Posted by Taylor Armerding on Tuesday, April 3rd, 2018
Anonymity—one of the biggest draws of cryptocurrency and the blockchain infrastructure it depends on—could get turned on its head if the vision of the head of the International Monetary Fund (IMF) comes true.
Christine Lagarde, managing director of the IMF, called in a recent blog post for more regulation of the cryptocurrency market—to include the use of tools to enable more effective surveillance.
“The same innovations that power crypto-assets can also help us regulate them. To put it another way, we can fight fire with fire,” she wrote, arguing that regulation should include the use of biometrics, artificial intelligence, and cryptography to identify those conducting transactions.
Or, as Motherboard put it, “All of a sudden, the same decentralized record-keeping properties that make the blockchain subversive also make it a surveillance platform without equal.”
If true, that would undermine the explicit promises of Monero, one of the more popular (because it is among the most rigorously private) of the now more than 1,600 cryptocurrencies available, that transactions are “secure,” “private,” and “untraceable” and that “transactions on the Monero blockchain cannot be linked to a particular user or real-world identity.”
However, experts say the anonymity issue is more complicated than saying it is airtight now and would be destroyed by applying biometric tools and machine learning to blockchain transactions.
It has never been completely airtight, they say, but they agree that there are clear privacy advantages offered by cryptocurrency and blockchain.
Among the advantages, notes Sammy Migues, senior member, technical, with the Synopsys Software Integrity Group (SIG), is that “we have lots of transactions today that ‘positively identify’ the ‘person’ who did it, but we know they really don’t. We have transactions done by shell companies, we have spouses and kids who use our credit cards or toll pass, and so on.”
And Jeremy Malcolm, senior global policy analyst at the privacy advocacy organization Electronic Frontier Foundation (EFF), adds that while the blockchain does leave a money trail, sophisticated users can obscure that trail. “If you convert your Bitcoin to another currency using an anonymous service like Shapeshift.io, that’s enough to make tracking much more difficult, especially if it is converted to Monero,” he said.
How much would Lagarde’s recommendations change that? It is hard to say so far, since none of them has been codified into regulation or law. And they are likely to provoke vigorous debate.
Her stated rationale was all about protecting consumers and the stability of financial markets. She wrote that the technology behind cryptocurrency, including blockchain, is an “exciting advancement that could help revolutionize fields beyond finance.”
But she contended that the very thing that makes it appealing—the kind of anonymity that makes transactions similar to those in cash—is what makes it dangerous.
This “potentially major new vehicle for money laundering and the financing of terrorism” ought to be regulated, she wrote, both to crack down on criminals and to bring more financial stability to what is, obviously, an extremely volatile market. The price of the most popular and well-known cryptocurrency, Bitcoin, has spiked from less than $1,000 to nearly $20,000 and then fallen back to less than $8,000 in just the past 15 months.
Cracking down on financial crimes in general is also not going to create much controversy—multiple nations, including the United States, are already doing so and looking to strengthen laws that make it more effective.
But there is a difference between surveillance and/or regulation to expose and prosecute criminal actions and applying the same actions to “hate,” which can have a rather elastic definition.
And that is where cryptocurrency exchanges are already not as private as some users think. Some exchanges freely acknowledge that they track, and shut down, some users for what they consider the promotion of hate.
At a congressional subcommittee hearing a couple of weeks ago on possible regulation of cryptocurrency exchanges, Mike Lempres, chief legal and risk officer of Coinbase—the biggest U.S. exchange—was asked what he’s doing to prevent white nationalists from using his exchange to fund their activities.
He said Coinbase kicks anyone off its platform who does anything they consider “encouraging or facilitating hate.” He said that because the blockchain is “an immutable, permanent record that’s publicly available,” Coinbase can use analytic tools to track “bad actors” in the exchange.
Even exchanges that promise privacy can’t really guarantee it. Indeed, just this past week, multiple news sites took note of a report by researchers from Cornell that they had figured out a way to strip privacy protections from Monero transactions conducted prior to early 2017.
Lagarde’s proposed regulation would go beyond that, however, seeking to identify individuals, not just organizations. She called for combining know your customer (KYC) requirements, which are designed to counter crimes like money laundering, with tools like “biometrics, artificial intelligence, and cryptography [which] can enhance digital security and identify suspicious transactions in close to real time.”
“This would give law enforcement a leg up in acting fast to stop illegal transactions. This is one way to help us remove the ‘pollution’ from the crypto-assets ecosystem,” she wrote.
If it worked as intended, that would undermine the blockchain anonymity factor, which has allowed participants to trace funds moving from address to address, but without knowing specifically who owns the addresses.
And tracking specific people, and not just their anonymous transactions, “works in the interests of organizations that Bitcoin was ostensibly set up to overthrow,” Motherboard said.
Malcolm called it ominous at a number of levels, describing Lagarde’s vision as “profoundly dangerous.”
He said one of the ways cryptocurrencies have the potential to be a good alternative to conventional currency is that they are “less susceptible to censorship by intermediaries—the kind we call Shadow Regulation—meaning that it is not as transparent and accountable as normal governmental regulation, even though governments may be among those exerting pressure for the financial intermediaries to censor.
“A good example of this is when WikiLeaks was censored by the major credit cards and banks, under pressure from the U.S.,” he said.
He added that “Bitcoin platforms like Coinbase are becoming equally subject to such pressure to censor as the traditional payment intermediaries. And we think that private censorship by intermediaries is profoundly dangerous.”
Migues said the reality is that this capability has been in place for some time.
Even though it remains true that “every blockchain-based implementation will positively identify a transactor, but may not positively identify a human,” he said there is no such thing as complete anonymity, even though various services may advertise it.
“As we’ve discovered over time, none of them actually are,” he said. “VPN services actually know who you are, and can tell law enforcement; Google knows who searchers actually are very quickly, and can tell; visitors to random websites get tracking cookies and are identified very quickly—and the sites can tell on you—and so on.”
Which may make cash start sounding attractive once again.
Get the latest AppSec news and trends sent directly to you.