Anti-Theft Bitcoin Tracking Proposals Divide Bitcoin Community
Published on November 15, 2013 at 16:42 BST
All bitcoin transactions are equal, but, to misquote Orwell, should some bitcoin transactions be more equal than others?
A proposal emerged this week that could please regulators and law enforcers alike, by ‘marking’ bitcoin transactions or addresses to make illicit activities easier to track.
And another proposal from a New York-based startup would increase regulator confidence by tying identities more closely to bitcoin addresses.
The coin marking proposal came from Mike Hearn, the chair of the Bitcoin Foundation’s Law and Policy Committee, who has had a tough day on Reddit.
He was accused of “pushing blacklists behind the scenes” in this Reddit post. The Redditor gained access to a posting that Hearn made on the Bitcoin Foundation’s internal forum, which is only accessible to members, and reposted it.
Hearn wanted to open the debate about marking bitcoins (something which he originally called “redlisting” in the post). But how would that work, and why would people do it?
Bitcoin transactions use inputs and outputs. The outputs from one transaction become the inputs for others, and so on, meaning that you can trace where your inputs came from, through the block chain.
Hearn’s idea is to identify bitcoin outputs that have been stolen or used for criminal activity, and mark them.
If an exchange gets hacked, for example, and the outputs are sent to a specific address, those outputs would be marked. They would remain marked when they were sent to new addresses, even when they were split into smaller outputs.
When a person received an output derived from an earlier output that has been marked, their bitcoin client can be programmed to alert them – even if it happened lots of transactions later.
In spite of the Redditor’s headline, Hearn is deliberately not using the term ‘blacklisting’ because he’s not advocating that any restrictions are put on the bitcoins.
“A marking scheme, such as [the one] I proposed, does not/should not affect the spendability of coins,” he said. “It’s purely informational – kind of like a ‘wanted poster’ for the internet age.”
Core developers debate proposal
Core developer Gregory Maxwell seems to be against marking at all. Indeed, he invented a mechanism designed to increase the privacy of bitcoin transactions, called CoinJoin.
“If you have ‘good’ and ‘bad’ coins, that destroys fungibility, rapidly. Everyone must screen coins they accept or risk being left holding the bag,” he said, in an online post. “Fungibility is an essential property of a money like good and without it the money cannot remove transactional friction.”
Sure, but bitcoin isn’t entirely fungible, Hearn told CoinDesk.
“Bitcoins can’t be forged, but they can be double-spent, in which case you might lose money you accepted,” he said.
“Thus, an unconfirmed transaction with zero fees is somehow not as good as one that is already buried under 1000 blocks. Though technically they’re both bitcoins, one is superior to another.” Or, as Orwell might have said, six confirmations good, zero confirmations bad.
What about mixing services, which take bitcoin outputs and deliberately reroute them from a pool, obfuscating their source?
They represent a technical challenge, admits Hearn, because all of the outputs that pass through them would probably end up marked. But it isn’t insurmountable. A crook’s coins would almost always be marked, he points out.
“Now when the exchange sees an account that receives marked coins 80% of the time instead of 5% of the time, that’s a very strong clue that maybe this guy should be investigated a little closer,” he said.
But core developer Jeff Garzik, too, is against marking. He likens bitcoin to cash.
“Cash today might be marked, such as in a bank robbery with ‘marked bills’, but your average Starbucks or other cash-accepting merchant does not check each bill received against a blacklist. That would be burdensome to individual merchants,” he said.
“We have to resist marking coins as ‘good’ or ‘bad’ at the engineering system level.” Instead, law enforcement can use existing tools such as subpoenas, and seizures on bitcoins, he says (although often with funny results).
Regardless of what people think, shouldn’t discussions like these be played out in public, for everyone to see? The only reason that the community saw this was because someone reposted it.
“One has to keep in mind that the Foundation is a member-driven organization. Anyone is welcome to join and the cost is about 0.9 [note: later corrected to 0.06 BTC] for an annual membership,” pointed out Jinyoung Englund, spokesperson for the Foundation.
“This certainly is not prohibitive. By definition, I believe this actually makes us inclusive.” There are also no rules about sharing with non-members, she points out.
While Hearn seeks to earmark bitcoin transactions, a group of New Yorkers seem to be coming at things from another direction.
Coin Validation working with US regulators
Coin Validation wants to develop processes to verify the identities of those holding specific bitcoin addresses, making those addresses more reliable than others for regulated companies to do business with.
They’re working with Matt Mellon, chair of the New York Republican Party’s Finance Committee, whose family has a long banking lineage. Mellon would likely give a venture like Coin Validation considerable kudos with the regulators and bitcoin businesses on its radar.
The company isn’t giving much away about how it would actually work, other than to say that it isn’t whitelisting. It’s about verification.
“Coin Validation is not involved with making whitelists or blacklists of bitcoin addresses or coins themselves,” said Guo. He has been an important figure in the bitcoin community, being among the first to offer ASIC mining equipment. However, problems with deliveries left many customers out of pocket.
Coin Validator, which describes itself in documents as providing a one-stop compliance suite for AML and KYC, is just collecting legal compliance data, he explained. If a company chooses not to serve a customer based on fraudulent activity reported by a different firm, that would be its prerogative.
“We would like to validate addresses belong to an individual in similar ways that compliance companies verify that a bank account belongs to a specific individual. We are working with regulators to standardize policy,“ continued Guo.
One obvious customer base here would be exchanges. “Verifying source of funds is an important pillar of Anti-Money Laundering practices,” said Ryan Singer, co-founder of still-benched bitcoin exchange Tradehill.
Tradehill recently ran an auction for Guo’s firm, Avalon Asic. That hardware firm will be the first to use Coin Validation’s services, according to Forbes.
“Coin Validation may be taking the first steps to having something to say about verifying sources of bitcoin deposits. I am watching closely,” said Singer. But he’s reserving judgment until he’s seen the demo.
Not all businesses are buying the idea. Just over two miles away from Coin Validation’s offices, Jaron Lukasiewicz is trying his hardest to navigate the regulatory landscape with his new exchange, Coinsetter.
Lukasiewicz could really use trusted bitcoin addresses – he’s even mandating that his US clients use the same addresses for bitcoin deposits and withdrawals. But after considering it, he still won’t be using Coin Validation.
“Despite the hurdles we face, it would be better that identity verification for bitcoin addresses remain decentralized as opposed to giving information to one central for-profit source,” he said. “It would absolutely make it easier for us as Coinsetter, but I don’t see any consumer benefit to it at all.”
Yet like many exchanges, Coinsetter is focused on liquidity. Coin Validation would encourage that by making bitcoin safer for larger players, said Guo. “If regulators express that they are comfortable with bitcoin and bitcoin businesses operating in the US, large entities, who are very wary of legal risk, would enter the market, greatly increasing liquidity.”
What happens now?
These are two different approaches, but both of them seek to make the owners of bitcoin addresses more accountable.
The danger with either of them is that while they may be opt-in and voluntary at the start, we can’t predict what might happen later.
How can we guarantee that regulators won’t begin targeting bitcoin users with new requirements, once such technology platforms exist?
The camel’s nose is a long-understood metaphor, in which a seemingly innocent act can leave people open to more serious, damaging acts later on.
On one hand, those who believe in a completely decentralized currency and are worried about any form of centralized control want to protect itself from that, and are often suspicious of any form of intervention by a central authority.
“There are two very different communities within bitcoin. Will they be able to meet in the middle?”
On the other hand, those trying to build larger businesses based on bitcoin want to work with regulators to avoid punitive measures down the line.
There are two very different communities within bitcoin. The comments about Guo and Coin Validation in this thread illustrate that. Will they be able to meet in the middle?
“It’s a challenge that can be overcome if we set aside the 20% we disagree on and focus on the 80% where we do agree,” argued Englund. “By identifying the priorities and goals we share, we can then develop a productive plan for moving forward together.“