By Jon Matonis
American Banker
Thursday, March 21, 2013
http://www.americanbanker.com/bankthink/fincen-spying-plan-invites-privacy-workarounds-1057728-1.html
The dangers to financial privacy are monumental. Consider an Obama
administration plan to give spy agencies unfettered access to data on
American citizens and others who bank in the U.S.
Suspicious
Activity Reports, filed by financial institutions that operate in the
U.S., are the primary documents that the Financial Crimes Enforcement
Network intends to share. The reports cover all personal cash
transactions exceeding $10,000, suspected incidents of money laundering,
loan fraud, computer hacking and counterfeiting.
The Treasury Department proposal, revealed by
Reuters last week, aims to consolidate financial data banks, criminal
records and military intelligence. This initiative will put intelligence
agencies, such as the Central Intelligence Agency and the National
Security Agency, on the same footing as the Federal Bureau of
Investigation, which currently does not have to make case-by-case
informational requests to Fincen.
Also under the new proposal, Fincen's database would be linked to the Joint Worldwide Intelligence Communications System, which U.S. defense and law enforcement agencies use to share classified information.
Money was never meant to be a method of supranational identity
tracking. Its use in that way could signal some level of law enforcement
desperation. When all other enforcement tactics fail, surveil the
finances.
More than 25,000 financial firms, including banks,
securities dealers, casinos, and money transfer agencies, routinely file
"suspicious activity reports" to Fincen, according to the Reuters
article. Banks and other firms tend to over-report some financial
details of ordinary citizens since the requirements for filing are so
strict they don't want to be accused of failing to disclose activity
that later proves questionable.
Increasing encroachment
against financial privacy like this Fincen move "raises concerns as to
whether people could find their information in a file as a potential
terrorist suspect without having the appropriate predicate for that and
find themselves potentially falsely accused," Sharon Bradford Franklin,
senior counsel for the Rule of Law Program at the Constitution Project,
told Reuters.
One protection from becoming scooped up in a fishing
expedition and being falsely accused is the use of virtual or
alternative currencies. But this week, Fincen issued guidance on virtual currencies and regulatory responsibilities.
Clarifying
circumstances where the "money transmitter" definition applies under
the law, Fincen classified de-centralized virtual currency as a
convertible virtual currency that has no central repository and no
single administrator, and that persons may obtain by their own computing
or manufacturing effort. Although bitcoin was not singled out by name,
the guidance appears directed at cryptocurrencies that operate in a
peer-to-peer, distributed fashion such as Bitcoin.
The primary
impact of the likely tighter compliance will be felt by the
bitcoin-to-fiat exchanges operating in the U.S. and this will lead to
jurisdictional competition, as seen in online casino gambling where the
more entrepreneurial jurisdictions rose to dominance by embracing the
technology early and not overregulating.
Almost serendipitously,
discussions about adding privacy extensions to the Bitcoin cryptographic
money protocol have been increasing lately.
Bitcoin is
nonpolitical money and it falls outside the scope of reporting financial
institutions. Since bitcoin does not provide user and transactional
privacy by default, multiple bitcoin wallets and Tor, a client software
and volunteer server network that enables online anonymity, can enhance
privacy without modification to the core Bitcoin code. Nonetheless,
code-modifying proposals for augmenting Bitcoin privacy have been
introduced. One idea calls for automatic mixing techniques, which would
periodically give all users the opportunity to shuffle coins among
one another, making the money harder to trace without implicating
individuals. Another concept is "coin control," a method for users to
select which of their wallet’s multiple addresses to use as the "from
address" (currently picked somewhat randomly by the client software).
Various proposals for improving bitcoin privacy include "Patching The Bitcoin Client" (2011), "Automatic Coin Mixing" (2012), "Coin Control" (2012), and "Yet Another Coin Control Release" (2013).
Also,
a recent cryptographic bitcoin privacy extension submitted by
researchers from The Johns Hopkins University was accepted for
presentation to the IEEE Symposium on Security & Privacy in Oakland, Calif. The paper Zerocoin: Anonymous Distributed E-Cash from Bitcoin will be introduced on day two of the May conference.
Having received a preliminary copy of the academic paper, I interviewed Hopkins research professor Matthew Green about some of the details of Zerocoin.
Operating as a decentralized layer of anonymous cash on top of the
existing Bitcoin network, "Zerocoin creates an 'escrow pool' of
bitcoins, which users can contribute to and then later redeem from,"
Green explained. Users receive different coins than they put in (though
the same amount) and there is no entity that can trace your transactions
or steal your money. "Unlike previous e-cash schemes, this whole
process requires no trusted party. As long as all the nodes in the
network support the Zerocoin protocol, the system works in a fully
distributed fashion," added Green.
Zerocoin developers are
working on improved efficiency because implementation is impractical
today given the space constraints of the “blocks” that make up the
Bitcoin public ledger. "For one thing, the transactions are very large
(40kb to spend a coin)," Green said. "While this isn't the end of the
world – and bandwidth is always increasing – supporting these would put
quite a strain on the block chain."
When I asked Green about
the possibility of a "back door" for law enforcement that had been
floated recently, he clarified, "The back door isn't part of Zerocoin.
There's absolutely no need for it, and building one in would take
significant additional effort. In fact, we only mentioned it as a brief
note in the conclusion of our paper, mostly to motivate future research
work."
If someone did try to build a back door for any reason, the open source Zerocoin would quickly become Zero-adoption.
ZeroCoin sounds like a one-shot OpenTransactions: It enables anonymous transactions, but only works with Bitcoin.
ReplyDeleteThe ZeroCoin devs should spend their time on OT instead. They could still make a currency backed by Bitcoins that enables anonymous transactions, but it would have the added benefit of improving OT. And unlike ZeroCoin, OT would still be functional if the Bitcoin network dies.