addresses affiliated with the service, including the core software tool, under the IEEPA.
Regarding Coin Center v. Yellen (TMIBP21), very similar amicus curiae briefs from the Blockchain Association, DeFi Education Fund, investment firm Paradigm Operations, and venture capital firm Andreessen Horowitz supporting the plaintiffs, and BPI supporting the Treasury, were filed in June. Out of court, in response to the August 23rd indicment against Roman Storm and Roman Semenov for “conspiracy to commit money laundering, conspiracy to commit sanctions violations, and conspiracy to operate an unlicensed money transmitting business” relating to their “alleged creation, operation, and promotion of Tornado Cash,” Peter van Valkenburgh wrote that “all of those facts point to the defendants fitting squarely within FinCEN’s guidance on anonymizing software providers rather than them being money transmitters.”
We’re still researching but to our knowledge the only control that the defendants ever had over the smart contracts was the ability to change aspects of cryptography related to Tornado Cash’s privacy features and never had any ability to actually access, move, or direct the user funds in the contract. If that technical analysis is accurate then it does not seem likely the defendants ever had the sort of “independent control” over the transmitted value that FinCEN describes in its guidance, and, accordingly it seems that this alleged activity would also not constitute unlicensed money transmission.
In September, journalists Inbar Preiss and Aleks Gilbert wrote that “despite similar charges, legal experts and industry representatives have noted stark differences in how law enforcement agencies in the two countries have pursued” Storm and Semenov versus Pertsev.
On October 30th, Judge Thomas Kent Wetherell II ruled that “the designation of Tornado Cash falls squarely within the authority delegated to OFAC,” that “the designation of Tornado Cash was not arbitrary or capricious,” and “did not implicate Plaintiffs’ First Amendment rights.” Identically, “all claims in Plaintiffs’ amended complaint are dismissed with prejudice.” Coin Center director of communications Neeraj K. Agrawal tweeted that they plan to appeal this decision as well. When asked by financial writer John Paul Koning, “Would it be fair to say that one of the biggest differences between your OFAC challenge and Coinbase’s challenge is that you narrowed your focus to the 21 non-upgradeable contracts whereas Coinbase focused on the entirety of OFAC’s designation?” Agrawal replied, “yes.”
In TMIBP02 and TMIBP05, I covered the development of an inter-VASP customer data sharing system for compliance with the Bank Secrecy Act (BSA) Travel Rule, and how FinCEN was seeking to lower the threshold [of reportable activity] (a proposal for which they received “roughly 2,900 comments”); in TMIBP02, TMIBP04 and TMIBP06, I’ve followed challenges to the use of the third-party doctrine regarding financial records; in TMIBP05, I also highlighted how the effectiveness of anti-money laundering policies came under scrutiny with the release of the ‘FinCEN Files’, and interest in identifying ‘crypto-exposed persons.’
― TMIBP07, “The PATRIOT Act: Share It All” (December 2020)
In TMIBP07, TMIBP08, and TMIBP09, I followed an attempt by the Financial Crimes Enforcement Network (FinCEN), a bureau of the U.S. Department of Treasury, “to require banks and money service businesses (‘MSBs’) to submit reports, keep records, and verify the identity of customers in relation to transactions involving convertible virtual currency (‘CVC’) or digital assets with legal tender status (‘legal tender digital assets’ or ‘LTDA’) held in unhosted wallets.” This notice of proposed rulemaking (NPRM) was ultimately suspended in January 2021, but FinCEN continues to justify increasing requirements under the USA PATRIOT Act of 2001.
On October 19th, FinCEN announced a new NPRM that would “require covered financial institutions to report information about a transaction when they know, suspect, or have reason to suspect it involves [Convertible Virtual Currency] CVC mixing within or involving jurisdictions outside the United States,” with the stated goal of “increas[ing] transparency around CVC mixing to combat its use by malicious actors including Hamas, Palestinian Islamic Jihad, and the Democratic People’s Republic of Korea (DPRK).” They argue that mixing is “a class of transactions of primary money laundering concern,” which under the PATRIOT Act gives the Secretary of the Treasury power to “prohibit, or impose conditions upon, the opening or maintaining in the United States of correspondent or payable-through accounts for or on behalf of a foreign banking institution.” They cite the Bitcoin Fog case (TMIBP20, TMIBP22), and OFAC’s designation of Ethereum-based mixer Tornado Cash as a sanctioned entity (TMIBP20, TMIBP21, TMIBP22) as a successful prior action. They claim that “this additional transparancy would serve two purposes,” namely “support[ing] money laundering investigations” against any “threat to U.S national security and the U.S. financial system,” and “deter illicit actors’ use of CVC mixing services… to facilitate WMD proliferation, ransomware attackers’ laundering of ransoms, and obfuscation of transactions associated with the use of illicit darknet markets.”
FinCEN recognizes that there are legitimate reasons why responsible actors might want to conduct financial transactions in a secure and private manner given the amount of information available on public blockchains. FinCEN also recognizes that, in addition to illicit purposes, CVC mixing may be used for legitimate purposes, such as privacy enhancement for those who live under repressive regimes or wish to conduct licit transactions anonymously.70 Still, CVC mixing presents an acute money laundering risk because it shields information from responsible third parties, such as financial institutions and law enforcement.
… Thus, the legitimate applications of CVC mixing must be carefully weighed against the exposure of the U.S. financial system to ongoing illicit use of CVC mixing. Given the substantial risks posed by CVC mixing, the fact that CVC mixing can be used for some legitimate business purposes does not alter FinCEN’s conclusion that this class of transactions is of primary money laundering concern.
The proposal does not itself mention specific mixing tools beyond the services that have already been sanctioned or shut down, and unlike prior reports (TMIBP01, TMIBP05, TMIBP22) from both themselves and the European Union Agency for Law Enforcement Cooperation (Europol), they do not include the distinction between mixing “service providers” and “software providers” in their definition of a “CVC mixer.”
The reportable information to be required from covered institutions, “within 30 calendar days of initial detection of a covered transaction,” includes: the amount of any CVC transferred, in both CVC and its U.S. dollar equivalent when the transaction was initiated; CVC type; the CVC mixer used, if known; CVC wallet address associated with the mixer; CVC wallet address associated with the customer; transaction hash; date of transaction; IP addresses and time stamps associated with the covered transaction; narrative (e.g. “a description of activity observed by the covered financial institution, including a summary of investigative steps taken, … [and] if there is an uncharacteristic change in pattern of behavior”); the customer’s full name, date of birth, residential or business address, email address, and unique identifying number (such as an IRS TIN or foreign equivalent, passport number or other government-issued photo identification number, such as a driver’s license).
Blindly trusting the results of blockchain analytics platform is the recipe for a disaster waiting to happen. And the result of this collective laissez-faire is that we have now a blockchain analytics company (Chainalysis) refusing to let a man access elements that would allow him to prepare his defense. The impunity that was collectively granted to these companies for years is pure insanity and it’s our collective duty to fix the situation.
― LaurentMT, developer of the OXT blockchain analysis tool
In relation to Hamas and the recent escalation in Gaza, it is also important to note that blockchain surveillance tools have been misused to support greatly exaggerated claims about bitcoin and other crypto-assets being used to support violence and terrorism. On October 10th, Wall Street Journal (WSJ) global finance reporters Angus Berwick and Ian Talley cited Elliptic as a source for their assertion that “digital-currency wallets that Israeli authorities linked to the PIJ received as much as $93 million in crypto between August 2021 and June this year.” Specifically, they conclude the article by naming “Matthew Price, a former IRS investigator who now leads Elliptic’s business working with law enforcement.” As I pointed out in the last TMIBP22, Price was previously ‘Global Head of Intelligence and Investigations’ at Binance and one of the two main IRS-CI special agents behind the allegations against Sterlingov in the Bitcoin Fog case, “after a stint at the CIA.” Elliptic and Chainalysis, blockchain surveillance companies which both have prior and/or currently active service contracts with the Treasury Department and FinCEN specifically, have issued corrections on the matter:
ELLIPTIC: Over the past two weeks, politicians and journalists have portrayed public crypto fundraising as a significant source of funds for Hamas and other terrorist groups, but the data simply does not support this. No public crypto fundraising campaign by a terrorist group has received significant levels of donations, relative to other funding sources.
… there is no evidence to suggest that crypto fundraising has raised anything close to this amount, and data provided by Elliptic and others has been misinterpreted. We have spoken to representatives of the lead signatory, Senator Warren, as well as the authors of the Wall Street Journal article, to clarify this.
CHAINALYSIS: … we have also seen overstated metrics and flawed analyses of these terrorist groups’ use of cryptocurrency, and feel compelled to address some misconceptions.
However, the language of these corrections obscures their own glaring culpability. The Elliptic source, though not cited directly in the WSJ piece, was likely none other than “Israel Orders Seizure of Crypto Wallets Worth $94 Million Linked to Palestinian Islamic Jihad,” originally published by “Senior Crypto Threat Analyst” Eray Arda Akartuna on July 6th 2023. Akartuna is a PhD researcher at the Dawes Centre for Future Crime at UCL, under the topic of “money laundering and terrorist financing future directions” and with input to “detection and mitigation of financial fraud in the cryptocurrency space.” In 2021, Akartuna was a research assistant on “cryptocurrency fraud,” with a policy brief document that mentions how “law enforcement agencies are able to use a variety of new forensic techniques and tools to analyse illicit flows of Bitcoin.” According to his LinkedIn, between June 2022 and January 2023, Akartuna was involved in a joint project between UCL and the Australian National University (ANU) “to scope the future of money laundering and terrorist financing through cryptoassets.”
As of at least October 11th, the day after the publication of the WSJ article, the included chart was titled “Number and Value of Crypto Transactions Received by Palestinian Islamic Jihad.” Yet the chart’s new and current title, as of October 25th at the latest, is “Number and Value of Crypto Transactions Received by Wallets Linked to Palestinian Islamic Jihad by the NBCTF” (the Israeli National Bureau for Counter Terror Financing, which has issued various seizure orders for cryptocurrency since July 2021). The WSJ article was then subsequently updated on October 27th with qualifications in various places, including “Elliptic says it isn’t clear if all of the transactions it identified directly involved PIJ” and “it couldn’t be determined whether the crypto they received was directly used to finance the assault.” However, this was more than ten days too late, as Senator Elizabeth Warren (TMIBP01, TMIBP05) had amplified the original copy, published a WSJ opinion piece with the inflated numbers to promote their own Digital Asset Anti-Money Laundering Act (TMIBP22), and used all this to support a bipartisan letter to Treasury Under-Secretary for Terrorism and Financial Intelligence Brian E. Nelson and White House national security advisor Jake Sullivan, demanding to be informed of the “Treasury’s plans to address the serious national security threats posed by the use of cryptocurrency to finance terrorism no later than October 31, 2023.”
On October 23rd, Nelson attended a meeting of the Executive Committee of the Terrorist Financing Targeting Center (TFTC) in Riyadh, Saudi Arabia, “to continue close coordination on countering terrorist financing” with Bahrain, Kuwait, Oman, Qatar, Saudi Arabia, and the United Arab Emirates. Among his remarks:
We also have to think systemically about how we can harden our financial system against those who are seeking to exploit new technologies. That’s why we proposed a new regulation to enhance transparency in convertible virtual currency and combat terrorist financing.
UPDATE: On February 14th 2024, during an oversight hearing of FinCEN and the Office of Terrorism and Financial Intelligence (TFI), Nelson was asked by Emmer about the “erroneous” WSJ article. Nelson confirmed that those figures were not accurate. “We also assess that terrorists still prefer, frankly, to use traditional products and services… We can have a classified conversation about the precise numbers… We don’t expect the number is very high particularly.”
On October 26th, the U.S. Senate Committee on Banking, Housing, and Urban Affairs hosted an open session on “Combating the Networks of Illicit Finance and Terrorism.” One of the expert witnesses was Dr. Shlomit Wagman, a former director-general of the Israel Money Laundering and Terror Financing Prohibition Authority (IMPA) and co-chair of the Financial Action Task Force (FATF) Risk, Typologies and Methods Working Group. Among other points, she spoke to the “gaps and challenges in the specific context of virtual assets.” Besides predictably recommending “blockchain analytic tools” and “Customer Due Diligence for every transaction above $/€1,000” for VASPs, she acknowledged that uptake of the FATF’s so-called ‘rules’ (TMIBP11, TMIBP14) has been poor:
As of June 2023,2 four years after the FATF’s adoption of standards on VAs and VASPs, 75% of the countries that went through their routine reviewing process have not implemented the framework in full. In addition, one-third of the countries have not conducted a risk assessment, and a similar number have not yet decided if and how to regulate the VASP sector. Moreover, more than half of the countries have not taken any steps towards Travel Rule implementation.
During what was likely one of the most re-watched portions of the session, Democratic senator John Fetterman asked Wagman “why didn’t Hamas use its American Express card to finance that awful terror?” Wagman responded that “actually they are using bank accounts, credit cards, and payment cards. I know that first-hand because many Israelis are now monitoring all [fundraising] campaigns and they see that… Traditional channels are also being used.”
FinCEN’s NPRM is open for public comment until January 22nd 2024.
Final note: The last three stories in this newsletter touched on some very serious topics: the fallibility of blockchain surveillance (not just the software, but the humans that create, analyse, interpret, and even manipulate its output), the lack of scientific rigor and transparency in online media, and how both then go on to influence national and even international legislation and policy, potentially impacting the lives of millions of people. Elements of these stories would have been costly or not even possible to evaluate retrospectively without archival services like the Internet Archive and CourtListener by the Free Law Project. :heart:
If the ethical or professional fears of the average journalist were a Halloween monster, it would be a not-so-translucent ghost of all their past mistakes, haunting every piece they write. How journalists and/or their corporate media handlers deal with these ghosts falls on a spectrum – from full-scale denial and cover-up to appeal-to-authority to post-facto stealth edits to explicit corrections to retractions to (just maybe) apologies – but rarely do any of these responses result in a re-thinking of their journalistic process itself. I fully agree with Nic Carter’s point that “stealth edits allow them to avoid accountability and pretend they got it right the first time.” This deceives not only the public but also themselves, and neutralizes what should have been an impetus for improvement, building enough awareness to avoid even more catastrophic blunders. That is why I have long been using and encouraging the principles of scientific journalism, particuarly with the extension of revision control, to prevent such behaviour. I too have a ghost, but through my process I’ve made peace with mine.
:information_source: Are you interested in regular, high-quality, and deeply technical updates on the state of Bitcoin beyond just privacy? Check out the Bitcoin Optech newsletter and podcast. And congratulations to David Harding on officially becoming a co-author for the third edition of “Mastering Bitcoin”!
Thanks for reading! Feel free to :bookmark: bookmark or subscribe to catch the next edition of ‘This Month in Bitcoin Privacy.’
]]>"White Satin Moth (Leucoma salicis)" by @naturebftb is licensed under CC BY-NC 2.0 .
This section is for stories that would have been included for the months of December, January, February, and March:
:sparkles: Happy 30th Anniversary :sparkles: to “A Cypherpunk’s Manifesto” by Eric Hughes! (TMIBP02)
Eric Hughes’ definition of “privacy” in his 1993 Cypherpunk’s Manifesto restores individual agency; it is “the power to selectively reveal oneself to the world”. Justice Murphy similarly explained the importance of privacy in a 1942 dissent [Goldman v. United States, 316 U.S. 129] rejecting the warrantless use of eavesdropping technology, opining “the spiritual freedom of the individual depends in no small measure upon the preservation of that right”, and that “[i]nsistence on its retention does not mean that a person has anything to conceal, but means rather that the choice should be his as to what he wishes to reveal”.
— “Autonomy Through Anonymity: Reconceptualizing Privacy-Enhancing Tools Under the U.S. Constitution” by Aaron Daniel (2023)
In TMIBP21, we saw the ‘NoLooking’ project code their way to the final shortlist of the six-week Legends of Lightning online global development tournament, with the goal of making both opening and funding Lightning channels cheaper, easier, and more privacy-preserving using PayJoin. On December 7th, the tournament winners were announced. ‘NoLooking’ received third place in the Global Adoption track.
Our mission was clear: onboard new makers into the ecosystem, innovate on bitcoin and lightning, and help new or existing projects incubate their ideas and turn dreams into a reality. With 260 makers and 73 projects entered across 2 prize tracks (61 🧡 + 12 🌍), we believe we got pretty close.
On December 15th 2022, developer Dan Gould added “Challenge 6: Private purchase” to the Bitcoin Design Guide’s (TMIBP07, TMIBP13, TMIBP21) list of ‘Design Challenges.’ Yashraj Deshmukh began drafting “PayJoin User Flow” in response. In February, Gould shared and praised his work for “identif[ying] the key areas it should improve and continues to push for their evolution.”
Separately, Samourai Wallet’s own PayJoin implementation called Stowaway (TMIBP02, TMIBP03, TMIBP04, TMIBP09) has been adopted as a new ‘swap’ option by the Lightning and Tor onion-based peer-to-peer bitcoin exchange RoboSats (TMIBP20, TMIBP21), with the release of v0.3.4-alpha on February 12th. The project had celebrated its one-year anniversary on December 31st 2022.
On January 22nd, Gould wrote to the mailing list that he had just published a proposal for “Serverless Payjoin,” that is, PayJoin “without hosting a secure endpoint” as in the dominant Pay-to-EndPoint (P2EP) model.
Instead of a peer-hosted endpoint, this scheme allows an HTTP client to act as a server as in long-polling4, relays reqests via proxy, and symmetric cryptography for security. Without a replacement for secured networking, the relay could steal funds. Aside from a pre-shared secret and relayed networking, the protocol takes the same form as the existing BIP 78 spec.
On March 24th 2023, Gould launched payjoin.org to “send and receive payjoin from the static website using [the] new Payjoin Software Development Kit” (SDK). On April 4th, the Guide was updated with Deshmukh’s case study on “The PayJoin Experience.” It includes that “maintaining an always-online endpoint seems to be the biggest hurdle for payjoin implementation.”
:information_source: Check out Bitcoin Optech Newsletter #236 for more and other recent technical developments beyond Bitcoin privacy.
The European Commission announced “an amendment to the Directive for Administration Cooperation (DAC)” that would require both EU-based and non-EU based crypto-asset service providers (CASPs) serving EU residents to provide more information on those customers to the relevant authorities. They note that these “new tax transparency rules” will “complement the Markets in Crypto-assets (MiCA) Regulation and anti-money laundering rules,” and is “consistent” with the intergovernmental Organisation for Economic Co-operation and Development (OECD)’s “initiative on the Crypto-Asset Reporting Framework (CARF) and the amendments to the OECD Common Reporting Standard (CRS)” released in October 2022 (which the ‘Leaders of the G20’ “consider to be integral additions to the global standards for automatic exchange of information”).
Today’s proposal will improve Member States’ ability to detect and counter tax fraud, tax evasion and tax avoidance, by requiring all crypto-asset service providers – irrespective of their size or location – to report transactions of clients residing in the EU. The Directive also aims to establish a common minimum level of penalties for situations of serious non-compliance, such as the complete absence of reporting despite administrative reminders. Moreover, the Commission suggested extending both reporting obligations of financial institutions to cover e-money and digital currencies and the scope of the automatic exchange of information to advance cross-border rulings used by high net-worth individuals.
I have previously covered proposed crypto-related revisions to E.U. anti-money laundering policy in TMIBP14, TMIBP19, TMIBP20, and TMIBP21. Through their initiative roadmap, you can read all feedback on Commission adoption, including from Blockchain for Europe (BC4EU). “It is foreseen that the new reporting requirements with regard to crypto-assets, e-money and digital currencies would enter into force on 1 January 2026.”
On March 22nd 2023, the same day that they advertised a job opening for “Supervision Officer Crypto-assets/MiCA,” the European Banking Authority (EBA) published “findings from its assessment of competent authorities’ approaches to the anti-money laundering and countering the financing of terrorism (AML/CFT) supervision of banks.” “Over the course of 2020 and 2021” they reviewed “how competent authorities in this period’s sample apply the risk-based approach set out in international standards, Directive (EU) 2015/849 andAML/CFT guidelines issued jointly by the European Supervisory Authorities and the EBA.” The report makes no specific mention of bitcoin or ‘crypto-assets,’ though in the executive summary of their earlier 2021 Annual Report, they claim to have “identified risks related to virtual currencies” through subsequent “monitoring,” and that these represented “the most significant risks.”
In this context, to further strengthen its monitoring and assessment capacity in view of the broadening and deepening of markets in crypto-assets, in mid-2021 the EBA established a Network on Crypto-assets comprising representatives from the NCAs represented on the EBA’s Board of Supervisors and observers from the Commission, ECB, EIOPA and ESMA. The Network enables a structured exchange of views on market developments, supervisory experiences and regulatory perimeter issues, including taking into account emerging activities such as crypto lending and staking, and new business models, notably decentralised finance. It also supports the aggregation of the results of monitoring activities at the EU level.
To this end, their new European Reporting System for Material CFT/AML Weaknesses (EuReCA) will likely be involved. “EuReCA will not start to collect personal data until the approval of the draft RTS by the European Commission.”
The EBA aims to use EuReCA to gather, structure and share information on financial institutions’ AML/CFT material weaknesses, as identified by competent authorities, and the measures that such authorities have taken to rectify these material weaknesses.
EuReCA was launched on 31 January 2022. The EBA has since then provided dedicated training to supervisors, followed by regular weekly meetings with users submitting directly to the platform. We have also provided users with a series of supporting materials such as FAQs and user guides.
Throughout 2022, EBA will continue to support EuReCA’s users in meeting their reporting obligations via FAQs and more in-depth training. The joint controllership arrangements for personal data are also set to be finalised and signed in 2022. As the information reported to EuReCA is expected to grow as time goes on, more time will have to be dedicated to analysing and sharing the information.
Regarding the “data protection aspects of EuReCA,” they state:
One important step also entailed drawing up, together with data protection experts and for the first time at the EBA, a draft data protection impact assessment (DPIA) that first identified and evaluated the risks of processing personal data and then established the necessary controls to mitigate these risks. This also required informal consultation with the European Data Protection Supervisor (EDPS) on both the draft RTS and the draft DPIA, as well as on drafting a memorandum of understanding on joint controllership of personal data by both the EBA and the various relevant authorities concerned.
On March 28th, members of Parliament in the committees on Economic and Monetary Affairs (ECON) and Civil Liberties, Justice and Home Affairs (LIBE) “adopted their position on three pieces of draft legislation on the financing provisions of EU Anti-Money Laundering and Countering the Financing of Terrorism (AML/CFT) policy.” This included the 6th Anti-Money Laundering Directive – succeeding AMLD5 (TMIBP01, 06, 07, 10, 14) – and establishment of the Anti-Money Laundering Authority (AMLA) (TMIBP14, TMIBP20).
To restrict transactions in cash and crypto assets, MEPs want to cap payments that can be accepted by persons providing goods or services. They set limits up to €7000 for cash payments and €1000 for crypto-asset transfers, where the customer cannot be identified. Given the manifest risk of misuse by criminals, MEPs want to ban any citizenship by investments schemes (“golden passports”) and impose strong AML controls on residence by investment schemes (“golden visas”).
On March 29th, the EBA opened a public consultation on “amendments to its Guidelines on risk-based anti-money laundering and countering the financing of terrorism (AML/CFT) supervision. The proposed changes extend the scope of these Guidelines to AML/CFT supervisors of crypto-asset service providers (CASPs). The consultation runs until 29 June 2023.” During this period, they will also hold “a virtual public hearing” about the consultation paper on June 7th. “The EBA invites interested stakeholders to register using this link by 5 June 2023 at 16:00 CEST.”
On April 20th, MEPs approved the Markets in Crypto-Assets (MiCA) regulation and the application of the Funds Transfer Regulation (FTR) / Transfer of Funds Regulation (TFR) to crypto-assets. As reported by Bloomberg, “European Financial Services Commissioner Mairead McGuinness said on Wednesday that she expects the legislation to come into force in July after it’s formally approved by the bloc’s 27 member states. Specific requirements will take effect progressively, with rules governing stablecoins, for example, set to apply from July 2024.” For a more detailed breakdown of this decision and the MiCA framework, see Patrick Hansen’s post and this three-part overview by law firm K&L Gates.
In TMIBP01, 02, 04, 05, 16, and 20, I have followed Coinbase’s contractual relationships with, and data disclosures to, government agencies. In TMIBP02, 04, 05, and 06, I covered the Electronic Frontier Foundation’s calls for more transparency from financial technology companies, in addition to challenging the use of the third-party doctrine with financial records. Coinbase chief legal officer Paul Grewal (TMIBP05, TMIBP21) has published their fourth “Transparency Report 2022,” which concerns “data about requests for their information that we receive from government agencies and law enforcement” during “the period from October 1, 2021 through September 30, 2022.” Their first, second, and third transparency reports since 2020 are linked respectively.
Compared to the last period, Grewal states that they have seen “a ~66% increase” in the total number of requests. American law enforcement and government agencies had sent over 4,700 requests. “As in years past, the overwhelming majority of requests we received both globally and in the U.S. were from law enforcement agencies in connection with criminal enforcement matters.” Within the “~57% of requests” that were “from outside of the United States,” the top three countries with more than 1,000 requests each were the U.K., Germany, and Spain.
On January 4th, the New York State Department of Financial Services (NYDFS) announced in settlement that Coinbase would “pay a $50 million penalty to New York State for significant failures in its compliance program that violated the New York Banking Law and the New York State Department of Financial Services’ (DFS) virtual currency, money transmitter, transaction monitoring, and cybersecurity regulations.”
Coinbase has been licensed by the Department to conduct a virtual currency business and money transmitting business in the State of New York since 2017. Following an examination and subsequent enforcement investigation, the Department found that Coinbase’s Bank Secrecy Act/Anti-Money Laundering program — including its Know Your Customer/Customer Due Diligence (“KYC/CDD”), Transaction Monitoring System (“TMS”), suspicious activity reporting, and sanctions compliance systems — were inadequate for a financial services provider of Coinbase’s size and complexity.
According to the consent order, “the Department conducted a safety and soundness examination” in 2020, and subsequently “required Coinbase to hire an independent consultant” to access their BSA/AML and OFAC compliance. Following the completion of the consultant’s report in February 2021, “the Department began an enforcement investigation” involving a mandated ‘Independent Monitor’ who provided a further report in August 2022. They concluded that “Coinbase’s KYC/CDD program, both as written and as implemented, was immature and inadequate.”
In direct response to the Department’s findings and the findings and recommendations of the Independent Consultant and Independent Monitor retained at the Department’s direction, Coinbase has invested very substantial time and resources in an effort to remediate its issues and strengthen its Compliance Program more generally. With regard to KYC/EDD issues, for example, Coinbase, among other things, has implemented for all new accounts a dynamic risk rating model for both retail and institutional customers, is undertaking a KYC Refresh of all customers onboarded before the risk rating system was implemented, and has instituted new periodic review procedures. Likewise, with respect to transaction monitoring and SAR reporting, Coinbase has, among other things, upgraded its investigations portal to streamline the process of reviewing transaction monitoring alerts and filing SARs.
One may notice that since the creation of the ‘BitLicense’ regulation in 2015, NYDFS has published three enforcement actions in the category of ‘Virtual Currency,’ all within the last year. According to the New York Times’ reporting on this Coinbase settlement, “To date, the state has issued roughly 30” licenses.
Meanwhile, Coinbase continues to support and profit from blockchain surveillance (TMIBP20). Based on public procurement records, the Landeskriminalamt Nordrhein-Westfalen (state bureau of investigation) in Düsseldorf recently extended their licenses for Coinbase Tracer, valued at €485,000, and Chainalysis’ ‘Reactor’, valued at €1,108,800. Similarly, in February, the Komenda Główna Policji (Polish national police headquarters) in Warsaw purchased a Chainalysis license valued at €139,786.
However, their provision of this service is not mentioned at all in their transparency report. Since blockchain surveillance tools affect the financial privacy of their customers (as well as non-Coinbase customers), and the goal of their report is supposedly to provide “a view into how government policies and actions intersect with customer privacy,” I would argue that including a list of the agencies and offices subscribed to Coinbase Tracer is more than appropriate. As you have seen in my newsletter, these records are often public record anyway!
On December 14th, Senators Elizabeth Warren (D-Mass.) and Roger “Doc” Marshall (R-Kan.) introduced their “Digital Asset Anti-Money Laundering Act of 2022” bill during a hearing of the Committee on Banking, Housing, and Urban Affairs. They claim that it will “crack [down] on crypto money laundering by closing loopholes in the existing anti-money laundering and countering of the financing of terrorism (AML/CFT) framework, bringing the digital assets into greater compliance with the rules that govern the rest of the financial system.” The bill demands, among other things, that:
The Financial Crimes Enforcement Network shall promulgate a rule classifying custodial and unhosted wallet providers, cryptocurrency miners, validators, or other nodes who may act to validate or secure third-party transactions, independent network participants, including [Miner/Maximal Extractable Value] MEV searchers, and other validators with control over network protocols as money service businesses.
… the Financial Crimes Enforcement Network shall promulgate a rule that requires United States persons engaged in a transaction with a value greater than $10,000 in digital assets through 1 or more accounts outside of the United States to file a report described in section 1010.350 of title 31, Code of Federal Regulations, using the form described in that section, in accordance with section 5314 of title 31, United States Code.
… the Secretary of the Treasury shall promulgate a rule that prohibits financial institutions from (1) handling, using, or transacting business with digital asset mixers, privacy coins, and other anonymity-enhancing technologies, as specified by the Secretary; and (2) handling, using, or transacting business with digital assets that have been anonymized by the technologies described in paragraph (1).
… the Financial Crimes Enforcement Network shall issue guidance requiring digital asset kiosk and automated teller machine [ATM] operators and administrators to (1) verify the identity of each customer using a valid form of government-issued identification or other documentary method, as determined by the Secretary of the Treasury; and (2) collect the name, date of birth, physical address, and phone number of each counterparty to the transaction.
The bill defines a ‘mixer’ as “a website, software, or other service designed to conceal or obfuscate the origin, destination, and counterparties of digital asset transactions.” This would clearly contradict FinCEN’s guidance published in May 2019, which distinguishes between “anonymizing service providers” versus “an individual or entity that merely provides anonymizing software” (TMIBP01, TMIBP05, TMIBP20). They explicitly determined that “an anonymizing software provider is not a money transmitter,” and therefore not subject to Bank Secrecy Act (BSA) obligations. Regarding so-termed ‘unhosted wallets,’ this currently appears to be a more extreme position than those taken by either U.K. (TMIBP20) or E.U. regulators (TMIBP19, TMIBP20). Coin Center immediately responded that this “is the most direct attack on the personal freedom and privacy of cryptocurrency users and developers we’ve yet seen.”
The intended result is to forbid Americans from having any technological guarantees of personal privacy or individual agency when making transactions online, irrespective of whether those transactions have anything to do with crime. To the extent cryptocurrencies could even continue to exist in a world where this bill becomes law, Americans’ ability to use them would be limited to a fully permissioned and surveilled environment.
… this bill would effectively outlaw the very form of self-custody of digital assets that prevents the kind of counterparty risk to consumers exemplified in the FTX collapse.
… It forces these speakers to hobble the privacy and security of their own software and data with backdoors, much in the way the FBI attempted to force Apple to hobble their own iOS security by compelling them to publish backdoored software.
… Unfortunately, the bill cannot be improved; it can only be opposed in its entirety. Coin Center will do everything in its power to protect the rights of Americans and defeat this unwarranted attack on individual privacy and autonomy.
Meanwhile, on December 23rd 2022, the Internal Revenue Service (IRS) announced that “calendar year 2022 will be regarded as a transition period for purposes of Internal Revenue Service (IRS) enforcement and administration with respect to the implementation of the amendments made to the de minimis exception for third party settlement organizations (TPSO).”
As a result of this delay, third-party settlement organizations will not be required to report tax year 2022 transactions on a Form 1099-K to the IRS or the payee for the lower, $600 threshold amount enacted as part of the American Rescue Plan of 2021.
… Under the law, beginning January 1, 2023, a TPSO is required to report third-party network transactions paid in 2022 with any participating payee that exceed a minimum threshold of $600 in aggregate payments, regardless of the number of transactions. TPSOs report these transactions by providing individual payee’s an IRS Form 1099-K, Payment Card and Third-Party Network Transactions.
Cato Institute Center for Monetary & Financial Alternatives (CMFA) policy analyst Nicholas Anthony (TMIBP20, TMIBP21) commented:
In fact, the real confusion has been centered around just how this style of surveillance can be considered constitutional. Many have been left asking, “Why don’t Americans have stronger financial privacy rights?”
Unfortunately, laws, regulations, Supreme Court decisions, and even inflation have consistently chipped away at financial privacy for over 50 years. As I explained in a recent paper, even a law titled the “Right to Financial Privacy Act” failed to really deliver the level of privacy Americans should have — notably, the level most Americans thought the Constitution provided.
Americans may have a year to relax, but Congress should take this time to fix the issue. Not only should the reporting requirement be repealed to lessen the burden on Americans, but also more fundamental reforms should be enacted to establish financial privacy protections that Americans should have had from the beginning.
On February 27th 2023, they hosted a panel discusson focused on “Bank Secrecy Act Reform: Restoring the Fourth Amendment.” The introductory speaker, Representative John Rose (R‑TN-06), had introduced the “Bank Privacy Reform Act” back in October 2022. “This bill keeps intact sections of the Bank Secrecy Act that require financial institutions to maintain customer records but repeals those that require them to report to government agencies without a showing of probable cause.” On April 28th 2023, together with Representative Donald Payne Jr. (D-NJ-10), he would also introduce a House Resolution “which expresses the sense of the House of Representatives that maintaining cash is important and a robust and viable payment option.” Regarding the “non-bank ATM industry,” which would naturally include those focused on Bitcoin and cryptocurrency, he said:
Last year, I met with the acting director of FinCEN, Himamauli Das, and I asked him for data on the number of successful prosecutions that have been brought against ATM operators over money laundering concerns, and the total number of cash withdrawals from the independently owned ATMs in a given year, that they could verify represented laundered funds. Now, remember: they labelled this entire industry as ‘high risk.’ He couldn’t provide me with any of that information, not even one instance. In fact, no one in the federal government seems to have access to this information. So this begs the question: What is the point of the current system? All of this to say, our anti-money laundering regulations are undoubtedly out-of-whack and have real-world consequences, including when it comes to our personal privacy.
:warning: If you are American and/or reside in the U.S., check out Fight For The Future’s (FFTF) campaign: “Privacy is a fundamental human right and essential to democracy. Everyone deserves protection from surveillance, as well as the freedom to build tech tools that preserve privacy by design.” For non-financial data privacy activism, also see here.
In TMIBP05, TMIBP07, TMIBP08, and TMIBP16 I have followed the Tor v3 transition and the importance of network privacy. Since June 2022, the Tor network has been under a distributed denial-of-service (DDoS) attack that remains unresolved (TMIBP20, TMIBP21).
On February 7th, Tor Project executive director Isabela Bagueros wrote that they are “working hard to mitigate the impacts and defend the network,” though it’s still “not possible to determine with certainty who is conducting these attacks or their intentions.” She thanked community members and the Onion Services Resource Coalition, a group of organisations “who are helping us right now in all sorts of ways.” (Disclosure: I am a board member of Open Sats). In TMIBP04, TMIBP06, and TMIBP21, I highlighted that the Tor Project has been considering “a token-based approach,” and on March 31st they shared that the two newly hired network team developers were “implementing a dynamic Proof of Work mechanism and resolving the Circuit Build Time-out issue.” On April 3rd, “to give users the privacy protections of Tor Browser without Tor,” the Mullvad Browser was launched; the VPN service has accepted bitcoin since July 2010! On April 5th, the Tor Project published the following status update:
The DDoS has significantly reduced in volume over the last month, although there are intermittent spikes that can still affect the performance of relays that get hit by them. Overall performance has improved, but can occasionally be slower when using affected relays. We are making significant progress on implementing our Proof of Work defense, which should eliminate the incentive for much of these attacks. Other, more general DDoS defense work will happen after that.
On April 10th, they announced that the Tor network was approaching 2,000 exit relays for the first time in its history. If you are interested in running a relay or learning more about what they do, there are virtual meetings for relay operators every couple months.
In TMIBP05, 08, 12, 14, 17, 19, 20, and 21, I have followed exploration, promotion, and criticism of central bank digital currencies (CBDCs). In the last newsletter, I highlighted a fellowship offered by the Human Rights Foundation (HRF) to build an online resource that tracks CBDCs around the world “and flags their risks for civil liberties.” I’m very pleased to share that a team composed of myself, Matthew Mežinskis, and Nick Anthony was awarded this fellowship. Matthew recently gave extensive interviews about his research on central banking and financial history for Tales from the Crypt (TFTC) and in episode #645 of What Bitcoin Did (WBD). We will be able to share more about our work on this project in the coming months, and there may be a special announcement at this year’s Oslo Freedom Forum! :purple_heart:
In the first quarter of 2023, two more wallets have integrated BIP-47 PayNyms (TMIBP03, 06, 09, 10, 20) that are compatible with Samourai Wallet. On February 24th, the mobile multi-coin Cypher Stack Wallet (Android and iOS) announced that after the completion of an internal audit, “PayNyms have now been released for ALL platforms,” and “we’re the ONLY app to have PayNyms on iOS!”
On March 5th, BlueWallet indicated that they would be adding a “Reusable and shareable code (BIP47)” option. On March 16th, this was merged into the wallet repository. The next day, co-founder Nuno Coelho tested their payment code sharing publicly.
:information_source: Don’t understand how PayNyms work? Check out this explainer by Otto.
In TMIBP19, TMIBP20, and TMIBP21 I have followed Ruben Somsen’s ‘Silent Payments’ proposal, “a new scheme for private non-interactive address generation without [extra] on-chain overhead.” On March 9th, this was released by Somsen and Bitcoin Core contributor Josie Baker as a draft Bitcoin Improvement Proposal (BIP). As of this writing, it has not been assigned a BIP number.
:information_source: Check out Bitcoin Optech Newsletter #220, #231, and their audio recap discussions for other recent Bitcoin technical developments beyond privacy.
In TMIBP01, 03, 04, 05, 06, 09, 11, 13, and 18, I have followed development of the Schnorr-based multi-signature scheme MuSig and its variations. In April 2022, Jonas Nick, Tim Ruffing, and Elliott Jin published a draft of the MuSig2 BIP, with a reference implementation written in Python. On March 27th 2023, after nearly a year of further improvement, the draft was merged as BIP-327.
The on-chain footprint of a MuSig2 Taproot output is essentially a single BIP340 public key, and a transaction spending the output only requires a single signature cooperatively produced by all signers. This is more compact and has lower verification cost than each signer providing an individual public key and signature, as would be required by an n-of-n policy implemented using
OP_CHECKSIGADD
as introduced in (BIP342). As a side effect, the number n of signers is not limited by any consensus rules when using MuSig2.Moreover, MuSig2 offers a higher level of privacy than
OP_CHECKSIGADD
: MuSig2 Taproot outputs are indistinguishable for a blockchain observer from regular, single-signer Taproot outputs even though they are actually controlled by multiple signers. By tweaking an aggregate public key, the shared Taproot output can have script spending paths that are hidden unless used.
:information_source: Check out Bitcoin Optech Newsletter #222, #231, #238, #246, and their audio recap discussions for other recent Bitcoin technical developments beyond privacy.
Route blinding allows a recipient to provide a blinded route to potential payers. Each
node_id
in the route is tweaked, and dummy hops may be included. This is an alternative to rendezvous to preserve recipient anonymity. It has a different set of trade-offs: onions are re-usable, but the privacy guarantees are a bit weaker and require more work (e.g. when handling errors).
Since at least April 2020, software developer Bastien Teinturier (TMIBP10, TMIBP18) and others have been working to implement route blinding in the Lightning Network. On March 28th, his pull-request was finally merged into the BOLTs. The next day, Teinturier shared that there was already a proposal for combining blinded and trampoline routing (TMIBP10), once the latter’s pull-request has been reviewed and merged as well.
René Pickhardt commented: “Often there is a trade-off between privacy and reliability but this work by @realtbast is one of the surprising cases where increased privacy may also lead to improvements in reliability! (assuming we move forward with [friend-of-a-friend] sharing of x bits of liquidity information),” referring to his pull-request on BOLT14.
:information_source: Check out Bitcoin Optech Newsletter #245 for more and other recent technical developments beyond Bitcoin privacy.
On March 15th, the Electrum wallet developers announced that the next release “will include UTXO privacy analysis tools.” The code had already been committed to the wallet repository on February 25th. The preview of the coin analysis interface displayed a given UTXO’s parent transactions, with the option to provide a descriptive label, and highlighted any address reuse in pink.
On April 18th, Electrum 4.4.0 was released. Under ‘privacy features,’ they include the new basic privacy analysis tool: “this dialog displays all the wallet transactions that are either parent of a UTXO, or can be related to it through address reuse.” They also introduced more coin control through a new “menu that lets users easily spend a selection of UTXOs into a new channel, or into a submarine swap.”
On January 16th, the BTCPay Server project (TMIBP01, 02, 03, 05, and 06) began adding code for ‘WabiSabi’ (TMIBP01, 03, 06, 09, 14, 16, 18, 19) to their plugin repository. On February 27th, maintainer Andrew Camilleri aka ‘Kukks’ announced “the beta release of the Coinjoin plugin for @BtcpayServer. After many months of hard but exciting work, this opt-in plugin makes BTCPay Server one of the most extensive privacy-oriented Bitcoin tools around.” Wasabi’s announcement and explainer video emphasize that while “a highly liquid coordinator provided by zkSNACKs” would be the “default” server for CoinJoins, “all BTCPay Server admins can spin up their own coinjoin coordinators using their own terms.”
Any BTCPay Server merchant can activate the optional coinjoin plugin instantly for their stores. BTCPay Server stores that activate the coinjoin plugin will be able to automatically coinjoin all the bitcoin they receive. This protects the privacy of all their incoming and outgoing transactions by preventing sensitive information about their store’s payment history from leaking to unconcerned parties.
In addition to auto-coinjoin, the BTCPay Server plugin also offers an unprecedented payment batching in coinjoin feature. Utilizing BTCPay Server’s scheduled payouts, users are able to pay addresses directly within a coinjoin transaction, which saves block space and provides greater privacy compared to making a payment in two steps.
… In addition to the default zkSNACKs coordinator server, merchants are able to discover alternative coinjoin coordination servers via the Nostr protocol and can easily run their own coinjoin coordination servers.
… If users choose to run their own coordinator, the BTCPay Server Plugin offers an optional revenue sharing feature that by default donates a percentage of proceeds to the HRF and OpenSats foundation to further Bitcoin development. In addition, the plugin allows users to participate in different coinjoin rounds across multiple coordinators at the same time.
(Disclosure: I am a board member of Open Sats).
On March 6th, Wasabi also published an interview and hosted a Twitter Space with Camilleri and zkSNACKs CEO Max Hillebrand to discuss the new plugin.
On March 13th, the one-year anniversary of Wasabi announcing that “the zkSNACKs coordinator will start refusing certain UTXOs from registering to coinjoins” (TMIBP19), contributor Karo Zagorus marked the occasion by sharing more about their decision, as well as the consequences [note: minor edits for readability]:
.. November 2021, a letter comes from the [Gibraltar Financial Services Commission] that asks zkSNACKs Ltd. to register as a [Money Services Business] in the State of Gibraltar. A response was made to the regulator disagreeing with their view that zkSNACKs Ltd. should even register in the first place. The company’s lawyer in Gibraltar (who is a total pro) was asked for further help and replied to the GFSC that they are not required to register. The messages were sent for deliberation to the GFSC.
.. December 25th Christmas Day, a letter arrives from the GFSC demanding zkSNACKs Ltd. to immediately register as a [Money Services Business] and to immediately begin performing KYC/AML processes on its customers who are participating in its mixing services, or face having the company shut down by the regulator in the state of Gibraltar. This shocked people in the office and people turned on the panic mode for the next few months to come.
The company started challenging the decision of GFSC and had multiple options to counteract the request of the GFSC. Since the regulator has now declared the company ‘persona non grata’ in Gibraltar, they felt that they have to leave the State of Gibraltar with the company. Other options on the table were that the company would have sued GFSC to not have to register as a [Money Services Business] and have them stay in Gibraltar, but upon winning the lawsuit the government would have retaliated against the company eventually. Multiple regulators in the government were asked for feedback and zkSNACKs Ltd. was suggested to leave effective immediately since the company wasn’t employing anyone in Gibraltar physically and wasn’t even paying any taxes at all, ever. Little to no importance was the operation.
The issue became that zkSNACKs Ltd. now had a little grace period for changing legal domain where it was operating, therefore looking for a new state was commenced. Every state that “the lawyers” asked about refused cooperation or even to allow a move of the company. It was important for the company to be able to move because Greg and [Bálint Harmat] didn’t want to shut down the company or have it shut down by the regulators in Gibraltar, because later someone could have argued that the company was just a forefront to Criminal Money Laundering. And this would have been a disaster for the company’s legal operation that went unchallenged ever since it was created. Therefore it became a low-key issue for the company to start figuring out how to start fixing its grey legal area of where it is operating, to remain in state.
They made every possible attempt to remain in Gibraltar due to the easier regulatory approach there and options they had, but it have become impossible as the negative news kept coming. Their goal was to now appease the regulators to attempt to stay.
… The company later managed to move to a different jurisdiction and were able to continue operations uninterrupted. But it has become more restrictive in what they are allowed to do and how to conduct continued business in the long-term.
On March 12th, a company meeting was held by @nopara73 to ask questions from @HillebrandMax, @BTCparadigm, and myself to assess the potential damages of a @FinancialTimes article that could impede upon the company’s operational safety. The article was damaging to the image of the company, yet they had to approach it carefully … A decision was made that day that would lead to why the blacklist was needed, how it would affect the future operation of the company, how it would protect it against unwanted government interference and potential shutdown by it. By the 13th, things got very serious as the situation was portrayed as critical due to the journalist intervention at @FinancialTimes, therefore it was put to a vote whether or not we should implement blacklisting, and it passed.
.. The immense damage was imminent; after just one day of being employed @yeg0rpetrov then resigned. The community response was daunting and damaged the company’s image for up to 6 months. Wasabi’s account barely got any new followers until September 2022.
.. The scope of information at that time was only related to risk status of addresses that were assessed in order to prevent legal damage happening to the company in case of potential funds arriving from someone with a criminal background going through the Wasabi Coordinator. But for Bitcoiners the damage was already done as the most sacred taboo of bitcoining have been broken, that you shall never ever blacklist a transaction. All of Wasabi’s sponsors except one @TheVladCostea have fled. @BTCsessions bailed the next day, and @MemeFactoryTM also resigned from their sponsorship. The avenues for advertising were greatly impacted.
It was not until September when @Trezor’s cooperation with @wasabiwallet was announced that the company’s image started getting a “restoration”.
.. But over all the blacklist remains. And governments and journalists continue to attack open-source bitcoin privacy projects. As of now, the great bump was again achieved for Wasabi by having new sponsorships and finally, @PeterMcCormack @WhatBitcoinDid on as a sponsored podcast.
Where the future will head, we do not know, but for sure we are out of options. Nobody else is working on new centralized coordinators and every attempt to put Wasabi out of business has failed so far. Nobody has became efficient enough to compete so far. There are still many nuanced details that I have not put out yet, which I consider would shed a different light on what really happened back on that day at Wasabi, but I guess it will have to wait a little while more.
… Privacy as we can see is constantly now under attack from all fronts, even within our space. But developers are not a-plenty and it is not likely that we are going to see more projects coming around to start developing privacy solutions for us. It might be little too late already.
In TMIBP11, 13, 18, and 21, I have followed hardware wallet company Trezor’s addition of privacy-focused features into their Suite. On February 8th, they hosted a testing session of their upcoming CoinJoin feature. On April 19th, Trezor and Wasabi launched the feature. “Trezor is the first hardware wallet with coinjoin, completing its suite of free privacy tools.” In their announcement blog, they include a section on ‘Avoiding risk with coinjoin’ that warns:
The coinjoin process uses a coordinator, run by zkSNACKs, which is in charge of selecting which pieces of bitcoin (UTXOs) to include in a transaction and ensuring there is enough liquidity for the coinjoin to provide the required level of privacy.
In rare cases a particular set of UTXOs may not be included if it was present in a previous round and caused the coinjoin to fail because the user disconnected their device. In this case, the UTXOs would be unable to participate in a coinjoin for 6 hours.
Some users may also have UTXOs which are known to be high-risk due to where they originated from. The coordinator may decide not to include UTXOs which are likely to result in other users’ UTXOs inheriting that risk. Owning a high-risk UTXO will not prevent other UTXOs in your wallet from being coinjoined.
Companies like Chainalysis in the budding blockchain analysis industry will make their real money, [Sarah Meiklejohn] speculates, not from contracts with the IRS or the Justice Department but from banks and exchanges who are using their services to “de-risk” their transactions, ranking a certain sum of money’s cleanliness and regulatory liability based on algorithms the public will never see. “Then it gets much sketchier, right?” she says. “That looks much more like surveillance. Your bank is basically spying on you and judging you based on where your money came from. That stuff is not as nice, and it’s not going to make headlines.”
… Like Gladstein, she points to the same potential for dictatorships to abuse Chainalysis-like services, tracing the finances of protesters, for instance.
— “Tracers in the Dark: The Global Hunt for the Crime Lords of Cryptocurrency” by Andy Greenberg (2022)
In TMIBP20, I highlighted the case of Roman Sterlingov, accused of creating and operating Bitcoin Fog, a centralised proto-mixing service. He was arrested two years ago (as of this month) on April 27th 2021 at Los Angeles International Airport, and has already spent over 700 days in pre-trial detention. According to his defense lawyers, Tor Ekeland and Michael Hassard, his trial is scheduled to begin on “September 14, 2023 in the Federal District Court for the District of Columbia. We expect it to last a month.” In the meantime, there will be a hearing in June with “a Daubert challenge.” The potential sentence is 50 years to life in prison.
In October, I gave a presentation on “the overlap between blockchain analysis companies, private spyware firms, and government intelligence agencies” for the annual Hackers Congress at Paralelní Polis (TMIBP21). On November 15th, “Tracers in the Dark: The Global Hunt for the Crime Lords of Cryptocurrency” by Wired senior technology writer Andy Greenberg was published. As I anticipated, there were a couple chapters of backstory, more than forty chapters on glorified automated apophenia-fueled ‘blockchain whisperers’ assisting – or even initiating – cyber-hunts with the IRS and various other three-letter agencies, and at best a couple chapters (mainly ‘Chapter 49: Gray Zones’) with criticism regarding the risks of Chainalysis’ methods. Greenberg’s conversation with CEO Michael Gronager and head of communications Maddie Kennedy – who insist that their board would “take all sorts of things into account, like human rights records,” to determine if an interested government or agency “would be an appropriate customer” – is reminiscent of assurances made by the now-defunct Hacking Team.
So, which countries’ law enforcement agencies? Any country that can pay?
“No. No, we can’t do that,” Gronager said. “We are a U.S.-based company. And that means that certain countries we can’t work with and we don’t want to work with.” He cited China, North Korea, and Russia.
But what about the Middle East? “The Middle East is a big mix, right?” Gronager responded. “Like, Israel, it’s fine. Let’s take Abu Dhabi, it’s another.”
At Gronager’s mention of Israel, I could have asked about whether the country is using blockchain analysis to surveil the finances of people in the occupied territories of the West Bank and Gaza. Instead, at the mention of Abu Dhabi, the capital of the United Arab Emirates, my thoughts jumped to the case of Ahmed Mansoor, the Emirati human rights activist and father of four whose phone was targeted by the U.A.E. government using tools from the Israeli hacking contractor NSO. Following that surveillance, Mansoor was arrested and sentenced to ten years in prison, then held in isolation ever since. Despite its close ties to the U.S. and the global economy, the U.A.E. has an abysmal human rights record, of which Mansoor is just one tragic example.
So, I asked, is the U.A.E. a customer? “We can’t say that,” Kennedy cut in, with the recognizable tone of a PR person who has identified a red flag.
“No, we can’t say that,” Gronager agreed, sounding almost disappointed, as though he wished he could share more. “The Middle East — there’s a lot of things that are important there and good activity. And some of it is gray zones. That’s just how it is.”
Those gray zones, Gronager tried to explain, don’t just break down cleanly across national borders, but also cover different uses within a single government. “We want to understand how our products are being used, right? What is the use case here?” Gronager said. “We have a pretty high bar. There has never been a problem.”
‘Chapter 47: Open Season’ rather briefly summarises the Bitcoin Fog case, with obvious deference to the U.S. prosecution’s narrative. Greenberg casually includes that Matthew ‘Matt’ Price, one of the two main IRS-CI special agents behind the allegations against Sterlingov, had “joined the D.C. unit after a stint at the CIA.” (The CIA’s not-for-profit venture capital firm, In-Q-Tel Inc., gave Chainalysis $1.675 million in 2021.) As always, the revolving door spins ‘round and ‘round! (TMIBP02, TMIBP08) In September 2021, Price and Tigran Gambaryan, the star agent, joined Binance as ‘Global Head of Intelligence and Investigations’ and ‘Head of Financial Crime Compliance’ respectively. Less than a week later, Chainalysis announced that they had acquired Excygent – the analysis company listed first as providing “essential support” in Sterlingov’s arrest – for an undisclosed sum. Since early April, Price and Gambaryan have both been featured in “a six-part video series that highlights our compliance experts and their views on how the company invests in this space.”
‘Chapter 32: Advanced Analysis’ (an altered version was published by Wired) focuses on “the hideously vague term ‘advanced analysis’” by which Chainalysis and their partners referred to their method of linking cryptocurrency activity to IP addresses, since around the spring of 2017. “Neither Levin nor Gambaryan has revealed a word of how their method works. (In fact, in our conversations, they never treated any piece of cryptocurrency-tracing tradecraft with more secrecy.)” However, further along in ‘Chapter 50: Rumker’, Greenberg identified this tool in the leaked Chainalysis presentation to Italian police (TMIBP16):
Within the DarkLeaks collection, one slide deck immediately caught my eye. It was a presentation from Chainalysis. It described, in Italian, a remarkable set of surveillance capabilities and tricks that Chainalysis offered to law enforcement but that had never before been publicly revealed.
… But amid all these revelations, it was another slide that finally offered the most elusive answer I’d been looking for: a possible solution to the mystery of the “advanced analysis” trick that Chainalysis had used to locate the AlphaBay server in Lithuania.
The Italian presentation confirmed that Chainalysis can, in fact, identify the IP addresses of some wallets on the blockchain. It did so by running its own Bitcoin nodes, which quietly monitored transaction messages — the very practice that had led to the blowup on Bitcointalk in the company’s earliest days.
First, the slide explained, some wallets that use tools called Simple Payment Verification or Electrum — designed to avoid storing the entire blockchain — leak certain information with every transaction. Nodes that receive a transaction message from those wallets can see not only the user’s IP address but all of their blockchain addresses and even their wallet’s software version, a tidy bundle of identifying information. Chainalysis had code-named the tool they use to collect that wallet data Orlando.
The next slide was even more revealing. It described a tool called Rumker, explaining that Chainalysis could use its surreptitious Bitcoin nodes for identifying IP addresses not only of individual users’ wallets but also those of unknown services — including dark web markets. “Although many illegal services run on the Tor network, suspects are often negligent and run their bitcoin node on clearnet,” the slide read, using a term for the traditional internet not protected by Tor.
On November 16th 2022, Bitcoin developer ‘0xB10C’ published their observations of “very short-lived P2P connections with fake user agents being made to my Bitcoin Core node in a high succession.” They noted that they couldn’t determine whether this ‘entity,’ which they had nicknamed ‘LinkingLion,’ was “actually malicious” or perhaps “from some misconfigured academic measurements,” and clarified “I’ve seen these connections by this entity as early as June this year. However, it might have been active before.” On March 28th 2023, they published a follow-up speculating that it might be a “blockchain analysis company.”
The entity opens connections to many Bitcoin nodes using four IP address ranges and listens to transaction announcements. This might allow the entity to link newly broadcast transactions to node IP addresses. The entity has been active in some capacity since 2018 and is also active on the Monero network using the same IP address ranges. The entity might be a blockchain analysis company collecting data to improve its products.
… Most Bitcoin P2P anomalies originate from individuals playing around with the open network, companies with profit motives, for example, selling data to other companies and law enforcement, or by (academic) researchers. In this case, it seems unlikely that an individual would sustain this over multiple years. The IP address ranges and servers cost money. An academic experiment is usually shorter, too, as papers eventually need to be published. Academic researchers might not use fake user agents. It makes sense for a company to pay for IP address ranges and servers if they can sell the collected data or enhance an existing product. This could be a company doing blockchain analysis.
Additionally, you may recall that in 2021, it was discovered that Chainalysis was surreptitiously using walletexplorer.com to associate IP data and addresses, which was then fed to law enforcement (TMIBP06).
On March 3rd, in “Exploring Unconfirmed Transactions for Effective Bitcoin Address Clustering,” researchers from Fudan University, Hong Kong Polytechnic University, and the University of Luxembourg state that they began “collecting data on May 1, 2022 and collect[ed] a total of 51,216,932 transactions by December 31, 2022.” While it may indeed be the case that this is the first paper to “apply the unconfirmed transactions in Bitcoin to cluster addresses,” given the behaviour of ‘LinkingLion’ and what Greenberg has written about Chainalysis, I would be very surprised if this hasn’t been practiced for a while elsewhere.
Sterlingov’s defense team has recently been travelling and speaking on podcasts to draw public attention on the Bitcoin Fog case, in the United States as well as Europe. During an appearance on Odell’s hundredth episode of Citadel Dispatch, they asserted that this “multi-million dollar investigation” based on ‘junk science’ has been “one of the cases that [Chainalysis] used to build their relationship with [the U.S. Department of Justice], which has translated into a $330 million revenue stream.” Ekeland pointed out that Aaron Bice appears to have founded Excygent as a private company while he was still part of the IRS-CI-CCU until at least 2019, when his investigation team received the “Secretary’s Unit Award.” Youli Lee, the current senior legal director at Chainalysis since January 2022, had been part of the case team as an assistant U.S. attorney specialising in ‘cyber crime’ in the Washington D.C. area until December 2019. She was briefly associate general counsel at Coinbase from April 2021 until she joined Chainalysis. (Both are named in Greenberg’s book, but I saw no mention of their other roles; in particular, Bice is only described as “Excygent’s Aaron Bice,” an expert data analyst.)
You’ve got careerism and a profit motive creating confirmation bias… There’s no objective standards when it comes to blockchain forensics, and that’s very dangerous because it creates exactly what’s happening here. Roman could be any one of you.
On April 25th, I gave an introduction on blockchain surveillance before Ekeland and Hassard discussed their case at a Bitcoin meetup in Berlin. Preempting any questions about why people in Europe should care about an American criminal trial, I emphasised that U.S. financial surveillance legislation and practices increasingly have international reach. Regarding the broader issue of proprietary digital forensic software and ‘bad science’ in the criminal justice system, I cited Rebecca Wexler’s article “Convicted by Code” and they referenced the recently published book “Junk Science and the American Criminal Justice System” by M. Chris Fabricant, attorney and director of strategic litigation for the criminal justice reform group Innocence Project.
You can read more about the case at: https://www.torekeland.com/roman-sterlingov/
In TMIBP20 and TMIBP21, I covered the designation of Ethereum-based mixer Tornado Cash as a sanctioned entity, the subsequent arrest & pre-trial detention of developer Alexey Pertsev in the Netherlands, and related lawsuits challenging the criminalisation of mixing software. (Note: On November 8th 2022, “OFAC simultaneously delisted and redesignated Tornado Cash under E.O. 13722 and E.O. 13694,” whereas previously it was only designated under E.O. 13694.) Bitcoin developer Sjors Provoost and CryptoCanal chief ‘evangelist’ Eléonore Blanc, who have been attending his court hearings, reported that Pertsev “will be released from pre-trial arrest” on April 26th. While awaiting trial, he is required to wear an ankle bracelet and his home will be equipped with “electronic monitoring devices.”
Although it no longer matters I’m still annoyed by one [of] the grounds the prosecutor use[d] to argue for his pre-trial detainment: risk of repeat offense. The judge did not object to this, the defense did.
First of all we don’t even know if his work was illegal in the first place.
The prosecutor claims he can only make money by building another mixer. That otherwise he’d be homeless. Therefore he’ll be tempted to repeat his alledged crime. This is patently absurd. There’s plenty of other work for experienced smart contract developers, and devs in general. This argument is normally used against drug dealers who have to fall back to working at a supermarket. The fact that a judge goes along with such an absurd claim is worrying, because it demonstrates a complete lack of knowledge about the sector.
Pertsev is scheduled to appear at the ETHDam conference and hackathon in Amsterdam starting on May 20th: “Privacy is normal. Following the arrest of Alex Pertsev, a Tornado Cash developer in the Netherlands, ETHDam 2023 is determined to counter the chilling effect and bridge worlds to discuss the future of privacy and encourage them to build on the shoulders of cypherpunk giants.”
Regarding Joseph Van Loon et al. v. Department of the Treasury, there was a dispute over whether to handle the case in the Waco Division or the Austin Division of the Western District of Texas. The Treasury, among other reasons, motioned for transfer to Austin because “Austin has existing facilities for the review and storage of classified information, while Waco does not.” (They later filed a proposed protective order stipulating the handling of ‘Highly Sensitive Confidential Information’ (HSCI) by parties.)
… Waco lacks a Secure Compartmentalized Information Facility (SCIF) where the Court may view and store classified portions of the administrative record. Reviewing classified material will likely be necessary to resolve Plaintiffs’ statutory and constitutional claims because the administrative record, which memorializes the basis for OFAC’s determination that Tornado Cash is a sanctioned entity, contains classified information.
On November 22nd 2022, the plaintiffs filed an amended complaint to include the redesignation of Tornado Cash, which “also added 53 smart contracts” to the Specially Designated Nationals and Blocked Persons (SDN) list. On December 9th, the Treasury responded to their amended complaint, “respectfully request[ing] that the Court enter judgment dismissing this action with prejudice and awarding Defendants costs.” On January 13th 2023, the Treasury filed a certification from Ripley Quinby IV, the Deputy Associate Director of the Office of Global Targeting in OFAC, that the “list of the contents of the administrative record constitute a true, correct, and complete copy of the unclassified, non-privileged, or otherwise protected documents that were directly or indirectly considered in connection with OFAC’s decision to designate.” Several portions of the certified index are redacted, particularly the final page listing classified exhibits. On February 16th, Judge Jeffrey C. Manske granted the motion to transfer to Austin. On March 20th, Judge Alan D. Albright adopted and ordered the transfer to Austin, and subsequently reassigned it to Judge Robert Lee Pitman. On March 24th, the parties jointly proposed a new case schedule.
On March 28th, Coin Center published a blog about the “Restricting the Emergence of Security Threats that Risk Information and Communications Technology” / RESTRICT Act, introduced to the U.S. Senate on March 7th. They promised to “consider a court challenge if it is ever used to sanction open source crypto technology.”
The RESTRICT Act is conceptually similar to the International Emergency Economic Powers Act (IEEPA), the law that empowers OFAC to block Americans from transacting with sanctioned foreign persons. Indeed, the RESTRICT Act would essentially create a parallel sanctions regime administered by the Secretary of Commerce alongside OFAC’s regime (administered by the Treasury Secretary).
… we are very concerned that an overbroad interpretation of those powers could be exploited in order to ban Americans from using entire classes of technologies, even when no foreign adversary has an actual proprietary interest in the technology as a whole. This concern is exemplified by OFAC adding the Tornado Cash immutable smart contracts to the SDN list.
On April 5th, the Van Loon et al. plaintiffs filed a motion for partial summary judgement, with supporting amicus curiae from the Blockchain Association and DeFi Education Fund, investment firm Paradigm Operations LP, and venture capital firm Andreessen Horowitz (“a16z”). On April 11th, Electronic Frontier Foundation (EFF) senior fellow Ross Schulman and executive director Cindy Cohn wrote that “both cases [Van Loon et al. and Coin Center’s] raise important legal issues. EFF will be watching these cases closely and participating in them where we see a need.” The Treasury opposed an amicus brief filing by the EFF as an “untimely” submission; Judge Pitman disagreed, and the EFF’s brief was then filed on April 27th. They argued that “open source developers must feel confident that they are not risking criminal liability by merely participating in coding for a project.”
EFF has also heard from, and about, developers of other open source projects that concern mixers and other privacy-protecting services who became alarmed at the prospect of severe criminal liability for working on those projects.
… It especially impacted projects developing privacy protective tools both inside and outside of the area of cryptocurrency and decentralized finance.
… Developers of other projects, especially those that increase financial privacy, reasonably worried that their work could be subject to criminal liability under the SDN scheme in a moment’s notice as well.
… As detailed above, courts have uniformly held that the publication of code is speech for purposes of the First Amendment. But no court has yet determined the level of First Amendment scrutiny required when reviewing the inclusion of published open source code on the OFAC SDN sanctions list.
… In short, OFAC’s inclusion of Tornado Cash on the SDN list – which is based upon its function as a privacy-assisting tool – means that the inclusion is content-based and must survive strict scrutiny.
On May 3rd, the Treasury filed a “cross-motion for summary judgement and opposition to plaintiff’s motion for partial summary judgement,” arguing that Tornado Cash is an entity that can certainly be designated and “no incidental limitation on protected speech stems from the designation.”
There is no First Amendment speech right to use a single preferred service to send money… OFAC’s designation does not implicate Plaintiffs’ right to donate money to causes of their choosing or otherwise engage in protected speech, because Plaintiffs remain free to donate money and to interact with the open-source code as they please — and to do so without public disclosure. They merely cannot send funds through Tornado Cash (unless they obtain a license to do so).
… Those who wish to use Tornado Cash may continue to use any other available service to send and receive money lawfully, including the many traditional channels (like bank transfers) that allow them to do so privately.
… Accordingly, even if Plaintiffs had identified any First Amendment–protected interest affected by the designation of Tornado Cash, that designation is appropriately narrowly tailored to the Government’s substantial interest in preventing malicious cyber activities to safeguard national security.
On February 3rd, Professor Dr. Fabian Schär and PhD candidate Matthias Nadler from the University of Basel had shared the pre-print of their paper for the St. Louis Fed, “Tornado Cash and Blockchain Privacy: A Primer for Economists and Policymakers.” They state that their goals are to “provide an interdisciplinary introduction to non-custodial crypto asset mixers, to create a foundation for economists and policymakers, and to enable further research at the intersection of privacy and illicit activity,” and define Tornado Cash as “a smart contract-based crypto asset mixer that uses zkSNARKs to create a decentralized privacy-enhancing protocol.” The fifth section of the paper outlines its “regulatory challenges” and “how Tornado Cash might be usable” through “a regulatory regime built around voluntary disclosure.”
Regulated financial intermediaries will only accept the funds if the customer is willing and able to provide proof of the funds’ origins. Similarly, merchants who sell a good or service above a legal threshold value are legally obliged to file these transactions and have strong incentives to ask for a proof of origin. Otherwise, they might be in violation of the law and face challenges when trying to use the funds for which they cannot provide information about the origin.
:information_source: Check out Foundation Devices’ blog series around Bitcoin privacy topics, including: “Interacting with Bitcoin Privately” (May 2022), “Why We Mix” (November 2022), “What We Protect” (January 2023), “Making Sense of Stealth Addresses” (February 2023), and “Privacy on Nostr” (March 2023). Their online store supports purchases using PayJoin.
:information_source: Are you an open-source contributor to Bitcoin or related infrastructure? Consider applying for a grant at Open Sats, a 501(c)(3) non-profit organization. We want to create a sustainable, independent, and consistent ecosystem of funding for free and open-source software and projects. All gifts and donations are tax-deductible to the full extent of the law.
Thanks for reading! Feel free to :bookmark: bookmark or subscribe to catch the next edition of ‘This Month in Bitcoin Privacy.’
]]>"Southern Buff-tip (Phalera bucephaloides)" by Bennyboymothman is licensed CC BY 2.0
This section is for stories that would have been included for September and October:
In TMIBP20, I mentioned a new Lightning and Tor onion-based exchange called RoboSats. All you need is a Lightning wallet that is compatible with their escrow process, and you are ready to trade for/to any preferred fiat payment method, from gift cards to bank transfers, and even swaps of on-chain bitcoin. And in TMIBP01, 03, 10, 16, 19, and 20, I have covered grants from the Human Rights Foundation (HRF) toward “making the Bitcoin network more private, decentralized, and resilient.” On September 6th, chief strategy officer Alex Gladstein announced another round of grants, and RoboSats “receive[d] $25,000 to continue development, offer multilingual support and build out guides for the product.”
In March, the Biden administration issued Executive Order (E.O.) 14067, “Ensuring Responsible Development of Digital Assets.” U.S. Secretary of State Antony J. Blinken published a statement that “our embassies and missions around the world are ready to partner with the private sector and international bodies to support the development and use of digital asset technology in ways aligned with U.S. values,” which supposedly includes “protecting against arbitrary or unlawful surveillance; defending privacy and the exercise of human rights; and supporting financial inclusion.” The usual lip service (TMIBP19).
We must support technological advances that promote responsible development and use of digital assets. The technological architecture of different digital assets has substantial implications for privacy, national security, the operational security and resilience of financial systems, climate change, the ability to exercise human rights, and other national goals.
The order required that various secretaries and “heads of other relevant agencies” would “submit to the President a report on the future of money and payment systems” after a certain number of days. To date, the nine reports submitted are:
The Treasury had opened requests for public comment on two topics it was tasked with researching: “potential opportunities and risks presented by developments and adoption of digital assets,” and “the illicit finance and national security risks posed by digital assets.” The comment periods closed on August 8th and November 3rd respectively.
On September 16th, following a background press call, the White House published a “fact sheet” summarising these “frameworks and policy recommendations that advance the six key priorities identified in the EO.” Note: To the staff who wrote this sheet – would it have killed you to actually cite these “nine reports submitted to the President” somewhere? :confounded: I had to go search for them all separately across different agency websites, with the bureaucratese of the original order as my only guide!
Garland’s report was written in collaboration with “the Department of Justice’s National Cryptocurrency Enforcement Team (NCET),” which was formed almost one year ago (TMIBP18). The report also “serves as an update to the Cryptocurrency Enforcement Framework” issued under former Attorney General William “Bill” Barr (TMIBP05).
It proposes actions designed to enhance law enforcement’s ability to gather evidence and prosecute crimes; strengthen certain laws and penalty provisions that play an important role in digital asset prosecutions; support proposed regulations that would enhance customer-identification efforts and other anti-money-laundering requirements under the Bank Secrecy Act; and ensure that law enforcement and regulatory agencies have adequate resources to conduct the technologically sophisticated investigations inherent in the digital assets space.
Under a sub-section on ‘Decentralized Finance (DeFi),’ they note that “enforcing applicable statutory and regulatory obligations can be challenging,” and “several DeFi projects have affirmatively touted the lack of money laundering controls as one of the primary goals of decentralization,” citing ShapeShift (TMIBP08) and Tornado Cash (TMIBP19, TMIBP20) as examples.
After a lengthy third section that exhibits key “U.S. regulatory agencies,” their respective roles, and notable cases, the fourth section lists “several legislative and regulatory actions that, in the Department’s view, would facilitate efforts to investigate, prosecute, and otherwise disrupt digital asssets-related criminal activity.” This includes “extending the statute of limitations for crimes involving digital assets from five years to ten,” and “strengthening of the Sentencing Guidelines applicable to certain BSA violations,” such as “tying the base offense level to the amount of funds involved.” Regarding the Financial Crimes Enforcement Network (FinCEN)’s rulemaking on the collection of personal and financial information of cryptocurrency users (see TMIBP07, TMIBP08, TMIBP09), the Justice Department intends to “support FinCEN in enforcing the rule and encouraging its implementation throughout the digital assets industry.”
Under the final sub-section ‘Proposal to Ensure Adequate Funding of Law Enforcement Operations,’ the report urges that “the President’s budget should seek funding from Congress for additional tools and technical resources specific to digital assets that can support investigations and search-and-seizure operations, including blockchain analytical tools and the technical infrastructure (e.g., server space or cloud access) needed to ingest and maintain potentially voluminous and complex data and to analyze that data.”
Cato Institute Center for Monetary & Financial Alternatives (CMFA) policy analysts Nicholas Anthony and Jack Solowey published their initial review on several aspects of the framework, including insights about underlying interagency conflicts. “When the market is supplying the innovation, the Administration — and Congress — have a responsibility to do no harm.” On September 19th, Anthony began a five-part series breaking down the reports by the Departments of Justice and Commerce, and three from the Treasury.
To monitor risks, the Treasury called for the expansion of Bank Secrecy Act (BSA) in addition to what is already in the third recommendation. Considering that the BSA has been expanded legislatively through several acts over the years and has been expanded practically through inflation since 1972, further expansions are not warranted until the government can prove how effective the BSA has been. And if what evidence that is already available is any indication, the BSA should be limited or repealed, not expanded.
I have previously included the CMFA’s research on financial privacy and surveillance in TMIBP06, TMIBP12, and TMIBP20. On October 18th, vice president Norbert Michel and Jennifer J. Schulp released “Restoring Financial Privacy,” a dynamic study of the BSA’s history and impact. Backing up Anthony’s claim that it has been “expanded practically,” they again pointed out that if the original $10,000 reporting threshold for financial institutions had been adjusted for inflation, it would be “nearly $75,000 today” (meanwhile, the penalties are adjusted to “maintain their deterrent effect” :neutral_face:). On October 27th, Anthony also wrote for the American Institute for Economic Research (AIER) about these reports, and the ineffectiveness of FinCEN:
Despite [FinCEN] Acting Director Das’s claim that the program is effective, it appears to have high costs with little or no benefits. The current regime is estimated to have cost US businesses $26.4 billion in 2019. And while FinCEN has not reported any numbers regarding how many criminals the regime stopped, FinCEN has shared that it received 20 million reports in 2019. Separately, the Bank Policy Institute found in 2018 that law enforcement only followed up with banks on 3.85 percent of suspicious activity reports (SARs) and 0.44 percent of currency transaction reports (CTRs). Moreover, Norbert Michel and David Burton found in 2016 that money-laundering investigations by the FBI had fallen between 2001 and 2011, despite the number of suspicious activity reports rising significantly.
The issue isn’t just one of government waste, though. As the government gathers more data, there continues to be a greater risk that it will use the data. For example, as noted by Lawrence White, “Innocent family businesses have been charged with structuring, and had tens of thousands of dollars seized by the federal government, merely for making repeated deposits or withdrawals below the $10,000 [CTR] threshold.” Moreover, Operation Chokepoint, Canada’s freeze on protestors’ bank accounts, and ICE’s recent collection of money-transfer data all showcase how this data is being used to target citizens.
In TMIBP11, I reported that hardware wallet company Trezor had plans to support CoinJoin and coin control features in their Suite interface. While the CoinJoin part remains in limbo (apparently delayed due to external issues with the implementation of WabiSabi), they finally announced that version 22.9.3 adds manual coin/ transaction output selection.
Coin control is an advanced feature that allows you to specify which UTXOs you want to spend in a transaction. Used properly, it can improve privacy, though we only recommend that you use it once you are familiar with the principles.
… When making a payment, your wallet may need to spend the contents of several UTXOs to make up the total purchase amount. Without Coin control, your wallet automatically chooses which to spend, favoring the cheapest option.
Each of those UTXOs has its own lineage of previous transactions, some of which may offer hints that reveal information about you that you don’t want to share. To protect your privacy, you can enable Coin control and specify which particular UTXOs to use in a transaction.
In November, in collaboration with the peer-to-peer exchange Hodl Hodl, they also introduced the option to buy bitcoin from within the Suite, no KYC verification required. Amidst news of the FTX scandal, Trezor warned:
Leaving bitcoin on an exchange increases their power and influence. In crypto, many of the tokens that end up collapsing are under the sphere of influence of exchanges, tied to risk-hungry investment firms.
The disrepute brought to Bitcoin by association has repeatedly held back progress and threatened the Bitcoin ecosystem. By giving custody of bitcoin to a major exchange, the majority of people who believe they own bitcoin are in fact centralizing power in the hands of a few entities.
The saying “rules, not rulers” is also often applied to Bitcoin. The golden rule is that whoever controls the keys, controls the Bitcoin. The sooner the broader community learns to take control, the sooner Bitcoin will be decoupled from the influence of playboy economics.
In April, Michael Bazzell, author of “Extreme Privacy: What It Takes to Disappear,” “Open Source Intelligence Techniques: Resources for Searching and Analyzing Online Information,” and host of the weekly “Privacy, Security and OSINT Show,” had announced the launch of a new independently published magazine focused around the same topics, and inspired by the style of 2600: The Hacker Quarterly. This month, he published the fourth issue of Unredacted, which includes two pieces about Bitcoin privacy: “Bitcoin Privacy Tools & Tactics” and “Tracking Bitcoin: Tools for OSINT” by analyst ‘Ergo’ (see TMIBP03, TMIBP07, and TMIBP15). The first article outlines “basic building blocks to thwarting effective bitcoin tracking,” and the second advertises the features of Samourai Wallet’s OXT blockchain analysis tool (TMIBP18) to “OSINT practitioners” interested in “incorporat[ing] bitcoin tracking and information into their investigations.” You can email submissions to staff@unredactedmagazine.com.
In TMIBP19, I included that the European Council had announced “a mandate to negotiate with the European Parliament on a proposal to update existing rules on information accompanying transfers of funds,” also known as the ‘Funds Transfer Regulation (FTR) / Transfer of Funds Regulation (TFR),’ with the intent to “extend the scope of the rules to certain crypto-assets” in a way that was ‘synchronised’ with the ‘Regulation on Markets in Crypto Assets’ (MiCA). In TMIBP20, I summarised key points of the provisional agreement reached in the trilogue negotiations.
According to a draft obtained by Blockworks editor and journalist David Canellis, the amendments to the FTR/TFR 2015/847 focus on the requirements of crypto-asset service providers (CASPs), which include “any person whose occupation or business is the provision of one or more crypto-asset services to third parties on a professional basis” (see TMIBP14). They also state that the European Banking Authority (EBA):
shall clarify, in particular, how the risk factors listed in Annex III shall be taken into account by crypto-asset service providers including when performing transactions with persons and entities which are not covered by this Directive. To that end, the EBA shall pay particular attention to products, transactions and technologies that may favor anonymity such as privacy wallets, mixers or tumblers.
Where situations of higher risk are identified, the guidelines shall include enhanced due diligence measures that obliged entities shall consider applying to mitigate such risks, including the adoption of appropriate procedures to detect the origin or destination of crypto-assets.
The guidance published by the Financial Action Task Force (FATF) last year lists “the use of anonymizing techniques for VA funds transfers (e.g., AECs, mixing and tumbling services, the clustering of wallet addresses, privacy wallets)” as an element for virtual asset service providers (VASPs) – a category of ‘obliged entities’ essentially equivalent to CASPs – to consider in their AML/CFT risk assessment (TMIBP17).
Blockchain analytics are also widely used by VASPs and some FIs to monitor their own exposure to risk (e.g., VA transfers that have passed through mixer servicesor come from privacy wallets). It is important to consider any potential implications for privacy and data protection in the use of such tools, if they allow transparency that is not otherwise available (e.g., on public blockchains).
On October 10th, the committees on Economic and Monetary Affairs (ECON) and Civil Liberties, Justice and Home Affairs (LIBE) held a joint vote on “the provisional agreement resulting from interinstitutional negotiations” in the trilogues. Everyone, except MEP Milan Uhrík from Slovakia and MEP Patrick Breyer for Piratenpartei Deutschland (plus three abstentions), voted in favour. On December 1st, the committees plan to hold “a joint public hearing on anti-money laundering,” with a panel that includes “the risks of crypto assets.”
On October 12th, Bitcoin Amsterstam hosted a panel about the FATF with Patrick Hansen, Kevin Murcko, Sjors Provoost, Matt Odell, and Stephan Livera, who had just published an opinion piece that the organisation “is a natural enemy of those who favor financial freedom.” Provoost brought up the AOPP debate (TMIBP18) and noted, “I don’t see pull requests coming in [to Bitcoin Core] saying ‘we’re going to implement a Travel Rule’ or such things. You want to make sure it stays that way.”
On October 21st, the EBA “issued a call for expression of interest” in joining a ‘Technical Expert Group’ (TEG) that would “provide expertise on the financial crime risks to which CASPs are exposed and challenges that market participants may face when implementing the revised TFR.” The deadline for submission of responses was November 15th.
On November 15th, CoinDesk regulatory reporter Jack Schickler, who was formerly “a speechwriter and policy analyst at the European Commission” and Her Majesty’s Revenue and Customs (HMRC), wrote about “a leaked draft of a money laundering bill.” To be clear, like MiCA, it does not appear that this draft bill would ban the use of privacy coins by private individuals:
“Credit institutions, financial institutions and crypto-asset service providers shall be prohibited from keeping …anonymity-enhancing coins,” said a legislative draft seen by CoinDesk, dated Nov. 9, which has been circulated to the bloc’s other 26 member states for comment.
… The Czech proposal responds to a demand from countries negotiating the text, said the diplomat, who spoke on the condition of anonymity on negotiations taking place behind closed doors.
The Hackers Congress at Paralelní Polis (HCPP) is an annual conference held by the Institute of Cryptoanarchy in Prague (TMIBP05). Founded by members of the Czech art and hacker scenes in 2014, their events cover a wide range of subjects concerning economic, social, and digital freedom. This year, I gave a talk titled “Blockchain Surveillance, Cyber Mercenaries, and Intelligence” (slides) about “the overlap between blockchain analysis companies, private spyware firms, and government intelligence agencies.” :collision:
This presentation will explore the corner of our industry that is occupied by so-called blockchain analysis companies, who (dis)claim many guises: analysts, scientists, artists, crime-fighting detectives, and spies. Where is the line between analysis and surveillance? What is their relationship with existing techniques, infrastructure, and norms shared with private hacking and spyware businesses, as well as nation-state intelligence apparati? And what could we do about it?
People often ask, “How did you become interested in [Bitcoin] privacy?” Well, seven years ago on this day, I attended my first ever Bitcoin meetup at University College London (UCL). I had been conscious of Bitcoin for two years, but in comparison to my work today, I knew nothing and no one. The topic of the meetup was – coincidentally – a paper about coin mixing, “CoinParty: Secure Multi-Party Mixing of Bitcoins” by then communication and distributed systems PhD Jan Henrik Ziegeldorf et al. from Rheinisch-Westfälische Technische Hochschule (RWTH) in Aachen. I understood very little that was said, except this was a proposed method to improve Bitcoin’s privacy. While I already deeply cared about personal privacy, if you had told me this would soon become a central professional focus of mine, I don’t think I would have believed you! Here’s to the next seven years.:blue_heart::closed_lock_with_key:
In TMIBP05, TMIBP07, TMIBP08, and TMIBP16 I have followed the Tor v3 transition and the importance of network privacy. Since June, the Tor network has been under a distributed denial-of-service (DDoS) atack that remains unresolved (TMIBP20).
Until we are able to determine mechanisms for rate limiting this activity, through development, experimentation, and testing, this DoS activity will continue to cause performance and reliability problems on the network. For details, see a recent thread on our tor-relays mailing list.
This month, Riccardo Masutti (TMIBP03, TMIBP05, TMIBP08, TMIBP10, TMIBP12) launched a “Save The Onion Router” (STOR) crowdfunding “campaign to configure and manage new guard/middle relays.” On November 16th, he shared a technical guide for managing multiple relays. According to the site’s counter, over $10,000 has been raised so far, in addition to “a big private donation that will be sent directly to” the Tor Project.
In TMIBP04 and TMIBP06, I highlighted that the Tor Project was considering “a token-based approach” for “prioritiz[ing] good clients over malicious clients when a denial of service attack is happening.” On November 15th, Adam Gibson gave his thoughts on this during his talk “Identity Is The Problem” at the Adopting Bitcoin conference in El Salvador. He then outlined his RIDDLE proposal (TMIBP20):
RIDDLEs let nodes buy Chaumian tokens (CTs) anonymously from peer nodes to allow routing to work. In baseline operation, the cost in CTs per routing attempt is very low. Ordinary user won’t see a cost worth mentioning. Rep[utation] tokens could also be spent as an ’optimistic mode’ thing. If traffic starts to get higher, start to ramp up the CTs per routing attempt cost. For a user who just wants to do one payment, they should still be fine but an attacker sending a stream is going to use up a lot of resources.
Given the large amount of excitement and investment going into rollup technology, and given the alignment of trustless validity rollups with the trustless ethos of bitcoin, one might wonder: are validity rollups a good fit for bitcoin, too? To answer this question, we must first take a step back and answer the more foundational questions: Is it even technically possible to build validity rollups on bitcoin? And if it is technically possible to build validity rollups on bitcoin, what would be the benefits, costs, and risks associated with doing so?51
In TMIBP19 and TMIBP20, I followed John Light’s research fellowship into zero-knowledge (ZK) rollups for Bitcoin. This month, he published his extensive final report, with over 20,000 words and almost two hundred citations:
Regarding terminology: these protocols are often called “zk-rollups.” This can be a misnomer, since not all protocols called “zk-rollups” use “zero knowledge” proofs. But they do all use validity proofs! So for the report I used the more accurate term “validity rollup.”
He first outlines the history of both zero-knowledge proofs and, more recently, blockchain scaling solutions, particularly off-chain transaction execution protocols like payment channels on the Lightning Network. Next, he proceeds to define validity rollups, their variants, how they function in practice, and what has been learned from existing implementations, such as shielded transaction rollups on Ethereum.
In the years since Satoshi Nakamoto first contemplated how zk proofs could be used to improve bitcoin privacy, cryptographers have invented new protocols that greatly improve the quality and usability of private cryptocurrency transactions. Validity rollups make it possible to implement these new privacy protocols on bitcoin while inheriting the full ownership security of BTC owned on L1. This would provide bitcoin users with state-of-the-art privacy without having to give up self-custody of their BTC. Additionally, with a flexible enough proof verification system implemented in the bitcoin consensus rules, bitcoin can be future-proofed so that new advancements in privacy protocols can be adopted without requiring any further consensus-level changes to bitcoin.
… Despite the popularity of using Turing-complete programming languages to build rollup smart contracts, it would be possible to build a validity rollup on bitcoin using bitcoin’s native Turing-incomplete programming language, Script, with relatively small changes (in terms of code footprint) to the opcodes Script supports.
The final sections explore the (mostly technical) costs and risks in terms of bandwidth, data storage, verification, miner extractable value (MEV) and algorithmic incentive manipulation (AIM) attacks, vulnerabilities in the cryptographic proof system that allow for supply inflation, and lastly “the possibility of provoking a crackdown on bitcoin by authoritarian governments who may be opposed to the strong privacy and censorship-resistant applications these protocols enable.”
Discussion about the potential of validity rollups for Bitcoin continued on the developer mailing list with Greg Sanders, Adam Gibson, Trey Del Bonis, Russell O’Connor, and ‘ZmnSCPxj.’
:information_source: Are you a mathematician or cryptographer? (Me neither! :sweat_smile:) There be dragons, but maybe you would like the new Ask Cryptography forum, a place to accumulate research papers, knowledge, and even more questions around cryptography.
In TMIBP19 and TMIBP20, I noted Ruben Somsen’s ‘Silent Payments’ proposal, “a new scheme for private non-interactive address generation without [extra] on-chain overhead.”
Since then, Somsen and others discussed both Silent Payments and ways to improve BIP-47 during the Pizza Day celebrations at Paralelní Polis. The second version of the implementation by ‘w0xlt’ was released in August. With the third version in September, Somsen also wrote about ways “the sender can be sure that the address it receives from the server belongs to the recipient” when a third-party server is involved, whether with BIP-47 PayNyms or Silent Payments. On October 11th, with the fourth version’s release, “Silent Payments now use all inputs to create transactions. Previously, they only used the first input. This change increases privacy and makes Silent Payments compatible with Coinjoin.”
On October 1st, Samourai Wallet reiterated that the Bitcoin Improvement Proposal (BIP) process has become a “sham,” and “should be reserved solely for consensus critical proposals.” Despite still being labeled as “unanimously discourage[d] for implementation,” BIP-47 PayNyms have been adopted by two wallets (TMIBP18), a mining pool operator (TMIBP20), and a non-profit for receiving charitable donations (TMIBP10).
If Silent Payments has legs to stand on, someone will implement it, and it can compete in the market with PayNym and in that scenario, users win.
On October 15th, Somsen delivered a mainstage talk, “Silent Payments and Alternatives,” for the last day of The Atlanta Bitcoin Conference (TABConf). He outlined the various non- or semi-interactive constructs for paying people, and how they compared from a privacy and scaling perspective. Bryan Bishop later published a rough transcript.
The name “Jam” is a backronym, stands for JoinMarket’s Awesome, Man, and shouldn’t be taken too seriously. However, it works on multiple levels (Let’s jam the signal!) and “cooking jam” is also a fun metaphor for mixing something in a tasty way (and putting it in jars).
In TMIBP01, 03, 05, 10, and 20, I’ve followed the building of one “fungibility toolchest” with the integration of JoinMarket into RaspiBlitz, “a do-it-yourself Lightning Node based on LND.” For more than a year now, Gigi, Dennis Reimann, Thebora Kompanioni, and others (building on the prior work of Shobhitaa Barik, Abhishek Anantharam, and Gibson) have had a web interface for JoinMarket in the works, and it was officially announced on October 10th as “Jam.” ‘Openoms’ noted that RaspiBlitz had a pending pull-request with “the latest versions on Jam, JoinMarket and Joininbox with a one-click install,” and encouraged people to run tests. Jam had already been merged into the v1.7.2 release back in February, shortly after Jam’s “first ‘public’ version” release, but was not yet displayed in the main menu. On November 1st, the pull-request was merged toward the upcoming v1.9.0 release.
On November 15th, at the Adopting Bitcoin conference in El Salvador, ‘Openoms’ hosted a workshop with a live demonstration of RoboSats; the next day, he also spoke about various “Lightning Native Privacy Tools.”
You can install Jam on RaspiBlitz, Umbrel, or Citadel by following these instructions.
The Swiss Financial Market Supervisory Authority (FINMA) has confirmed its decision to lower the threshold for KYC-lite or KYC-less purchases of bitcoin and other cryptocurrencies. In January 2021, they had already lowered the daily “client identification threshold values from CHF 5,000 to CHF 1,000.” In March of this year, their Anti-Money Laundering Ordinance was tightened even further, and “now states that the threshold of CHF 1000 applies for linked transactions within thirty days (and not per day).” In May, during the public consultation period, the Swiss-based Pocket app submitted comments that they “consider the proposed change highly discriminatory and disproportionate,” and encouraged other people to send letters.
[DE] Zahlreiche Anhörungsteilnehmende haben.. geltend gemacht, dass mit der Einschränkung des Schwellenwertes auf 30 Tage die Technologieneutralität, die Privatsphäre sowie das Verhältnismässigkeitsprinzip verletzt würden. Ferner existiere für den Geldwechsel mit Fiat Währungen keine solche Einschränkungund das Regulierungsvorhaben beruhe nicht auf genügend recherchierten Fakten.
[EN] Numerous participants in the consultation.. argued that the restriction of the threshold to 30 days would violate technological neutrality, privacy and the principle of proportionality. Furthermore, no such restriction exists for fiat currency exchanges and the proposed regulation is not based on sufficiently researched facts.
On November 2nd, after reviewing comments received up until June 10th, FINMA announced that they remain firm on that decision:
FINMA received numerous responses concerning the specification of the threshold for transactions with virtual currencies. In view of the risks and recent instances of abuse, FINMA stands by the rule that technical measures are needed to prevent the threshold of CHF 1000 from being exceeded for linked transactions within thirty days (and not just per day). However, this duty only applies to exchange transactions of virtual currencies for cash or other anonymous means of payment.
This corresponds with crackdowns on ATMs in other European countries, to align with the FATF’s guidance (TMIBP04, TMIBP19).
Intuitively, by fungibility, we think of measuring the uncertainty any observer of the public ledger has about the origins of coins residing at a specific address. On the other hand, anonymity measures the uncertainty of a possibly more potent adversary about the source of some coins. In particular, when measuring anonymity, we allow the adversary to have external knowledge or additional heuristics about the flow of cryptocurrency. This external knowledge might come from the peer-to-peer (P2P) layer or any source other than the public ledger. Therefore, we treat anonymity as a subjective measure of an adversary’s uncertainty, while fungibility is the measure of the maximum uncertainty given only the public ledger as an information source.
… Privacy and fungibility are closely linked, as reduced fungibility can result in reduced privacy, and conversely, privacy-enhancing technologies tend to improve fungibility as well.
Domokos Miklós Kelen and István András Seres (TMIBP01, 05, 07, 10, 20) have published a new paper, “Towards Measuring The Fungibility and Anonymity of Cryptocurrencies.” On the basis that “there is currently no formal quantitative framework” for money or cryptocurrencies,” they “apply absorbing Markov chains combined with Shannon entropy” to “both the stationary and the temporal transaction graph variants for each network” (mainly Bitcoin, Ethereum, and Zcash), with the goal to “help users select the coin with sufficient fungibility/ anonymity required to perform a privacy-critical transaction.”
Generally, we can observe many different fungibility characteristics in the studied cryptocurrency networks. Some of the results are largely unsurprising, such as the relatively low mean expected number of steps in account-based currencies, as account balances can quickly absorb random walks. Similarly, a significant fungibility variance in Zcash is expected, as different kinds of transactions exhibit different fungibility characteristics.
:musical_note: “Somebody That I Used To Know” by Hildegard von Blingin’ inspired this title.
The entire system may be less a tool for crime prevention than a means of bureaucratic ass covering, with a rich dollop of authoritarian surveillance on top.
— “The Perverse Impacts of the Anti-Money-Laundering System” by David Z. Morris
Attorney Nicholas A. Pasalides, representing the blockchain surveillance company Chainalysis, filed a notice to the Delaware court handling the bankruptcy proceedings for FTX Trading Ltd., identifying his client as a creditor to the exchange, and requesting “that all notices to which Chainalysis Inc. is entitled… shall be directed to the undersigned.”
In September 2019, FTX CEO Sam Bankman-Fried had announced that FTX “has partnered with Chainalysis to revamp our AML/KYC system,” and linked to a page in the exchange’s help center about ‘Individual Account KYC.’ It outlines the platform’s supposed “three different tiers of KYC” and states “all deposits and withdrawals are subject to inspection using Chainalysis.” Below illustrations of the user identification and verification processes, they explain:
FTX has recently engaged with Chainalysis to monitor suspicious cryptocurrency transaction alerts in the Chainalysis Know Your Transaction (KYT) product, the real-time anti-money laundering (AML) compliance solution for monitoring cryptocurrency transactions. It is the first compliance alerts solution available across 15 cryptocurrencies. By monitoring our transactions in the Chainalysis KYT, FTX is able to receive real-time alerts to help their business mitigate exposure to regulatory and [reputational] risk. Their system will help our compliance teams focus on the most urgent activity and enforce compliance policies while better allocating resources.
According to Forbes, as of at least August 24th 2022, FTX was still claiming to be doing business with Chainalysis, in addition to other compliance vendors such as “Plaid (Cognito)” (TMIBP02, TMIBP06, TMIBP20) and “Refinitv (World-Check)” (TMIBP05, TMIBP11). Many are wondering, as Chainalysis breathlessly publishes market intelligence reports and speaks of “forensic analysis” on the “unexpected potential collapse of an industry stalwart like FTX,” how they failed to see this coming. According to a report they published in June, Chainalysis clearly indicated that they were monitoring on-chain “flows into and out of CEXs,” including FTX:
By contrast, the top five centralized exchange services – Binance.com, OKX.com, Coinbase.com, Gemini.com, and FTX.com – supported roughly 50% of all on-chain CEX transaction volume during the time period studied. However, it is worth noting again that on-chain CEX volume represents only the flows into and out of CEXs, not the trading volume of their off-chain order books.
On November 22nd, CEO and co-founder Michael Gronager appeared on CNBC ‘TechCheck’ to “discuss FTX exposure, market changes in Bitcoin and expectations for FTX bankruptcy in court.” Co-anchor Deirdre Bosa asked how much they were owed, and Gronager refused to disclose a number because “we don’t share the details of our customer contracts,” but said there were no FTX tokens (FTT) involved. “I can just say that they’re a regular medium to small customer of ours.” Then Bosa asked the right question:
BOSA: Michael, your company provides compliance and investigation software to ‘hundreds of top institutions,’ but the biggest scandal in crypto was right under your nose, with one of your own customers. How do you think about protecting customers or your clients from potential bad actors in the space? How much do you know about your own customers?
GRONAGER: What we know about our customers- Our customers buy our compliance solutions. For example, transaction monitoring. They want to ensure that their customers are not involved in criminal activity in one way or another. That is basically the involvement we have with our customer. We cannot say whether their balance sheet is okay, and we would not do that check. It’s very similar to a company like AWS or any other cloud provider.. they would not go in and check the balance sheet of customers. They simply assume that businesses are liquid, especially when you see them backed by big names and have a lot of interest around them.
Blockchain surveillance companies want to have their cake and eat it too. They will disclaim that they could have had any insight into what their mega-wealthy delinquent clients do with the blockchain-based assets in their custody, and yet, when the regulators come knocking to declare this catastrophe an inevitable symptom of the ‘Wild West’ that is peer-to-peer digital money, they will nonetheless happily indulge in the opportunity to make millions selling tools designed to ‘tame’ the rest of us. Those who actually use the technology as it was designed to be used, who seek financial sovereignty and encourage others to do the same.
Speaking of regulation, where were the regulators in all this? Same place they were during l’affaire Madoff — working on other things! They did less to provide false confidence to consumers in the FTX case than they did in Bernie Madoff’s because Madoff’s went on for years.
… What cryptocurrency requires is a user base of people who practice self-custody of their assets, demand proof of reserves (i.e., direct consumer oversight, which blockchain makes possible), and otherwise protect themselves in financial worlds. In other words, cryptocurrency demands users who are more sophisticated. The social change that aligns with the technology is coming at a glacial pace — a pity further revealed by FTX.
— “Lessons from the Collapse of Crypto Exchange FTX” by Jim Harper
As always, we remain to face the storm, while those who advocate for financial surveillance and control will forever abscond to distant beaches when the ruse of their lobbying is exposed and no longer bears them enough fruit.
… I guess the best we can do is pray to the computing gods that everything works out!
In TMIBP01, I covered the much-belated disclosure of a data breach, and ongoing threats to customers, from the Canadian exchange Coinsquare. Not long after – unrelated to the breach – the Ontario Securities Commission (OSC) announced that they had “approved a settlement agreement with Coinsquare Ltd., [CEO] Cole Diamond, Virgile Rostand and Felix Mazer” (who no longer appear on the website) for “market manipulation on the Coinsquare platform, misleading statements to investors and a reprisal against an internal whistleblower.” They were forced to “resign from their positions,” pay large “administrative penalties,” and banned from acting as registrants, directors, or officers for a few years. However, it appears their security and disclosure practices haven’t changed much.
On November 19th, Coinsquare tweeted that they had “detected unusual activity on our platform and out of an abundance of caution, we decided to undergo an unscheduled maintenance period while we address this issue.” They repeatedly insisted that “no client funds have been lost. To be clear, 100% of client funds are safely held in cold storage 1:1 against client liabilities. Client funds are not at risk.” At the time of writing, they have not tweeted anything further about the ‘unusual activity’ and there is still no notice about the incident on their website. A week later, some of their customers began to publish copies of an email that had been sent out by their chief privacy officer:
On November 19th, Coinsquare observed unusual activity in our systems, which led us to suspend the platform temporarily in order to thoroughly investigate. We identified an intrusion and took immediate steps to block access points. We have now safely brought our platform back to full functionality. As a result of this incident, we believe that a customer database with personal information was exposed and may have been accessed by a third part. This personal information is limited to: customer names, email addresses, residential addresses, phone numbers, dates of birth, dvice IDs, public wallet addresses, transaction history, and account balances. No passwords were exposed. We have no evidence any of this information was viewed by the bad actor, but in an abundance of caution we wanted to make you aware.
… We are offering you complimentary access to one (1) year of credit monitoring via Equifax. If you’re interested to learn more about this program, please reach out to support@coinsquare.com by December 15th, 2022.
On Reddit posts, they have been replying with the same additional message:
We have no evidence any of this information was viewed by the bad actor, but in an abundance of caution, we wanted to make our users aware. We notified all clients, but only identified 3 clients [whose] accounts were accessed. No client funds were ever at risk of being stolen. No client funds are held on our platform. They always remain secured in cold storage at our external, licensed custodians.
We are notifying the Office of the Privacy Commissioner of Canada of this incident. We also implemented additional security measures to minimize any future occurrences. If you have any questions relating to this incident, please email us at privacy@coinsquare.com.
Similar to the last incident, their only “precautionary measure” recommendations are to “change your password on your Coinsquare account to a strong, unique password,” and enable two-factor authentication (2FA), which are nice to encourage but provide no protection whatsoever against this type of compromise. On November 28th, CoinDesk reported that they had “suspended activities on its platform after detecting the vulnerability last week, triggering speculation of possible liquidity issues,” and “the exchange is yet to respond” to requests for comment.
:warning: If you are vulnerable to this type of breach, I recommend Kraken’s “Security Advisory: Mobile Phones,” Lopp’s “A Home Defense Primer,” “A Modest Privacy Protection Proposal,” the Electronic Frontier Foundation’s “Doxxing: Tips To Protect Yourself Online & How to Minimize Harm,” and Bazzell’s “Privacy, Security, & OSINT Show.”
The technology for issuing virtual money in a centralized way existed long before the invention of the blockchain.
— “The Case for Central Bank Electronic Money and the Non-case for Central Bank Cryptocurrencies” by Professor Aleksander Berentsen and Fabian Schär, der Universität Basel (2018)
Arguably, the advent of cryptocurrencies has provided much of the impetus behind the possible creation of a U.S. CBDC. Scholars and policymakers alike are intrigued by the potential of the various technologies associated with cryptocurrencies. But this doesn’t mean that an eventual U.S. CBDC would necessarily look anything like a cryptocurrency. Indeed, a U.S. CBDC might employ little or none of those technologies. Instead, it may end up looking a lot like forms of digital money that long preceded the introduction of cryptocurrencies.
— “Fed Eyes Central Bank Digital Currency” by John Mullin, senior economics writer for Federal Reserve Bank of Richmond (2022)
In TMIBP05, 08, 12, 14, 17, 19, and 20, I have followed exploration, promotion, and criticism of central bank digital currencies (CBDCs). This month, Bitcoin activist artist ‘cryptograffiti’ launched a ‘NoCBDC’ campaign, warning about the risks of CBDCs through custom street signs and stickers. He is renowned for repurposing objects of the fiat money system – from paper bills to credit cards to bank branch pens – to create works that help spread awareness about Bitcoin and what makes it special.
The ‘NoCBDC’ promotional video begins with a question posed to a woman sitting in front of Cupid’s Span in Rincon Park, San Francisco. “What are CBDCs?” She doesn’t know, and neither do the two men he also asks. But these world leaders certainly do: Rishi Sunak, Chancellor of the Exchequer at the U.K. Treasury; Bo Li, deputy managing director at the International Monetary Fund (IMF); Agustín Carstens, general manager at the Bank for International Settlements (BIS); Christine Lagarde, managing director at the IMF; and Klaus Schwab, founder of the World Economic Forum (WEF). Alarm bells go off, and the remainder of the video follows the installation of signs and stickers around the city, to the tune of Rockwell’s “Somebody’s Watching Me” (1984).
On the same day, Gladstein announced the opportunity for an 8-month paid fellowship to create an online interactive resource that “tracks the progress of Central Bank Digital Currencies (CBDCs) in every country in the world and flags their risks for civil liberties, with a focus on authoritarian regimes.” The deadline for applications is January 15th, 2023.
Since September 21st, Fight For The Future (FFTF) and “a dozen civil society organizations including the ACLU” have supported the ‘NoSpyCash’ campaign and petition to “preserve the inclusive, human rights respecting qualities of cash in any efforts to create a digital dollar.”
The campaign comes on the heels of the White House Office of Science and Technology Policy issuing a new report that promotes the idea of a certain sort of digital currency — a CBDC issued by the Central Bank rather than a digital dollar from the US Mint — and one that has government surveillance and control built in.
On November 29th, FFTF and Amnesty hosted their tenth virtual salon “to discuss the privacy concerns raised by government-backed digital currencies.” The moderators were FFTF campaigns and communications director Lia Holland, and Amnesty International USA director Michael Kleinman. The panelists included: Surveillance Technology Oversight Project (STOP) founder and executive director Albert Fox Cahn; Digital Dollar Project (DDP) executive director and World Economic Forum (WEF) Digital Currency Governance Consortium member Jennifer Lassiter; Sex Workers Outreach Project (SWOP) co-executive chapter director Alexandria LaRue; and Willamette University College of Law assistant professor Rohan Grey. Lassiter didn’t have answers on whether a U.S. CBDC will have privacy, but believed they “can strike an appropriate balance” based on “empirical data” that organisations like hers would collect. On the question of whether the ‘stability’ from state control of money outweighed the harms, Grey argued that the central banks would rather acquiesce to the NSA than listen to or protect the public, especially minority groups. LaRue emphasised that in discussions about CBDCs, it is our duty to include the perspectives of people who often aren’t part of the conversation, and the people in charge of this decision-making should not be those with the privilege of political power. During final thoughts, Cahn, who believed that ‘surveillance is baked into the very DNA of international finance,’ stated: “Low-tech is good tech; when we keep things analog, we keep them private.” [Note: I’ll link to the video when they publish it.]
Artists and activists are not the only ones putting up resistance to the implementation of a CBDC. On September 7th, members of the U.S. House Committee on Financial Services had written to Federal Reserve vice chair Lael Brainard “regarding the Fed’s authority to issue a CBDC absent specific authorizing legislation from Congress,” among other follow-up questions to Brainard’s testimony during their May virtual hearing, “Digital Assets and the Future of Finance: Examining the Benefits and Risks of a U.S. Central Bank Digital Currency.” The letter requested that she respond by no later than September 30th; it is unclear whether she did, but according to a letter the Committee sent to Garland in October, they believe “the Federal Reserve does not have the legal authority to issue a CBDC absent action from Congress. Both Federal Reserve Chair Powell and Vice Chair Lael Brainard have also testified on the need for authorizing legislation.” As Anthony cited in his commentary, the Federal Reserve Bank of Richmond has also written:
The Fed expressed reluctance to get into retail banking (a move that might require congressional authorization). Instead, the white paper favored an intermediated approach that would work through private financial institutions to take advantage of their existing systems for complying with anti-money laundering laws and Know Your Client laws.
On November 18th, Anthony and Michel released a new working paper arguing that “Congress should explicitly prohibit the Federal Reserve (the Fed) and the Department of the Treasury (Treasury) from issuing a CBDC in any form.” They counter the claims of “financial inclusion,” “faster payments,” “preserving the dollar’s status as the world’s reserve currency,” and “improv[ing] the implementation of monetary and fiscal policy,” and then touch on the threats “to financial privacy, financial freedom, free markets, and cyber security that a CBDC would pose.” The final section makes several recommendations for how Congress could limit the Fed and Treasury legislatively.
Regarding cash usage and the un(der)banked, the paper includes the following:
The Federal Deposit Insurance Corporation’s (FDIC’s) survey of the underbanked and unbanked households in America reveals that the issue of financial inclusion is more nuanced than solely being a question of “access.”7 Over 72% of the unbanked households surveyed said that they were not interested in having a bank account (Figure 1).8 When asked why they feel this way, respondents most commonly said that they lack enough money to open an account, avoid the banking system to secure their privacy, and have a distrust for banks in general (Figure 2).9
Relatedly, in “The Future of Money and Payments” report prepared by the Treasury for the Biden administration, they state that “the percentage of the United States that is unbanked is higher than the percentage in all other G-7 countries.42” Figures 1 and 2 show the results of surveys conducted by the Federal Reserve, most recently “2022 Findings from the Diary of Consumer Payment Choice,” regarding payment method choices made by consumers between 2016 and 2021. During this period, they found that while cash as a medium has gone down from 31% to 21% of payments (credit cards have increased from 18% to 28%), it is still the primary payment method (36% of payments) for those with an annual household income below $25,000.
On the topic of CBDCs, the Treasury report states that because it “could potentially be used at much greater scale and velocity,” a design as anonymous as cash would be too risky, and then seems to echo the ‘threshold’ model suggested by the European Central Bank (TMIBP19):
These risks could be more easily mitigated in an identity-verified system, in which intermediaries collect and verify customer information. Other strategies, including zero knowledge proofs, could also be explored. A CBDC could also have tiered accounts to allow for different functionality, tied to different levels of identity verification and monitoring. Controls could be embedded into the design of any tiered system to enable intermediaries to identify instances of structuring designed to avoid compliance thresholds. Tiered accounts could enable customers without identity credentials, who are often unable to access traditional financial services, to access CBDC. While models that allow different levels of identity verification and monitoring could reach wider user bases and do more to promote inclusion than accounts requiring full customer due diligence, they would need to be carefully assessed and calibrated to appropriately mitigate the illicit financing risks. In addition, a tiered model would need to regularly assess the illicit finance risks and, if necessary, change the tiering to adapt to an ever-changing risk environment.
Back in March, the ECB released “commissioned research on citizens’ payment habits and their attitudes towards digital payments in order to gain a deeper understanding of user preferences as part of the digital euro project.” When the “general public and tech-savvy participants were asked to imagine a future where most payments are digital,” and what features were most important to them, “instant payments, universal acceptance and risk-freeness are non-negotiable features.” Like the Federal Reserve surveys, they found “the main payment method used by unbanked, underbanked and offline individuals is cash.” However, cash usage has still been more broadly popular in Europe than the U.S., even during the pandemic, where it was “used to settle 38% of the transactions at supermarkets, 57% of the transactions in small shops for day-to-day items, and 63% of the transactions at restaurants, bars and cafés.”
More importantly, this report provided insight into what is envisioned regarding the privacy ‘thresholds’ (TMIBP19, TMIBP20). “Three different privacy settings” for a theoretical digital euro wallet were offered: ‘high,’ ‘medium,’ and ‘low.’ The so-called “high privacy setting” allowed users to “download money” that would be “usable even when there is no internet or phone connection,” and “payments remain private as long as they do not exceed the legal limit for compliance,” restricted to just “lower value payments (e.g. <€150) and not for online shopping.” Unsurprisingly, most preferred the so-called “medium privacy setting,” which required that “the user’s bank stores the user’s personal data and monitors the transactions, including for small amounts,” but does not impose spending limits:
A medium level of financial privacy is preferred for the new wallet, as it avoids the restrictions imposed by the high setting and the advertising found with the low setting. However, most participants say privacy is not a key feature. They assume that no truly private digital transaction is possible, so privacy is not something they really think about. Nevertheless, most participants would like to have the choice to opt for a privacy level according to the payment situation.
On July 13th, the ECB published a document summarising “key objectives and design considerations” for the digital euro, stating unequivocally that “it would complement cash, not replace it.” They recognised that the decline in cash usage weakened “the strategic autonomy of European payments and monetary sovereignty,” particularly “in the event of geopolitical tensions,” given that “most electronic payments solutions are at present run by companies with headquarters outside the European Union.” According to CoinDesk, a supposedly leaked paper “authored by senior Treasury officials from France, Germany, Italy, Spain and the Netherlands” echoed similar concerns, suggesting a “digital euro could play a vital role to strengthen the strategic autonomy of the European Union.”
The lesson Russia learned in February was also learned by the Canadian truckers (and many others in recent history) and brings into sharp relief a question that hits at the core of the current monetary and political arrangement; what is money and who has the power to decide? Money is an expression of power. The power to decide what is money — and who can or cannot use it — is a unique and consequential power. How such power is wielded — whether in the hands of a state, across blocs of competing states or among a distributed consensus of individuals — will shape much of the future.
— “The Future Geopolitical Order and Bitcoin: An Initial Assessment” by Matthew Pines, national security fellow at the Bitcoin Policy Institute (July 2022)
On September 29th, the ECB released a progress report “on the investigation phase,” which “elaborates on the foundational design options that were recently endorsed by the Governing Council.” The Governing Council, headed by Lagarde, plans to make a decision on whether to advance into the “realisation phase” in autumn 2023. In the section on privacy, they define the “baseline scenario” as one where “a digital euro would provide a level of privacy equal to that of current private sector digital solutions18” and only promise to “explore two options” with co-legislators that “go beyond this baseline scenario.19 These could allow the digital euro to replicate some cash-like features and enable greater privacy for low-value/low-risk payments.”
Further work is needed to explore how the two options could be enabled in the regulatory framework (e.g. how to exempt low-value/low-risk digital euro transactions from certain AML/CFT obligations).22 In this context, the Eurosystem is in discussions with the Commission and European Data Protection Authorities.
On October 10th, the European Data Protection Board (EDPB), chaired by Andrea Jelinek, issued a statement on the digital euro project; this follows their detailed consultation submitted to the Commission in June. They caution “against the use of systematic validation and tracing of all transactions in digital euros,” and argue that “the design choices adopted by the ECB should be based on a documented impact assessment of all risks concerned still privileging innovative, privacy enhancing technologies (such as e-cash, Zero Knowledge Proof).”
In order to meet the policy objectives enshrined in Articles 7 and 8 of the European Charter of Fundamental rights and the high privacy standard that only the public sector can offer, it might not always be appropriate to foresee a validation of transactions by a third party. The regulatory checks, if needed, as a rule should be run ex post and on a targeted basis, in the presence of a specific AML/CFT risk. A validation of all (each and every) transactions in digital euros might not be in line with the data protection principles of necessity and proportionality, as interpreted by CJEU case law.6
… Furthermore, the EDPB recommends the digital euro to be modelled as closely as possible to a peer-to-peer modality, available both offline and online, as opposed to an account-based model.
Dutch engineer and financial history consultant Simon Lelieveldt (TMIBP11, TMIBP14) commented that he was satisfied with the EDPB’s “clear stance on [anonymity] and it is well in line with the analysis I made previously” in June, namely that “we must design from the perspective of a digital euro that will ..not allow any monitoring, oppression and pursuing of specific political objectives in the future.”
This is not just about: ‘privacy-by-design.’ This is about: ‘human-rights-by-design.’
On October 12th, I joined a Bitcoin Amsterstam panel, “The Spectre of CBDCs,” with Grant McCarty, Frank Holmes, Allen Farrington, and Christophe De Baukelaer, the Belgian member of Parliament who had announced in January that he would be converting his salary into bitcoin. Like the OFF panel in May, we were in agreement that CBDCs were bad news for various reasons. Regarding the digital euro project, De Baukelaer said that the plans seem to be changing month to month. “When you begin a project [out of] fear, it’s rarely a good idea… What I feel is, for sure, there will be no anonymity… There is no advantage for us, for the citizen.”
In TMIBP20, I covered a decision from the Treasury’s Office of Foreign Assets Control (OFAC) to designate the Ethereum-based mixer Tornado Cash as a sanctioned entity, and the arrest of developer Alexey Pertsev in the Netherlands. After already having a bail request and its appeal denied, this month Pertsev has once again been ordered to remain in custody until February 20th 2023, because the court believes he is a flight risk.
At the hearing on Tuesday, Dutch public prosecutor Martine Boerlage announced money-laundering charges for the first time. Boerlage had said little more about the case than a press release, but has now accused Pertsev of facilitating the processing of dirty money by writing the Tornado Cash code.
Dutch journalist Aaron van Wirdum commented, “The way it’s shaping up, it looks like this case will resolve heavily around the legal implications of a DAO.” Provoost, who also attended the hearing, predicted that “politically, this may be the most import crypto court case in The Netherlands (and will set EU precedent).” It is worth mentioning that according to the government’s own website, “the total time spent in pre-trial detention may not exceed 110 days.” As of this decision, Pertsev has already been detained for 104 days, and will reach 194 days on the date set by the judge. Coin Center director of research Peter van Valkenburgh described this as “an affront to human rights.” Coinbase chief legal officer Paul Grewal noticed that “recently OFAC removed, and then re-added, Tornado Cash its US sanctions list.” According to this blockchain data visualiser tool, Tornado Cash activity has dropped from over seven hundred ‘unique users per week’ at the start of August, to less than fifty.
But Pertsev will not be alone with his court battle. On September 8th, six users of Tornado Cash – Joseph Van Loon, Tyler Almeida, Alexander Fisher, Preston Van Loon, Kevin Vitale, and Nate Welch – filed a civil lawsuit against the U.S. Treasury Department through a Texas district court for “unprecedented, overbroad action [that] exceeds Defendants’ statutory authority, infringes on Plaintiffs’ constitutional rights, and threatens the ability of law-abiding Americans to engage freely and privately in financial transactions.” Given that two Coinbase employees (Almeida and Welch) are involved, the company “is paying the legal bills of the employees and four other plaintiffs.” They later also released a video interview with four of the plaintiffs (Van Loon, Fisher, Vitale, and Almeida). CEO Brian Armstrong and Grewal published long statements about why they were funding the legal action:
… Congress passed the International Emergency Economic Powers Act (“IEEPA”), authorizing the President to freeze the assets of, and prohibit transactions with, any person determined to be a threat to the United States, and the President delegated this power to Treasury to issue sanctions. However, this delegated power only authorizes OFAC to target persons or their property.*
We are supporting the legal challenge to the Tornado Cash action because the Tornado Cash smart contracts are neither person nor property. This means OFAC exceeded its authority from Congress when it recently added these to the SDN List — effectively banning the technology for all U.S. persons. The outcome sought by this challenge is to have OFAC remove these crypto addresses associated with software from its SDN List, so that U.S. persons can once again use this privacy technology.
On September 14th, FFTF put out a statement in response to a number of clarifications published by the Treasury, including that “U.S. persons would not be prohibited by U.S. sanctions regulations from copying the open-source code and making it available online for others to view, as well as discussing, teaching about, or including open-source code in written publications, such as textbooks, absent additional facts” (as a result, GitHub has since restored the Tornado Cash code repositories in read-only archive mode). Holland considers this “inadequate to address our concerns related to human rights, free expression, privacy, and the right to write open source software code.” On September 29th, she and director Evan Greer also wrote for the Lawfare blog that “Tornado Cash Sanctions Are Unduly ‘Creative’ With the First Amendment.”
On October 12th, Coin Center announced that they had filed their own lawsuit with three other plaintiffs against OFAC “to delist Tornado Cash privacy tools from sanctions.” This is in addition to the lawsuit they opened against the Treasury in June, where they challenged the constitutionality of the Bank Secrecy Act (TMIBP20).
The criminalization of Tornado Cash infringes on associational privacy by outlawing the use of an essential privacy tool and forcing users of that tool to disclose their activities to the federal government and the public. It thereby chills the associational activities of Mr. Doe, Coin Center, and their donors.
The next day, renowned security technologist Bruce Schneier and Professor Henry Farrell published counter-arguments to both Opsahl’s legal assessment and the Holland/Greer piece, mostly focused around characterisations of Tornado Cash as one of many decentralised autonomous organisations (DAOs) “wreaking havoc on the world” which “need to be subject to regulation.” Valkenburgh contends that this is “an irrelevant red herring,” and “the sanctions are not calibrated ‘regulation’ of bad actors, they are a full ban on every American’s use of the tool for any reason.”
The Tornado Cash tool itself is not a DAO. There’s no group of DAO token-holders or DAO members who control the operation of the smart contracts. There is a Tornado Cash DAO that performs non-essential activities to support continued development of Tornado Cash privacy software, however that DAO does not and cannot control the operation of Tornado Cash. Remarkably, the Ethereum address of that DAO is not one of the sanctioned addresses announced by OFAC, and none of the designations contested in pending lawsuits challenging the sanction have anything to do with that DAO.
On October 27th, NSA whisteblower, Freedom of the Press Foundation board member, and author Edward Snowden remotely spoke at Decrypt Media’s event in Napa Valley, California. He described the OFAC sanctions and the Dutch government’s decision to imprison Pertsev as “deeply illiberal and profoundly authoritarian.”
We should resist that ‘suggestion.’ In my opinion, we should simply gift ‘the city’ a new ‘water fountain.’ Sneak into the ‘park’ at night, wear a mask, wear gloves if you must. But make sure that if people are thirsty, they can find something to drink. Because the human right to privacy is non-negotiable.
In TMIBP11, 12, 13, 16, 19, and 20, I have featured progress with Chaincase, an iOS client based on Wasabi. While the original beta wallet was sunset on November 1st, the project has since pivoted to combining PayJoin and Lightning.
On October 14th, lead developer Dan Gould opened the ‘NoLooking’ project as part of the six-week Legends of Lightning online global development tournament. He had publicly announced the project a few days prior with co-developers Armin Sabouri and Nick Farrow, and performed a mainnet demo. They documented their progress and problems over the subsequent weeks. By the second and third, they had “experimented” with Cashu e-cash, opened two Lightning channels from a Sparrow Wallet PayJoin transaction, and a Halloween-themed alpha version of their app was running on Umbrel; by the fourth, the app had “well over 400 downloads.” During the fifth week, they focused on “delivering the minimum delightful product.. to the market,” and scheduled a public call in December with the Bitcoin Design community to discuss the user experience of PayJoin. On November 23rd, the hackathon’s host ‘Bolt Fun’ livestreamed another ‘NoLooking’ demo. In the wrap-up, Gould summarised their achievements and future plans, laid out in the “NoLooking Roadmap.”
We want to push beyond hobbyist adoption. In order to get PayJoin as the standard, we need to move into enterprise products and services. To do this, we need introductions to bitcoin organizations who believe in human freedom and are willing to step to the cutting edge.
To smooth this offering, we are in the process of vetting the free and open source code we have built and depend on. We need to get it tested and reviewed by some rust & bitcoin wizards. The easier it is for us to recruit this help, the faster bitcoin gains privacy.
We’re talking livelihoods. It needs to be bulletproof.
The window for us to deliver privacy as an alternative to the CBDC pantopticon may be running out. Legends of Lightning has us speeding up.
Project submissions for the tournament officially closed on November 24th, and the judges announced a shortlist of finalists for each track on Nov 28th. ‘NoLooking’ was included in the list of ten finalists for the Global Adoption track.
The finalists will then get an extra week to continue working on their projects, putting in any extra features or finishing touches. On Dec 6th, we will host a Finals day live stream for each track, giving founders a chance to re-pitch their projects live to the world! (This can also be done with a pre-recorded pitch). Our judges will then rescore the projects and announce the winners on Dec 7th!
:information_source: Check out the Lightning Privacy Research project to “investigate potential improvements to Lightning on both the protocol level and in how it’s used,” by Ben Carman, Evan Kaloudis, Max Hillebrand, Paul Miller, and Tony Giorgio.
:information_source: Check out Bitcoin Optech Newsletter #216, #217, #218, #219, #220, #221, #222, #223, #224, #225, #226, #227, and #228 for other recent technical developments beyond Bitcoin privacy.
:evergreen_tree: In case you don’t hear from me until next year — bonus moths for the holidays!
"Spot the Buff-tips. (Phalera bucephala)" by gailhampshire is licensed under CC BY 2.0
Thanks for reading! Feel free to :bookmark: bookmark or subscribe to catch the next edition of ‘This Month in Bitcoin Privacy.’
]]>“Elephant Hawk-moth” by naturalengland is licensed under CC BY-NC-ND 2.0.
This section is for stories that would have been included for the months of May, June, and July:
In TMIBP07 and TMIBP08, I highlighted Bitcoin privacy-related research that was featured at last year’s Financial Cryptography and Data Security (FC21) conference. This year’s FC22 event took place during the first week of May, and once again there were a few papers focused on privacy. István András Seres (TMIBP01, 05, 07, 10) co-authored a paper on Fuzzy Message Detection (FMD). Two of the papers in ‘Session 6: Mostly Payment Networks’ focused on privacy, “Hide & Seek: Privacy-Preserving Rebalancing on Payment Channel Networks” by Zeta Avarikioti et al., and “Resurrecting Address Clustering in Bitcoin” by Chainalysis software engineer Malte Möser and Princeton associate professor Arvind Narayanan, in which they “tackle several challenges of change address identification and clustering” and “develop new techniques to predict change outputs with low false positive rates.”
It is worth noting that the latter was funded by the Ripple University Blockchain Research Initiative (UBRI), which is known to be pushing poorly supported anti-Bitcoin ‘research’, and that event sponsors include platinum-tier CipherTrace and gold-tier Chainalysis.
In TMIBP19, I included the Human Rights Foundation’s research fellowship into zero-knowledge (ZK) rollups for Bitcoin. John Light opened a research library “where I’ll be dumping links as I come across interesting resources.” He shared an extensive post by developer Trey Del Bonis on the subject:
While current rollup implementations are very dependent on how Ethereum-style contracts store state and represent settlement, there is no fundamental reason that a UTXO-based ledger cannot support rollups. In this article I aim to explore and sketch out some designs for how a zk rollup might function on a future version of Bitcoin that supports some additional script primitives.
… If the rollup involves a small set of parties that make many transactions and for some reason “just using Lightning” isn’t an option, then it may make sense to have an alternate spending path that just takes a signature from all of them and they can all consent to the state transition without having to rely on the chain to enforce the logic. This would be improved by using a taproot output which increases privacy and chain space. Failing that, we could still rely on script to encourage liveness.
The v0.9.6 release of JoinMarket now makes it a requirement to run Tor, because they are replacing their reliance on IRC servers with “quasi-p2p onion-based messaging.” Adam Gibson wrote a guide on “how to setup onion message channels in JoinMarket.”
The TLDR is that makers serve Tor onions, and after initial rendezvous on “directory nodes”, most of the transaction negotiation can happen peer to peer. IRC is still configured and will be for some time. All the message channels are used redundantly.
On May 14th, v0.6.8 of JoinInBox (TMIBP01, 03, 05, 10) was also released. (Note: As of publication time at the end of August, the latest releases are now v0.9.7 and v0.7.2 respectively.)
Similarly, on May 29th, the Lightning and onion-based exchange RoboSats announced that they had “just implemented the most transparent and easy to audit E2E chat” based on the OpenPGP standard.
Every robot avatar has a pair of PGP keys. These are encrypted with your high entropy token, the same token that is double hashed to generate the avatar. Of course, only you know your token! On the chat, every message you send is encrypted for your peer’s public key and signed with your private key. Only he can reads them. Same for his messages: only you can read them.
With single click on the ‘Export’ button you save the PGP credentials and messages (encrypted, decrypted and signature checked). In case of a dispute, your counterpart won’t be able to tell a different story to the staff… you can prove otherwise: you have his signed messages!
The coolest thing is that you can copy or export every PGP key and message into any other OpenPGP tool (GnuPG, OpenKeychain…). And verify for yourself every message if you do not trust the RoboSats client app (Don’t trust, verify)
In TMIBP02 and TMIBP06, I covered class action lawsuits and anti-trust complaints against Plaid Inc., a financial technology and identity verification company. The final approval hearing for settlement occurred on May 12th, “where the Court may hear arguments concerning the approval of the Settlement.”
Under the Settlement, Plaid has agreed to minimize the data it stores going forward, to delete certain previously retrieved data, and to improve and maintain certain already-implemented enhancements to Plaid Link. Class Members are also able to view and manage the connections they’ve made between their financial accounts and chosen applications using Plaid, and delete data stored in Plaid’s systems by creating a Plaid Portal account, at my.plaid.com.
In addition, the Settlement establishes a $58 million Settlement Fund, to be used for cash payments to Class Members who submit valid claims for compensation, after deducting the costs of the settlement administration, court-approved attorneys’ fees and expenses, and Service Awards for eleven Class Representatives.
The small Vancouver-based Bitcoin mining pool operator Lincoin Technologies announced that they had integrated BIP-47 PayNyms (TMIBP03, 06, 09, 10) for their reward payouts, with the goal of “setting new standards for the industry.” In the following days, they published instructions for how to enable them, and tweeted about why PayNyms were superior to static addresses or xPubs (TMIBP03):
Static Address: This is the most insecure method that breaches your privacy. The Spy, by monitoring that address, will know exactly how your performance have been and how much money you have made.
Xpub: By providing your Xpub to a pool they will be able to generate a new address of your wallet every time they send you a payout. But they will be able to track all your activities across any network (coin) in the past and in the future.
PayNym: This method is known to fulfill privacy between two parties without giving access to an external party to track them. In this method you provide the pool with a payment code which will be used to generate a new address every time they send you a payout. The pool won’t be able to track any other transactions/addresses outside the scope of your relationship and that is why it is considered the best practice.
On July 21st, they shared that they had “acheived 20% adoption [among] our users and have paid hundreds of payouts to PayNym addresses.”
In TMIBP19, I included Somsen’s proposal for Silent Payments. On May 24th, ‘w0xlt’ published a tutorial for testing this new scheme on signet; they have also created a test library for the reusable Taproot addresses (TMIBP18). If you would like a breakdown of “the mechanics of Taproot,” check out this recent demonstration by BitMEX Research.
:information_source: Check out Seth’s list of “Bitcoin proposals and ideas to improve privacy that are still a work in progress, were abandoned or never implemented, or failed to make a noticeable impact.”
In TMIBP05, TMIBP08, TMIBP12, TMIBP14, and TMIBP17, I have followed exploration, promotion, and criticism of central bank digital currencies (CBDCs). In the last TMIBP19, I cited a research paper from the U.S. Federal Reserve on the subject, which has since received over 1,500 public comments. On June 2nd, Nicholas Anthony, a policy analyst for the Cato Institute’s Center for Monetary & Financial Alternatives (CMFA), reported that “76% of commenters … oppose the idea of a CBDC,” and showcased a selection of responses concerned with financial privacy.
Out of all the concerns, the American Civil Liberty Union (ACLU) may have taken the most concise stance when it wrote, “Anonymity is not negotiable when it comes to digital cash.”
On June 15th, the international affairs think-tank Atlantic Council’s report “Missing Key: The Challenge of Cybersecurity and Central Bank Digital Currency” included several “principles for future legislation and regulation,” and the second principle is that “privacy can strengthen security.”
… privacy-preserving CBDC designs may also be more secure because they reduce the risk and potential harmful consequences of cyberattacks associated with data exfiltration, for example. CBDCs with stronger privacy rules may generate and store less sensitive data in the first place. In turn, potential attackers have a smaller incentive to infiltrate the system. If an attack is successful, the impact would be less severe. Our research also shows that CBDCs can offer cash-like privacy while potentially providing more efficient oversight options to regulatory authorities. To build a CBDC, policy makers in the US Congress and their colleagues around the world should carefully examine the relationship between privacy and security. They should weigh the findings of this report before making foundational decisions about a CBDC’s level of privacy that will filter through to the digital currency’s design and determine its cybersecurity profile.
They regard controls “about which personnel can search repositories of CBDC data” as a necessary feature, particuarly because “other government databases have experienced problems when a rogue government employee has complete discretion to perform universal search queries across millions of sensitive records, for example, about a former spouse, an ex-girlfriend, or fellow employee.” In July, Politico technology reporter Vincent Manancourt would write about the Eve Doherty case in Ireland (the ‘rogue’ got to keep her job), in the context of mass surveillance and data retention regimes thriving despite rulings by the European Court of Justice.
On June 22nd, Congressman Jim Himes announced a proposal for a Federal Reserve-issued CBDC, with a “critical role in preserving the dollar’s role as the global reserve currency of choice.” In the sections on ‘Privacy’ and ‘Domestic and National Security’, Himes asserts that there should be a “careful alignment of expected privacy and anonymity, along with strong financial crime enforcement,” especially the Bank Secrecy Act.
To achieve these goals, the Fed should experiment with a wide range of encryption proofs and privacy solutions that safeguard consumer data and collect only the information necessary to validate transactions. The Fed and other financial regulators should consider testing methods that shield identities and transaction amounts and prevent the aggregation of consumers’ financial history without proper legal justification. The Fed should undertake this consideration with significant public participation, education, and outreach to ensure that consumers and market participants are made aware of testing results and understand how a CBDC is and is not comparable to physical cash. Regulators and Fed officials should examine the possibility of making CBDC test design structures open source to allow academics, computer scientists, and privacy advocates to confirm the software’s efficacy and legitimacy. Congress should implement strict notification requirements so that officials tasked with oversight and civil liberties enforcement are regularly informed of CBDC privacy violations and operational risks.
.. Security standards and best practices for a U.S. CBDC should be consistent with the goals of the Bank Secrecy Act, particularly with regard to documentation, record‐keeping, employee training, audit cooperation, and internal policies. Because a CBDC should be difficult to use for illegal activities, it will require substantial oversight, done under the auspices of strict confidentiality. Intermediaries must be required to make similar efforts to monitor CBDC funds as is currently required to monitor commercial bank money, such as currency transaction reports and suspicious activity reports.
On June 26th, the Bank for International Settlements (BIS) published their annual report on “the progress we have made to support central banks’ pursuit of monetary and financial stability.” It emphasizes that “CBDCs, grounded on trust in the central bank, offer the unique advantages of central bank money to the general public. CBDCs should be based on digital identification, with institutional and technological safeguards to ensure privacy.”
On July 8th, the European Central Bank (ECB) “invit[ed] technology experts to take part in online technical talks” with the digital euro project team about CBDCs, with a “focus on the large-scale application of privacy-enhancing technologies in settlement of retail payments.” In August, they published a working paper by Director General of Market Infrastructure and Payments (DG-MIP) Ulrich Bindseil and George Pantelopoulos titled “Towards the Holy Grail of Cross-Border Payments.” Under the “potential drawbacks of stablecoins,” they include “market power and network effects.”
A successful global stablecoin which would perform well in terms of universal reach would have significant market power across international borders, presumably giving it leeway to eventually exploit this market power in one way or another. BigTechs could also store, use and sell payments data, raising privacy concerns.
The United Nations Conference on Trade and Development (UNCTAD) also published a summary of three recent policy briefs” they’ve offered on the “risks and costs” of cryptocurrencies. In “All That Glitters is Not Gold” from June, they argue – together with bans and restrictions on decentralised finance – that developing countries especially should be “creating a public payment system to serve as a public good, such as a central bank digital currency.” In “Public Payment Systems in the Digital Era,” they say further that “curbing the spread of cryptocurrencies is not an easy task,” and “the best national payment systems provide stability, safety, efficiency, affordability and integrity; and protect privacy.” They cite the Nigerian Central Bank (yes, the same one that censored the bank accounts of the Feminist Coalition that supported non-violent demonstrations against police brutality) as an example of a good balance between financial inclusion and preventing “illicit financial transactions”:
Currently, the electronic naira currency is provided only to people with a bank account and, therefore, in possession of an identification document. The Central Bank plans to expand access to this currency to anyone with a mobile telephone, which would include undocumented populations. To minimize the risk of illicit transactions, accounts linked to identification documents are permitted to hold higher values, of up to ₦5 million (around $12,000) and anonymous accounts are limited to lower values, of up to ₦120,000 (around $300). Such graduated access should be a temporary solution, however, with authorities reducing barriers to citizens in accessing the payment system, including through the universal provision of identification documents.
A similar threshold scheme has been suggested by the ECB in their ‘digital euro’ presentation (TMIBP19). The UNCTAD’s final brief, published this month, is “The Cost of Doing Too Little Too Late.” They urge for “a comprehensive [global] system of information sharing on cryptocurrency holding and trading,” echoing Travel Rule compliance initiatives, and “imposing higher taxes on them in comparison to other financial assets to discourage holding and transacting,” even when used to “facilitate remittances,” because “a broad range of households could potentially use [them] as a hedge against exchange rate and inflation risk and as a channel for capital flight.”
The fundamental question that I have, and which I asked during our panel at the Oslo Freedom Forum in May, is: would any of these CBDCs pass the WikiLeaks test? Could a journalistic publishing organisation protect their freedom of speech from extra-judicial censorship through financial blacklisting by nation states, if digital currency infrastructure was even more under the thumb of those same states? Since June 2011, WikiLeaks has been able to do just that with bitcoin, despite fear that doing so would bring too much attention on the nascent currency in its infancy. I suspect that the answers from most or all others will be “no,” and I for one have no patience left for “no.”
Adam Gibson published an outline for “Ring signature based IDentities using Discrete Log Equivalence” (RIDDLE), which he subsequently migrated to a blog post. Two days later, he summarised it to the mailing list as “a suggested protocol for doing anti-Sybil that isn’t too demanding for the users, but actually keeps a decent level of privacy.” Ruben Somsen and Chris Belcher, among others, have made comments. Essentially, the idea is to provide a proof that you own a unique unspent transaction output (UTXO) corresponding to a set of Taproot public keys, using ring signatures for anonymisation. He writes that this was developed from PoDLE in JoinMarket (TMIBP01).
This problem is seen in sign ups for websites, for example, or comment posting, or public API usage. It also becomes a particularly keen problem in Bitcoin protocols like Lightning Network or Joinmarket where we want participants to be able to participate but are open to spam and snooping attacks, and sometimes have to make unfortunate privacy tradeoffs.
This document introduces, and argues for, usage of a cryptographic mechanism which is already well known (to experts, if not the general public), as a potential solution for this problem in a wide variety of contexts, leveraging Bitcoin’s utxo set.
We would caution that this is not an identity system; it cannot identify individuals (we hope!) and has nothing to say about distributed or centralized naming services (at least, not as described here). It’s basically about anonymised and lightweight rate limiting.
… (the name is appropriate in suggesting that this mechanism creates a very difficult, usually unsolvable puzzle for the adversary .. also, one could imagine, whimsically, a UI presenting this to a user as “your wallet is solving the riddle”, like a captcha).
The proposal was featured in Bitcoin Optech Newsletter #205:
Although the RIDDLE protocol does provide privacy advantages over other anti-sybil mechanisms, Gibson does warn that information from use of the system can be combined with other available information to potentially reduce the user’s privacy. He writes, “there is no possibility that this kind of system can provide iron-clad privacy guarantees. If protecting the location of the real signing utxo is a matter of life and death, on no account use a system like this!”
On the Lightning-Dev mailing list, developer ZmnSCPxj suggested RIDDLE might be an option for separating LN’s anti-sybil mechanism from UTXO-based channel identifiers which, in the era of taproot and signature aggregation, unnecessarily disclose which onchain transactions are LN channel opens and mutual closes.
On July 15th, Gibson also wrote about “how to create a log-sized ring signature on taproot utxos” and why Taproot is needed for the construction. On August 11th, he sent an update on this to the mailing list, concluding that Sarang Noether and Brandon Goodell’s Triptych constructions should be used, which is “a family of linkable ring signatures without trusted setup that is based on generalizations of zero-knowledge proofs of knowledge of commitment openings to zero.”
Why is that review of BSA constitutionality relevant to our discussion of §6050I? Because §6050I reports are also deputized surveillance but there is no third party. One person to a two person transaction is obligated to collect a load of sensitive information from her counterparty and hand that to government officials without any warrant or reasonable suspicion of wrongdoing.
… An obvious question remains: why does the third-party doctrine described in the BSA cases apply when there literally are only two parties involved? Why is it constitutional for the police to force one American to collect information from their fellow citizen when they could not collect that information themselves directly without a warrant?
Coin Center announced that they have filed a complaint “in federal district court against the Treasury Department in a facial constitutional challenge to the amendment of Section 6050I of the Tax Code that was part of the Infrastructure Investment and Jobs Act passed last summer,” which is scheduled to take effect on January 1st, 2024. If you are unfamiliar with Section 6050I and how it will “likewise discourage the use of digital assets and encourage the use of banks and financial institutions,” read adjunct professor Abraham Sutherland’s piece on it from last year:
Today, when you file an IRS Form 8300, you’re also filing a FinCEN Form 8300 that’s governed by BSA rules. It’s literally the same form. But FinCEN — the Financial Crimes Enforcement Network, another part of the Treasury Department — can use it in ways the IRS cannot.
So, when the local chief of police or a foreign government wants to know more about your suspected history of lavish cash spending, they don’t have to deal with IRS rigmarole on confidentiality and privacy. Instead, they go to FinCEN and request all the FinCEN Forms 8300 where you’re named in connection with large cash transactions.
But there’s a new twist. Congress just amended 26 USC section 6050I to include digital assets. But it did not also amend 31 USC section 5331.
So, the Internal Revenue Code mandates digital asset reporting (under section 6050I, the authorization for IRS Form 8300), while the Bank Secrecy Act (under section 5331, the authorization for FinCEN Form 8300) does not.
… note how the requirement will encourage the use of banks and other “financial institutions” that are regulated under the Bank Secrecy Act. Transactions handled by financial institutions are generally exempt from 6050I reporting, and these financial institutions take care of all the reporting required under the BSA. This includes banks handling dollars, of course, but it also includes “money transmitters” such as Coinbase that handle Bitcoin and other digital assets.
Coin Center’s director of research Peter van Valkenburgh had written in September 2021 about why “the §6050I reporting provision is a draconian surveillance rule that should have been ruled unconstitutional long ago,” and therefore “it will be ripe for a constitutional challenge and Coin Center is prepared to take on that challenge.” With two “co-plaintiffs in this case, Dan Carman, a consultant who helps set up businesses to use Bitcoin, and Raymond Walsh, a Bitcoin entrepreneur, along with his mining company Quiet Industries,” their complaint concerns violations of the First (pg. 49-58), Fourth (pg. 41-49), and Fifth (pg. 58-65, 68-69) Amendments, as well as “recent Supreme Court jurisprudence.” They happened to file it on the same day that Treasury deputy secretary Adewale “Wally” Adeyemo spoke at CoinDesk’s Consensus 2022 event, regarding “how the Treasury Department is approaching the digital assets landscape, and the role of regulation in promoting the kind of innovation we need to maintain U.S. leadership of the global financial system.”
On June 13th, Anthony reported via the Cato Institute about the case and noted that this “will open the door for additional long‐needed changes to strengthen Americans’ constitutional protections.” He had also recently warned that this financial surveillance has not been adjusting for inflation: “The $10,000 threshold was set 50 years ago. If it were adjusted for inflation all this time, the threshold would be nearly $75,000 today.” Norbert Michel, vice president and director of their Center for Monetary & Financial Alternatives (CMFA), had written back in April that “two current Supreme Court Justices have signaled a willingness to revisit some of the constitutional questions raised by the Court in the early 1970s.” Michel and co-author Jennifer J. Schulp had just released a working paper on the subject, “Revising the Bank Secrecy Act to Protect Privacy and Deter Criminals.” The final version was published on July 26th.
Although it’s unfortunate that this surveillance has survived for so long, it’s good that it’s being thrust into the spotlight now. The Supreme Court did not hold that the BSA violated citizens’ rights to financial privacy in the 1970s, but the Justices did recognize that technological change could easily mean that the BSA would violate those rights. And today’s financial world is much different, a fact acknowledged by current Supreme Court Justices Gorsuch and Sotomayor.
In TMIBP02, TMIBP05, and TMIBP09, I have followed Jim Harper’s lawsuit against the IRS “for violation of my Fourth Amendment and Due Process rights” in relation to the sharing of his financial data by a third-party service, Coinbase. In December 2021, Harper’s case went before “a three-judge panel of the 1st U.S. Circuit Court of Appeals in Boston [which] sharply questioned why, under a recent U.S. Supreme Court decision, cryptocurrency expert Jim Harper was barred from pursuing his lawsuit accusing the IRS of violating his privacy rights.”
[U.S. Justice Department attorney Kathleen] Lyon warned that a ruling against the IRS could open the floodgate to other lawsuits by taxpayers under audit. “There’s nothing to keep that from happening,” she said.
In August 2021, Harper had also commented on the Infrastructure Bill:
I cited the privacy and security risks of having all this data go to the IRS. I think one can put a sharper point on it by saying that the benefit of increased tax compliance is speculative and uncertain, while the cost in risk to taxpayers is fairly certain. If the IRS were to produce its tax-compliance research, perhaps it could validate collecting all this information. Until we know more, this is not a tax compliance rule, but a data collection rule with an unknown relationship to tax compliance.
On May 4th 2022, Harper testified before the U.S. Senate Judiciary Subcommittee on Privacy, Technology, and the Law on “Privacy and Other Challenges for Mandated Internet Platform Disclosure,” where he outlines “eight distinct values” for the word ‘privacy’ and how most people care about them:
In survey research I recently published,3 I found that financial security (i.e., prevention of identity fraud) is foremost in people’s minds when asked an open-ended question about privacy concerns. When prompted to address the eight values listed above, financial security remains a top priority, joined by personal security, reputation, and autonomy. Lower-tier values, in descending order, are control, fairness, peace and quiet, and anti-commercialism.
… I will focus here on what I believe to be the strongest sense of the word “privacy”: control of information about oneself. A legalistic definition of privacy in the control sense that I worked up some years ago has held up fairly well. Privacy is “the subjective condition that people experience when they have power to control information about themselves and when they exercise that power consistent with their interests and values.”4 We all hide and share information about ourselves to portray ourselves as we wish to be perceived by others. Most people do so inarticulately, following social customs and the occasional lessons of trial and error.
Importantly, privacy is subjective. Each person chooses what to share and what not to share (again, inarticulately) based on their own interests, values, customs, and so on. Overriding their choices deprives them of control and thus privacy.
In TMIBP01, TMIBP03, TMIBP07, TMIBP09, and TMIBP18 I have followed Chris Belcher’s development of a working CoinSwap protocol. Bitcoin Developers host Conor Okus interviewed Belcher before a live demo of CoinSwap on regtest. Belcher agreed that his proposal should eventually become a Bitcoin Improvement Proposal (BIP), and that CoinSwap would either be a software library that could be integrated with a user’s existing wallet or become a standalone client like JoinMarket, which uses a similar maker-taker model.
Privacy is really important for Bitcoin; not just good for users, but for the whole system. Bitcoin as a money requires every unit to be fungible, so that it’s always possible to be paid with a bitcoin without having to do loads of analysis on where that coin came from. It should be that every coin is exactly the same as every other.
CoinSwap is a protocol. People might be familiar with CoinJoin. They’re both protocols that improve the privacy of bitcoin transactions, and they’re both non-custodial, e.g. they can be done in a way where nobody can get their money lost. Way back in the history of Bitcoin (and they’re still sometmes used today), there were centralised mixers where you send a coin to ‘some guy’ and he pinky-promises to send another coin back to you. Of course he might not do that, he might steal your money. CoinJoin and CoinSwap are non-custodial, a user can’t get their money stolen doing this.
CoinSwap works by having two or more people swap their coins. For example, Alice has 2 BTC and Bob has 2 BTC, and when they follow the CoinSwap protocol, Alice’s coins will [become] possessed by Bob, and Bob’s coins will be possessed by Alice. The reason that improves privacy is because this swap is not visible on the blockchain. Anyone analysing the blockchain, they won’t realise this has happened. They may see, Alice’s coin has gone here / been sent to this address, but unbeknownst to them, that actually belongs to Bob.
… The way CoinSwap actually works on a technical level- It’s quite similar if people are familiar with how Lightning works. You create an off-chain contract. First the coins are locked up in a multi-signature, then you create an off-chain contract, and that creates a situation where: ‘if Alice gets her money, Bob can’t fail to get his money,’ and ‘if Bob gets his money, then Alice will also necessarily get her money.’ Because no one can be cheated, the cheapest and easiest thing to do is for Alice and Bob to just hand over their keys.
In TMIBP01, TMIBP02, TMIBP04, TMIBP05, and TMIBP16 I have followed Coinbase’s contractual relationships with, and data disclosures to, government agencies. Last year, they were awarded at least two contracts for Analytics from the U.S. Immigration and Customs Enforcement (ICE) branch of Homeland Security. Thanks to a freedom-of-information (FOI) request by Tech Inquiry, we now know more about the nature of their service.
The FOIA response pertains to the Coinbase Analytics offering as of July and August 2021. While the customer is specifically the ICE Baltimore field office, contracting officer Tracy Riley within the Dallas Office of Acquisition Management (OAQ) administered the solicitation (“request for quote”) and purchase order; due to redactions, we can only see that the first name of the Coinbase representative she’s emailing is “Jordan.” The emails reference that licenses were also purchased by the Drug Enforcement Administration (DEA) (TMIBP01) and Police Nationale France. The “list of included services” states that their software works on at least ten cryptocurrencies in addition to Bitcoin and “all ERC-20 tokens,” can perform “transaction demixing and shielded transaction analysis,” “cross-chain capabilities,” and “Lightning Network investigation.” If that last item is true, then they beat Chainalysis to it (TMIBP18). Interestingly, they also list “historical geo tracking data.” According to CoinDesk and The Intercept, both Coinbase and ICE refused to answer questions about this, except to “den[y] that the information provided by the analytics software is the exchange’s customer data”:
An email released through the FOIA request shows that Coinbase didn’t require ICE to agree to an End User License Agreement, standard legalese that imposes limits on what a customer can do with software.
When asked about the ICE contract and the data involved, Coinbase spokesperson Natasha LaBranche directed The Intercept to a disclaimer on its website stating “Coinbase Tracer sources its information from public sources and does not make use of Coinbase user data.” LaBranche did not answer questions about how ICE is using Coinbase Tracer, how it sources location data, or if the company imposed any limits on ICE’s use of the tool.
… Homeland Security Investigations, the division of ICE that purchased the Coinbase tool, is tasked not only with immigration-related matters, aiding migrant raids and deportation operations, but broader transnational crimes as well, including various forms of financial offenses. “The contract provides a tool that supplements an HSI capability to investigative traffickers of deadly opioids on the dark web and cyber criminals who seek to attack critical infrastructure,” an ICE spokesperson wrote in a statement to The Intercept. “This tool does not reveal any sensitive personally identifiable information, is only referenced in criminal investigations, and it is not utilized in civil immigration enforcement.” The spokesperson did not respond to questions about how precisely it has used Tracer or might in the future, including the use of location data, noting “the agency does not provide specifics on investigative techniques, tools, and/or ongoing investigations or operations.”
On March 10th, Electronic Frontier Foundation (EFF) policy analyst Matthew Guariglia wrote about a unit within ICE getting caught using administrative subpoenas to acquire “6.2 million financial records, including personal information such as names and addresses.”
All of the information was entered into a database called Transaction Record Analysis Center (TRAC), which is run by a non-profit and facilitates law enforcement access to bulk financial data for 5 years. According to Sen. Wyden, HSI terminated the program in January 2022 after his office contacted HSI about it.
… this kind of bulk surveillance is illegal. By statute, these administrative subpoenas must seek records “relevant” to an agency investigation. Simply put, there is no way these broad requests for bulk records would turn up only documents “relevant” to specific investigations; instead it put everyone who transferred money, including U.S. persons, under surveillance.
On May 11th, Reason criminal justice reporter C.J. Ciaramella published an article reviewing an investigation into ICE’s domestic surveillance practices by Nina Wang, Allison McDonald, Daniel Bateyko and Emily Tucker at Georgetown Law’s Center on Privacy & Technology:
Our two-year investigation, including hundreds of Freedom of Information Act requests and a comprehensive review of ICE’s contracting and procurement records, reveals that ICE now operates as a domestic surveillance agency. Since its founding in 2003, ICE has not only been building its own capacity to use surveillance to carry out deportations but has also played a key role in the federal government’s larger push to amass as much information as possible about all of our lives. By reaching into the digital records of state and local governments and buying databases with billions of data points from private companies, ICE has created a surveillance infrastructure that enables it to pull detailed dossiers on nearly anyone, seemingly at any time.
… ICE has built its dragnet surveillance system by crossing legal and ethical lines, leveraging the trust that people place in state agencies and essential service providers, and exploiting the vulnerability of people who volunteer their information to reunite with their families. Despite the incredible scope and evident civil rights implications of ICE’s surveillance practices, the agency has managed to shroud those practices in near-total secrecy, evading enforcement of even the handful of laws and policies that could be invoked to impose limitations. Federal and state lawmakers, for the most part, have yet to confront this reality.
As a result of these and numerous other reports, private companies responsible for the “provision of surveillance technologies to and contracts” with ICE have been reevaluating those relationships and their human rights impact, including Thomson Reuters (see pg. 119-120). Unfortunately, ICE isn’t the only U.S. intelligence agency whose abuses and “wide-ranging overreach” are yet to be rectified.
In TMIBP01, TMIBP06, TMIBP16, and TMIBP19 I have also reported on Coinbase’s acquisition of Neutrino “and its eight staff” for blockchain surveillance software. (It should be noted that, among other skills, at least two of those staff members – Alberto Ornaghi and Marco Valleri – had once authored a patent for “a method and a device for monitoring and manipulating network traffic and, in particular, for installing applications on remote terminals.”) Their tools were later rebranded to ‘Coinbase Analytics’ and finally ‘Coinbase Tracer’ this past April. The offering from 2021 appears to be a combination of ‘Analytics’ and their yet-to-be-announced ‘Coinbase KYT (Know Your Transaction)’ API. Both services and TRUST are now advertised as compliance solutions.
Coinbase has previously filed a few patents for a “compliance determination and enforcement” platform and its components, including a “self learning knowledge repository,” a “training set selector [and] flagging module,” “an interface for investigators to take further corrective action,” and a “corrective action system [that] allows for determining, for each one of the accounts that is flagged as non-compliant, whether the account is bad or good.”
A plurality of factors are stored in association with each of a plurality of accounts. A factor entering module enters factors from each user account into a compliance score model. The compliance score model determines a compliance score for each one of the accounts based on the respective factors associated with the respective account. A comparator compares the compliance score for each account with a compliance reference score to determine a subset of the accounts that fail compliance and a subset of the accounts that meet compliance. A flagging unit flags the user accounts that fail compliance to indicate non-compliant accounts. A corrective action system allows for determining, for each one of the accounts that is flagged as non-compliant, whether the account is bad or good, entering the determination into a feedback system and closing the account.
In the last TMIBP19, we looked at events leading up to the first trilogue meeting regarding the adoption of the Markets in Crypto-Assets (MiCA) regulation and the application of the Funds Transfer Regulation (FTR) / Transfer of Funds Regulation (TFR) to crypto-assets. Many parties, including the German government, opposed the “comprehensive verification of the identity of principals and recipients” and “suspicion-independent reporting to authorities for transactions with unhosted wallets above a certain threshold amount.”
On June 29th, the Council announced “a provisional agreement” on extending the ‘Travel Rule’ to transfers of crypto assets, and partial agreement on the creation of “a dedicated Anti-money laundering Authority (AMLA)” that will “directly supervise certain types of credit and financial institutions, including crypto asset service providers, if they are considered risky.” On June 30th, they then also “reached a provisional agreement on the markets in crypto-assets (MiCA) proposal… The provisional agreement is subject to approval by the Council and the European Parliament before going through the formal adoption procedure.”
To avoid any overlaps with updated legislation on anti-money laundering (AML), which will now also cover crypto-assets, MiCA does not duplicate the anti-money laundering provisions as set out in the newly updated transfer of funds rules agreed on 29 June. However, MiCA requires that the European Banking Authority (EBA) will be tasked with maintaining a public register of non-compliant crypto-asset service providers.
… Under the provisional agreement reached today, crypto-asset service providers (CASPs) will need an authorisation in order to operate within the EU. National authorities will be required to issue authorisations within a timeframe of three months. Regarding the largest CASPs, national authorities will transmit relevant information regularly to the European Securities and Markets Authority (ESMA).
Meanwhile, on the same day, the FATF released a “Targeted Update on Implementation of FATF’s Standards on VAs and VASPs,” which found that “jurisdictions have made only limited progress in introducing FATF’s Travel Rule.. As of March 2022, while 29 out of 98 responding jurisdictions reported having passed Travel Rule legislation, only 11 jurisdictions have started enforcement and supervisory measures.” They conclude that this “demonstrates the urgent need for jurisdictions to accelerate implementation and enforcement.” Parliament and Committee on Economic and Monetary Affairs (ECON) member Ernest Urtasun, who was involved in the EU negotiations, shared that the “Travel Rule will come into application when the MiCA Regulation will apply, 18 months after the entry into force,” and that it was “fast-tracked regarding the rest of the AML package.” On July 4th, the Financial Times (FT) reported that the ECB would “warn eurozone countries of the dangers of national regulators getting ahead of pending EU cryptocurrency rules” and “raise the urgent need for ‘harmonisation’” during the supervisory board’s meeting on Tuesday.
Roman Reher and Joe Martin of the German-language Bitcoin education channel Blocktrainer published an open letter, in English and German, arguing that “the legal regulations that are planned or implemented [..] we believe, do not benefit and potentially harm EU citizens.”
These regulatory security gaps include the potential direct or indirect compulsion to place Bitcoins in the custody of a custodian, as is currently being discussed in the EU under the „Travel Rule“. That leads to creating a new Eldorado for hackers who can steal investors‘ Bitcoins and steal and abuse personal data and content from newly emerging data pools. Bitcoin must therefore be treated like cash, with appropriate exemption limits that, on the one hand, do not dictatorially restrict the individual’s freedom and amount to an Orwellian surveillance tool, but at the same time serve to prevent money laundering in the interest of everyone’s security. The discussed proposal to fully identify transaction partners from the first cent is unrealistic and extremely dangerous. Such a direct or indirect requirement will stifle innovation and potentially push investors, innovators and entrepreneurs abroad, where conditions for the Bitcoin-industry are much more liberal. It also puts everyone under general suspicion and installs a surveillance mechanism that cannot be controlled. The freedom and security of the citizens of the European Union are recklessly put at risk.
In TMIBP05, TMIBP07, TMIBP08, and TMIBP16 I have followed the Tor v3 transition and the importance of network privacy. Since June, the Tor network has been under a distributed denial-of-service (DDoS) atack that remains unresolved. Given that a high percentage of Bitcoin and Lightning nodes, as well as a number of other applications, are reachable via Tor, this will continue to impact connectivity. On July 12th, a new paid service called Tunnel Sats was launched “to address the growing pain-points running your Lightning Node with Tor only, or exposing your home IP.”
Tunnel⚡️Sats provides pre-configured setup scripts for lightning nodes enabling hybrid mode through clearnet & Tor connectivity and offers paid VPN servers in various continents and fixed periods of time. Our VPNs come with automatically enabled forwarding ports used to connect with other lightning nodes.
The available regions currently include North America, Europe, and Eurasia, for one-, three-, six-, or twelve-month periods. As with many other VPN services, the per-month rate is discounted the more time you purchase. In their FAQ, they illustrate the network setup and state that they are “specializing VPN usage for the sole purpose” of running Lightning nodes. “If you are looking for a privacy-preserving, lightning-payment enabled VPN provider, we recommend to take a look at LNVPN.net.”
In the U.K., Her Majesty’s Treasury / Exchequer “conducted a consultation between 22 July - 14 October 2021, inviting views and evidence on the steps the government proposed to take to amend the Money Laundering Regulations (MLRs),” including changes impacting the ‘cryptoasset sector.’ The results of that consultation, and the government’s decisions, were finalized in June and released on July 14th. Responses came from “AML/CTF supervisors, industry, civil society, academia,and several government departments.”
The sixth chapter of the consultation response concerns ‘Transfers of Cryptoassets,’ specifically “the proposed approach of tailoring the provisions of the Funds Transfer Regulation (FTR) to the cryptoasset sector.” If you recall, the FTR belongs to compliance with the Travel Rule (TMIBP19) and “applies to a transfer of funds, in any currency, sent or received by a PSP, or an intermediary PSP, established in the EU or any of the three additional countries of the EEA (Iceland, Liechtenstein, and Norway).”
Some respondents to Question 57 suggested that the volume of data that would need to be processed is disproportionate, and alternative methods should be used to achieve the goals of the Travel Rule. In particular, there were concerns that the public nature of the blockchain combined with the sharing of personal information such as names, addresses and personal identification numbers presents a risk to privacy. It was suggested that Zero Knowledge Proofs[4] could be used to demonstrate that customer due diligence checks had been performed whilst obviating the need to share confidential information on the originator and beneficiary with each cryptoasset business involved in the transaction.
… Some respondents also argued that the ability of firms to use blockchain analytics to detect illicit transfers rendered the information sharing requirement unnecessary.
… Whilst acknowledging the concerns regarding data security and privacy, the government has decided to maintain the information sharing requirements as set out in the consultation. For the avoidance of doubt, only one of the originator’s address, date and place of birth, and passport number will need to be sent with a cross-border transfer that is above the de minimis threshold.
The information to be collected reflects FATF requirements and cannot be changed unilaterally whilst remaining compliant with FATF standards. As similar requirements will be in place in other jurisdictions, it would also not be workable for the UK to adopt significantly different requirements, as firms would then be faced with inconsistent regulatory requirements for cross-border transfers.
They clarify that this “only applies to intermediaries that are cryptoasset exchange providers or custodian wallet providers and will not capture others, like software providers.” Regarding non-custodial a.k.a. “unhosted wallets,” the government “modified its proposals” for “requiring the collection of beneficiary and originator information.”
.. cryptoasset businesses will only be expected to collect this information for transactions identified as posing an elevated risk of illicit finance. The minimum factors that firms should consider when making such a determination of risk will be set out in the legislation. The government does not agree that unhosted wallet transactions should automatically be viewed as higher risk; many persons who hold cryptoassets for legitimate purposes use unhosted wallets due to their customisability and potential security advantages (e.g. cold wallet storage), and there is not good evidence that unhosted wallets present a disproportionate risk of being used in illicit finance. Nevertheless, the government is conscious that completely exempting unhosted wallets from the Travel Rule could create an incentive for criminals to use them to evade controls.
They also state there will be a 12-month grace period before the amendments take effect on September 1st 2023, “during which cryptoasset businesses will be expected to implement solutions to enable compliance with the Travel Rule.”
The Financial Action Task Force (FATF) recently published a report on “commercially available or emerging technologies that facilitate advanced AML/CFT analytics within regulated entities or collaborative analytics between financial institutions, while respecting data privacy and protection.” These “technologies” include: homomorphic enryption, zero-knowledge proofs, secure multiparty computation (SMPC), differential privacy, machine learning (supervised, unsupervised and reinforced learning), federated learning, deep learning, natural language processing, robotic process automation, network analytics, trusted execution environments (confidential computing), secure cloud technology, distributed ledger technology, and… application programming interfaces (APIs), which they define as “an interface that allows regulated institutions to submit data.”
:warning: Proceed with caution in reading this report any further if you have an ounce of technical literacy. Symptoms that may arise include: excessive laughter, facepalming, and disbelief in the authority of unelected bureaucrats.
They explain that the term “data pooling” (a buzzword with multiple definitions) is “not an entirely new topic to the FATF,” and in the context of financial surveillance pertains to financial institutions sharing customer information, information related to red flags and transaction data, in order to “examine aggregated activity of an actor across different borders and platforms.”
Some of the FATF’s Recommendations include elements related to private-to-private information sharing. For example, Recommendation 18 requires information sharing within the context of financial groups for customer due diligence (CDD) purposes and ML/TF risk management. Such sharing includes information and analysis of transactions or activities which appear unusual (if such analysis was done); and could include a suspicious transaction report (STR), its underlying information, or the fact that an STR was submitted.
I have been following the FATF’s ‘Travel Rule’ and related “know your customer’s customer” (KYCC) policy developments (TMIBP02, 04, 05, 06, 07, 10, 11, 12, 13, 14, 17, 18). On May 24th, Coinbase announced that their Travel Rule Universal Solution Technology (TRUST) solution, which had launched in February, “has now gone live in Canada and Singapore, and is actively working to expand to other global jurisdictions, including Europe.”
As more countries begin to implement Travel Rules, TRUST is focused on providing its top-tier compliance services to virtual asset service providers (VASPs) around the globe, including its critical security safeguards.
During the previous month, they enacted a KYCC policy for users in Canada, Japan, and Singapore “to comply with local regulations in those countries.” From June 27th, they will similarly “introduce a few changes for customers in the Netherlands… We are required to collect additional information for all transactions where a customer in the Netherlands sends crypto from their Coinbase exchange account to an address that is not controlled by Coinbase.” The additional information consists of the “recipient’s full name,” “purpose of transfer,” and “recipient’s residential address.” BitFlyer, a Japanese exchange and member of TRUST, announced that this would apply to “all customers (personal and corporate accounts)” starting on June 29th. However, as noted well by Notabene, another startup focused on ‘Travel Rule’ compliance products and services:
The Crypto Travel Rule is not mandated in the Netherlands. However, non-custodial wallets are subjected to similar requirements due to the Sanctions Act (Sanctiewet 1977 – Sw) and the Regulation on Supervision pursuant to the Sanctions Act 1977 (Regeling toezicht Sanctiewet 1977 – RtSw). Both stipulate that providers of crypto services must take measures to ensure they adequately check, at the minimum, the identities of the persons or legal entities with whom they have a business relationship in their records, in compliance with the sanctions regulations.
… The Netherlands has not published their own minimum threshold to send PII to comply with the Sanctions Act of 1977 – its comparable Crypto Travel Rule legislation. However, the Netherlands will likely defer to EU standards, which have a threshold of EUR 1000.
As of their first quarterly report for the year, Coinbase claims to hold “$256 billion in custodial fiat currencies and cryptocurrencies on behalf of customers.” (Sidenote: They also declare that “in the event of a bankruptcy, the crypto assets we hold in custody on behalf of our customers could be subject to bankruptcy proceedings and such customers could be treated as our general unsecured creditors.” Now that’s trust for you!)
In TMIBP11, TMIBP12, TMIBP13, TMIBP16, and TMIBP19, I have featured progress with Chaincase, an iOS client based on Wasabi. This month, lead developer Dan Gould announced that they will sunset the app on November 1st because “the most promising opportunity to solve the surveillance problem lies beyond iOS.”
In hundreds of conversations with enthusiastic iOS Beta users, we discovered what we believe to be the fundamental bottlenecks on bitcoin privacy. Having an iOS app is not one of them. Early adopters, we thank you sincerely. Your feedback is shaping the bright future of bitcoin privacy.
Since the most promising opportunity to solve the surveillance problem lies outside of iOS, we’ve decided to shut the app down. The Chaincase iOS Beta will expire on November 1, 2022. Funds must be moved before then. Chaincase support will be available on telegram at t.me/chaincase to facilitate the transition. We are excited to share bitcoin tech that plugs into popular software so that everyone has access to better privacy. Stay tuned.
Towards the end of July, Gould had tweeted about the privacy potential of combining pay-to-endpoint (P2EP) PayJoins and Lightning. On August 3rd, they opened a poll for applicable acronyms, concluding with the winner ‘LOIN.’ On August 13th, Gould added a draft of their “Chaincase Lightning PayJoin Roadmap” as a comment on GitHub. On August 16th, he published a blog on “Lightning Powered PayJoin,” breaking down the benefits in terms of not only privacy but also speed and cost. “Funny nobody connected these together. It’s easy to do.”
Meanwhile, Bitcoin developer Ben Carman used his early-stage Lightning Vortex software to generate a testnet transaction opening two Lightning channels via a CoinJoin. In February, he had stated: “With the way things are looking we are gonna need every tool we can get.”
Wired senior technology writers Lily Hay Newman and Andy Greenberg published an article about the defense of Roman Sterlingov, “a 33-year-old Swedish-Russian national, [who] was arrested by Internal Revenue Service criminal investigators at the Los Angeles airport” in April 2021 and “accused of creating and operating Bitcoin Fog, a bitcoin ‘mixing’ service on the dark web.” He has been in pre-trial detention since his arrest, with a motion for release denied in November.
Now, Sterlingov’s legal team, led by the well-known hacker defense attorney Tor Ekeland, has fired back: They’re claiming in a series of legal motions filed late yesterday that Sterlingov is innocent and vowing to take his case to trial. In doing so, Sterlingov’s defense says, they plan to show not only that he never ran Bitcoin Fog but also that the blockchain analysis techniques used to pin the case on him were faulty, leading to his wrongful arrest and a lost year of his life.
“I did not create Bitcoin Fog. I was never an administrator of Bitcoin Fog,” Sterlingov told WIRED, speaking from a Northern Virginia jail. “I’ve been here for more than a year now. I’m really perplexed at the system that could put me in here, at what they can do to an innocent man. It’s a Kafkaesque nightmare.”
While the statement of facts was assembled by the IRS Criminal Investigation (CI) division, the prosecution is represented by Justice Department attorneys Christopher Brodie Brown of the U.S. Attorney’s Office for the District of Columbia (USAO-DC) and Catherine Alden Pelker of the Criminal Division Computer Crime and Intellectual Property Section (CCIPS). Ekeland, who specialises in the Computer Fraud and Abuse Act (CFAA), national security issues, and government surveillance, shared the article along with his own quote about how blockchain analysis is “junk science.” According to discovery documents, the ‘analysis’ supporting Sterlingov’s prosecution was performed by Chainalysis and Excygent, “a government contractor specializing in cybercriminal and cryptocurrency investigations, which Chainalysis acquired in 2021.” According to public procurement records, Excygent has received funding from the IRS for “CCU CASE SUPPORT” (‘CCU’ likely being the Cyber Crime Unit) under the Product and Service Code (PSC) category of ‘R423: Support-Professional: Intelligence.’ The law firm soon published a donation address and summary of their client’s case, noting at the bottom that they were “the first law firm in the country to accept BitCoin as payment” since 2012.
This prosecution puts every person who uses cryptocurrencies at risk. The Government should only use scientifically sound, peer-reviewed, accepted, verifiable forensics techniques – and they haven’t done that here.
Meanwhile, Greenberg has authored the forthcoming book “Tracers in the Dark: The Global Hunt for the Crime Lords of Cryptocurrency,” which has already been optioned for “a scripted adaptation, a documentary and a podcast.” The promotional text describes it as “the propulsive story of.. major players in federal law enforcement and private industry” who use “the right mixture of technical wizardry, financial forensics, and old-fashioned persistence” to achieve “technological one-upmanship” against “digital black markets” and cryptocurrency. While yours truly will certainly review it, the summary already sounds just as overdrawn as the surveillance software it praises.
As governments increasingly use unilateral sanctions to pursue foreign policy objectives, it has become common for banks and other financial service providers to over-comply with them to reduce legal, regulatory or business risks associated with inadvertent violations. Yet over-compliance with such sanctions has harmful effects on the entire range of human rights.
Over-compliance is a form of excessive avoidance of risk… De-risking (avoiding risk) and over-compliance with the requirement of unilateral sanctions by banks force companies and individuals to look for alternative ways to transfer money, making the mechanisms of financial transactions opaque, increasing costs and time for transferring money and goods, creating a flourishing underground economy, giving rise to smuggling, fostering corruption and criminal activities, within the borders of targeted countries but also often outside them in neighboring countries.
… She underscore[s] the illegality under international law of imposing secondary sanctions or threat[en]ing with secondary sanctions, civil and/or criminal penalties for non-compliance with their sanctions regimes, which are often extraterritorial.
— “Guidance Note on Overcompliance with Unilateral Sanctions and its Harmful Effects on Human Rights” by Professor Alena Douhan, United Nations Special Rapporteur on Unilateral Coercive Measures (June 2022)
The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) announced that they had designated Ethereum-based mixer Tornado Cash as a sanctioned entity pursuant to Executive Order (E.O.) 13694, on allegations that the service “launder[ed] more than $7 billion worth of virtual currency since its creation in 2019.”
As today’s action demonstrates, mixers should in general be considered as high-risk by virtual currency firms, which should only process transactions if they have appropriate controls in place to prevent mixers from being used to launder illicit proceeds.
The Dutch Fiscal Information and Investigation Service (FIOD) arrested the purported developer of Tornado Cash on August 10th, and claimed that their Financial Advanced Cyber Team (FACT) had been conducting a criminal investigation since June. They did not reveal his name and declined to confirm or comment on the suspect’s identity when asked, but it was soon independently confirmed as Alexey Pertsev. On August 24th, Pertsev’s request for bail was denied, despite the absence of formal charges, “but the court nonetheless set an 90-day time limit within which an initial public hearing must take place.” Further speculation as to his associations and prior employment has been aired, under the tired category of “don’t write privacy tools while Russian.”
Due to the Treasury’s reminder that “all transactions by U.S. persons or within (or transiting) the United States that involve any property or interests in property of designated or otherwise blocked persons are prohibited unless authorized by a general or specific license issued by OFAC, or exempt,” at least one trickster began dusting the accounts of public persons in the industry, including Anthony “Sassal” Sassano, who opined that he was subsequently blocked from using a liqudity service due to the unsolicited association.
Fight For The Future (TMIBP07, TMIBP15) campaigns and communications director Lia Holland soon issued a statement that the “Treasury’s sanctions were meant as a warning shot to projects attempting to build anonymous digital assets, and an attack on the first amendment right to code.”
Treasury did not only sanction the individuals or corporations involved with the Lazarus Group; they sanctioned all the mechanisms — ethereum addresses — by which the Tornado.cash protocol provides its blending service, because that service was used by bad actors. This is a rough equivalent to sanctioning the email protocol in the early days of the internet, with the justification that email is often used to facilitate phishing attacks.
… Already, the Internet is feeling the chilling effects of this choice: the open source code used to run Tornado.cash has been taken down from Github. And unfortunately it seems that such an effect is exactly what the US government was seeking.
… We ask that the Treasury focus more carefully on targeting bad actors — rather than attempting to criminalize building and using privacy tools or the simple act of writing or running open source software code.”
Jerry Brito, and Peter van Valkenburgh from Coin Center also published their preliminary analysis of the legal situation, stating that “this particular usage of OFAC raises heightened constitutional concerns.” Their full analysis and detailed Tornado Cash explainer in the following weeks expanded on this concern.
As such, today’s action does not seem so much a sanction against a person or entity with agency. It appears, instead, to be the sanctioning of a tool that is neutral in character and that can be put to good or bad uses like any other technology. It is not any specific bad actor who is being sanctioned, but instead it is all Americans who may wish to use this automated tool in order to protect their own privacy while transacting online who are having their liberty curtailed without the benefit of any due process.
… Even worse, because of the nature of blockchain transactions, an American who is sent money through the Tornado.cash address is not even able to reject the transaction, and yet may be, at that moment, technically in violation of OFAC rules.
… In this case, the sanctions laws are being used to create a limitation on spending money not merely with some person who has been found guilty of a crime or even suspected of terrorism. This is a limit on any American who wishes to use her own money and a freely available software tool to maintain her own privacy — including for otherwise entirely legal and personal reasons.
Brito and Valkenburgh cite a key distinction made in guidance published by the Financial Crimes Enforcement Network (FinCEN) between “anonymizing service providers” versus “an individual or entity that merely provides anonymizing software” (TMIBP01, TMIBP05). They explicitly determined that “an anonymizing software provider is not a money transmitter,” and therefore not subject to Bank Secrecy Act (BSA) obligations. On the basis of these and other arguments, Coin Center “will seek to engage OFAC” and be “exploring with counsel a court challenge to this action,” while “the DeFi Education Fund has announced that it will be petitioning OFAC to issue a ‘general license’ that would cover all affected persons without each having to file individually.” The EFF (TMIBP04, 06, 07, 08, 15) eventually tweeted that they were also “deeply concerned.” On August 22nd, deputy executive director and general counsel Kurt Opsahl wrote similarly about the legal issues around confusing sanctions against “an entity and the software itself.” He also stated that the organisation would be “representing Professor Matthew Green, who teaches computer science at the Johns Hopkins Information Security Institute,” after Green created “a fork of the code, and posted the replica so it would be available for study.” You will find it here.
On August 23rd, Congressman Tom Emmer, who put forth “The Blockchain Regulatory Certainty Act” bill in January 2021, publicly shared a letter to Treasury Secretary Janet Yellen regarding the sanctions. Among many relevant questions, Emmer inquired:
Mr. Nelson cited Tornado Cash’s alleged failure to impose controls for illicit activity. I understand measures were taken to filter the tornado.cash front-end. Given that the Tornado Cash back-end will operate unchanged as an anonymizing technology as long as the Ethereum ntwork continues to operate, who or what entity did OFAC believe was reasonably responsible for imposing controls on the Tornado Cash blockchain contracts?
We know from TMIBP12 that OFAC requested a subscription to use the services of Chainalysis, to “specifically support cyber sanctions implementation undertaken by OFAC.” In the last TMIBP19, I had logged an April tweet from Tornado Cash that they were using a “@chainalysis oracle contract to block OFAC sanctioned addresses from accessing the dapp. Maintaining financial privacy is essential to preserving our freedom, however, it should not come at the cost of non-compliance.” I assume that this is what Emmer was also referring to, and it leads me to ask - if the integration of a compliance tool from one of the largest blockchain surveillance companies is not enough to protect the creator(s) of privacy-enhancing software (for Ethereum, Bitcoin, or whatever else) from criminal allegations and prosecution for facilitating money laundering, then what is? Is this not an indictment of their folly (TMIBP18), and the indulgence of surrender? (TMIBP19) Remember the first lesson in professor Timothy Snyder’s “Twenty Lessons from the Twentieth Century,” which reads: “Do not obey in advance.”
Most of the power of authoritarianism is freely given. In times like these, individuals think ahead about what a more repressive government will want, and then offer themselves without being asked. A citizen who adapts in this way is teaching power what it can do.
:information_source: Check out Bitcoin Optech Newsletter #198, #199, #200, #201, #202, #203, #204, #205, #206, #207, #208, #209, #210, #211, #212, #213, #214, and #215 for other recent technical developments beyond Bitcoin privacy. And congratulations to them on reaching their 200th newsletter during this time!
Thanks for reading! Feel free to :bookmark: bookmark or subscribe to catch the next edition of ‘This Month in Bitcoin Privacy.’
]]>"73.224 BF2247 Merveille du Jour, Griposia aprilina" by Patrick Clement. is licensed under CC BY 2.0
This section is for important stories that would have been included for the month of March:
In TMIBP02, TMIBP07, TMIBP08, and TMIBP13, I covered a data breach from e-commerce and marketing databases belonging to the Paris-based hardware wallet developer Ledger. They have continued to warn their users about phishing attempts and how to recognise authentic messages. However, it seems that the effects of the breach are not contained to their service.
For episode #112 of the Darknet Diaries podcast, host Jack Rhysider interviewed “a guy named ‘Drew’ who gives us a rare peek into what some of the young hackers are up to today.” About thirty-five minutes into the show, they begin to discuss SIM-swapping attacks (TMIBP01, TMIBP03, TMIBP09), and ‘Drew’ confirms that cryptocurrency holders are now one of the most popular targets. As a result, the Ledger databases were particularly valuable because many customers used the same phone number and/or email address for their exchange accounts, including Coinbase. Not only was it easy to check if a given email address had been used with an active account, but “there was an exploit in Coinbase for about one month where you could check the [current] balance of any valid password and username [combination].” So even if the attackers had yet to attempt their swap, they could first narrow down their target list to the most valuable accounts rather than wasting resources compromising empty or low-value ones. Then, because the vast majority of Coinbase users had enabled two-factor authentication (2FA) via text message rather than more secure options, the attackers would carry out SIM swaps on those devices in order to receive the codes too.
With 2FA enabled on your account, you will have to provide your password (first “factor”) and your 2FA code (second “factor”) when signing in to your account. There are many types of 2FA, ranging from a physical key (such as a YubiKey) — the most secure — to SMS verification — the least secure. Many people choose to use SMS 2FA, because it’s linked to a phone number, rather than to one particular device, and is generally the easiest to set up and to use. Unfortunately, that same level of convenience also makes it easier for persistent attackers to intercept your 2FA codes. We strongly encourage everyone that currently uses SMS as a secondary authentication method to upgrade to stronger methods like Google Authenticator or a security key everywhere it is supported.
In September 2021, the exchange reported that “between April and early May 2021, the Coinbase security team observed a significant uptick in Coinbase-branded phishing messages,” related to bypassing of their SMS multi-factor authentication (MFA) process, which resulted in stolen funds from 6,000 customers. ‘Drew’ claimed this flaw was “vital to making your SIM-swap more successful.”
On February 15th 2022, Ledger’s year-in-review included that as per their “public commitment” following the data breach, “we have migrated all order data older than 18 months and will gradually migrate data older than 12, 6 and 3 months in the near future. All this information will be stored in this separate database for 10 years, as per our accounting obligations, and then removed from our system.” Shortly thereafter on February 22nd, they also announced that the “Coinbase Wallet browser extension now supports” their hardware wallet for self-custodial key storage, and released a “co-branded Nano X Coinbase Edition.”
For thefts of ether or ERC-20 tokens, ‘Drew’ noted that Tornado Cash was often used for mixing. This month, Tornado Cash announced that they would use a “@chainalysis oracle contract to block OFAC sanctioned addresses from accessing the dapp.”
Rhysider and ‘Drew’ also cite the Terpin case. In January 2018, investor and public relations manager Michael Terpin had lost $23.8 million worth of cryptocurrency through a SIM-swap attack; in May 2019, he won a $75.8 million civil judgement against one co-conspirator, and then went on to sue Nicholas Truglia, “the mastermind and ringleader.” In November 2021, Truglia pled guilty to criminal charges for conspiracy to commit wire fraud. Terpin commented:
He was referring to their Notice of Proposed Rulemaking that seeks “to amend the Customer Proprietary Network Information and Local Number Portability rules to prevent subscriber identity module (SIM) swapping scams and port-out fraud.”
Speaking of the “darknet,” this episode came out on the same day as the announcement that Twitter now has an onion service (using Enterprise Onion Toolkit) and lists the Tor browser as supported! Alec Muffett explains:
Using onion services mitigates attacks that can be executed by possibly-malicious “Tor Exit Nodes” — which, though rare, are not nonexistent — and also the fact that you are using a “.onion” address demands that the person is using a TorBrowser, thereby are also mitigating: national web blocks, TLS-man-in-the-middle, SNI filters, DNS censorship and tracking (both upon the client side, and that potentially impacting exit nodes), a lot of fundamental cookie-tracking and digital-fingerprinting issues… and a bunch of other risks to which non-Tor-browsers are prone.
If you use that bird site for Bitcoin social media and news notifications, you can now do so with a bit more privacy. Read prior Bitcoin and Tor-related news in TMIBP02, TMIBP03, TMIBP04, TMIBP05, TMIBP06, TMIBP08, TMIBP12, TMIBP13, TMIBP15, and TMIBP16.
The Human Rights Foundation (TMIBP01, TMIBP03, TMIBP06, TMIBP09, TMIBP10, TMIBP12, TMIBP14, TMIBP16, TMIBP17) opened a four-month paid research fellowship to investigate whether zero-knowledge (ZK) rollups could “help the Bitcoin network with scaling or privacy.” ZK-rollups are a second-layer scaling solution that has been proposed for various blockchains, including Ethereum.
Zero-knowledge rollups (ZK-rollups) bundle (or “roll-up”) hundreds of transfers off-chain and generate a cryptographic proof. These proofs can come in the form of SNARKs (succinct non-interactive argument of knowledge) or STARKs (scalable transparent argument of knowledge). SNARKs and STARKs are known as validity proofs and get posted to layer 1.
The ZK-rollup smart contract maintains the state of all transfers on layer 2, and this state can only be updated with a validity proof. This means that ZK-rollups only need the validity proof instead of all transaction data. With a ZK-rollup, validating a block is quicker and cheaper because less data is included.
On March 24th, Gladstein announced that John Light had been selected for the position, which would begin in May. “The product of the fellowship will be an industry concept paper that addresses” six questions, including: “How would Bitcoin Core need to change to integrate ZK-rollups? Are there any known current improvement proposals (e.g. OP_CTV) that would help?” OP_CHECKTEMPLATEVERIFY
(CTV) is a new opcode central to Jeremy Rubin’s BIP-119 soft fork proposal, to support “applications for transaction congestion control and payment channel instantiation, among others.” In July 2021, Rubin wrote:
CTV enables committing to a specific “next” transaction from script. This is the ability to make an unbreakable promise on chain which Bitcoin can enforce (e.g. “This coin can only be spent to my multisig, or my backup after a timelock”). This is a departure from normal script which is traditionally only concerned with restrictions on the sender, CTV imposes restrictions on the recipient. More technically, CTV is essentially the ability to embed a signature of a specific transaction inside of a script without needing any elliptic curve operations. The validation costs are low. For more advanced logic, you can nest multiple different CTV Hashes either using taproot or up to the script length limits in regular script.
On April 22nd, following Rubin’s announcement of an upcoming CTV-compatible client release, BitMEX Research wrote a summary of the proposal and reactions to it, which have been mixed. Bob McElrath, who has co-authored research on Bitcoin convenants and vaults, responded that the “new wallet infrastructure is substantial, requiring a new private communication between sender and receiver… NACK from me on this concept.”
In TMIBP05, I covered how various tax autohrities, including Her Majesty’s Revenue and Customs (HMRC), were seeking to collect personally identifying information, ownership and transaction records from users of cryptocurrency businesses; in TMIBP07, I also covered the closure of a long-time U.K.-based exchange. In connection with “an unprecedented package of economic sanctions on Russia and Belarus, in response to Russia’s invasion of Ukraine on 24 February,” the Financial Conduct Authority (FCA) has written to “all registered cryptoasset firms and those holding temporary registration status to highlight the application of sanctions on various entities and individuals.” On the same day, they have also made a public reminder that cryptocurrency ATMs are effectively now banned in the U.K.
Crypto ATMs offering cryptoasset exchange services in the UK must be registered with us and comply with UK Money Laundering Regulations (MLR). None of the cryptoasset firms registered with us have been approved to offer crypto ATM services, meaning that any of them operating in the UK are doing so illegally and consumers should not be using them.
… We are concerned about crypto ATM machines operating in the UK and will therefore be contacting the operators instructing that the machines be shut down or face further action.
Since we published the list of unregistered crypto firms that may have been continuing to conduct business, a recent assessment found that 110 are no longer operational.
In their list of recommendations for reducing “the risk of sanctions evasion,” they urge firms to consider “where blockchain analytics solutions are deployed, ensuring that compliance teams understand how these capabilities can be best used to identify transactions linked to higher risk wallet addresses,” and to flag “the use of tools designed to obfuscate the location of the customer (eg an IP address associated with a virtual private network or proxy) or the source of cryptoassets (eg mixers and tumblers).”
On March 14th, Juraj Bednar (TMIBP15) published a blog post on how to start a local trading group with privacy in mind:
How do you get members for these groups? Add your acquaintances who are already involved with cryptocurrencies. They don’t have to buy and sell right away. Exchange links, experiences and tips in the discussion group. Group members can invite other members they personally know. In larger cities, this will create several such groups, and some members may be in more than one group. They are thus able to link supply and demand between groups using their reputation (and may even make some money by doing this). It is good if the group also meets in person from time to time. A dinner once a month or some joint crypto event. You will build mutual trust and build interpersonal relationships that will increase the willingness to trade and trust.
Wasabi announced that “the zkSNACKs coordinator will start refusing certain UTXOs from registering to coinjoins.” For anyone not familiar with their architecture, the coordinator is a server which ‘coordinates’ UTXOs in a CoinJoin. While the code is open-source, and Chaumian or Schnorr blind signatures prevent it from linking inputs and outputs, it can still selectively exclude UTXOs from the input registration phase and thus from participating in a CoinJoin. Technically, they were already practicing temporary bans on coins where the user failed to provide a signature, to prevent denial-of-service attacks. However, that was not the reason for this announcement.
Ádám ‘nopara’ Ficsór referred back to a November 2013 forum thread where “the Bitcoin community successfully pushed back against blacklisting,” and commented, “Glorious days.” When asked whether they would support “swapping to other coordinators,” Ficsór replied, “I think it’d be unwise from me to discuss the circumvention of the above measures, sorry.” And when it was suggested that they would be “teaming up” with a blockchain surveillance business, Wasabi contributor Rafe responded:
No. We are trying to protect the company and the project by minimizing the amount of these hackers and scammers using the coordinator and getting us in trouble. This should be in the rights of the company to do but believe me, none of us are happy about this.
Chaincase, an iOS client based on Wasabi (TMIBP11, TMIBP12, TMIBP13, TMIBP16), soon published guidance on how to manually connect to their coordinator instead.
On March 15th, Financial Times (FT) reporter Cristina Criddle published an article with comments from the U.K. National Crime Agency (NCA). Spokespersons say they would support new regulation that “would force mixers to comply with money laundering laws, with an obligation to carry out customer checks and audit trails of currencies passing through the platforms.” On what legal authority this would stem from, no mention was made. Pointing to Wasabi and Samourai Wallet, Criddle cites the Europol report (TMIBP01, TMIBP05, TMIBP06, TMIBP10, TMIBP14) and allegations by Elliptic, as well as Chainalysis and CipherTrace in another September 2021 article on decentralised finance (DeFi):
The worry among regulators is they would replace the very entities that governments turn to for help in enforcing the laws against money laundering — bankers, brokers and money transmitters that stand between people and markets.
“DeFi is using loopholes in regulation because they don’t actually hold the customer’s money, unlike a broker,” says David Jevans, chief executive of CipherTrace, a cryptocurrency intelligence company started in 2015 with funding from the US Department of Homeland Security to help prevent financial crime.
Samourai Wallet confirmed that they had been asked for comment on March 11th, and then published “our entire response that we sent” to the FT. The day before the publication of the article, they had also explained and defended the role of coordinators:
CoinJoin coordinators are simply message passers. This is true of Wasabi & Whirlpool. They are not money transmitters, they are not facilitators[,] they simply pass data packets to connected clients… Your ISP is not responsible for the websites you visit, even though they serve you the data packets that made your visit possible.
… The ability to share data freely be it books, art, media, thoughts and ideas, or UTXO state is essential for free society and is fundamentally human. The radical encroachment of the state into the lives of ordinary law abiding citizens is on a concerning upward trajectory. By bending the knee to [regulatory] overreach instead of fiercely fighting, especially when you have the resources to do so effectively, you tacitly accept and endorse that overreach and the next one. Give an inch and they’ll take several miles.
On March 17th, Bitcoin Magazine published an article on the decision, quoting zkSNACKs co-founder and CEO Bálint Harmat. They note that it “was a proactive one as there is no current legislation obliging them to do so.”
“People started to identify Wasabi with illicit activities and actors, and we wanted to differentiate ourselves from these players in the space,” Harmat said, adding that the route taken on Sunday was zkSNACKs’ solution to enforce it.
Harmat explained that the company doesn’t want to be associated with criminal activity of any kind, adding that multiple reports over the past year linking hackers, money launderers and other nefarious actors with Wasabi and zkSNACKs have in part prompted the move as such an angle hurts the brand’s image…
“We did our research and really went into the legal details,” Harmat said. “There are no current regulations on ongoing joint coordinators. However, I’m aware this is going to change in the future.”
They also contradict Rafe’s earlier reassurance:
zkSNACKs co-founder Adam Ficsor posted a message on the Wasabi Wallet public Telegram channel on Tuesday saying that the company will “have to hire” a blockchain analysis firm “and filter out CoinJoin input registrations with them” — a plan that Harmat echoed.
BTC Sessions host Ben Perrin, who has made many tutorial videos on Bitcoin privacy wallets, tweeted that he had “ended my engagement with Wasabi.” 402 Payment Required similarly said that their tutorials will remain available in case “some fork of it might attract enough liquidity to be useful in the future.” Former Wasabi contributor and WabiSabi co-author Yuval ‘nothingmuch’ Kogman (TMIBP01, TMIBP05, TMIBP07) also shared that he had left the project in December 2021:
I was involved with Wasabi until December but left because of what I perceived as systemic issues with the development process. To be clear, I cannot wholeheartedly support the project or recommend its use, for ethical and technical reasons.
On March 28th, Wasabi published a full statement on their website, where they assert that they “broke one of the largest taboos of Bitcoin[,] blacklisting, to achieve something greater: survival of the best Bitcoin privacy technology.”
Wasabi Wallet is making Bitcoin anonymous and most people are afraid of the idea of anonymous money. They don’t care that it existed for thousands of years before the last century, nor do they understand the gravity of the fact that fungibility is an essential property of good money. Ignorance of first principles has resulted in unwanted media attention and claims of money laundering that we are obviously not trying to enable. Such claims by mainstream media have travelled far and ultimately led to legal challenges, which forced the company to choose between discontinuing its operations or introducing blacklisting so that the coinjoins can continue.
On April 1st, Stephan Livera published episode #364 with contributor and “Join the Wasabikas” podcast host Max Hillebrand. He extensively outlined the pros and cons of both a multi-cooordinator ecosystem for CoinJoins, and more decentralised models.
There are many reasons why you would want to run your own coordinator. One of the other main reasons is because you want to control which inputs are actually gonna be registered there. You can have invite-only CoinJoins. There are ZeroLink Wasabi coordinators out there where the actual onion is not public knowledge. So someone needs to invite you by sending you this onion, and only then can you CoinJoin. Here you could have CoinJoins just among your friends who know about this onion address of the coordinator. To curate who actually gets to register is already a live use case of one quite big ZeroLink coordinator.
He then says that to “also add the additional metadata that we have on the Bitcoin blockchain that chain surveillance companies provide — all these tags of the risk factor of certain coins” is “definitely something new,” implying that Wasabi plans to do so.
I’m not trying to [downplay] this here, but it’s somewhat of a soft fork, right? You’re changing the acceptance of which coins do you consider valid — not on the Bitcoin consensus layer, that’s the other important thing. Bitcoin consensus is still permissionless and decentralized enough that you can make payments even if you are blacklisted: you can just either get hashrate yourself or bribe a miner to hash a block with your transaction in it… What we’re talking about here is: will you get access to someone else’s computer? Will someone else allow you to write stuff on his computer, basically? And in my opinion, ultimately it comes down to property rights. A coordinator is just someone else’s computer — and it’s not yours. So you ought to be quite thankful that someone actually provides you a service where you can use his computer for certain things like coordinating a round.
Disclosure and Personal Note: In January 2018, about seven months before the beta launch of Wasabi, my podcast co-host and I started a short-form video series called “zkSNACKS,” a food-related twist on zk-SNARKs, which stands for “Zero-Knowledge Succinct Non-Interactive Argument of Knowledge.” I had come up with that name sometime leading up to the publication of the first episode. We are called “Block Digest,” we care about privacy, and we can be snarky as hell, so it was perfect wordplay. We published three episodes in the series in total. At the Building on Bitcoin conference in July, Nopara gave us a shout-out and attributed credit to us for the name of his new company that would manage development of Wasabi. This (the company name) was news to my co-host and I as much as to everyone else; we had not been asked or told beforehand. At the time, I would say that I felt proud of this inadvertent branding contribution. However, recent events have now soured the memory and association.
One of the valuable side-effects of a socio-political environment that supports freedom of association, where there are little to no inherent legal consequences for engaging non-violently with others, is that you can more easily see and understand the character of those around you based on their choices. You may still be the recipient or deliverer of ‘soft’ judgement and consequences for who you include or exclude, and the basis on which you made that determination (ex. gender, race, sexuality, religion, political orientation, etc), but either way your preferences are more honest and visible to everyone around you. They can in turn make an informed decision about whether to include or exclude you, depending on what they believe your preferences reveal about your character.
It is very true that the operators of the Wasabi coordinator are not required to accept any and every UTXO for CoinJoins. I haven’t seen anyone argue that they are. Indeed, disassociating from (real or perceived) malicious actors, network nodes, or users who may abuse your time, space, and resources to your detriment or that of your community is a valid reason to limit or close the connection. Even if your reason is wrong or misplaced, whether according to your own standard or someone else’s, you can still (largely) do so anyway. In recent years we have even seen the result of rapid mass-disassociation, often socially compelled and coerced, including in financial ways.
Yet, the existing ‘success’ rate of identifying criminal capital flows is limited, to say the least. Based on all available estimates, less than 1% of the total amounts that are being laundered are detected. Data collected by the US State Department suggest that some US$3.1 billion were seized in connection with money-laundering activities in 38 countries out of 62 countries analysed (2010 or latest year available); more than 80% of this was seized in North America.144 This would be equivalent to some 0.2% of the best estimate of the extent of money-laundering at the global level. In comparison, more than 20% of the globally produced illicit opiates are being seized and more than 40% of the cocaine.145 Are money-launderers really so much smarter than drug traffickers, or is there something wrong with the existing control system?
— “Estimating Illicit Financial Flows Resulting from Drug Trafficking and Other Transnational Organized Crimes: Research Report” by the United Nations Office on Drugs and Crime (2011)
Readers should know that I have included material many times on the fallibility of blockchain surveillance tools, including in this newsletter. The foundation of their business model is mapping association: address to address, coin to entity, entity to identity, and then identity to crime. For that last step to resemble a just due-process of any kind, preceding steps should follow the same rigorous and transparent standard of evidence, no? However, most of the people who have been and will be affected by blockchain surveillance purveyors have committed no crime and are not under any formal or informal suspicion of committing a crime. They are blocked and suspended because anyone who actually takes their privacy seriously is considered “risky,” where risk is measured not by crime but merely the degree of visibility and obedience (or, sadly, their personal power to pay their profile away). Meanwhile, the risks inherent to mandatory sharing of sensitive personal information for millions of ordinary people are witnessed daily and largely ignored.
The legal fungibility of banknotes — their homogeneity, or the characteristic of being interchangeable with others of equal denomination — was determined through common law in 18th century Scotland (see Reid, 2013). In 1749, a court considered the case of two £20 notes which had gone missing in the post, and examined the ownership of one of those notes which had subsequently turned up at a branch of the Royal Bank of Scotland — identified courtesy of the serial number recorded by the sender. The case determined that one who took possession of a banknote in normal and legal exchange was free from the “infirmities of title which affected those from whom it had been acquired” (Reid, 2013, p.2; see also Silver, 2018). In general, this means that the history of an individual banknote — which I analogise to its identity — has been determined to be irrelevant according to this 18th century case law. However contemporary legislative and regulatory requirements have challenged this precedent.
— “The Identity, Fungibility, and Anonymity of Money” by Alastair Berg (2019)
It was understood centuries ago that ascribing criminality to the current holder of fiat currency based on that particular coin or bill’s alleged illicit provenance is a dangerous move that can erode economic efficiency and the value of that currency system over time. How is it then not obvious that states which feel threatened by the adoption of non-state decentralised money would have an interest in enforcing a different standard for the legal fungibility of bitcoin? By accepting the involvement of blockchain surveillance, you are not only providing them with tacit approval that their methods are effective at the task they claim to do, but also supporting the state’s goal: degradation of legal fungibility.
In August 2013, the encrypted email service provider Lavabit was abruptly shut down after being served with a pen register order requiring the disclosure of information about a single customer’s account. The founder, Lardar Levison, wrote: “I have been forced to make a difficult decision: to become complicit in crimes against the American people or walk away from nearly ten years of hard work by shutting down Lavabit.” For years, Levison was “forbidden… under threat of contempt and possibly jail time, from identifying who the government was investigating.” Through a redaction error by the government, it was revealed that the account belonged to NSA whistleblower Edward Snowden.
So if you believe that complying with extra-judicial threats of currently non-existent regulation will save your brand, then either I do not understand what your brand means anymore or you are mistaken about who you should be saving it from. You may have won the battle for a few more months or years of profitable business, and you are of course free (for now) to prioritise that, but I believe you’ve surrendered in the war for principle.
KYC is the illicit activity. Compliance is the taint.
The U.S. Senate Committee on Banking, Housing, and Urban Affairs hosted a morning hearing on “Understanding the Role of Digital Assets in Illicit Finance” with four witnesses, including former Financial Crimes Enforcement Network (FinCEN) director Michael Mosier (TMIBP08, TMIBP11) and Chainalysis co-founder and chief strategy officer Jonathan Levin; between June 2019 and February 2020, Mosier also had a role as Chief Technical Counsel at Chainalysis.
Levin’s testimony included a list of the “world’s most high-profile cyber-crime cases” that they were involved in, took credit for the relatively low amount of illicit activity using cryptocurrency, and argued for increased integration of and funding for blockchain surveillance:
Our 2022 Crypto Crime Report was released last month and it shows that transactions involving illicit addresses represented just 0.15% ($14 billion) of digital assets transaction volume in 2021 (not including centralized exchange volumes). This is because digital asset usage is growing faster than ever before and the legitimate use of digital assets is vastly outpacing the growth in their criminal use. This figure may rise slightly as we identify more addresses associated with illicit activity and incorporate their transaction activity into our historical volumes, and it also only reflects on-chain activity. This means, for example, that illicit activity happening within exchanges is not captured, as we do not have the internal order book data of exchanges. Those caveats aside, I do think it is important to note that illicit activities using digital assets is reflective of significantly less than 1% of transaction volumes, and this is thanks in part to the types of tools we provide to digital asset companies to support their AML/CFT compliance and the excellent work of law enforcement and regulators.
… With a blockchain-based financial system, regulators could have a real-time view into financial flows, risk exposures, and interconnectedness across all asset classes. Advanced risk analytics could provide regulators the ability to easily independently stress test the entire portfolio of a financial institution, as well as an entire financial system using current or historic portfolio data. Enhanced transparency afforded by blockchain technology could also facilitate and improve the efficacy of regulator and independent examinations, including as they relate to disclosure and reporting.
… We commend the Consolidated Appropriations Act for FY 2022 for increasing funding for FinCEN and the Office of Terrorism and Financial Intelligence (“TFI”) in the Department of Treasury. We recommend that FinCEN and TFI, along with law enforcement, market regulators, and national security agency stakeholders, invest in blockchain intelligence and analytics capabilities, both headcount and tools/services, that will enhance their ability to detect, disrupt, and deter illicit uses of digital assets.
Interestingly, Mosier’s testimony acknowledged that anti-money laundering legislation has often been used to target innocents and suppress political activism:
Because no matter the best intentions, people are fallible. In thinking about self-determination, when we speak of “illicit finance,” we must not forget defenders of democracy whose financing might be considered “illicit” to the autocrats and invading armies they resist. As we painfully see around the world right now, it is fundamental to democracy that people have the opportunity to protect themselves in the face of fallibility and brutality.
The same cryptographic capabilities discussed here today enabled secure, auditable humanitarian aid to 60,000 healthcare workers in Venezuela under a repressive regime… No doubt the Venezuelan regime considered the use of those previously frozen assets “illicit finance,” but to us they were cryptographically secure humanitarian aid.5
… The democratic resilience of cryptography doesn’t stop with mere messages.
He also discouraged the adoption of the FATF’s Travel Rule guidance:
Further, until there are global registration standards to identify trusted exchanges to send personal information, industry cannot implement the Travel Rule. Congress should press U.S. FATF representatives to focus on standardized licensing across jurisdictions, instead of FATF developing new, expansive definitions of “Virtual Asset Service Provider” that include software developers in a way that FinCEN cannot implement under our Constitution.
Ruben Somsen (TMIBP05, TMBIP18) wrote to the mailing list to propose “a new scheme for private non-interactive address generation without [extra] on-chain overhead.”
The recipient generates a so-called silent payment address and makes it publicly known. The sender then takes a public key from one of their chosen inputs for the payment, and uses it to derive a shared secret that is then used to tweak the silent payment address. The recipient detects the payment by scanning every transaction in the blockchain.
Compared to previous schemes1, this scheme avoids using the Bitcoin blockchain as a messaging layer2 and requires no interaction between sender and recipient3 (other than needing to know the silent payment address). The main downsides are the scanning requirement, the lack of light client support, and the requirement to control your own input(s). An example use case would be private one-time donations.
So far, reviews of the draft have come from Tim Ruffing (TMIBP05, TMIBP06, TMIBP09) and Martin Habovštiak (TMIBP14, TMIBP18) among others. Meanwhile, it has now been more than year since Justus Ranvier published a new draft of his BIP-47 specification from 2015 (TMIBP09), and Sparrow Wallet has pushed compatible PayNym generation and management with Samourai Wallet (TMIBP18), on which BTC Sessions host Ben Perrin recently published a tutorial. A feature request to add BIP-47 to the Bitcoin Dev Kit project was opened in February. Ranvier’s pull-request to finalize the standard remains unmerged at this point, even despite approval from Greg Maxwell. On March 4th, ‘TDev’ commented:
Following the completion of BIP47 v1 Justus Ravier indicated his desire to remove all updates for BIP47 from the BIP process itself… BIP47 v1 as described above is the existing de facto standard with over 96000 PayNyms created by Samourai Wallet and a new daily influx of PayNyms from Sparrow Wallet users. The Samourai & Sparrow implementations are interoperable. Since 2015 the existing BIP process has proven itself to be incapable of advancing bitcoin privacy in general or validating a proposal for reusable payment codes in particular.
On April 29th, Ross Ulbricht’s support account shared a new PayNym that can be used to donate to his legal fund. In December 2021, Ulbricht reached his 3,000th day in prison (TMIBP18); on March 27th, he turned 38 years old. You can learn more about his story from ‘What Bitcoin Did’ podcast episodes #10 and #27.
Hardware wallet company Trezor (TMIBP06, TMIBP11, TMIBP12, TMIBP13, TMIBP15, TMIBP18) warned that there had been “a potential data breach of an opt-in newsletter hosted on MailChimp.” Soon, they were able to confirm that “their service has been compromised by an insider targeting crypto companies.”
We have managed to take the phishing domain offline. We are trying to determine how many email addresses have been affected. We will not be communicating by newsletter until the situation is resolved. Do not open any emails appearing to come from Trezor until further notice. Please ensure you are using anonymous email addresses for bitcoin-related activity.
In March, CoinDesk had reported on a similar breach and subsequent phishing attacks with other companies using Hubspot. In a statement to The Verge, Mailchimp’s chief information security officer “said that the company had become aware of the breach on March 26th when it detected unauthorized access of a tool used by the company’s customer support and account administration teams.” On April 4th, Trezor published a blog with a copy of the phishing message, more information about the incident, and what affected users could do:
The Mailchimp security team disclosed that a malicious actor accessed an internal tool used by customer-facing teams for customer support and account administration. The bad actor gained access to this tool as a result of a successful social engineering attack on Mailchimp employees.
… The only reason to worry about your funds is if you entered your seed into the malicious app. Your device can not be compromised or affected by this attack without explicitly typing your seed into your computer. Never enter your seed anywhere unless your Trezor device tells you to!
Foundation Devices co-founder and CEO Zach Herbert encouraged Trezor and other Bitcoin companies to self-host as much of their communication and marketing infrastructure as possible, which would have prevented this attack:
At @FOUNDATIONdvcs we run our own @WordPress @WooCommerce, Followups email marketing tool, @matomo_org analytics, @jitsinews for meetings, FreeScout customer support desk, @BtcpayServer. This means we do not run Shopify, Mailchimp, Google Analytics, Zoom, Zendesk, Coinbase/OpenNode, or other similar centralized services. We are also constantly improving and figuring out how to better safeguard customer data and self-host critical systems. It’s easy to think of this as a distraction, especially at a small startup. But it’s really important when you’re receiving customer emails, mailing addresses, and phone numbers. Feel free to reach out with any questions or ideas for great self-hosted tools we can use!
In TMIBP05, TMIBP08, TMIBP12, TMIBP14, and TMIBP17, I have followed exploration, promotion, and criticism of central bank digital currencies (CBDCs). This month, the Bank for International Settlements (BIS) published a volume of papers contributed by banks from more than two dozen countries around the world, titled “CBDCs in emerging market economies.” The sections address each country’s approach toward data privacy, governance, promoting “central bank objectives,” and “the implications of cross-border use.”
Several have progressed to the pilot or proof-of-concept stage (eg Hong Kong SAR, Saudi Arabia, Thailand, the United Arab Emiratis (UAE)). A few are close to launching (eg China’s eCNY), while some do not see a pressing need for a CBDC in the near future (eg Poland, Singapore).
Below are several interesting excerpts from this 214-page document on the subject of privacy, with clarifying additions when needed. In the introductory BIS background paper, the authors state that “CBDC designs can allow for privacy by separating payment services from control over the resulting data.”
Such designs could allow anonymity with respect to specific parties, such as PSPs [payments service providers], businesses or public agencies. Like some FPS [fast payment systems], CBDCs could give users control over their payments data, which they need only share with PSPs or third parties as they decide (BIS (2021)). For example, with [the India-based retail FPS] UPI, data ownership and control over their credentials are addressed through application programming interfaces (APIs) that use public key cryptography. For a system that relies on biometric digital ID systems, such as Aadhar in India, the safeguards are even more stringent and crucial. Thus, data and privacy management challenges under CBDCs are not new.
Citing Aadhaar as an example of “data and privacy management” done right does not sit right with me. If you want to know more, check out Malavika Jayaram’s talk on “Biometric ID Cards by the Billion” (2017) and Kiran Jonnalagadda’s talk on “Unpacking the Compromises of Aadhaar, and Other Digital Identities Inspired By It” (2019). Next, in the paper on China’s e-CNY aka “digital renminbi” system, they claim that anonymity will be allowed for “small-value” transactions:
The e-CNY system follows the principle of “anonymity for small-value and traceability for high-value transactions”, and attaches great importance to protecting personal information and privacy. It aims to meet the public demand for anonymous small-value payment services based on the risk features and information processing logic of current electronic payment systems.
The Czech National Bank (CNB), on the other hand, states plainly that “full anonymity is not plausible… Anonymous electronic payments between users are not possible at all.”
However, increasing digitalisation could leave some sections of society behind as potential barriers around trust, digital literacy, access to IT and data privacy concerns create a digital divide. For central banks in many emerging market economies, a key driver for researching CBDC is the opportunity to improve financial inclusion.
Yet for a CBDC to increase financial inclusion, it must address the causes of exclusion, which vary by jurisdiction and are often complex.
… so a CBDC could only increase privacy partially, but we cannot rule out the possibility that it would not increase it at all (if it created motivation to obtain the data in other ways).
The Hong Kong Monetary Authority (HKMA), like others, believes that privacy can be well protected between users and payment services. In describing their retail central bank digital currency (rCBDC), they say that it is built using a UTXO model (like Bitcoin) and even that “a pseudonym system” could be implemented.
… preservation of user privacy vis-à-vis other users and non-client intermediaries could be made possible by a pseudonym system. While the natural transaction traceability of a UTXO model allows intermediaries and users to know who held the rCBDC in the past, such traceability would have privacy implications. To address this issue, the proposed architecture explores the possibility of creating pseudonyms, similar to “nicknames”, to represent the transacting parties during each and every transaction. Only a user’s bank has access to the mapping between the pseudonyms and the user’s real identity, which means that only a user’s bank, not other users or intermediaries, knows the real identity of an rCBDC owner.
The Bank of Israel’s answer on their “digital shekel” warns that the decisions of “major economies” will affect those of “smaller countries,” if they don’t want to risk being excluded from interoperability. They also suggest that providing more identifying data may be rewarded.
If, for example, the standard set in the major economies regarding anonymity would require that authorities are able to obtain information regarding a specific transaction if such information is needed for law enforcement, it may not be possible for smaller countries to execute policies that give a greater weight to privacy concerns, if they want their CBDCs to be more similar to cash in this regard.
… Let us take the example of privacy requirements – any future platform should allow for different privacy levels, even between existing consumers, who may have different requirements regarding privacy. Some may be willing to allow some access to their data in return for, say, lower commissions.
Ten days earlier on April 4th, Eurogroup’s monthly meeting included “privacy considerations related to a digital euro and how they relate to other policy objectives, such as preventing money laundering, illicit financing and tax evasion.” A presentation given by the European Central Bank (ECB) notes that ‘offline functionality’ should allow “full privacy only for close proximity payments that are low-value and low-risk,” without revealing what they considered those thresholds to be.
User anonymity is not a desirable feature, as this would make it impossible to control the amount in circulation and to prevent money laundering.
On April 5th, the European Commission opened a public industry consultation on the digital euro, to last until June 14th, on the basis that they soon “may issue the digital euro in line with its objectives and mandate.” On April 28th, they also opened a “call for expressions of interest in providing prototypes for digital euro projectpayment solutions.”
Almost three months earlier on January 20th, the board of governors for the U.S. Federal Reserve published a 40-page paper “to foster a broad and transparent public dialogue about CBDCs in general, and about the potential benefits and risks of a U.S. CBDC.” They note that public comment “will be accepted for 120 days and can be submitted here,” a deadline of May 20th, though as Bitcoin Magazine predicts, “Your opinion means nothing in this decision-making process.” They begin by asserting that a CBDC “would best serve the needs of the United States by being privacy-protected, intermediated, widely transferable, and identity-verified.”
Any CBDC would need to strike an appropriate balance, however, between safeguarding the privacy rights of consumers and affording the transparency necessary to deter criminal activity.
… In practice, this would mean that a CBDC intermediary would need to verify the identity of a person accessing CBDC, just as banks and other financial institutions currently verify the identities of their customers.
In response to this and a recent executive order, assistant professors Andrew M. Bailey and William J. Luther (TMIBP16) wrote:
The recent executive order, to the administration’s credit, notes that a CBDC should “maintain privacy; and shield against arbitrary or unlawful surveillance, which can contribute to human rights abuses.” But a reasonable person might worry that the government is paying lip service to privacy concerns.
… Policymakers may be tempted to compromise on financial privacy when implementing a CBDC. Instead, they should attempt to replicate the privacy afforded by cash. Like non-alcoholic beer, the Fed’s “digital form of paper money” would superficially resemble the real McCoy while lacking its defining feature.
Exactly one year before the BIS volume’s publication, the ECB had released “a comprehensive analysis of its public consultation on a digital euro” that ran from October 2020 to January 2021. They received “over 8,200 responses – a record participation for an ECB public consultation. A large majority of respondents were private citizens (94%).”
The analysis confirms, by and large, our initial findings: what the public and professionals want the most from such a digital currency is privacy (43%), followed by security (18%), the ability to pay across the euro area (11%), no additional costs (9%) and offline usability (8%).
… Privacy is the most important feature of a digital euro for both the public and professionals, especially merchants and other companies. Both groups support requirements to avoid illicit activities, with fewer than one in ten responses from members of the public showing support for full anonymity.
In TMIBP01, TMIBP06, and TMIBP16, I have reported on Coinbase’s acquisition of Neutrino for blockchain surveillance software and their subsequent contractual relationships with, and data disclosures to, government agencies. This month, the Coinbase Special Investigations Team have published the third and final blog post in a series about what blockchain analysis is. According to a few of their job openings, the Special Investigations Team:
… prides itself on being on the front lines of the financial revolution, protecting Coinbase from emerging novel threats. On the Special Investigations team, the data-focused investigator will take on high-risk escalations and proactive research into potential threat actors, particularly those related to the world of NFTs. The role will also include writing queries and scripts to automate future identification. The investigator will help support high risk urgent cases, special projects, and refine and automate new and existing tools.
A defining trait of any successful investigator is inquisitiveness - someone who questions premises and never takes things at face value, while always fact-checking their own intuition. Ideally, the data-focused investigator should be a crypto-forward individual with a drive to see beyond the curve, strong knowledge of various networking protocols, programming languages, and an artful touch of OSINT expertise.
In the first part, they show how to go about attributing an address to an entity or individual, comparing “evidence quality and standard of proof.” However, even though they use the language of science, they declare that this is “more of an art than science.”
The public nature of blockchains allows for a certain degree of predictive analysis, enabling researchers to associate addresses and transactions with entities and sometimes individuals. Anybody can look at blockchain, but what makes a difference is the accurate interpretation of this public data, as well as corroborating it with other types of information gathered externally. Once combined such data can be used for blockchain analytics.
Blockchain analytics is widely used for market intelligence, trend analysis, and investigations, among many emerging spaces. The main objective of blockchain analytics is attribution — linking specific assets and events to particular entities or even individuals.
Attributing ownership, however, is often nuanced because outside observers can only infer it depending on factors such as availability and quality of the evidence. Evidence means proof that indeed an address belongs to an individual or entity. Unless you own an address yourself, it is very difficult to say with absolute certainty who an address is owned by. This is why it’s more fitting to consider blockchain analytics more of an art than science.
In the second part, they illustrate “the commonspend,” also known as the common-input-ownership heuristic, and point out that a CoinJoin through Samourai Wallet or Wasabi is “one example of defeating commonspend.” They end the post by highlighting the U.S. Office of Foreign Assets Control (OFAC) list of sanctioned addresses and noting that “our list of blocked addresses is significantly larger. It includes other sanctioned entities as well as designated individuals. We also engage in proactive work to identify sanctioned activity originating from various jurisdictions, including Russia.”
In the third part, they look at change address detection, “more complex and novel blockchain analysis scaling methods, their drawbacks and why time is a critical feature of blockchain analytics.” In their first post, they had asserted that “an external observer cannot possibly gain a full picture or claim 100% confidence in attribution,” and here they further state that “a conservative approach would dictate not attributing anything that cannot be determined with close to 100% certainty; a liberal approach would allow wider attribution, at the cost of expanding the potential margin of error.” At no point do they explain how anyone involved even determines their degree of certainty.
Certainty of attribution is almost scarce and because multiple parties are relying on different tools for conducting transaction tracing on blockchains, it can sometimes yield dramatically different results.
While I do not disagree with their characterisation, it is quite shocking that purveyors of blockchain surveillance would so easily admit that the methods which will inform whether a customer’s deposit is refused, or account is closed, or identity flagged and reported to authorities, or accused of being / associating with criminal elements, have such an absence of scientific foundation despite their marketing to the contrary. If only more AML experts would be similarly honest (TMIBP05, TMIBP18). Anything less is certainly not a pretty picture.
In November 2021, the European Council announced that they had reached agreement “on two proposals that are part of the digital finance package: the ‘Regulation on Markets in Crypto Assets’ (MiCA) and the ‘Digital Operational Resilience Act’ (DORA).”
This agreement forms the Council’s negotiating mandate for trilogue negotiations with the European Parliament.
… The purpose of MiCA is to create a regulatory framework for the crypto-assets market that supports innovation and draws on the potential of crypto-assets in a way that preserves financial stability and protects investors.
In December, they further announced their intention to “update existing rules on information accompanying transfers of funds” to apply to crypto-assets.
The aim of the proposal is to introduce an obligation for crypto-asset service providers to collect and make accessible full information about the sender and beneficiary of the transfers of virtual or crypto assets they operate. This is what payment service providers currently do for wire transfers. The purpose is to ensure traceability of crypto-asset transfers, so as to be able to better identify possible suspicious transactions and if necessary blocking them.
The modifications introduced by the Council in its position streamline and clarify the Commission’s proposal, in particular by introducing requirements for crypto-asset transfers between crypto-asset service providers and un-hosted wallets. It also requires that the full set of originator information travel with the crypto-asset transfer, regardless of the transaction amount. Given the urgent need to ensure traceability of crypto-asset transfers, the Council in its position aims to synchronise the application of the proposal on transfer of funds and the market in crypto-assets regulation (MiCA).
On March 14th 2022, the European Parliament announced that the Committee on Economic and Monetary Affairs (ECON) had “adopted, with 31 votes to 4 and 23 abstentions, its negotiating position on new rules on crypto-assets,” and “a decision to enter into negotiations with EU governments on the final shape of the bill was adopted with 33 votes to 25.” On March 31st, they further announced that ECON and “the Committee on Civil Liberties (LIBE) adopted, with 93 votes to 14 and 14 abstentions, their position on draft legislation strengthening EU rules against money laundering and terrorist financing,” including the traceability of crypto-assets. They noted that “the rules would not apply to person-to-person transfers conducted without a provider.” From here, “the adopted text represents the draft mandate for MEPs to negotiate the final shape of the legislation with EU governments. The EP as a whole should vote on it during the plenary session in April.”
For those unfamiliar with European bureaucracy, trilogues are:
informal tripartite meetings on legislative proposals between representatives of the Parliament, the Council and the Commission. Their purpose is to reach a provisional agreement on a text acceptable to both the Council and the Parliament. They may be organised at any stage of the legislative procedure and can lead to what are known as ‘first reading’,’early second reading’ or ‘second reading’ agreements, or to a ‘joint text’ during conciliation.
Trilogues have been framed as a way to “speed up the legislative process while ensuring representativeness and oversight.” However, the latter aspect of that description seems to be less of a priority. In March 2016, the European Digital Rights (EDRi) association responded to a public investigation by the European Ombudsman into “the transparency of trilogues.” They believed, among other risks, that trilogues “profoundly undermine and weaken the position of the only directly democratically-elected institution in the EU, the European Parliament.”
Blockchain for Europe (BC4EU), a Brussels-based lobbying union that works to “develop a European regulatory framework to support and promote blockchain-based innovation,” wrote that the decision was a “missed opportunity” and “will lead to insufficient consumer protection, huge privacy concerns.” The “final adoption of MiCA” is anticipated to occur in September.
Luckily, the politically-driven mistakes of the European Parliament can be fixed during the trilogue negotiations with the Council of the EU. The latter has taken the right approach when it comes to unhosted wallets. We call on the French Presidency of the Council of the EU to safeguard this approach for the sake of the future of the European economy and the safety of its consumers.
The day before the March 31st vote, Ledger encouraged their customers to “contact members of the committees and urge them to vote against Compromise D and E of the Transfer of Funds Regulation.” They also challenged the “necessity and proportionality” of these proposals – as the Tilburg Institute for Law, Technology, and Society had done for AMLD in general (TMIBP11) – and used conclusions from Chainalysis. They later published a 27-page document of recommendations for policy makers before the first trilogue meeting on April 28th.
In their recently published 2022 report, Chainalysis found that only 0.15% of cryptocurrency transactions in 2021 involved some element of criminality. Of that, money laundering accounted for just 0.05% of all cryptocurrency transaction volume in 2021. In dollar terms, Chainalysis reports that $8.6 billion worth of cryptocurrency was laundered in 2021. Meanwhile, the UN Office on Drugs and Crime estimates that up to $2 trillion – 5% of global GDP – is laundered every year through the traditional financial system in fiat currencies. Moreover, the transparency and immutability of public blockchains equips law enforcement with greater tracking capabilities than they have for fiat currency. Using these figures, the amount laundered through fiat currency is more than 232 times greater than the amount laundered through crypto. These facts call into question the fundamental EU principles of necessity and proportionality.
Patrick Hansen, who has written about the history and development of MiCA, also described it as “a recipe for disaster.” On April 22nd, Hansen was a guest on the ‘DeFi Download’ podcast regarding this topic. Unstoppable Finance, a Berlin-based startup where Hansen was head of strategy and growth, warned that “overall, the [Funds Transfer Regulation (FTR)]’s reporting regime will create massive personal data honeypots, both within private crypto companies & government agencies.” Coinbase CEO Brian Armstrong’s comments from the previous day agreed with this interpretation; he described the legislation as “anti-innovation, anti-privacy, and anti-law enforcement.”
These obligations are inspired by guidance from the Financial Action Task Force (FATF) on the Bank Secrecy Act (BSA) Travel Rule (TMIBP02, TMIBP04, TMIBP05, TMIBP06, TMIBP07, TMIBP10, TMIBP11, TMIBP12, TMIBP13, TMIBP14, TMIBP17). In Hansen’s view, “the EU went beyond what’s required” and “clearly has a very strong urge to become the regulatory champion in every tech field out there.” As I highlighted in TMIBP11, the FATF has no legislative authority in and of itself to require anything.
:information_source: Check out Bitcoin Optech Newsletter #189, #190, #191, #192, #193, #194, #195, #196, and #197 for other recent technical developments beyond Bitcoin privacy.
Thanks for reading! Feel free to :bookmark: bookmark or subscribe to catch the next edition of ‘This Month in Bitcoin Privacy.’
]]>“Red-line Quaker, Agrochola lota” by Patrick Clement is licensed CC BY 2.0
“Imagine, a newsletter so private, it doesn’t even hit your inbox for three months.” This section is for important stories that would have been included in newsletters during my November-January hiatus.
As I covered in the last TMIBP17, the Financial Action Task Force (FATF) finalised and published their updated guidance for virtual asset service providers (VASPs) at the end of October. Back in November 2020 (TMIBP06), I also covered the emergence of KYCC polices in the Netherlands and Switzerland that required customers of such obliged entities to somehow confirm the ownership of deposit or withdrawal addresses. Meanwhile, the Swiss-based “compliance and data protection” company 21 Analytics has written about the various ways to perform “non-custodial address ownership proof,” given inconsistent compliance between countries. On January 18th 2022, they published a similar blog post, but with heavier emphasis on and promotion of their new Address Ownership Proof Protocol (AOPP) for Bitcoin and Ethereum addresses, which they claimed was “already supported by BitBox, BlueWallet, Sparrow, and others. Work is underway to add AOPP support to Trezor and Ledger.” (Interestingly, two days later, they also wrote about development of their OpenSanctions product.)
Two weeks earlier, Trezor had explained how to use their ‘Sign & Verify’ feature to “send [a] message, address and signature to whomever requested proof of ownership,” though this was not identified as AOPP or even marketed as a compliance tool. Indeed, in and of itself, the ability to create and verify digitally signed messages is a basic function of public key cryptography systems, and could be used for integrity checks in a pure peer-to-peer context. However, on January 19th, they confirmed that the AOPP-specific proof format had been integrated into the Suite, “saving time when dealing with some jurisdictions’ regulations.”
Following this explicit association with Travel Rule compliance, Samourai Wallet and others argued that “by buying into this system you are legitimizing the concept that self custody requires permission & compliance.” Trezor initially defended the decision, pointing out that “the message for signing is composed of information already available to the exchange.” On January 28th, they and a couple other wallets reversed the changes:
The creators of AOPP disdainfully attribute this to “fear of the cancel-culture.” Their consultant, Leah Callon-Butler of Emfarsis, which also lists the blockchain surveillance company Elliptic (TMIBP01, TMIBP05, TMIBP07, TMIBP11) as a customer, described it as a “storm-in-a-teacup.” These events were discussed on episode #4 of Streetside Sessions and episode #53 of Citadel Dispatch.
On November 2nd 2021, Stephan Livera published an interview with Dr Ronald F. Pol (@ronaldpol), an anti-money laundering (AML) researcher and former lawyer. They discussed his paper, “Anti-Money Laundering: The World’s Least Effective Policy Experiment? Together, We Can Fix It,” from February 2020 (TMIBP05). He argues that “the modern anti-money laundering experiment unwittingly enables, protects and supports terrorists, drug, human, arms and wildlife traffickers, sex and labor exploiters, and corrupt officials, fraudsters and tax evaders on a global scale.”
There is an underlying assumption that KYC is good, that we need identification, we need all sorts of identification… And certainly there are privacy people who are putting up a good argument in a number of areas, but what’s often missing from that is — it’s a belief that KYC is good. Let’s test that assumption. Do we need all of this KYC, or could we do some of it that actually has an impact?
I have covered the development of the Taproot/Schnorr soft fork in nearly every issue of this newsletter (TMIBP01, TMIBP02, TMIBP03, TMIBP04, TMIBP05, TMIBP06, TMIBP07, TMIBP08, TMIBP09, TMIBP10, TMIBP11, TMBIP12, TMIBP13, TMIBP14, TMIBP15). On November 14th 2021, it was activated on schedule at block 709,632. Samourai Wallet added ‘send to taproot address’ functionality with v0.99.98 in December 2021, as did JoinMarket with v0.9.5 recently; Sparrow Wallet already supported it as of July 2021 (TMIBP14); Casa (TMIBP12) and Nunchuck are working on it for multi-sig setups, with the goal of testing Taproot’s threshold signatures. Chainalysis, predictably, did not highlight ‘privacy’ as a benefit.
:information_source: Check out Bitcoin Optech Newsletter #173, #174, and #175 for the wrap-up of their “weekly series about how developers and service providers can prepare for the upcoming activation of taproot,” as well as #178, #179, #180, #181, #183, and #184 for post-activation news.
In the area of Lightning Network privacy, ACINQ software developer Bastien Teinturier was interviewed in SLP319 about its shortcomings and opportunities for improvement, such as Taproot/Schnorr, MuSig (TMIBP01, TMIBP03, TMIBP04, TMIBP05, TMIBP06, TMIBP11, and TMIBP13), route blinding, payment decorrelation, and Trampoline routing (TMBIP10). Teinturier also spoke on these topics, independently and on a panel, for the Adopting Bitcoin (AB21) conference in El Salvador. Starting in November, Wasabi offered a grant – eventually increased in collaboration with the MAGIC non-profit and developer Dan Gershony – for “researchers and teams of researchers to design, (not implement), the best possible privacy-focused Lightning Network light client.”
On December 10th, Chainalysis announced that they were “the first blockchain analysis company to offer customers a transaction monitoring solution for the Lightning Network,” a capability that has been requested by the IRS (TMIBP02 and TMIBP04). The news was discussed at length in the Lightning Junkies podcast on December 17th. You can explore Chainalysis’ public government contracts here.
On January 31st 2022, relating to the AOPP controversy, it was suggested that BOLT11 invoice descriptions/ memos be similarly re-evaluated from a privacy perspective, especially given use cases like BottlePay which require users to include personally identifying information for verification. Developer Martin Habovštiak replied that the “biggest real problem” is “the fact that invoices leak txids of private channels even though they shouldn’t have to,” and suggested that node IDs should be rotated to avoid reuse.
On December 31st 2021, a pseudonymous individual declared that their New Year’s resolution was to “buy Bitcoin through non-KYC methods for the duration of 2022,” and so began their “Diary of a Non-KYC Bitcoiner.” As of this writing, they have published three entries. If you live in a country where it is becoming more difficult to buy KYC-less, their experience may be helpful.
In TMIBP01, TMIBP03, TMIBP06, TMIBP09, TMIBP14, and TMIBP16, I have followed development of WabiSabi, a variable-amount CoinJoin protocol that will be introduced in the next major iteration of Wasabi. On October 22nd 2021, the Cryptoeconomic Systems (CES) Journal, housed by MIT’s Digital Currency Initiative (DCI) published their second issue with ten review summaries of various papers, including the WabiSabi paper. Criticisms noted that the paper “requires considerable pre-knowledge on the topic,” therefore limiting the “audience,” and there was “no rigorous evaluation or security proof.”
On February 10th, Wasabi announced that a new Swiss-based security auditor Inference AG had assessed their WabiSabi cryptographic codebase in January for “security defects (incorrect implementation, software bugs, randomness issues, data leaks, etc.).” The published report includes six recommendations.
In TMIBP01, TMIBP03, and TMIBP12, I have followed the release and optimisation of RoninDojo, an installation assistant and interface for Samourai Wallet’s self-hosted full node backend which can automatically sync with their privacy-focused mobile wallet. This month, they released v2.0.0 of the RoninUI. “This release marks the beginning of a huge overhaul of our project, the end of dependence on the command line, and so much more up our sleeves!” In a blog post displaying their newly re-designed cyberpunk aesthetic and outlining their progress, they wrote about what else is coming on the roadmap:
While these are all nice, it’s just a beginning and we will continue to add more features in the near future. To name a few: calculate and display a Boltzmann score for any transaction similiar to KYCP.org, install and uninstall certain apps like local Mempool.space, manage your Whirlpool CLI using Ronin UI or upgrade your RoninDojo and system dependencies via Ronin UI.
Chaincode Labs researcher Sergei Tikhomirov has summarised and reviewed a paper published in April 2021 titled “LightPIR: Privacy-Preserving Route Discovery for Payment Channel Networks.” PIR stands for ‘private information retrieval.’
Lightning is currently source-routed. This means that each sender does a local route search on the full network graph. This may become unsustainable as Lightning grows grows. Naively outsourcing route discovery to dedicated servers harms privacy: the servers know who is paying whom.. The authors combine private information retrieval with all-pairs-shortest-path pre-computation with hub labeling, optimized for real LN topology.
… This approach is valuable and underappreciated. Most likely, there are lots of valuable ideas in scientific literature from long before Bitcoin came along, waiting to be applied in modern development. However, at least in the case of LightPIR, more effort is required to turn this protocol into an implementation-ready proposal.
In October 2021, the U.S. Department of Justice (TMIBP02, TMIBP05, TMIBP09, TMIBP11, TMIBP12) announced the creation of a National Cryptocurrency Enforcement Team (NCET) “to tackle complex investigations and prosecutions of criminal misuses of cryptocurrency, particularly crimes committed by virtual currency exchanges, mixing and tumbling services, and money laundering infrastructure actors.”
Under the supervision of Assistant Attorney General Kenneth A. Polite Jr., the NCET will combine the expertise of the Department of Justice Criminal Division’s Money Laundering and Asset Recovery Section (MLARS), Computer Crime and Intellectual Property Section (CCIPS) and other sections in the division, with experts detailed from U.S. Attorneys’ Offices. The team will also assist in tracing and recovery of assets lost to fraud and extortion, including cryptocurrency payments to ransomware groups.
This month, following the “application process seeking an individual with experience with complex criminal investigations and prosecutions, as well as the technology underpinning cryptocurrencies and the blockchain,” they have selected Eun Young Choi as the first director of NCET. Choi is described as “an accomplished leader on cyber and cryptocurrency issues.” The summary of her career includes acting as “lead prosecutor” in the Coin.mx and Panama Papers tax evasion cases, and on behalf of the U.S. government “successfully argu[ing] the appeal before the Second Circuit in the case against Ross Ulbricht.” That appeal, where Choi is listed as the assistant attorney for Preet Bharara, concerned whether Judge Katherine B. Forrest had “erred in denying his motion to suppress evidence obtained in violation of the Fourth Amendment,” “committed several errors that deprived him of his right to a fair trial, and incorrectly denied his motion for a new trial,” and if “his life sentence is both procedurally and substantively unreasonable.”
Exactly two months earlier on December 17th 2021, Ulbricht reached his “3,000th day in prison.” Just two days earlier on February 15th, Ulbricht’s managed account had tweeted: “There’s no such thing as a life sentence. It’s just a death sentence that takes a while.”
In collaboration with community member @noisymouse27f, Samourai Wallet published a series of seven explainer videos, exhibiting features of their wallet and OXT blockchain analysis tool (TMIBP03, TMIBP15), by breaking down various subjects relevant to Bitcoin privacy: unspent transaction outputs (UTXOs), change outputs, address reuse, the Change Output Position heuristic, the Largest Output Amount heuristic, the Round Number Payment heuristic, and the Script Type heuristic. The videos include cameo appearances of Bitcoin Q+A and Openoms.
In around a total of 30 minutes watch time you should have a basic understanding of bitcoin transaction composition, heuristics that can be applied to surveil transactions, tools to conduct your own blockchain analysis research, and methods to protect yourself from these threats.
In TMIBP03, TMIBP06, TMIBP09, and TMIBP10, I have covered adoption of the BIP-47 specification. In TMIBP16, Sparrow Wallet released a compatible implementation of Whirlpool to do CoinJoin. On February 22nd, lead developer Craig Raw also committed support for “linking, sending to and receiving from” BIP-47 PayNyms, which will likely come with the next code release. On the same day, BTC Sessions host Ben Perrin published a tutorial for this feature in Samourai Wallet, the only wallet to have implemented it so far.
Update: On March 3rd, Sparrow Wallet published v1.6.0 with “linking, sending to and receiving from PayNyms on Legacy, Nested Segwit and Segwit addresses.” Raw writes that “this functionality is useful for a variety of applications, including crowdfunding, repeat payments, auto-withdrawal from exchanges etc.”
Last year in July 2021, Habovštiak published a draft proposal for reusable Taproot addresses, based on the BIP-47 scheme but also trying to improve on some of its issues. So far it has notably received interest and suggestions from Laurent, Ruben Somsen, and JoinMarket contributor Adam Gibson.
In December 2021, Janey Gak wrote about why PayNyms were useful for helping her fellow Afghans receive bitcoin; her translation, educational, and fundraising efforts had previously been featured by CNBC in August.
The reality is that many good hearted people do not want to take the risk of sending donations to a sanctioned country like Afghanistan. So for those who want to donate privately, PayNyms offers an easy solution.
Make no mistake: the need is not limited to civilians in countries under sanction, economic distress, or at war. If your so-called democratic government has recently been expanding the definitions of “foreign and domestic threat actors” to include those sharing information “based on fact,” or has decided to pursue financial surveillance and censorship against those who participate in or support non-violent protest, then you too may soon see how authoritarianism is not limited to Over-There-Land, and “we must defend our own privacy if we expect to have any.”
:warning: If you have never set up or used a pseudonymous identity before, check out Blockchain Commons’ Pseudonymity Guide. If you are vulnerable to these circumstances, I recommend Kraken’s “Security Advisory: Mobile Phones,” Lopp’s “A Modest Privacy Protection Proposal,” and Bazzell’s “Privacy, Security, & OSINT Show.”
In TMIBP01, TMIBP03, and TMIBP07, I covered the early development of a working CoinSwap protocol. At the end of the month, Chris Belcher announced that he has released an alpha version of the project as “Teleport Transactions.”
The project is almost completely decentralized and available for all to use for free (baring things like miner fees). So far it is only really usable by developers and power-users to play around with. It doesnt have all the necessary features yet, but from now on I’ll be doing new releases very often as soon as every new feature gets added. It is possible to run it on mainnet, but only the brave will attempt that, and only with small amounts. I’ve personally made many coinswaps on the testnet and signet networks, and I’ll be running market makers on signet which will be available for anyone to create coinswaps with.
Right now it just uses 2of2 multisig for the coinswap addresses. Those address types are rare on the blockchain so the coinswaps stand out a fair amount (although protocols like lightning also use 2of2 multisig). However the next really big task on my todo list is to use ECDSA-2p which would make these multisig addresses look like regular single-sig addresses, which are overwhelmingly common out there and so provide an enormous anonymity set.
My aim is that the Teleport project will develop into a practical and secure project on the bitcoin mainnet, usable either standalone as a kind of bitcoin mixing app, or as a library that existing wallets will implement allowing their users with the touch of a button to send bitcoin coinswap transactions with much greater privacy than as possible before.
:information_source: Check out Bitcoin Optech Newsletter #185, #186, #187, and #188 for recent technical developments beyond privacy.
Thanks for reading! Feel free to :bookmark: bookmark or subscribe to catch the next edition of ‘This Month in Bitcoin Privacy.’
]]>"69.006 BF1976 Privet Hawk-moth, Sphinx ligustri" by Patrick Clement. is licensed under CC BY 2.0
In TMIBP02, TMIBP04, TMIBP05, TMIBP06, TMIBP07, TMIBP10, TMIBP11, TMIBP12, TMIBP13, and TMIBP14, I have followed reports from the Financial Action Task Force (FATF) and the impact of its guidance around the world, specifically regarding the Bank Secrecy Act (BSA) Travel Rule, which “requires all financial institutions to pass on certain information to the next financial institution” when a transfer fits certain criteria. Towards the end of September, the German federal ministry of finance (Bundesministerium der Finanzen) released the “Crypto Asset Transfer Regulation,” or Kryptowertetransferverordnung (KryptoWTransferV), scheduled to come into force on the 1st of October.
[DE] Die lückenlose Rückverfolgbarkeit der an einer Übertragung von Kryptowerten Beteiligten dient der Verhinderung, Aufdeckung und Ermittlung von Geldwäsche und Terrorismusfinanzierung sowie der Überwachung von Sanktionsumgehungen. Die Verordnung ordnet ferner an, dass ein Verpflichteter sicherstellen muss, dass Angaben zum Begünstigten oder Auftraggeber einer Übertragung erhoben werden, wenn die Übertragung von oder auf eine elektronische Geldbörse erfolgt, die nicht von einem Kryptowertedienstleister verwaltet wird, auch wenn eine Übermittlung der Daten in diesem Fall nicht in Betracht kommt.
[EN] Full traceability of the parties involved in a crypto value transfer serves to prevent, detect, and investigate money laundering and terrorist financing, as well as to monitor sanctions evasion. The regulation also orders an obligated party to ensure that information on the beneficiary or originator of a transfer is collected when the transfer is made from or to an electronic wallet that is not managed by a crypto value service provider, even if a transfer of the data is not an option in this case.
On October 13th, the German language Bitcoin magazine BTC21 tweeted at Berlin-based neobank Nuri (formerly known as Bitwala) regarding a customer whose account had been frozen or closed after it was found that coins withdrawn from the service had subsequently gone through a CoinJoin.
[DE] Kann @NuriBanking erklären, wieso sie einem Kunden das Konto sperren, nur weil zwei seiner Transaktionen zum Coinjoinen benutzt wurden? Coinjoins sind nicht illegal. Es geht euch überhaupt nichts an, wohin Kunden ihre Coins senden, nachdem sie euer Wallet verlassen haben.
[EN] Can @NuriBanking explain why they block a customer’s account just because two of their transactions were used to coinjoin? Coinjoins are not illegal. It is none of your business where customers send their coins after they leave your wallet.
Their screenshot shows a series of questions, presumably sent from Nuri to the customer, regarding two transactions made in February:
[DE] Welchen Zweck hat / haben folgende/n Transaktion/en? Welche Beziehung besteht zwischen dir und der Gegenpartei? Bitte stelle uns der/n Transaktion/en zugrundeliegende Dokumente zur Verfügung (z.B. Rechnungen, Verträge, Vereinbarungen).
[EN] What is the purpose(s) of the following transaction(s)? What is the relationship between you and the other party? Please provide us with the underlying documents of the transaction(s) (e.g. invoices, contracts, agreements).
Nuri responded to the tweet:
[DE] Durch die gestellten Fragen und deren Beantwortung kommen wir, als auch unser Banking-Partner, unseren rechtlichen, als auch regulatorischen Pflichten nach. Wir verstehen, dass die Fragen weitreichend sind, können dir aber versichern, dass diese streng vertraulich behandelt und nur zur Erfüllung unserer Pflichten verwendet werden.
[EN] By asking and answering these questions, we, as well as our banking partner, fulfill our legal and regulatory obligations. We understand that the questions are extensive, but we can assure you that they will be kept strictly confidential and will only be used to fulfill our obligations.
Towards the end of the month, Nuri wrote that they were taking direction as a tied agent of their partner bank, Solarisbank.
A short thread and statement re: #coinjoin and recent regulations: As a tied agent of @solarisbank, we 100% adhere to their policies and directions when it comes to interpreting rules and regulations regarding crypto and money transfers. There is a lot of new regulation coming into effect, the interpretation of which is not always 100% clear. Be assured that behind the scenes, we are doing everything we can to maintain “Freedom of Transaction” for everyone as much as possible. We are taking all concerns very seriously and are doubling down on our efforts to educate our customers, partners, competitors, and regulators about the technical and social possibilities of bitcoin.
In TMIBP13, I noted that the FATF planned to finalise their guidance in October. On October 28th, they released their 111-page “Updated Guidance for a Risk-Based Approach for Virtual Assets and Virtual Asset Service Providers.” Coin Center’s director of research Peter van Valkenburgh summarised the changes and remaining issues with it.
The penalties for failure to obey financial surveillance obligations in the US are severe, including felony criminal liability, substantial fines, and jail time. It is, therefore, inappropriate for a law with such unforgiving penalties to be drafted with such circumspect and uncertain terms.
As a silver lining, remember that this guidance document is entirely non-binding. FATF is not a creature of law or treaty and nothing that they release is self-executing. Moreover, only the FATF “recommendations,” themselves, (rather than their “guidance” publications) are intended to set standards that member states should adopt into actual law. Those recommendations have not been changed by this recent release from FATF. In the US, at least, our existing rules from FinCEN are already sufficient to implement the FATF recommendations. Therefore, this guidance does not and should not necessitate any new policy from our AML regulators here in the US.
The Oslo-based analysis and consulting group Arcane Research published a “comprehensive overview of usage on the Lightning Network,” titled ‘The State of Lightning.’ Using “gathered private data from several companies in the Lightning ecosystem, among other popular wallet providers,” a few privacy-related points they highlight include estimates about the ratio of public versus private / unannounced channels…
From May 1st till September 30th, the number of public channels grew by 80% from 39,281 channels to 70,583 channels, amid a period of unusually low on-chain fees. This does not reflect the complete picture of the number of channels on the Lightning Network, as many channels are private and not broadcast to the entire network. Thus, the actual channel count is likely far higher than what’s reflected by the public data. BitMEX Research estimated that 27.8% of all Lightning channels were private in January 2020. To our understanding from talks with industry-leading experts, the share of private channels on Lightning could be even higher now. Thus, the BTC capacity, channel count, and node count from public data is most likely a significant underestimation of the current size of the Lightning Network.
usage statistics for payments toward goods and services (though it’s not clear what ‘privacy services’ consists of)…
In terms of payment value, trading and privacy services account for a large portion of spending, totaling about three-quarters of a million dollars each. We further estimate that about $230,000 was used on gift cards, $150,000 for gambling and gaming, $130,000 for merchant payments, and $400,000 for other purposes.
and how Lightning will impact e-commerce data collection practices.
There are several reasons for why the Lightning Network will play a vital part in these industries in the future. This is not only related to instant micropayments to make a more seamless experience, where consumers meet a simple QR code when they want to pay for goods and services and payments are instant, but also in terms of privacy. We will gradually move over to using services that require less personal information, credit card information and other details connected to your profile. Why? Because the only tool you need to access your Lightning wallet will be you. This will also enhance privacy from what we see with on-chain bitcoin transactions today, as the public won’t know what you’re using your Lightning funds for.
However, as we can see from the methodology of this report and Bitfury’s Lightning Peach in 2019, users must be careful with their wallet and node software choices, as use of second-layer networks does not eliminate avenues for data collection. I have previously covered Lightning privacy in TMIBP01, TMIBP02, TMIBP03, TMIBP04, TMIBP05, TMIBP07, TMIBP08, TMIBP10, TMIBP11, TMIBP12, and TMIBP14. This month, Wasabi’s Trellz Lewis summarised a podcast on the topic featured in TMIBP10.
In TMIBP05, TMIBP08, TMIBP12, and TMIBP14, I have followed exploration and criticism of central bank digital currencies (CBDCs). The topic has attracted the attention of whistleblower and Freedom of the Press Foundation president Edward Snowden, who published a long form piece to his personal Substack with the sub-title: “Central Banks Digital Currencies will ransom our future.” In the essay, Snowden uses a theoretical future user of “e-dollars” to draw the link between financial surveillance and censorship.
Will a CBDC be helpful to him? Will an e-dollar improve his life, more than a cash dollar would, or a dollar-equivalent in Bitcoin, or in some stablecoin, or even in an FDIC-insured stablecoin?
Let’s say that his doctor has told him that the sedentary or just-standing-around nature of his work at the bank has impacted his health, and contributed to dangerous weight gain. Our guard must cut down on sugar, and his private insurance company — which he’s been publicly mandated to deal with — now starts tracking his pre-diabetic condition and passes data on that condition on to the systems that control his CBDC wallet, so that the next time he goes to the deli and tries to buy some candy, he’s rejected — he can’t — his wallet just refuses to pay, even if it was his intention to buy that candy for his granddaughter.
Or, let’s say that one of his e-dollars, which he received as a tip at his gas station job, happens to be later registered by a central authority as having been used, by its previous possessor, to execute a suspicious transaction, whether it was a drug deal or a donation to a totally innocent and in fact totally life-affirming charity operating in a foreign country deemed hostile to US foreign policy, and so it becomes frozen and even has to be “civilly” forfeited. How will our beleagured guard get it back? Will he ever be able to prove that said e-dollar is legitimately his and retake possession of it, and how much would that proof ultimately cost him?
On October 20th, Wasabi published an op-ed by community manager Karo Zagorus that also focused on this potential reality:
To better control money, it has become important to control who spends what and where. Today’s digital banking is not fully digitalized since it still relies on a bank’s internal ledger system to run the accounts. But as Central Banks take further control with Central Bank Digital Currencies (from now on CBDCs), the more control they will have over inflation.
The next system will have the bank’s centralized accounts running on the national central bank’s own ledger. This will allow the central bank to directly monitor the flow of money. The smallest spending you make in the future will be permanently recorded by the government and will be open to analysis by third parties. Privacy will not exist in this world because to stop the effects of inflation from being realized, they need to find new creative ways to stop you from spending your money.
On October 25th, the European Central Bank (ECB) announced the members of their new “Digital Euro Market Advisory Group,” consisting of “30 senior business professionals” belonging to various merchants, payment processors, and banks. They note that “meetings are to be held at least quarterly, starting in November 2021.”
Privacy Tools, a popular online resource for “services, tools and knowledge to protect your privacy against global mass surveillance,” announced that they had added a new section for privacy-focused Bitcoin wallets. The list includes Samourai Wallet, Sparrow Wallet, and Wasabi Wallet. Note: Their hardware wallet recommendation is unknown to me.
More than a week later, they added another new section about Monero.
In TMIBP06, TMIBP07, TMIBP12, and TMIBP15, I have looked at privacy in the mining process and industry. This month, the mining marketplace and service provider Compass Mining held an interview with ‘Diverter’ (author of “Mining for the Streets”) and Human Rights Foundation (HRF) director Alex Gladstein about “the usefulness of bitcoin mining as a tool for financial sovereignty.” They encouraged listeners to see at-home mining as a way to acquire bitcoin more privately, and contribute to the security and decentralization of the network.
What I’m fond of saying, and a couple others are as well, is that it’s not so much that there is a premium on non-KYC sats. The reality is, the non-KYC price… that is the price, that’s the street price. When you buy on a centralized KYCed exchange, you’re actually getting a discount. You’re getting a discount for your data.
… Suddenly within a year, I’ve watched this whole narrative change now, to where it’s not immediately dismissed anymore. Now we’re down to the nitpicking stuff, you know, whether it’s actually anonymous or private.
Gladstein argued that “at-home mining / very small operation or off-grid mining actually could be more resilient in some ways to state capture and attack than large industrial-scale” facilities; ‘Diverter’ clarified that this consisted of being “still on the grid, but you blend in like everyone else,” and he sees this as “the future of Bitcoin mining.” He also cautioned mining pools against data collection on participants, given the regulatory attention it could invite.
:information_source: For information on the viability of independent, at-home mining to acquire non-KYCed bitcoin (U.S.-focused), read here.
:information_source: No stories on Taproot this month, but still: check out Bitcoin Optech Newsletter #169, #170, #171, and #172 for their “weekly series about how developers and service providers can prepare for the upcoming activation of taproot,” and other recent technical developments beyond Bitcoin privacy.
Thanks for reading! Feel free to :bookmark: bookmark or subscribe to catch the next edition of ‘This Month in Bitcoin Privacy.’
]]>"68.001 BF1643 Emperor Moth, Saturnia pavonia, male." by Patrick Clement. is licensed under CC BY 2.0
Wasabi published another progress update regarding the major revamp of their wallet software, with details about various changes they planned to include, such as: a send fee chart, send optimisation options (like avoiding round numbers), a QR code reader, automated CoinJoin, and of course WabiSabi (see TMIBP01, TMIBP03, TMIBP06, and TMIBP09). On September 15th, they conducted a WabiSabi transaction on testnet. On September 18th, Ádám “Nopara” Ficsór wrote further about the “privacy guarantees of Wasabi Wallet 2.0.”
Dynadenomination Coinjoins utilize not only multiple denominations, but also multiple denomination systems, randomly and dynamically… The Dynadenomination Coinjoin algorithm started by breaking down each and every input into denominations and took the most frequent ones. This was not only helpful in achieving probabilistic equalities on the output side, but these are also great numbers to increase their combinations such as they add up to many input combinations. In other words the final outputs end up adding up to more valid sub-mappings (sub-transactions) than if they were to be chosen randomly.
On September 21st, Johann Stockinger, Bernhard Haslhofer, Pedro Moreno-Sanchez, and Matteo Maffei published ‘Pinpointing and Measuring Wasabi and Samourai CoinJoins in the Bitcoin Ecosystem,’ the “first paper to provide a comprehensive picture of the adoption of distributed CoinJoin.” They concluded that there has been “a somewhat steady adoption of these services and found a growing trend with a total amount of 190,777.11 mixed BTC with a value of ca. 3.02 B USD,” after devising detection heuristics for coins mixed through each service.
For privacy-seeking end users, wallets like Wasabi and Samourai are a practical, low-entry barrier solution to Bitcoin’s anonymity problem. While it is, to the best of our knowledge, hardly possible to de-mix CoinJoins produced by these wallets, users should be aware that the use of such services is visible on-chain and that cryptoasset tracing and tracking solutions can detect them. Also pre-mixed and post-mixed addresses can be tracked, effectively reducing the anonymity guarantees provided by these mixing wallets.
El Salvador’s adoption of bitcoin as legal tender, following congressional approval back in June, made international headlines and remained a hot topic of discussion throughout the month. The activation of the “Bitcoin Law” coincided with the release of their official Bitcoin hot wallet app, Chivo. I was none too pleased to read the following in Forbes:
For months, El Salvador has kept many of Chivo’s details under wraps, with the nation’s 40-year-old president, Nayib Bukele, teasing the wallet’s launch on Twitter just last week. However, Forbes has learned El Salvador appears to have tapped cryptocurrency unicorn BitGo to provide Chivo’s wallet infrastructure and security platform, making the Palo Alto, Calif-based startup the nation’s exclusive hot-wallet provider in a historic moment for cryptocurrency adoption.
… At least for now, the Chivo wallet will only support bitcoin and USD, and users won’t incur fees when transacting with others using the wallet — a point President Bukele has stressed on Twitter. Funds withdrawn from the wallet, however, will incur fees. BitGo has worked out a “small commercial relationship” with El Salvador’s central bank, Belshe says, but financial terms weren’t disclosed.
And my concern was quickly justified. Bitrefill head of research Matt Ahlborg, in his early evaluation of Chivo, noticed that the Lightning invoices “contain the full legal name of the creator of the invoice.” At least within a day or two, the issue was “fixed.”
Yesterday I tweeted about a #ChivoWallet privacy issue where the users’ full legal name was being leaked in the LN invoice metadata. It appears to be fixed, and what’s in its place is “Thanks Matt Ahlborg”, which I guess is to show that they saw my tweet.
The Lightning Junkies podcast released episode LNJ049, an interview with Galoy co-founder Nicolas Burtey regarding the adoption of Bitcoin / Lightning in El Zonte, El Salvador. At one point, Burtey stated that privacy is not “the top of their mind” at this stage. This was also the first topic for a group discussion hosted by Bitcoin Magazine.
Mastercard announced “an agreement to acquire CipherTrace, a leading cryptocurrency intelligence company with insight into more than 900 cryptocurrencies.” They note that the “terms of the agreement were not disclosed, and the transaction is anticipated to close before the end of the year, pending certain conditions.”
As digital assets, including cryptocurrencies and non-fungible tokens (NFTs), become more intertwined with everyday activities — from the way people pay and get paid to how they invest — trust and security will be critical enablers to ensure broad adoption and scale. These new technologies will require new solutions and more powerful intelligence to ensure that the crypto economy is instilled with the same trust and peace of mind that consumers currently experience with more traditional payment methods.
The integrated offering will build on CipherTrace’s suite of digital assets and Mastercard’s cyber security solutions to provide businesses with greater transparency to help identify and understand their risks and to help manage their digital asset regulatory and compliance obligations.”
In an interview with CoinDesk TV host Christine Lee, CEO Dave Jevans shared that the acquisition agreement “came about through many months of work,” after assuming that Mastercard would remain either a customer or investor. While he did not reveal the acquisition amount, Lee noted that their competitor Chainalysis had recently been valued at $2 billion. He claimed that they feel “very strongly about privacy, and I think Mastercard feels the same way. This is not in any way about exploiting privacy; this is really, like, increasing it.”
In a later interview with Cointelegraph reporter Rachel Wolfson, Jevans said that they offered “unique products, like ‘Armada’ for example, which integrates intelligence around crypto and banking transactions.” According to promotional documents on Armada, which launched in April 2020, it is “tightly integrated with leading AML tools including Nice Actimize, Caseware Alessa, BAE, Worldsys and Featurespace to identify VASP payments,” and “visually displays VASP risk profiles based on KYC effectiveness, risky transactions, illicit activity.” He anticipates that “all major payments companies will have to either acquire or partner with crypto intelligence firms to ensure digital asset development.”
CipherTrace has previously been mentioned in: TMIBP03, regarding their development of tools for the U.S. Department of Homeland Security (DHS) to track Monero; TMIBP05, regarding their membership in the U.S. Travel Rule Working Group (USTRWG); TMIBP07, regarding their contributions to a new online resource for anti-money laundering (AML) and compliance professionals; and TMIBP11, noting their partnership with digital forensics firm Cellebrite.
Update: Mastercard announced they had completed the acquisition on October 19th.
In TMIBP01, TMIBP03, and TMIBP10, I have covered grants from the Human Rights Foundation (HRF) toward “making the Bitcoin network more private, decentralized, and resilient.” This month, they announced another gift of 3.75 BTC, distributed among ten developers, including Chaincase (see TMIBP11, TMIBP12, and TMIBP13).
The second round of 0.25 BTC is being gifted to Chaincase, a mobile and open-source iOS bitcoin wallet that allows users to use features such as CoinJoin, coin control, and Tor. The money received will be spent on supporting the addition of PayJoin, which is a peer-to-peer (P2P) CoinJoin transaction that helps restrain Bitcoin surveillance even for users who do not use PayJoin.
… The fifth and final recipient of the 0.25 BTC grant will go towards a bounty for developers to add a JoinMarket app to the Umbrel full-node platform. The reasoning for this will be to increase the privacy and fungibility of their bitcoin transactions for Umbrel users. This is estimated to increase JoinMarket usage which will result in bitcoin privacy being much more accessible.
… The third recipient of 0.50 BTC is Bitcoin Core developer Vasil Dimov, who is known for implementing Tor v3, BIP155, and I2P support in Bitcoin Core. The money will be used on implementing CJDNS support, which will improve privacy and the security of the network against partitioning attacks. In addition to this Dimov will work on code review which will improve the testability of the networking code.
On the same day, Bitrefill published an interview with JoinMarket contributor Adam Gibson about privacy, “China’s attitude towards Bitcoin,” and how he had become interested in it.
In TMIBP01, TMIBP02, TMIBP04, and TMIBP05, I have followed Coinbase’s contractual relationships with, and data disclosures to, government agencies, many of which can be conveniently viewed through Tech Inquiry’s lobbying and procurement explorer. In August and September, they were awarded two contracts for Analytics from the U.S. Immigration and Customs Enforcement (ICE) branch of Homeland Security, valued overall at $29,000 and $1,365,000 respectively. The smaller contract is categorised under the product/ service code “DA01: IT AND TELECOM - BUSINESS APPLICATION/APPLICATION DEVELOPMENT SUPPORT SERVICES (LABOR),” and the larger contract under “DA10: IT AND TELECOM - BUSINESS APPLICATION/APPLICATION DEVELOPMENT SOFTWARE AS A SERVICE.”
Beyond that, it is not stated how they plan to use the platform. But there are indications that the focus of its use will involve the War on Drugs. In March 2017, during a U.S. House of Representatives subcommittee hearing on the opiod crisis, Investigative Programs assistant director Matthew C. Allen stated:
ICE recognizes that the private sector represents America’s first line of defense against money laundering. Through our Illicit Finance and Proceeds of Crime Unit (IFPCU), ICE partners with the U.S. financial industry, along with state and federal agencies, to combat financial and trade crimes associated with heroin and fentanyl smuggling and distribution. In targeting virtual currency transactions of heroin and illicit fentanyl, ICE uses blockchain analysis to track transactions between criminal parties.
In their budget overview for fiscal year 2021, ICE wrote:
The [Bulk Cash Smuggling Center] BCSC has developed a Cryptocurrency Intelligence Program (CIP) which identifies unlicensed money services businesses in the form of independent cryptocurrency brokers’ use of peer-to-peer (P2P) sites, online forums and classified advertisements, and darknet markets (DNM) to engage in unlicensed money services businesses (MSB) activity. A large portion of these unlicensed MSBs are engaged in laundering narcotics proceeds, including opioid trafficking.
As I explained in TMIBP01, Coinbase Analytics is a re-branding of the blockchain surveillance company Neutrino, which they acquired in February 2019. Former Neutrino CTO and Hacking Team co-founder Alberto Ornaghi described himself as a “Senior Software Engineer” at Coinbase from February to July 2019 in his LinkedIn profile, and is now a technical advisor to Credmark, a tokenised “risk modeling platform in the DeFi space.”
Since TMIBP13, Bisq has been prompting users to upgrade to Tor v3 addresses. This month, they merged bitcoinj support for Tor v3 as part of release version 1.7.4, which “enables you to connect to a Bitcoin Core node with a Tor v3 address.” They plan to phase out support for Tor v2 addresses after October 15th.
On September 21st, Johannes Kepler University Linz assistant Tobias Höller published a guest post for the Tor Project examining “V3 onion services usage,” on which he had recently co-authored a paper. He also explains the privacy improvements:
For V2 onion services, the data published in the hidden service directory is uploaded in plain text, meaning that the Tor relays with the HSDir flag can learn a lot of information about a small fraction of running V2 onion services (most importantly the onion address) every day.
… V3 uses encryption and key derivation to address this issue. Since the V3 address is itself a public key, all the data uploaded to the hidden service directory can be encrypted. Clients can always decrypt that data with the key embedded in the .onion address. However, clients still need to ask the directory for information about a specific onion address, which would again allow mass collection of onion addresses. With V3 onion services, this is prevented by using key derivation to derive a daily-rotated identifier (“blinded public key”).
… Thanks to these improvements, V3 onion services leak much less sensitive information.
For more coverage on the Tor v3 transition in Bitcoin, see TMIBP05, TMIBP07, and TMIBP08.
CoinDesk writer Danny Nelson reported that “according to leaked documents reviewed by CoinDesk, Chainalysis, the largest of the blockchain tracing firms, owns and operates” the blockchain explorer website walletexplorer.com. The documents, supposedly from a “Chainalysis presentation to Italian police investigating the dark web,” claim that the site “‘scrapes’ the IP addresses of suspicious” visitors, which is then used to “provide law enforcement with meaningful leads related to the IP data associated with an address.”
The website’s creator didn’t exactly hide his association with the company. Both the homepage and FAQ are credited to Aleš Janda, a Prague-based researcher whose website and LinkedIn note that he is a graduate of the Czech Technical University in Prague (ČVUT) and has worked for Chainalysis since September 2015, around the time that he gave a presentation at a Paralelní Polis meetup. He describes the explorer as “a deanonymization tool… [but] since I’ve been at Chainalysis, it hasn’t been maintained much.”
If you are not interested in running your own block explorer to avoid such snoops, the least you can do is look up your addresses through services that work over Tor or even host an onion, such as blockstream.info (TMIBP02).
Samourai Wallet released version 0.99.97a with at least two relevant privacy-related improvements. First, the “like type” change output feature for post-mix spends will make it harder for analysts to distinguish between payment and change following a CoinJoin. Second, they have enabled “local receive address indexes to help prevent unintentional address reuse during high network latency or interruption.” While it is not cited, this may be related to a vulnerability disclosure from last year (TMIBP02), which found “a lack of error handling… where the client receives malformed data or any network connection disruption occurs” and recommendeded “persist[ing] the relevant wallet indexes locally in the same manner the Whirlpool desktop client does.”
On the same day, Sparrow Wallet released version 1.5.0. In addition to incorporating pre-send privacy analysis tips and Belcher’s anti-fee-sniping protection (TMIBP13), it also includes STONEWALL-type transactions, which will be “the default for postmix sends,” and a compatible implementation of Whirlpool to do CoinJoin, for which there is a detailed setup guide (also translated by Egge into German).
:information_source: If you are new to Samourai Wallet and Bitcoin privacy, check out the new four-part series on wallet basics, the suite of spending tools, Whirpool, and the Dojo, produced by Bitcoin Q+A and ‘Brother Rabbit.’
Assistant professors Andrew M. Bailey, Bradley Rettler, and Craig Warmke, who form the Bitcoin-focused research collective Resistance Money, published two articles on the “philosophy, politics, and economics of cryptocurrency.” The first part, ‘Money Without State,’ serves as an introduction to Bitcoin and cryptocurrencies, and questions among other things “the orthodox status of the view that issuing money is a critical state function.” The second part, ‘The Moral Landscape of Monetary Design,’ expands on the remaining three of four “key design dimensions along which cryptocurrencies differ – privacy, censorship-resistance, and consensus procedure.”
Despite widespread agreement on the value of privacy, financial privacy – that is, privacy with respect to buying, selling, and storing value – is not widely discussed or defended. As we’ll see, though, it deserves renewed attention, especially in relation to cryptocurrencies.
CoinJoin, ring signatures, and zero-knowledge proofs are mentioned as ways to “transact… more privately.” They also acknowledge that “the very privacy-enhancing features of cryptocurrencies that distinguish them from traditional forms of money could simultaneously help them fulfill traditional money roles,” especially fungibility.
:information_source: No Taproot stories this month, but: check out Bitcoin Optech Newsletter #164, #165, #166, #167, and #168 for their “weekly series about how developers and service providers can prepare for the upcoming activation of taproot.”
Thanks for reading! Feel free to :bookmark: bookmark or subscribe to catch the next edition of ‘This Month in Bitcoin Privacy.’
]]>"Cecropia Moth. Freshly Emerged - Drying Wings" by Buckobeck is licensed under CC BY-NC 2.0
OXT Research analyst Ergo began publishing a four-part series on blockchain analytics and transaction privacy. The first part focuses on clarifying that Bitcoin is not anonymous but pseudonymous, and introducing various heuristics for categorising payments and detecting change; the second part, on “the core concepts that underpin chain analysis,” clustering, and how OXT’s transaction graph works; the third part, on “the methods for undermining chain analysis,” essentially by increasing ambiguity and uncertainty that a given interpretation about a transaction or wallet behaviour is accurate; and finally, the fourth part, on various features of Samourai Wallet that “can be used to maintain privacy when interacting with bitcoin,” including stealth addresses (TMIBP09, TMIBP10), coin control, Ricochet (TMIBP02, TMIBP10), STONEWALL (TMIBP02, TMIBP04), Stowaway aka PayJoin (TMIBP03), and Whirlpool (TMIBP01), which has since been integrated with Sparrow Wallet as well.
It is likely that the typical user reading this guide is not looking to become an expert in chain analysis. Rather they are looking to improve their privacy when sending and receiving payments. The act of sending and receiving payments necessarily reveals UTXO set information about a sender’s wallet to a payment recipient. As a result, payment senders and receivers are able to evaluate the respective past and future spending of these known UTXOs, which can reveal additional information about their counterparty.
Users armed with knowledge of chain analysis are better prepared for evaluating the implications of spending and receiving and can begin to take steps to protect their privacy.
Ergo also joined SLP297 to discuss these topics. I have previously featured his research in TMIBP03 and TMIBP07.
Discourse this month has been dominated by the U.S. Infrastructure Investment and Jobs Act, a bill introduced back in June that “addresses provisions related to federal-aid highway, transit, highway safety, motor carrier, research, hazardous materials, and rail programs of the Department of Transportation (DOT).” While this now 2,700 page document was not a place where one would expect to be dealing with cryptocurrency regulations, a small section of ‘Other Provisions’ concerns “Information Reporting for Brokers and Digital Assets.” Electronic Frontier Foundation (EFF) chief program officer Rainey Reitman and legislative activist Hayley Tsukayama explain:
As EFF described earlier this week, this vaguely worded section of the bill could be interpreted to mean that many actors in the cryptocurrency space — including software developers who merely write and publish code, as well as miners who verify cryptocurrency transactions — would suddenly be considered brokers, and thus need to collect and report identifying information on their users.
The inclusion of this provision was based on a presumption that “by engaging in more rigorous surveillance of the cryptocurrency community, the Biden administration will see more tax revenue flow” – specifically, $28 billion – because “huge swaths of cryptocurrency users are engaged in mass tax avoidance, without providing any evidence of that.” I have previously covered the EFF’s advocacy on third-party doctrine issues relating to cryptocurrency (TMIBP02, TMIBP04, TMIBP05, TMIBP06, TMIBP09, TMIBP11). On August 4th, they addressed a civil society letter to two senators, expressing their support for an amendment. “We urge Congress to not rush to legislate as complex a topic as the privacy rights of cryptocurrency users.” Just as they had for the FinCEN’s proposed rulemaking (TMIBP07), Fight For The Future has also launched a campaign to encourage representatives to oppose the provision. Unfortunately, the Senate passed the bill, by a Yea-Nay Vote of 69 to 30 and no amendments. It is now waiting to be considered by the House of Representatives.
Hardware wallet company Trezor published a statement in response to the news:
Our responsibilities to our customers’ privacy and security are too great to accept such regulation should we be forced to adopt new reporting processes. Quite frankly, the company would likely rather shut down and let Trezor live on as the decentralized community-focused project it has always been. This would limit access to the critical security tools the space needs, but since the project is fully open source, more technically adept users could simply build their own.
According to CNBC reporter Taylor Locke, an official from the U.S. Treasury Department claimed they “will not target non-brokers, such as miners, hardware developers and others, even if the provision isn’t amended.” Coin Center executive director Jerry Brito commented:
… the bill would allow Treasury to require reporting from brokers not just on trades, but on mere transfers; and not just broker-to-broker, but from a broker to a non-broker (i.e. a person with a self-hosted wallet). That’s similar to the Mnuchin midnight rule. The bill would also create an obligation for all crypto transactions over $10k to be reported to the IRS along with personal information of the counterparty. This is a massive change to make outside of regular order.
On August 14th, Blockstream co-founder and CEO Adam Back was interviewed for Livera’s SLP300 about the bill and Bitcoin privacy. “[The provision] doesn’t make a lot of sense to me, the whole thing, really.” On August 25th, the Wall Street Journal reported that “some intelligence and law-enforcement officials are joining industry leaders in warning policy makers against overly aggressive regulations that risk exacerbating national-security hazards.”
Overregulation “may push illicit use and criminal actors deeper into anonymizing methods and corners of the internet that would make it more difficult for law enforcement,” said Jeremy Sheridan, assistant director of the U.S. Secret Service’s investigations office.”
On the threat of ransomware attacks – “the most urgent national-security issue of our time” – the article also quotes former Treasury under-secretary for the Office of Terrorism and Financial Intelligence (TFI) Sigal Mandelker, who was previously featured when she joined Chainalysis’ board of advisors (TMIBP02).
The BitMEX Research and Wallet teams have proposed a new proof of liability scheme for custodial exchanges that maintains customer privacy, building off discussion between Gregory Maxwell and Peter Todd in 2013 and then Zak Wilcox’s informal standard from 2014.
The core idea is that individual account balances are randomly split between multiple [Merkle tree] leaves. Each user balance is split at least once and therefore goes into at least two leaves. At each snapshot point, perhaps every month, a random real number between 0 and 1 is generated for each user. The user balance is then split according to this fraction, for example if a user had a balance of 200 satoshis and the number 0.400 was chosen, the balance would be split into two chunks, the first with 80 satoshis and the second with 120 satoshis. This splitting strategy happens to the list until a sufficient amount of padding is achieved, resulting in two or more splits for each user balance. To verify your balance, you would need to find it in multiple leaves of the tree (or multiple entries in a list) and then sum them up to check it matches your total expected account balance.
… The positions of the leaves are shuffled for each snapshot. A liability balance is displayed in plain text on each leaf in the tree, which adds up to the total liabilities at the top of the tree. At the same time the hash digest of each leaf is conjugated with a neighbouring leaf and hashed again, to move up the tree. Each hash includes both the hash digest and the balances in the branches below as inputs.
… The combined impact of the two privacy techniques, shuffling and splitting, ensures many privacy characteristics for the exchange and users are preserved. It is no longer possible to see a distribution of all the account balances or track the balances of any users over time.
In TMIBP03, TMIBP05, TMIBP07, TMIBP11, TMIBP12, and TMIBP14, I have followed development of BTC-XMR atomic swap protocols, namely Farcaster and the similar Hoenisch / del Pino implementation. On August 17th, Opt Out podcast host Seth Simmons shared that he had “just completed my first mainnet atomic swap (as the broker/XMR-seller).” As a provider, he soon published a guide on how to perform an atomic swap from bitcoin to Monero, using the Hoenisch / del Pino tool on Linux. At the time of writing, the MVP’s latest release is v0.8.2.
The process took 34min, was done entirely over Tor, required no interaction by me, and was peer-to-peer with no middle-man or custodian.
Relatedly, on August 9th, in his sixth episode, Simmons interviewed ‘Diverter’ about “the importance of hosting tools for friends, family, and online communities.” And in his seventh episode, he interviewed Paralelní Polis co-founder Juraj Bednar about “what role Bitcoin plays in building up a parallel economy around us.” On August 10th, Simmons joined Matt Odell’s Citadel Dispatch e0.3.4 to discuss mobile privacy, particularly in response to Apple’s proposed content scanning tools and policies (the roll-out of which has since been “delayed” to “collect input and make improvements”).
Nym Technologies announced that they had hired former U.S. Army whistleblower Chelsea Manning in July “as a security consultant, focusing on auditing… before the Nym network launches on mainnet later in the year.” I have been following the project’s development since they are testing the use of bitcoin as a reward system.
Over the next month, Manning is tasked with discovering new privacy leaks and setting parameters for “cover traffic” on Nym’s mixnet. Cover traffic is traffic that can help confuse an internet service provider or other centralized entity that can attempt network-level surveillance.
According to Forbes, CEO Harry Halpin had reached out to Manning back in February to review their new whitepaper (TMIBP09), which coincidentally involved a design similar to the schematic she had drawn while still in prison. The article also mentions that “even Tor itself is exploring how to use blockchain to create the next generation of its software,” in the form of “anonymous blacklistable credential[s]” (TMIBP04, TMIBP06).
Braiins, operator of the oldest Bitcoin mining pool, wrote a thread on “how miners can better protect their hash & privacy.” This was a repost of their guide from November 2020, “Data Privacy and Security for Bitcoin Miners.” Attack vectors include eavesdropping and hashrate hijacking by malicious ISPs or neighbors. They recommend using HTTPS (you can automatically select this on all websites using the HTTPS Everywhere browser extension), VPNs, DNSCrypt, and the Stratum V2 pool mining protocol.
:information_source: For information on the viability of independent, at-home mining to acquire non-KYCed bitcoin (U.S.-focused), read here.
Blockchain Commons contributor Prayank announced on the mailing list that they would be building and maintaining a website that aggregates “issues and PRs related to privacy from different Bitcoin projects. I have added [a] few from Bitcoin Core (full node implementation), Bisq (DEX) and LND (LN implementation) right now.” The list indicates whether those issues and pull-requests are open or merged. Dubbed ‘Camouflage,’ the repository states that it “respects the Gordian Principles, which are philosophical and technical underpinnings,” namely: Independence. Privacy. Resilience. Openness.
In TMIBP13, we saw the Taproot / Schnorr soft fork lock in for scheduled activation this November; in last month’s TMIBP14, early preparation for Taproot in various wallets was documented. This month, based on data charted by core developer Luke Dashjr, over 50% of nodes now support the Taproot soft fork and activation through running v0.21.1.
:information_source: Check out Bitcoin Optech Newsletter #160, #161, #162, and #163 for a “weekly series about how developers and service providers can prepare for the upcoming activation of taproot,” and other technical developments beyond privacy.
Thanks for reading! Feel free to :bookmark: bookmark or subscribe to catch the next edition of ‘This Month in Bitcoin Privacy.’
]]>Owl moth (Automeris belti belti) by Charles J. Sharp, CC BY-SA 4.0, via Wikimedia Commons
In TMIBP03, TMIBP05, TMIBP07, TMIBP11, and TMIBP12, I have followed development of BTC-XMR atomic swap protocols, namely Farcaster and the similar Hoenisch / del Pino implementation, which is currently stalled on uni-directional BTC-to-XMR swaps. In April, the Samourai Wallet backend was used in experimental swaps between a Bitcoin testnet and Monero stagenet. They published a blog post regarding the nature of the planned integration, in response to criticism.
In April 2021 we announced at the Bear Arms & Bitcoin conference in Austin, TX that we intended to launch a feature within Samourai Wallet that would allow users to swap their unmixed “toxic change” from Whirlpool CoinJoin transactions into the Monero blockchain and back to Bitcoin all in a non custodial way.
We clearly emphasized that Samourai Wallet would continue to only support BTC and the user would not be able to interact with XMR within Samourai Wallet. The XMR side of the swap will still need to be handled by wallet developers within the Monero ecosystem.
… We strongly believe that providing the ability to hop back and forth between the Bitcoin blockchain and the Monero blockchain without counter party risk, without KYC, without a middleman, without permission is simply adding valuable tools to our users tool-belt. And in this asymmetric fight where the individual is the smallest minority, every tool matters.
“The price of freedom is eternal vigilance.” On the day that Americans are celebrating national independence, “Join the Wasabikas” podcast host Max Hillebrand released episode #21 with Human Rights Foundation (HRF) director Alex Gladstein on the topic of financial independence and privacy with Bitcoin. The foundation has been supplying grants to individuals and projects “making the Bitcoin network more private, decentralized, and resilient” (see TMIBP01, TMIBP03, and TMIBP10).
Well, guess what? Who are the two biggest contenders for the heir to the social functions of cash, which are small payments, private payments, and savings? It’s CBDCs and bitcoin. I know which one I’m going to go with.
In TMIBP12, I featured Gladstein’s essay on “Financial Freedom and Privacy in the Post-Cash World,” which included thoughts on the advent of central bank digital currencies (CBDCs). In TMIBP05 and TMIBP08, I had previously covered talk from the European Central Bank (ECB) and Bank of International Settlements (BIS) in the area of CBDCs. On July 14th, the ECB issued a press release that they had “decided today to launch the investigation phase of a digital euro project,” lasting two years.
Finally, the investigation phase will assess the possible impact of a digital euro on the market, identifying the design options to ensure privacy and avoid risks for euro area citizens, intermediaries and the overall economy.
Linked within the press release is a “Digital euro experimentation scope and key learnings” document, which contains an interesting section on their ideas regarding privacy features, such as using “one-time pseudonyms” for “each transaction that users participate in, making it difficult for the receivers to link the numerous pseudonyms to the identity of the sender,” as well as “transaction mixing” and a bilateral “payment channel network.” Hmm, sounds familiar! :wink: However, of course, they “would require further analysis to verify that the high level of privacy did not violate AML/CFT regulatory requirements.”
Meanwhile, on July 15th, the U.S. State Department’s Rewards for Justice (RFJ) program announced that they would be “offering a reward of up to $10 million for information” on “malicious cyber activities against U.S. critical infrastructure.” They note that to “protect the safety and security of potentially sources,” tips could be reported via a Tor-based portal and – for the first time – rewarded in cryptocurrency. Pray tell, what madness drove them in there? :hushed:
Commensurate with the seriousness with which we view these cyber threats, the Rewards for Justice program has set up a Dark Web (Tor-based) tips-reporting channel to protect the safety and security of potential sources. The RFJ program also is working with interagency partners to enable the rapid processing of information as well as the possible relocation of and payment of rewards to sources. Reward payments may include payments in cryptocurrency.
In TMIBP05, TMIBP08, TMIBP12, and TMIBP13, I have included topics and events affecting the future of fiat cash. On July 22nd, Cornell University professor Eswar Prasad published an opinion piece through the New York Times, asking “When was the last time you made a payment with dollar bills?” (My answer: Today. Every day. All the time.) He outlines why CBDCs are preferable to “the hassles of handling cash,” such as in the area of “security” where cash is “vulnerable to loss and theft.” National economic policies practically indistinguishable from theft, however…
If cash were replaced with a digital dollar, however, the Fed could impose a negative interest rate by gradually shrinking the electronic balances in everyone’s digital currency accounts, creating an incentive for consumers to spend and for companies to invest.
Of course, “no central bank would forgo the ability to audit and trace transactions… a reminder that adopting a digital dollar is not just an economic but also a social decision.” Exactly! As Eric Hughes wrote in 1993, “Privacy is necessary for an open society in the electronic age,” and “we must defend our own privacy if we expect to have any.” To advocate for the “embrace” of “the advent of a digital dollar” (or rather just a more centrally administered digital dollar) is to support a less open society.
In TMIBP13, I included that Bisq set the v1.7.0 hardfork release as the “required minimum version for trading” and fixed “a privacy issue.” On July 6th, they disclosed the details:
Exchanging peers’ payment account data is required for certain verifications and (of course) for peers to actually carry out payment. Before 1.7.0, this data had been exchanged earlier in the trade process so that verifications could be done earlier, and so the trade process could fail earlier (in case a peer provided invalid account data). This approach made it possible for malicious peers to see the account data of a peer without engaging in an actual trade… with manipulated Bisq software, it was (theoretically) possible to do this without incurring costs (fees, locked in BTC, etc).
To mitigate this vulnerability, exchanging account data now occurs later, only after both traders have committed to the deposit tx. This creates a financial burden for a malicious peer trying to harvest trading peers’ account data.
We are not aware of any instances in which this vulnerability was abused. Such abuse would have led to failed trades, and at scale, Bisq support would have noticed trends in users reporting such a problem. We’ve asked the folks who tipped us off about this for permission to give them credit, but have not received a response yet. Will add credit here if/when we get the appropriate guidance.
Also in 1.7.0 was another protocol update: the hash of the trade contract is no longer an OP_RETURN output of the deposit tx. This was initially introduced to have cryptographic commitment of both traders in the contract, since signing deposit tx signified signing the contract. This output resulted in larger transactions (more mining fees), polluting the Bitcoin blockchain with data, and making Bisq transactions more distinctive and easier to spot on the blockchain. So it’s now gone.
A core developer of Haveno, a Monero-focused decentralised exchange that launched in May, claimed credit for discovering the problem “while working on Haveno’s protocol (part of which we inherit from Bisq). We immediately contacted Bisq and gave them all the info and support to fix the vulnerability.” They were also not aware of any attempts to exploit it.
In TMIBP06 and TMIBP07, I included progress updates regarding Wasabi Wallet 2.0, with a “completely replaced” user interface and the new variable-amount CoinJoin protocol WabiSabi (see TMIBP01, TMIBP03, and TMIBP09). CTO David Molnar has published another report, including a demo of the new interface and estimating that a full preview will most likely be available in ten weeks or so.
Wasabi Wallet 1.0 will keep working during the 2.0 final release series. Both services will run in parallel. It will be turned off after most of the users have upgraded to 2.0. Don’t worry, you will have time to play with 2.0 before you actually start using it.
In last month’s TMIBP13, we saw the Taproot / Schnorr soft fork lock in for scheduled activation this November. Chaincode Labs research engineer Mark ‘Murch’ Erhardt updated the Bitcoin Wiki’s ‘Bech32 Adoption’ page to include columns concerning the status of sending and receiving compatibility for Taproot’s Bech32m address format in various wallets. As of this writing, Sparrow Wallet v1.4.3 is the only one besides Bitcoin Core to already have both. Lead developer Craig Raw spoke about its feature progress, and privacy best practices, with Citadel Dispatch host Matt Odell on July 6th. Help turn that chart green and blue by asking your wallet’s developers and providers whether they plan to support Taproot!
On July 2nd, developer and Paralelná Polis member Martin Habovštiak opened a repository for the experimental Rust-based “Lightning Optimizing Opening Server,” which will allow you to open Lightning Network channels using a BIP-78 PayJoin compliant wallet (see TMIBP03, TMIBP05, TMIBP06, TMIBP08, and TMIBP13). Using this tool would make it unclear whether the transaction’s change belongs to the funder or not.
Post-Taproot-LN it will be impossible to distinguish CoinJoin from batch open of several same-sized private channels. Actually, CoinJoin and batch opening of several same-sized private channels could be one transaction. Good luck analyzing that!
On July 22nd, following up on his ongoing BIP draft, Belcher suggested that wallet developers already start to include it as they work on implementing Taproot support, “so that their user’s spends will improve the privacy and fungibility of off-chain protocols.”
:information_source: Check out Matt Corallo and Wirdum’s recent talk “How To Activate Taproot And Future Soft Forks,” Bitcoin Optech Newsletter #155, #156, #157, #158, and #159 for a new “weekly series about how developers and service providers can prepare for the upcoming activation of taproot,” and other recent technical developments beyond Bitcoin privacy.
The European Commission announced a package of new legislative proposals that will, according to them, “strengthen the EU’s anti-money laundering and countering the financing of terrorism (AML/CFT) rules.” They note that it “will be discussed by the European Parliament and Council,” with the aim to become “operational in 2024.”
The package also includes a proposal for the creation of a new EU authority to fight money laundering. It is part of the Commission’s commitment to protect EU citizens and the EU’s financial system from money laundering and terrorist financing. The aim is to improve the detection of suspicious transactions and activities, and close loopholes used by criminals to launder illicit proceeds or finance terrorist activities through the financial system.
Due to the absence of clear definitions for ‘crypto-asset wallets’ and ‘crypto-asset service providers’ internally, as well as commissioner Mairead McGuinness’ declaration, many were given the impression that this legislation will try to ban private wallets in general:
The anonymity of crypto-assets exposes them to risks of misuse for criminal purposes. Anonymous crypto-asset wallets do not allow the traceability of crypto-asset transfers, whilst also making it difficult to identify linked transactions that may raise suspicion or to apply to adequate level of customer due diligence. In order to ensure effective application of AML/CFT requirements to crypto-assets, it is necessary to prohibit the provision and the custody of anonymous crypto-asset wallets by crypto-asset service providers.
However, further reading shows that their focus seems limited to custodial wallets and accounts. In Chapter VII, they set a prohibition “[dis]allowing for the anonymisation of the customer account holder” by financial institutions, as well as a Union-wide ceiling for cash payments “only up to an amount of EUR 10000 or equivalent amount in national or foreign currency,” though this will not apply to “private operations between individuals” / “payments between natural persons who are not acting in a professional function” (italics added). Regarding ‘crypto-asset service provider,’ the term was previously defined by “Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on Markets in Crypto-assets, and amending Directive (EU) 2019/1937,” in Article 3: “any person whose occupation or business is the provision of one or more crypto-asset services to third parties on a professional basis.”
(9) ‘crypto-asset service’ means any of the services and activities listed below relating to any crypto-asset:
(a) the custody and administration of crypto-assets on behalf of third parties; (b) the operation of a trading platform for crypto-assets; (c) the exchange of crypto-assets for fiat currency that is legal tender; (d) the exchange of crypto-assets for other crypto-assets; (e) the execution of orders for crypto-assets on behalf of third parties; (f) placing of crypto-assets; (g) the reception and transmission of orders for crypto-assets on behalf of third parties; (h) providing advice on crypto-assets;
While ‘providing advice’ seems rather broad, they narrow it down to broker-like activities:
offering, giving or agreeing to give personalised or specific recommendations to a third party, either at the third party’s request or on the initiative of the crypto-asset service provider providing the advice, concerning the acquisition or the sale of one or more crypto-assets, or the use of crypto-asset services
A spokesperson for the Commission indeed later clarified that non-custodial wallets are not included in these categories, aligning with a previously reported opinion from Europol regarding whether Wasabi Wallet fell under the AMLD5 regulations (TMIBP01). They also implied that ‘crypto-asset service provider’ was functionally equivalent to the Financial Action Task Force (FATF)’s ‘virtual asset service provider’ (VASP); the proposal mentions the FATF frequently, even claiming to be “in line with” and “going beyond FATF standards.”
Last month, European Data Protection Board (EDPB) chair Andrea Jelinek wrote a letter to commissioners McGuinness and Didier Reynders about “the data protection implications of AML laws,” particuarly given McGuinness’ statement that this new authority (AMLA) will pursue “setting up a system to connect national registers for bank accounts” to “provide faster access for Financial Intelligence Units and other authorities to get access to key information.” Jelinek wrote that the common ‘risk-based approach’ standard “is not clearly enough quantified or defined in legislation or through guidance from regulatory bodies,” leading to “a large quantity of false positive alarms,” “unnecessary and disproportionate processing” by obliged entites. Therefore, the EDPB recommended including “specific provisions in the upcoming legislative proposals in order to specify the application of the GDPR [General Data Protection Regulation] in the context of the AML-CFT legal framework, pursuant to Article 6 (3) of the GDPR.”
Indeed, a fair balance has to be struck between the interest to prevent money laundering and terrorist financing, on the one hand, and the interests underlying the fundamental rights to data protection and privacy, on the other… enshrined in Articles 7 and 8 of the Charter of Fundamental Rights of the European Union.
If the AML-CFT legislation is not designed in a balanced and proportionate manner, that respects every individuals’ fundamental rights to data protection, legal uncertainties for obliged entities will continue to exist and the AML-CFT framework would be vulnerable. Data Protection Authorities will be forced to use their powers in order to bring the activities of the obliged entities in accordance with the GDPR through corrective measures. European citizens will also likely exercise their right to an effective remedy before a tribunal, enshrined in the Article 47 of the Charter of Fundamental Rights of the European Union.
According to Dutch engineer and financial history consultant Simon Lelieveldt, the ambiguity of the language is still concerning. While they may not explicitly ban the use of non-custodial wallets, “the FATF is pushing countries to not license/register companies if they allow communications with unhosted/anonymous wallets.” As I highlighted in March, this isolation / exclusion strategy was already in their new draft.
In TMIBP10, TMIBP11, and TMIBP12, I covered the FATF’s public consultation regarding their guidance on “the risk-based approach to virtual assets (VAs) and virtual asset service providers (VASPs).” In their second 12-month review published early this month, they report that some VASPs were using jurisdictional arbitrage to continue operating with “extremely weak or non-existent AML/CFT controls,” and that “the last year has seen significant increase in the use of privacy wallet transfers where multiple people’s transactions are combined into a single transfer, such as CoinJoin.” Overall, though, they acknowledge that “the value of virtual assets involved in most ML/TF cases detected to date remains relatively small compared to cases using more traditional financial services and products,” and that restrictions inspired by their guidance negatively impact privacy and financial inclusion:
In implementing AML/CFT regimes for VASPs, the FATF and jurisdictions should be aware of the intersection and potential impact AML/CFT requirements have on other regulatory requirements and policy areas, such as data protection and privacy, financial inclusion, derisking, consumer and investor protection and financial innovation. The FATF is committed to financial inclusion and is aware that applying an overly rigid, rules-based approach to AML/CFT safeguards when providing financial services can have the unintended consequence of excluding legitimate consumers and businesses from the regulated financial system.
On July 16th, General Bytes CTO and product manager Karel Kyovsky wrote to the mailing list to “propose a standardization of the bitcoin URI parameter name that could be optionally used to contain the unique id of VASP (Virtual asset service provider as defined by FATF),” because they will be “working on travel rule integration for our Bitcoin ATM product.” Harding replied to suggest that he draft a new BIP rather than trying to modify BIP-21, but would not comment on “your compliance situation,” and other responses were mostly negative. (If you’d like an alternative, “Join the Wasabikas” podcast host Max Hillebrand recently interviewed ‘Chill’ for episode #23 about the Bleskomat, “the world’s first Lightning-only ATM” – previously mentioned in TMIBP05.)
Vienna-based researchers Simin Ghesmati, Walid Fdhila, and Edgar Weippl have shared a revised preprint of their new paper, “Bitcoin Privacy - A Survey on Mixing Techniques.” Covering centralized mixers, CoinJoin based mixing, atomic swaps, and threshold signatures, their aim is to compare and evaluate “mixing techniques in the Bitcoin blockchain, present their limitations, and highlight the new challenges.”
On July 26th, co-author Ghesmati joined episode #26 of Wasabi Research Club to discuss the paper with Ficsór, Kogman, and others. She became interested in the topic after doing a project on the anonymisation of Bitcoin during a course on data science with cryptocurrencies at Technische Universität Wien (TUW).
In the eighth episode of Ledger’s “On The Ledger” podcast, CTO Charles Guillemet and head of security research Jean-Baptiste Bédrune discussed the Pegasus spyware scandal, following forensic and collaborative investigations by Forbidden Stories, Amnesty International, Citzen Lab, and others into Israeli surveillance technology company NSO Group’s tools and customers. If you are unfamiliar with the story, see researcher John Scott-Railton’s thread, and this joint open letter by numerous civil society organisations and experts.
Regarding the impact on Bitcoin and other cryptocurrencies, they explained why storing your keys on a smartphone or laptop could make them vulnerable to these types of attacks, and how hardware wallets are designed to protect against them:
Whenever you are root on the device, you can do whatever you like. The vulnerabilities are quite generic, basically what we call zero-click vulnerability. The attacker sends you a packet message to infect your mobile phone device. It’s often through a messaging application like WhatsApp or iMessage. Zero-click means that you’re not even notified, and the attacker has full access to your device. That means he can do anything you can, and even more. There are plenty of things that you cannot do on your smartphone, but when you have privileged access, you can do anything. The attacker can extract all your data from your mobile, get all your credentials.
For instance, if you use your mobile device to connect to your favorite crypto exchange, the attacker can do the same. Worse, if you use a mobile software wallet, the attacker can extract your secrets and steal your cryptocurrency instantly.
Today, we see state actors deploying their software exploits to spy on people, but I predict that tomorrow, I will see criminal actors using these software vulnerabilities to steal cryptocurrencies at scale. This is the big difference because the stakes will be very high, in a short period of time, in the near future.
In TMIBP01, TMIBP03, and TMIBP06, I covered the intrusion of another former offensive surveillance technology company, Hacking Team, into this industry. In TMIBP02, TMIBP05, TMIBP07, TMIBP08, and TMIBP13, I have been covering a data breach of customer information from their e-commerce and marketing database(s), which resulted in an ongoing phishing campaign of their customers.
:warning: If you were impacted by this breach, I recommend Kraken’s “Security Advisory: Mobile Phones,” Jameson Lopp’s “A Home Defense Primer,” “A Modest Privacy Protection Proposal,” and Michael Bazzell’s “Privacy, Security, & OSINT Show.”
Thanks for reading! Feel free to :bookmark: bookmark or subscribe to catch the next edition of ‘This Month in Bitcoin Privacy.’
]]>