Let’s start with a hypothetical scenario where the ongoing bitcoin adoption as a liberty revolution is hollowed out successively by forced regulatory and mass surveillance measures from a collaborative confederation of states around the world. These actions are leading to massive prevention of privacy tools - both development and implementation within the bitcoin network.
By discussing this above mentioned dystopian gameplay as farsighted as possible we will try to find answers on the following time-dependent subtopics:
- Present: What is the actual status quo of privacy harming measures on the bitcoin network?
- Near-Term (over the next 5 years): Which measures regarding state-issued regulation will come into conflict with privacy-preserving principles of the bitcoin community?
- Long-Term: What are the implications of restricted or no privacy on the bitcoin network on a longer time scale like one decade or more in the future?
Regarding privacy on the bitcoin network, we are currently in a situation where bitcoin is already too big to not attract the attention of regulators worldwide. Governments are starting to recognize that bitcoin is a superior alternative to their central bank-issued fiat money. They argue that “investors must be protected” and that “money laundering, criminal usage, terrorism-financing and tax-evaderism through bitcoin has to be stopped”. Any time regulators are worried about the safety of the average retail investor, harsher privacy harming KYC/AML-measures and proof of funds requirements are just around the corner. This is what is happening right now:
- Centralized platforms (Exchanges, CeFi) are preparing for stricter rules by outsourcing their obligatory KYC-measures to external, specialized processors (like sumsub, persona, etc.).
- Centralized platforms are forming isolated compliance departments internally tasked with applying AML-measures to transactions enabling direct information exchange with governmental institutions.
- Centralized platforms are outsourcing the transaction monitoring to specialized external providers (coinfirm, kyc-chain, etc.) which are using the latest analytics tools (chainalysis etc.).
- Centralized platforms are beginning to tie user data to bitcoin addresses for the surveillance of future transactions.
- So-called DeFi-platforms (which are really just centralized companies behind these types of protocols) are discussing the implementation of identity-gatekeeping to their protocols.
By studying the above examples, it is obvious that government actors want to apply the entire gambit of surveillance measures from the legacy banking system onto bitcoin. Let’s delve deeper into this topic and take a look at what is waiting for us in the next wave of attacks on our privacy.
If the European Union is a good standard for things to come, there is already a proposal within the European parliament for more information on and tracking of transfers of funds and certain crypto-assets. The proposal is especially interesting from a privacy perspective. Additionally, there is another proposal called MiCA, which transforms centralized service providers like centralized exchanges (=CEXes) to vicarious agents of the mass surveillance program presented in the transfer of funds proposal.
This Orwellian pamphlet is showing what awaits us in the near term:
- Travel Rule
The so-called travel rule will include the entire crypto-asset space:
“…which requires on the one hand that originating CASPs obtain and hold required and accurate crypto-assets transfers originator information and required crypto-asset transfers beneficiary information, submit the above information to the beneficiary CASP or financial institution (if any) immediately and securely, and make it available on request to appropriate authorities (i) and, in the other hand, that beneficiary CASPs obtain and hold required originator information and required and accurate beneficiary information on crypto-asset transfers and make it available on request to appropriate authorities…”
This means that all crypto-service providers (including DeFi entities and their protocols) have the obligation to collect comprehensive personal information and transaction data on their users which they are then obligated to hand over upon state authorities’ request.
This also has implications for storing the funds on hardware wallets, logically derived from the travel rule. Before a withdrawal from a centralized platform is possible, the owners of the hardware wallets need to identify themselves via signature and eventually additional KYC methods. In the Netherlands, for example, this proceeding was already common before a court verdict stopped it.
- Scope of Application 1
“… the proposed recast of Regulation (EU) 2015/847 will ensure that all crypto-asset service providers covered by Union law will comply with their information-sharing duties in a harmonised way, remove the need for transposition work in the Member States and facilitate doing business for cross-border entities in the EU. This should also simplify cooperation between supervisors and FIUs due to the reduction in divergences between their rules and practices. These new rules will significantly enhance the monitoring of crypto-assets service providers, and, at the international stage, ensure compliance of the European Union and its Member States with the relevant measures called for in the FATF Recommendations…”
These regulatory measures are applicable to every crypto-service provider doing business in the EU. It is not a stretch to assume a transnational data exchange with all the collected information will follow (as is already the case with CRS and FACTA within the legacy banking system).
- Scope of Application 2
“… the payment service provider of the payer shall, within three working days of receiving a request for information from the payment service provider of the payee or from the intermediary payment service provider, make available the following:
(a) for transfers of funds exceeding EUR 1000, whether those transfers are carried out in a single transaction or in several transactions which appear to be linked, the information on the payer or the payee in accordance with Article 4;
(b) for transfers of funds not exceeding EUR 1000 that do not appear to be linked to other transfers of funds which, together with the transfer in question, exceed EUR 1000, at least:
(i) the names of the payer and of the payee; and
(ii) the payment account numbers of the payer and of the payee or, where Article 4(3) applies, the unique transaction identifier. (…)”
The names of both parties need to be collected on all transactions. Therefore, every single transaction is ultimately surveilled and can be tied to an identity. If the transaction totals to more than 1,000 Euros, then even more detailed personal information must be collected.
Currently, there are no regulations that can be found in this proposal regarding non-custodial mixing services supporting CoinJoin or similar techniques.
Let’s try to draw a conclusion about the coming privacy implications on the bitcoin network for the near term:
It will be nearly impossible (or very costly and difficult) to exchange large amounts of fiat into bitcoin anonymously. Every non-custodial wallet will be tied to your personal identity. Breaking the transaction link via CoinJoin after that still seems possible without fearing legal repercussions – but exchanging bitcoin for fiat money will ultimately destroy this anonymity again. Entering bitcoin and generating/keeping privacy will be a one-way ticket but easy. Government authorities will still know the amount of bitcoin possessed by a person at the very beginning of a transaction history but by using privacy-enhancing techniques, the transactions as a whole can still be made untraceable or very difficult to trace. To cash out smaller amounts anonymously in fiat via decentralized P2P exchanges is still possible but should be avoided without mixed coins, lest the regulatory alarm bells will ring. The general conclusion is that in the near term, especially the fiat on and off-ramps will be targeted to enable complete deanonymization by regulators.
It is not easy to estimate the potential attack vectors beyond 5 years, but the following list should provide possible scenarios and recommendations on ways to foil privacy harming measures on the bitcoin network. Let’s start with the most likely outcomes and digress to the most unlikely and extreme predictions:
- Miners and pools are censoring Bitcoin transactions sent from unknown identities or transactions involving tainted coins.
- Introduction of a property register combined with a comparison of Bitcoin purchases on CEXes. Additionally a mandatory registration of digital assets in that register/threat of high punishment by not following this rule.
- Forbid everyday payments with privacy-preserving, open-source wallets or introduce mandatory usage for government wallets, meaning that every payment is tied to the payer’s identity.
- Founding of transnational organizations funded by governments worldwide, running full AI-supported algorithms to analyze the Bitcoin network in real-time in comparison with all available user data.
These are some scenarios (and certainly not all) that the Bitcoin community may have to deal with long-term.
Let’s argue what would be the best defence strategy for every single point:
1. This topic was getting greater attention when Marathon Digital Holdings, one of the largest active bitcoin mining businesses, claimed to integrate only transactions in blocks mined through their pool only if they are fully compliant with U.S.-regulations. Later they revoked their stance and proclaimed that they will support the bitcoin community and stop censoring transactions (of course after they received a shitstorm). Miners are communicating with pools through standardized protocols. The most used one is Stratum V1. By using this protocol the pool can determine which transactions are included in a block, which makes this kind of censorship of transactions through mining pools possible. This behavior should become obsolete with the new Stratum V2 protocol. Within the new protocol rules, miners can activate an opt-in function, which gives the single miners absolute control as to what transactions they want to include in a block and not the pool. This will lead to further censorship resistance and make behavior like Marathon’s attempt at regulatory compliance obsolete.
2. This is highly connected to the regulatory idea of automatic data exchange, which centralized exchanges will be committed to. The easiest way to enable this is through centralized superstructured governments like the European Union or the USA. The realization might be technically easy, the only way which hopefully prevents a property register is the resistance by the governed – if they recognize the danger of such a powerful surveillance tool.
3. This is already becoming a reality (albeit sloppily implemented) with the Chivo Lightning Wallet, which is used in El Salvador. It is assumed that governments will develop official privacy harming wallets tied to personal identity data and force their usage – otherwise, payments will not be accepted (or technically made unacceptable with mandatory end-devices) by payment receivers in the shape of a company and/or declared illegal with an obligation to report. The way to bypass this is to use an open-source wallet free of spyware - but how long will this be possible for daily payments?
4. This scenario would be the realization of the Orwellian dystopia described in the book “1984”. If there is no development of privacy-enhancing code and tools for the Bitcoin main layer, this could become a situation we should all be fearful of. When we are looking at the advancements on-chain-surveillance-companies make in processing even larger amounts of data in a time-efficient way the value of the taproot integration and of all the privacy-enhancing techniques like CoinJoin, PayJoin and co. will be recognized - as the only way to circumvent total surveillance of our lives in the smallest detail by analysis of all personal transaction data in real-time. Another possibility of bypassing this dystopia is the strong development of sidechains based on ultimate privacy fundamentals like blind signatures, ring confidential transactions, stealth addresses and other technologies.
This article should be taken as a rough outline of the hurdles Bitcoin’s privacy has to overcome over the next few years to establish itself as the global monetary standard providing the fundamental right to privacy for everyone. The described scenarios are only well-informed predictions and are not final enumerations. Nobody knows exactly what additional attacks will come along. However, one thing is certain: the bitcoin network will foil them all.