Saturday, April 16, 2011

Loosely Managed Digital Currency Could Be Avenue for Crime That's Hard to Block

By Colby Adams
MoneyLaundering.com
Friday, April 15, 2011

http://www.bitcoin.org/smf/index.php?topic=5907.0

An emerging virtual currency intended to be used in lieu of cash could also be a vehicle for criminals seeking to make international transactions anonymously, according to investigators.

Bitcoin, a loosely organized electronic payment system created in January 2009 by an otherwise anonymous computer programmer known by the possible pseudonym of Satoshi Nakamoto, allows users and merchants to make transactions through digital coins, with or without the aid of payment processors or other financial institutions.

While the project remains relatively small, it has already drawn enthusiastic users, including international vendors and nonprofit organizations like the Electronic Frontier Foundation, which accept charitable donations of the currency. Google developers have received the green light to research the coins, which are valued at a total of $5 million, according to estimates by www.mtgox.com.

The currency was "no doubt developed for altruistic purposes by conscientious people, and there are perfectly legitimate, legal and philosophical reasons for wanting the financial anonymity that [Bitcoin] gives, but the other reality is, if this type of currency takes off, it will be a dream for the bad guys," said Steve Santorelli, director of global outreach at Team Cymru, a Burr Ridge, IL-based Internet security firm.

By using multiple e-mail addresses and anonymous proxies to disguise their locations, criminals can open a new Bitcoin account for each transaction and ensure that their money movements are "virtually bombproof and untraceable to an investigator," said Santorelli, a former Scotland Yard cybercrime detective and a former senior manager of investigations with Microsoft's Internet Crimes Investigation Team.

Because Bitcoin users can disguise their locations while potentially transacting large sums of currency with the aid of offshore merchants and payment processors, "domestic court orders and subpoenas to pierce the transactions [are rendered] obsolete," he said.

"The decentralized, international system means that, unlike a financial institution, there is no one to serve a court order on," said Santorelli. "If this system takes off it will be virtually impossible to police it, requiring a fundamental rethink in the investigative approach."

Money from nothing

At first blush, the origin and value behind bitcoins will likely seem strange to some. Few, if anyone, has met Nakamoto, organization principal Gavin Andresen said, during a March 15 interview with EconTalk. Control of the organization is decentralized and based on the premise that all users can have a say in monetary decisions.

"The root problem with conventional currency is all the trust that's required to make it work," Nakamoto wrote in a February 2009 blog on P2P Foundation. "The central bank must be trusted not to debase the currency, but the history of fiat currencies is full of breaches of that trust."

How bitcoins work is a "step beyond any payment system I have ever seen," said Santorelli.

The currency, which is traded through software anyone can download, is not backed by precious metals or other commodities but relies on the fact that it is accepted by a group of consumers and merchants whose transactions are vetted by one another on a volunteer basis.

To obtain bitcoins, users can buy existing coins from a participating company—the currency has traded both above and below the value of a U.S. dollar—or try to win a batch of 50 newly-minted bitcoins by first solving a cryptographic puzzle with proof that other users can evaluate. The puzzles are generated by an algorithm designed to make the challenges solvable at a rate of once per 10 minutes, thus establishing a steady rate of coin “creation.”

Among other methods, the coins can be redeemed for prepaid Visa cards, PayPal credit, cash shipped via mail, digital currency used in the online site Second Life and precious metals and coins, including in pounds of pennies, according to https://en.bitcoin.it/wiki/Trade , which is hyperlinked from the organization's Web site.

The coins can also be traded between users or spent with the approximately 100 vendors currently accepting the digital money, including electronics dealers, clothing retailers and online bookstores. Among those accepting the currency are a handful of merchants purporting to sell psychoactive drugs, including heroin and LSD, and over a dozen online gambling Web sites, according to the Wiki page.

A statement on Bitcoin's Web site contends that "sometimes you just want to send money from A to B without worrying about limits and policies."

Like cash?

Checks against misuse are already built into the system, which operates as a "pretty loosely organized open source project," said Andresen, in his interview with EconTalk.

Because the software is open-source and money movements are made via a public platform that anyone can scrutinize, users have the ability, and the incentive, to check whether their peers have engaged in suspicious activity, or have tried to game the system, he said during the interview. Currently, between 5,000 and 10,000 individuals participate in the project, Andresen told EconTalk.

"Like cash, Bitcoin can be used for good, and it can be used for evil," according to Jeff Garzik, a Bitcoin developer and creator of www.BitcoinWatch.com, a Web site that follows Bitcoin's financial trends. Since transactions are public, and thus traceable, the currency is "slightly less anonymous" than cash, he said.

"In practice, this provides anonymity for the average transaction, but a government with subpoena power and the ability to perform statistical analysis may be able to track illicit bitcoin activity with a higher success rate than with hard cash U.S. dollar transactions," said Garzik.

"Every bitcoin transaction ever made is public, and the life of every bitcoin is fully recorded in public for all to see," said Garzik, referring to http://www.blockexplorer.com , a Web site that tracks each transaction by unique number. Yet penetrating beyond the number to the initiator of the transaction "would be the difficult part" of an investigation, he said.

Still, court orders may be served to bitcoin exchanges, users and other operators, ordering them to "ban" specific bitcoins if needed, he said.

Nothing stopping them

Even in instances when wrongdoing is discovered, the organization's decentralized nature would make it "extremely difficult for the government to regulate, and may require them to prosecute only individuals, rather than the system as a whole," according to Tom Kellerman, vice president of security awareness and government affairs for Core Security Technologies, a Boston-based data security firm.

Although both cash and bitcoins offer a degree of anonymity, they differ in one key aspect: how quickly they can be transported, said Kellerman. Like remittances, bitcoins can be sent across borders rapidly and with little chance of retrieval, he said.

"The speed difference is roughly that of e-mail versus conventional mail," he said.

"It avoids every reporting requirement out there, which is scary, and it's open source software, meaning someone could start their own currency, which is also scary," said Arnie Scher, Director at the New York office of BDO consulting and a former compliance manager at JP Morgan Chase.

"There's nothing preventing drug dealers from starting their own bitcoin currency - nothing," he said.

Already regulated?

In response to a request for determination for Bitcoin USA, an independent digital currency exchange company affiliated with the project, the U.S. Treasury Department referred the business to a January 2009 Financial Crimes Enforcement Network (FinCEN) ruling defining digital currencies as prepaid value providers.

Bitcoin USA eventually closed, in part, because "identification requirements stopped people from completing the registration completely," according to an April 9 post on Bitcoin's main public forum. "I had a total of three people upload their documents out of all the registered people," according to the post, which cited FinCEN's ruling.

Other bitcoin exchanges have been following the FinCEN ruling "in an ad hoc manner, in an attempt to proactively comply with AML regulations," said Garzik.

Under U.S. regulations, digital currency companies are prohibited from selling or redeeming more than $1,000 per person per day without registering as a money services business (MSB) with FinCEN, and filing suspicious activity and currency transaction reports.

Registering with FinCEN would bring Bitcoin-affiliated businesses under the Bank Secrecy Act examination authority of the Internal Revenue Service, which oversees 200,000 MSBs, according to a February 2009 report from the U.S. Government Accountability Office that also noted numerous logistical hurdles the agency faced in overseeing the companies.

But even if bitcoin exchanges with high-value transactions register with FinCEN, the IRS' monitoring of Bitcoin's vendors would be "unworkable" in part because of confusion over "which part of the system to regulate" and because the IRS is already stretched thin with its current roster of MSBs, said Scher.

Spokespersons for the IRS and FinCEN declined to comment on the organization. Nakamoto and Andresen did not respond to e-mails seeking comment by press time.

Room to grow

Currently, most bitcoin users keep their transactions below the $1,000 threshold because they would prefer to avoid reporting requirements, said Garzik. "Once Bitcoin grows larger, and can profitably support MSB-registered exchanges, those will flourish," he said.

The fact that the digital currency remains relatively small is also a sign that whatever potential problems Bitcoin may face, it's still too early to worry about large-scale money laundering, said Scott Dueweke, a senior associate at Booz Allen Hamilton who studies alternative payment systems.

"When you're talking about laundering drug profits, you're talking about millions - even billions - of dollars, and that's too big of a fish for a model like Bitcoin to fry at this point," said Dueweke. A laundering scheme involving Bitcoin would still need a "complicit or willfully ignorant financial institution to move anything in useful amounts," he said.

Other digital currency businesses have met with skepticism from federal regulators.

In July 2008, the three principal directors of E-Gold, a digital currency backed by gold, pled guilty to money laundering and charges of running an unlicensed money transmitting business. The Treasury Department fined the business nearly $3 million in October 2009 for helping others evade Iran and Cuba economic sanctions.

In February 2006, New York indicted three Western Express International executives for exchanging up to $25 million in international criminal proceeds for digital currencies, including digital gold acquired from the purchase of goods with stolen credit card numbers.

"We are concerned that mechanisms such as the Internet increasingly can be used to conduct business within the United States from a foreign jurisdiction," wrote FinCEN, in a May 2009 ruling. "Use of such mechanisms may avoid both our regulations and the regulations of the foreign jurisdiction," the ruling said.

1 comment:

  1. Colby's article was probably about as balanced as you can be when the immediate, direct audience is the anti-money laundering crowd and those tasked with compliance. I think it's great that the web address is moneylaundering.com instead of antimoneylaundering.com.

    Money laundering is a pejorative term to begin with because it insinuates that the participants do not have certain inherent rights to financial privacy. The Jews "laundered" their money to Switzerland in order to escape Hitler's holocaust. Come on, people! Financial privacy is a fundamental human right that has been consistently eroded and violated by governments. We must take a step back and comprehend that "secrecy" does not mean "concealment", but rather that "secrecy" means "privacy" in its most basic sense.

    ReplyDelete