DOJ’s Crypto Framework Is ‘a Complete Disaster’ for Digital Privacy Rights
The U.S. Department of Justice’s (DOJ) recent crypto enforcement framework is a threat to digital privacy rights, according to an attorney for the Electronic Frontier Foundation (EFF).
“It was a complete disaster for privacy and anonymity and civil liberties in the cryptocurrency space,” said Marta Belcher, special counsel to the digital rights advocacy group.
The framework, released earlier this month, details the U.S. government’s approach to crimes committed using cryptocurrencies, but also appears to define some broad policy positions on crypto and crypto exchanges more generally. Belcher, who is an attorney with Ropes and Gray and an outside counsel to Protocol Labs, said the framework released earlier this month raises many concerns about privacy rights, pointing to language on peer-to-peer exchanges, mixers/tumblers and “anonymity enhanced cryptocurrencies” (privacy coins).
In Belcher’s view, there are a number of legal concerns with the crypto enforcement framework as laid out by the DOJ’s Cyber Digital Task Force. Language in the framework would appear to have implications for individuals sending cryptocurrencies to one another, as well as exchangers offering transactions as a service.
The enforcement framework even had a section on mixers and tumblers, noting that entities qualifying as money services businesses are subject to the BSA or “similar international regulations.”
The DOJ’s arguments against cryptocurrencies are similar to those made against encryption, another law enforcement boogeyman. The DOJ, alongside other members of the “Five Eyes” intelligence alliance plus India and Japan published a statement calling for backdoor access to encrypted messaging services and other systems last weekend.
The statement reflects law enforcement agencies’ “fundamental discomfort” with any technology that could allow for private interactions, said Jake Chervinsky, general counsel at Compound Finance.
The enforcement framework is “making exactly the same argument you’ve seen being made for decades about encryption,” Belcher told CoinDesk. “These are the exact same arguments that are against encryption and they’re coming from the exact same place as the fight against encryption.”
The intelligence agencies claim backdoors in encrypted protocols and systems would make it easier to identify and prosecute crimes committed using privacy-protecting tools (including cryptocurrencies).
This statement ignores the technical realities of building strong encryption, he noted.
“The Five Eyes [coalition continues] to overlook a few basic points about encryption: first, that strong encryption itself enhances public safety and prevents crime by protecting people and their data; second, that it’s impossible to build backdoors into encrypted systems without creating extraordinary new cybersecurity risks; and third, that cryptography tools are increasingly open-source and can’t be easily cabined or controlled at their request,” he said.
Many cryptocurrency companies and developers, for example, wouldn’t be able to comply with the backdoor requests because of this open sourcing, he said.
According to the DOJ’s crypto framework, a P2P exchanger is considered a money services business, which means it is required to abide by recordkeeping and reporting requirements as defined by the Bank Secrecy Act (BSA) and other regulations if they buy or sell convertible virtual currencies.
The framework defines individual exchangers as individuals who provide crypto transaction services to others, but Belcher believes it could be used to apply to two individuals who just transact between each other – not just individuals acting as service providers.
“Individual exchangers – as well as platforms and websites – that fail to collect and maintain customer or transactional data or maintain an effective AML/CFT program may be subject to civil and criminal penalties,” the framework said, referring to anti-money laundering/combating the financing of terrorism regulations.
The distinction is between “software providers” and “service providers,” Chervinsky said. Software providers, which compose a large part of the crypto industry, deploy decentralized protocols and publish open-source projects that the writers cannot control or modify. Service providers, on the other hand, offer “permissioned, proprietary platforms” that the operators can control.
In Belcher’s view, the crypto framework puts both individuals who write code for peer-to-peer transactions as well as those who use this code at risk for enforcement actions.
“There’s liability on people using these exchanges in order to exchange cryptocurrencies anonymously with others,” she said. “To say I can’t send you cryptocurrency using a script, you and I can’t transact with each other directly in a peer-to-peer way without that data being collected somewhere by a third party is a complete affront to privacy and civil liberty.”
Individuals can easily conduct similar transactions using cash, she said. “No one questions that I can hand you money without there needing to be a written record of that.”
The framework also took aim at privacy coins and other tools to obfuscate transactions, like mixers and tumblers. Belcher said it is wrong to focus on whether privacy coins can be compliant with the BSA and other laws.
Cryptocurrencies could potentially transfer the privacy protections that come from cash transactions and shift them online, she said.
“The thing that is so important for me is that you can transact anonymously and you can take the protections of cash and you can transfer that to the online world,” she said.
“The idea that merely by exercising your right to transact anonymously is indicative of you committing a crime is wrong in my view.”
The U.S. government followed the framework with its first enforcement action against a bitcoin mixer just 11 days later, when the Financial Crimes Enforcement Network (FinCEN) fined Larry Dean Harmon, the alleged operator of a mixer, $60 million for his operations.
However, that particular case doesn’t have major implications for mixing software more generally, said Carlton Fields attorney Andrew Hinkes on Twitter.
“The facts here are egregious and ghastly. A service provider that profits from software that provides money transmission services must comply, must keep records, and must report. Plain as day, and should be obvious by now,” he wrote, pointing to various facts in the case, including the operator’s boasting of transaction privacy for customers, transactions conducted for Iran-affiliated accounts and payments facilitated for at least one child exploitation site.
Chervinsky agreed, noting that Harmon was treated like a service provider, not a software provider.
It’s possible the DOJ’s framework can help contribute to financial censorship, an ongoing issue within the U.S., Belcher said.
Traditional payments giants surveil and censor a number of transactions, including innocuous ones that might upset certain sensibilities.
“There are all these examples of a kinky bookstore or a nonprofit that supports LGBT fiction getting their accounts shut down by Visa and Mastercard, and also famously things like WikiLeaks that then turn to cryptocurrency when they can’t be served by the financial intermediaries that are censoring that,” she said.
These transactions aren’t illegal, Belcher noted.
A cashless society is effectively a surveillance society in this respect, she said.
Actual crimes committed using cryptocurrencies should be prosecuted, and it’s a benefit to the crypto community when they are, she said.
The DOJ report included dozens of examples of crimes that were committed using or at some point touching on cryptocurrencies, including several recent high-profile cases.
However, blaming cryptocurrencies for their use in crimes does not make sense, she said.
“I think they’re missing that cash has always been used to facilitate illegal activity,” she said. “We don’t blame Ford when one of its cars is used as a getaway vehicle in a bank robbery.”