The German-Austrian research project BITCRIME recommends governments to regulate Bitcoin based on transaction blacklists. The coordinator of the German subproject, legal scholar Dr. Paulina Pesch, explains why. (translated from German)
Dear Ms. Pesch, in the recently published policy recommendation you write that it is not clear to which extent bitcoin are used for criminal purposes. Shouldn’t we expect you to know, after several years of research?
It is quite hard to tell which transactions in the Bitcoin blockchain are made for criminal purposes. We have some indications, for example, the addresses used by ransomware or publicly-known exchange hacks. BITCRIME tried to support such findings with empirical evidence, for instance, data from police departments or the results of a user survey. We found out that criminals use bitcoin, in particular, to purchase illegal drugs on darknet markets, or for extortion with ransomware. The received bitcoin are typically laundered afterward.
One of the results of BITCRIME is a policy recommendation on how cryptocurrencies should be regulated. What are the goals of proper regulation?
Regulation should prevent legal users of cryptocurrencies from operating in a legal vacuum. It should also protect them from being blackmailed, receiving laundered coins, or otherwise being involved in criminal actions.
You reject a ban of cryptocurrencies. Why?
A blanket ban would only prevent us from exploiting the innovative aspects of such systems and their potential, like direct global transactions or smart contracts. That would be disproportionate and thus violate the users’ fundamental rights. A blanket ban would be in line with the regulatory approaches of non-democratic states, like China. What we aspire is innovation-friendly regulation.
But you also reject voluntary self-regulation by the industry. For what reason?
There have been proposals for voluntary self-regulation, notably whitelisting, the voluntary certification of identified users’ addresses by trust services. This approach, however, is not suitable for crime prevention, because a blackmailer, for instance, would just refuse to register, and his victim would transfer ransom bitcoins irrespective of whether the blackmailer’s address is whitelisted or not. Furthermore, whitelists cause serious privacy issues due to the transparency of the blockchain. Whitelists imply that information on the identities behind most addresses are stored in databases and shared with the authorities. One can cluster addresses, and thereby trace the whole transaction flows of the owners of addresses. If these lists of de-pseudonymized addresses are leaked, we have a serious problem. The total transparency of Bitcoin is a problem many actors are not aware of because they mistakenly consider Bitcoin to be anonymous.
The EU decided to adopt the conventional rules against money laundering to cryptocurrencies. Why are you skeptical of this approach?
The same reasoning as for whitelisting applies to the EU’s regulatory approach to include wallets and exchanges in the conventional anti-money laundering prevention. Its concept can be described by the following keywords; know your customer, monitor, and report. Obliged entities have to identify their customers, monitor their financial activities and report suspicious activity. We reject this approach for two reasons. First, it is not suitable for efficiently preventing crime from being committed. Second, it violates the user's’ fundamental right to data protection. Furthermore, it is not adequate to blindly adopt the conventional indications on money laundering to Bitcoin. For example, using many bank accounts is considered to be suspicious; by contrast, using many bitcoin addresses is common practice and recommended to increase privacy concerning the transparency of the blockchain. Criminals are unlikely to use regulated exchanges or wallets – therefore, the upcoming EU regulation will harm legal users, but will not fight crime.
The approach you recommended is to use blacklists. What is to be said for this?
The idea is to tag transactions related to criminal actions in a database and oblige intermediaries, such as exchanges, wallets, or payment providers, not to accept coins derived from these transactions. We can easily track these 'dirty' coins through the blockchain. This approach is simple, but effective, while it interferes least with fundamental rights.
Do you envision that also individual users have to comply with the blacklist when accepting bitcoin for goods or services?
It is in their own interest. If a user gets listed bitcoin, he cannot sell them at an exchange. Of course, you cannot prevent that listed coins are transferred to one of your addresses, but if you are a merchant, for example, you should not deliver goods in exchange for such bitcoin. In contrast to conventional bank accounts, where tainted funds affect your whole account, the outputs of bitcoin transactions are not mixed in a wallet. Tainted and clean coins allocated to the same address are distinguishable. However, the user must prevent tainted and clean bitcoin from being combined in their own transactions. If blacklisting is adopted internationally – and only this way does it makes most sense – compliance checks against the blacklists will become a standard feature integrated into all wallets. In BITCRIME it has been outlined how to implement this feature.
Would such a blacklist also be effective for other cryptocurrencies, which provide a higher level of anonymity, like Monero?
In BITCRIME we focused on cryptocurrencies, such as bitcoin, and have not investigated alternative systems, such as Monero. Some believe that blacklists might cause a displacement effect. But that is perfectly in line with our aim to protect legal users of Bitcoin and similar altcoins. If criminals move to other cryptocurrencies like Monero, we separate legal and criminal systems and users. But this is a point we have not researched so far, so I cannot tell you more about it at this stage.
What about mixers and other instruments to increase anonymity of Bitcoin, like changing it in other cryptocurrencies and back to bitcoin? Could blacklists deal with such operations?
Blacklists actually affect mixers as can be shown by a game-theoretic argument: Under that regulatory regime, only criminals would use mixers to launder 'dirty' coins. Legal users would take a serious risk by using these mixers, namely the risk of receiving listed coins that are not accepted by others. And legal users cannot ensure that only clean coins are mixed. In contrast to the conventional banking sector, we do not consider the mere use of anonymization tools as an indicator of money laundering in cryptocurrency networks. However, undercutting mixers conforms with the recommendations of the Global conference on countering money laundering and digital currencies.
Exchanging bitcoin for (more anonymous) altcoins is not suitable to circumvent the regulation either. A tainted bitcoin one exchanges will remain tainted. Thus it might be hard to find somebody who accepts it, risking trouble with the authorities. The idea is that, as a result of blacklisting, tainted coins are worth less than clean ones.