Friday, May 13, 2011

Thoughts on Bitcoin Laundering

By Jon Matonis

Recently, Alaric Snell-Pym published a thought-provoking piece on bitcoin and whether or not law enforcement would be embracing it or not. In his article, "Bitcoin Security", he concludes that the authorities will most likely revel in its transactional tracing potential thereby providing an electronic trail that regular paper cash simply cannot beat. Just take a look at the Bitcoin Block Explorer. Predicting a laundering technology arms race, Alaric writes:
"Indeed, I could make my bitcoin client sit there creating new addresses and transferring random chunks of my wealth to random new addresses 24x7, to effectively launder all my money through a few thousand identities. If I give somebody some money and, ten hops later, some of it is used to buy porn, I can't tell what those ten hops were - they might be ten transfers to different people, in which case, well, aren't we all six or so degrees apart anyway? It could be anyone. Or it could be the same person, laundering his money.
So isn't that a nightmare for law enforcement? Won't they have to crack down on this and make it illegal, before it's used to FUND TERRORISM and DESTROY CAPITALISM?!?!
Well, no. Perhaps they will do that anyway as a knee-jerk reaction. But I think it's just like cash, but a little easier for them to trace. If they realise it, they'll be behind it, which I think will be a good thing - as I think Bitcoin is a good currency that will enable all sorts of cool things that can't currently be done practically.
For a start, those laundering transactions are exactly the kinds of things intelligence services are good at figuring out. They can put supercomputers to work analysing the global transaction stream (all available in ONE place; no need to talk to lots of banks - or worry about infiltrating uncooperative foreign banks). Some value that goes into an account then buzzes through a self-contained pool of accounts for some time then zooms out to somewhere else can probably be traced through analysing the timings of transactions and the like; the pattern of automated laundering will be different from actual spending, if you have enough computer power to find the patterns. Imagine drawing a diagram with a blob for each address you know something about (eg, can tie to a person or organisation), and drawing arrows for all the transactions between them. Any single-use addresses can just be chained together as part of the same arrow. Any unknown addresses can be given small blobs on the diagram. Colour the arrows with the magnitude of the amount transferred, on a log scale. Arrange the diagram so the minimum of arrows overlap. Do this for the transactions in each day, and then make a movie of them changing over time. Take a given known-suspect transaction and treat it like a drop of dye, colouring it strongly, and mixing it with the light grey of other money flowing through the system as it dissipates, and see where that dye spreads to. Then get computers automating the analysis even further."
Another article by Mencius Moldbug, "On Monetary Restandardization", seems to reach the same conclusion with respect to money laundering and bitcoin users doing the authorities a massive favor.
"What is Bitcoin's only chance? Perhaps that Bitcoin is not really anonymous. In fact, it is anything but. All transactions, though pseudonymous (named by a random key), are public and can be tracked by anyone, including said authorities. There is no financial secrecy in Bitcoin - it's a completely transparent system.

Which means that, if money launderers try to launder money through Bitcoin, they are actually doing the authorities a massive favor. It is very easy to track dirty bitcoins. If you know Pablo, a drug dealer, is using Bitcoin address X, you can download the entire graph of parties that X trades with, and roll up Pablo's whole network. Instead of shutting down the real-money exchanges, you can secretly force them to send you their entire customer database. That way, the terrorists, drug dealers, etc, are not hiding their transactions at all - they are sharing their most intimate details with the government. Heck, the DEA probably understands Pablo's finances better than Pablo's own people. That's what he gets for using Bitcoin."
However, as I state in my comment to Alaric below, I believe that this reasoning is flawed. Law enforcement seeks 'link-ability' to a physical individual -- not mere 'traceability' -- and with a hyper-pseudonymous distributed bitcoin architecture, many avenues exist to obscure transactions:
"Your point on transactional tracing definitely made me think about 'self-contained pools' and 'transaction timing'. However, I don't think you are considering a structure of unrelated, unconnected mutual offset accounts as are used today in correspondent banking. For example, a Pound Sterling transaction comes in and a Japanese Yen transaction goes out without the two ever connecting because the offset is conducted off the grid.
Also, as more 'mixer' services -- http://bitcoinlaundry.com/ and http://app.bitlaundry.com/ -- come on line, the greater the pool of dead-end transactions and the greater the opportunity for unrelated, off-the-grid offsets."

For further reading:
"With The Napster of Banking Round The Corner, Bring Out Your Popcorn", Rick Falkvinge, May 11, 2011

9 comments:

  1. Jon,
    This is a really excellent article and the points made are truthful.
    IMHO, I think some folks are looking at the problem with naive eyes and making an incorrect assumption. Alaric Snell-Pym and Moldbug have a point, law enforcement will be happy to get all that data but that exposed "technical" side of operation won't deter criminals from using it and won't stop the gov from cracking down. That view is very naive.
    Actual green cash used in everyday situations for illegal stuff, is not a good comparison to digital currency used everyday in real world situations. This is the old "apples to oranges" comparison. It doesn't work. The comparison should be made with other existing digital currency (and not $$ physical notes). Compare it to another digital currency, say....e-gold as an example. An e-gold transaction offered up as much identifiable information as Bitcoin, if not more, on each digital transaction. You could make the case that cash vs e-gold, also proved that e-gold gave a bounty of information about it's users and their transactions so e-gold would or should not have been used in illegal situations. Of course, we all know that to be untrue, every criminal across the Internet from Kidnappers to Child Pornographers was using e-gold in spite of the fact it offered such information. A system does not have to be 100% anon and crypto-perfect for it to be widely used for illegal activity, most criminals aren't that smart anyway.
    The block explorer is much like the e-gold database, which delivered all transactions to law enforcement dating back to the first, late 90's, transfer in the e-gold system. Because the data is available to the gov, doesn't mean that criminals won't flock to it or that the gov will simply say, "we don't mind:-)" Anything digital value transfer compared to physical green cash looks highly traceable. That is generally not a deterrent for today's highly skilled Internet youth.

    ReplyDelete
  2. I question whether the average consumer cares about being anonymous anyway. People love credit and loyalty cards which give companies, to my mind, intrusively deep insight into their personal habits.

    Your "skilled Internet youth" don't seem to care about the information revealed in their facebook profiles, either.

    In any case, the lack of anonymity is likely to be addressed by a combined mixer and wallet service.

    I think the average person will not like the idea that they can lose their bitcoins if their computer crashes, so storing your bitcoins in "the cloud" with a "bitcoin custodian" (IMO is a better sounding term from a marketing point of view) will be preferred. It makes sense for those custodians to include an inhouse mixing service at the same time. This should give sufficient anonymity for those so concerned.

    ReplyDelete
  3. FOFOA had some comments on Bitcoin along the lines of those in "On Monetary Restandardization" and Mises' regression theorem in FOFOA's "Return to Honest Money" (http://fofoa.blogspot.com/2011/05/return-to-honest-money.html).

    ReplyDelete
  4. This is a fascinating point but a little overstated, let's put it this way:

    Without mixers, bitcoin is a transparent pseudonymous system. This makes it much more traceable than cash.

    Because bitcoin is electronic, it will be easy to create and use mixers. However, it may be possible for the authorities to forbid and enforce a prohibition on mixing. If so, then bitcoin is completely traceable, and the authorities will like it. If not, mixers can add the untraceability & pseudonymity required for true "digital cash" and cryptoanarchy.

    I haven't looked into the bitcoin algorithm deeply enough to know whether blind signatures are possible (a la Chaum) as another option.

    ReplyDelete
  5. Patri, thank you for your comment. How do you believe the authorities would be able to forbid and enforce a prohibition on mixing if the laundries/mixers operate in a jurisdiction-less environment?

    ReplyDelete
  6. only with a tight lippped agent could one conduct discrete trade over distance. an invisible agent would be best.
    i dont think bitcoin could do this, but i do think that private trade system could.
    once a thing becomes public, then anyone can see it.
    communications security is the core of the problem. if you can keep your trades away from the eyes and ears of spys, then you may have something.

    ReplyDelete
  7. Mike Gogulski of BitcoinLaundry.com did an excellent podcast covering some of these issues. See, http://www.agoristradio.com/?p=407

    ReplyDelete
  8. I beg to differ. Anonymous transactions are quite possible with Bitcoins. Consider this laundering example:

    1. Bitcoins purchased with dirty money and sent to Everything takes place under Tor, and no private information is given. No identification is linked to the purchaser. The receiving address is never used again.
    2. Bitcoins are then laundered across many wallets through the services offered on the Tor network. This step only complicates the trail.
    3. 'Laundered' coins are then used to purchase an anonymous virtual credit card. The services offered on the Tor network do not store the generated credit card information, so there is no way to link the 'laundered' coins to the card.
    4. The card is then used to purchase fresh bitcoins and received by a new address.

    The trail really ends here, but for added protection and hammering my point...

    5. Fresh bitcoins are then laundered through another service on the Tor network.
    6. Using another anonymous Tor service, convert the coins to cash and deposit in an offshore bank account that isn't linked to the criminal in any way. (mixing the classic techniques with the new)
    7. Fresh bitcoins are purchased once more and received by another new address.

    From there, the process could be repeated to separate the coins from the offshore account.

    Now, tell me how that's traceable.

    ReplyDelete
  9. There is a site called BitcoinCache.com that lets you launder bitcoins

    ReplyDelete