bitcoin crime

At the FinTech Canada conference this August, leading cryptocurrency trial attorney Brian Klein gave an excellent overview of how cryptocurrencies have been used for illegal purposes and what law enforcement officials are doing to crack down on it.

Known for representing high-profile clients like Bitcoin early-adopter Erik Voorhees, Brian Klein is the founder and chair of the non-profit Digital Currency and Ledger Defense Coalition (DCLDC) and the chair of the American Bar Association’s blockchain technology, digital currency, and ICO national institute.

In his talk, Klein points to the law enforcement efforts and litigation around the Silk Road as an early example of crime with a cryptocurrency element. At the time, the closure of the online black market and related arrests made headlines worldwide.

But how have things moved on in 2018?

Cash (not Crypto) is Still King in Criminal Activity

In criminal law, cash is still king.

While cases like the Silk Road made sensational headlines, cryptocurrency rarely plays a truly innovative role when it comes to more traditional criminal activity. 

Cryptocurrency may offer advantages for long-distance transactions and online shoppers, but most criminal acts today are still paid for in cash. 

The crypto element may add a modern flair and conjure images of shadowy figures in Guy Fawkes’ masks but, for the most part, digital currencies remain a payment method rather than a new frontier in criminal acts.

bitcoin silk road
The now-defunct black market Silk Road website used to buy drugs with bitcoin

Cryptocurrencies Are the New Swiss Bank Account: Money Laundering and Tax Evasion

You might still see movies where bank robbers demand that funds be wired to a Swiss bank account, but when it comes to money laundering and hiding assets, cryptocurrency has increasingly replaced the wiring of funds to jurisdictions that favor banking secrecy. 

A key advantage of cryptocurrency is that it’s not tied to a single jurisdiction or set of laws – unlike Switzerland, which tightened its banking regulations after a large tax evasion investigation in 2008.

With cryptocurrency, there’s also no need to rely on intermediaries to handle transfers. And while a bank can be forced to turn over someone’s account information, there is no central authority for the Bitcoin system.

However, as noted in Klein’s talk, most current digital currencies operate on a public, permanent ledger. Bitcoin, for example, isn’t fully anonymous as many believe. Each transaction can be tracked, analyzed and de-anonymized — if the authorities can link a wallet address to a particular criminal – now or in the future.

The Emergence of Privacy Coins

Privacy coins circumvent some of the potential risks of making cryptocurrency transactions available on a public ledger. 

Indeed, Bloomberg noted that criminals are increasingly ditching bitcoin for privacy coins like monero and zcash. 

Monero logo

While there are different types of privacy coins, they typically obscure their ledger through a variety of methods including single-use wallets and transaction keys, as well as “coin mixing”, which involves pooling different transactions together to obscure the amount and parties involved in any given transaction. 

In his talk, Klein notes that privacy coins are a key source of concern for law enforcement and regulatory agencies.

Fraud and Initial Coin Offerings (ICOs)

Reports suggest that as many as 80% of ICOs offered in 2017 were fraudulent. 

Perhaps the largest was Pincoin, an ICO that raised $660 million during the ICO fever of 2017. Shortly after raising the money, Pincoin vanished, taking investor money with it. This is what’s known as an “exit scam.”

As a result of these scams, investors have asked securities regulators to intervene.  The problem? In the US, there’s no set answer on whether ICOs are “securities.” 

What’s a security? A security is a financial instrument, like a stock, bond or investment contract, that you are able to trade or transfer to someone else. If something is a security, it is often subject to regulation and must be registered with the regulators.

Until ICOs are classified as a security, we don’t know if they are something the Securities Exchange Commission (SEC) can regulate.

So long as they remain unregulated, ICOs fall outside the oversight and authority of securities regulators, potentially leaving investors more exposed to fraudulent activity

Although the SEC’s Chairman has previously claimed that ICOs are securities, the issue is still relatively untested in the courts. This leaves many ICOs operating in a grey area. 

How Are Law Enforcement Officers Cracking Down on Illegal Crypto Activity?

This is still relatively new territory for law enforcement agencies and governments. However, they are increasingly capable of de-anonymizing transactions and tracking criminal activity. Below are just a few of the ongoing themes of law enforcement activity in the crypto space:

  • Governments and law enforcement are collaborating on an international scale. This includes sharing information, joint investigations, and global agreements around extradition.
  • Law enforcement is increasingly capable of tracking cryptocurrency transactions, especially where the ledger is public. AI and machine learning are also making it easier to analyze the blockchain and pierce anonymity.
  • On the blockchain, transaction history is not just public – it’s permanent. This can create a permanent chain of evidence for law enforcement to review and rely on, especially over time, as new data is gathered and different wallets and accounts are identified.

Conclusion

Bitcoin has been linked to illegal activity ever since the infamous Silk Road black market emerged. The cryptocurrency ecosystem has also played host to its fair share of scams, hacks, and frauds. 

However, we should also remember that every bitcoin transaction, by design, is recorded in a permanent, transparent log. If bitcoin is used for nefarious purposes, that transaction is preserved forever.

Learned something new in this article? Subscribe to the Block Explorer newsletter.

The Canadian Securities Administrators (CSA) released a Staff Notice this week (June 11, 2018) providing additional guidance on the securities law implications for offerings of coins and tokens.  The notice was prepared by the CSA in response to common inquiries from cryptocurrency businesses and their advisors. Specifically, the notice addresses the sale of “utility tokens” and identifies scenarios where these sales may also have elements of investment contracts and be subject to securities regulation.  

 

On the topic of utility tokens, CSA Staff Notice 46-308 states:

“We have received submissions from businesses and their professional advisors that a proposed offering of tokens does not involve securities because the tokens will be used in software, on an online platform or application, or to purchase goods and services. However, we have found that most of the offerings of tokens purporting to be utility tokens that we have reviewed to date have involved the distribution of a security, namely an investment contract. The fact that a token has a utility is not, on its own, determinative as to whether an offering involves the distribution of a security.”

 

The notice goes on to highlight a few common scenarios for proposed coin and token offerings that could give rise to various securities law implications.  These scenarios include situations where:

  • A token is intended to be used in the operation of software or an online application that does not yet exist or is still under development, or the token is intended to be used to purchase goods and services that are not yet available
  • Tokens are not immediately delivered to buyers once purchased
  • The stated purpose of the offering is to raise capital, which will be used to increase the coin or token’s value or support the business issuing the coin or token
  • A business offering the coin or token or involved in its sale makes statements suggesting that the coin or token will become more valuable, or take other steps to create an expectation of profit

 

The CSA advises that any business seeking to offer coins or tokens to Canadians consult qualified securities legal counsel.  The CSA also invites applications to the CSA Regulatory Sandbox, which allows fintech companies an opportunity to test and develop innovative business offerings in an environment where they can work collaboratively with regulators and have temporary exemption from some consequences of securities regulation that may otherwise apply.  The sandbox approach to regulation is something that has also been pursued in Bermuda and the UK.

Who are the Canadian Securities Administrators (CSA)?

While most countries have national securities regulators, Canadian securities regulation is solely the jurisdiction of provincial and territorial governments.  The Canadian Constitution divides powers between the federal and provincial government and gives provinces the jurisdiction to regulate property and civil rights.  These provincial and territorial regulators are participants of the Canadian Securities Administrators, which is an organization that aims to promote consensus and harmonized regulations across the different jurisdictions.

 

What are “Staff Notices”?

Staff notices are issued either by a single regulator or by a group of regulators, such as the CSA.   Staff notices do not change securities legislation, reporting requirements or other policies and procedures.  Instead, the notices provide businesses and the public with insight into how regulators are interpreting and applying existing regulations.  The notices often focus on recent issues or areas of concern for the regulator and attempt to provide guidance on these matters to businesses and other market participants.  

Photo by Pok Rie from Pexels

In a highly-attended public hearing held on May 14, 2018, the Chelan County public utility district (PUD) approved a three-month extension of a moratorium on the approval of electric service for new cryptocurrency mining operations.  The low energy costs in the Mid-Columbia Basin have attracted cryptocurrency miners from as early as 2013.  However, when Bitcoin soared in value in late 2017, the region saw a large increase in inquiries and applications from cryptocurrency miners.   

The current moratorium in Chelan County was unanimously approved in March, with officials requesting time to review and assess the potential impacts of increased cryptocurrency mining and electricity demands within their communities.  Citing similar energy concerns, the City of Plattsburgh in New York became the first municipality to ban cryptocurrency mining in early March, enacting an 18-month moratorium on all cryptocurrency mining operations.

Chelan County is one of three rural Washington counties (Chelan, Douglas, and Grant) served by five hydroelectric dams operating in the Mid-Columbia Basin.  The dams generate approximately six times the amount of energy required by residents and businesses, allowing the PUDs to subsidize local energy cost by exporting the surplus energy at premium rates.  While cryptocurrency mining operations may bring economic value to the rural region of Chelan County and surrounding areas, residents are also concerned that the increased local demand for electricity will result in an increase in household energy costs.  

The availability of low-cost electricity has also attracted unauthorized mining operations to Chelan County and the Mid-Columbia Basin.  These operations are sometimes established in residential areas, where the infrastructure and equipment are not designed to support heavy loads of electricity.  Chelan County PUD cited the risks posed by these unauthorized operations in its initial announcement of the moratorium, emphasizing the health and safety risk to its staff and county residents.  Shortly after implementing the moratorium, the Chelan County PUD directed its staff to enforce compliance with the moratorium by imposing fees and fines, disconnecting service, and reporting the unauthorized use of energy to law enforcement as theft.  

While restrictions on cryptocurrency mining activity have primarily been implemented at a local level, governments could take steps to regulate mining activity at a larger scale.  In January, Bloomberg reported that China was discussing taking steps to regulate energy usage by cryptocurrency mining operations, a move that could have a large impact on the global mining industry.  Given the increased attention to the energy demands of proof-of-work cryptocurrencies like Bitcoin, it seems likely that energy regulation will play an important role in the increasingly complex regulatory environment for cryptocurrencies.

The European Union (EU) General Data Protection Regulation (GDPR) is a law designed to enhance the protection of personal data and give individuals greater control over their own data.  While the law applies to individuals and personal data resident in the EU, many organizations and services are taking the opportunity to revise their policies and practices for all users.  As the GDPR comes into effect today, May 25, 2018, many cryptocurrency service providers have made changes to bring their policies and practices into compliance. 

GDPR and Blockchain

A key objective of the GDPR empowers individuals (or data subjects) with various rights.  Some of these rights align well with blockchain technology. For example, the GDPR includes a right to information, giving individuals the right to request how their personal data is being shared and processed.  The right to access is also a step towards greater transparency, as it allows individuals the opportunity to view their own personal data that has been collected by an organization or service.  IBM has released a white paper outlining some key ways that blockchain technology can be used to support the goals of GDPR and enhance compliance.

However, the GDPR also enforces “the right to be forgotten”, which provides individual data subjects with a right to request the deletion of personal data.  Immutability is a core feature of blockchain technology, and without a central authority to oversee the erasure of any personal data, this part of the GDPR presents a considerable challenge for any open blockchain network that has stored personal data on the blockchain.   

Andries Van Humbeeck, Blockchain consultant for TheLedger.be, highlights this potential clash between GDPR and the blockchain:

And here is the paradox: The goal of GPDR is to “give citizens back the control of their personal data, whilst imposing strict rules on those hosting and ‘processing’ this data, anywhere in the world.” Also, one of the things GDPR states is that data “should be erasable”. Since throwing away your encryption keys is not the same as ‘erasure of data’, GDPR prohibits us from storing personal data on a blockchain level. Thereby losing the ability to enhance control of your own personal data.

Source: The Blockchain-GDPR Paradox, Andries Van Humbeeck, November 21, 2017.

GDPR and Cryptocurrency Services

If you use cryptocurrency services, including exchanges, wallets, and peer-to-peer marketplaces, you probably have received emails over the past month advising you of revisions to privacy policies and terms of service.  While the specifics of these changes will vary, here is a brief overview of a few trends to be aware of:

  • Consolidation of personal data:  In anticipation of user requests to view, modify, move or delete personal data, you can expect some services to restrict users to the use of a single account.  You can also expect to see services implementing portals and tools that display all personal data connected to an individual user in a single location, and allow users to make requests regarding that data.
  • Detailed rationale around personal data collection & usage:  The GDPR expects service providers to provide clear, plain-language explanations of why your personal data is processed at a detailed, granular level.  This is an excellent opportunity to understand where data is being collected for regulatory purposes, where it’s being collected for the purposes of operating a given service, and where it’s being requested for the purposes of advertising and revenue-generation.
  • Identification of third parties with access to your data, and how they are using it:  Service providers often allow third-parties to access and process your data as part of service delivery.  These third parties may be processing your data for a wide range of purposes, including identity verification, transaction processing, tracking how a service is used, and identifying & correcting bugs or service errors.  Updates to privacy policies and terms of service should clarify where third parties may be used to process your personal data. To some extent, this also allows users to “peek behind the curtain” and learn more about how their chosen service providers conduct their businesses and who they partner with.
  • Restriction of service and features based on geographic location:  While some service providers are bringing changes into effect for all users, regardless of geographic location, others have established separate policies and practices for EU residents.  For example, Coinbase has implemented separate Privacy Policies for the UK and the US and is currently only allowing EU residents to access the privacy rights dashboard.  Some North American sites and news organizations have blocked EU residents from access or shuttered operations entirely, including peer-to-peer network CoinTouch, which announced its closure due to the costs of implementing GDPR compliance in early May.   

 

Is GDPR having an unexpected impact on a cryptocurrency or your preferred cryptocurrency service provider?  Let us know in the comments.

BlockExplorer is pleased to announce that we will be attending the 4th annual FinTech Canada Conference (http://www.fintechcanada.com/) as a media partner.  FinTech Canada will be held in Toronto on August 16, 2018.

FinTech Canada is hosted by the Digital Finance Institute (http://www.digitalfinanceinstitute.org).  The event celebrates Canada’s leadership in the FinTech field and brings together global thought leaders in Financial Technology to advance the dialogue on the global FinTech revolution.

This year, attendees can expect to hear speakers covering the latest developments in FinTech, exploring the global impact of blockchain & digital currencies and discussing how to scale up a business from startup to global success.   More details will be added as information becomes available.

Please register for Canada’s 4th Annual National FinTech Conference at www.fintechcanada.com. We look forward to seeing you at the the MaRS Discovery District in Toronto on August 16, 2018!