The anti-money-laundering bill sponsored by Senators Elizabeth Warren (D-Mass.) and Roger Marshall (R-KS) purports to close loopholes in the risk of cryptocurrencies being used for illicit activity that even the Biden administration agrees is small. But the ill-conceived bill is a useful harbinger for the crypto community of a coming conflict between the community’s desire for blockchain privacy and law enforcement’s responsibility for national security.
Warren recently said she was leading an “anti-crypto army,” and her misguided Digital Asset Money Laundering Act tars and feathers cryptocurrencies by unfairly tying them to illegal activities. The reality is that even the Biden administration agrees that illicit crypto use is small – see the recent U.S. Treasury report on “Illicit Finance Risk Assessment of Decentralized Finance,” which found that “illicit activity is a subset of overall activity within the DeFi space.”
Chris Grieco is general counsel at Rain Cards, and a national security fellow at the National Security Institute at George Mason University. He previously worked in the Department of Justice and the White House Counsel’s Office and for the House Judiciary Committee.
The unspoken secret among law enforcement and national security personnel is that they love crypto in its current form. Instead of trying to trace piles of cash, or requesting documents from a traditional financial institution, the blockchain is open for all to follow. Move money from one crypto wallet to the next and it's all traceable and “on-chain.” This is especially true with advanced tracing tools that law enforcement and others are increasingly using such as those at TRM Labs or Chainalysis.
Law enforcement’s posture is likely to change in the near future as private blockchains make tracking and tracing near impossible. Blockchain technologies are evolving and as more use cases emerge the need for financial privacy on the blockchain continues to grow. Americans expect a degree of financial privacy unknown in other parts of the world, with law enforcement requiring various degrees of due process in order to access financial information. This is true even with the generous loopholes of the third-party doctrine, and the modicum of privacy for transactions under $10,000 afforded by the Bank Secrecy Act (BSA). As recent outcries against a potential Federal Reserve-led central bank digital currency have shown, Americans expect to be able to conduct their financial affairs outside the oversight or permission of the government.
As the blockchain becomes a more widely used technology, people are demanding a greater degree of privacy for their transactions. You wouldn’t put your credit card purchases on your Instagram page, and the same logic goes for digital assets. You wouldn’t let the world know what you bought with your crypto wallet if given the option between an open blockchain and a private blockchain. Promising startups companies such as Zcash and Aleo blockchain are building privacy-enhancing features into their offerings – allowing anonymity for blockchain transactions.
But in a world where the blockchain transactions are truly untraceable, the significant anti-money laundering (AML) rules and regulations built up since the 1970s, and the expanded anti-terrorist financing (CFT, or countering the financing of terrorism) processes put in place since the 2000s, may become toothless. The status quo among crypto, law-enforcement and national-security communities will turn into open conflict.
There are inklings that law enforcement is worried about this, but the true reckoning has not yet come. Late last year, the Biden administration sanctioned Tornado Cash, a blockchain mixer which at the most pessimistic view, allowed users to “wash” their crypto with others and withdraw “clean” near-untraceable crypto. The legality of the Treasury Department sanctioning a permissionless computer program is a question left for another day. Astute observers have noted that the Tornado Cash sanctions were much more about fighting the Lazarus Group, the notorious North Korean hacking group who were reportedly frequent users of Tornado Cash, rather than a concerted attack on crypto protocols or the average user. That’s little consolation to Tornado Cash users who can no longer access their money because the Treasury Department has deemed it “tainted” by having gone through the Tornado mixer and require an OFAC license to continue to use the asset. And there are plenty of Web3 developers who saw the Tornado cash enforcement as a direct attack on their work, especially as one of the Tornado Cash developers spent nine months in a Dutch jail and is currently in home detention awaiting trial.
Future privacy-focused blockchain technologies will make privacy the starting point rather than the exception. If everyday purchases are locked behind a cryptographically protected, unbreakable privacy barrier, so too will illicit purchases, terrorist funding and the myriad of dark money supported actors that crypto pessimists like Senator Warren have claimed from the start are the only real use cases for crypto. While this might terrify enforcers who have grown accustomed to having access to traceable blockchain transactions, and have already gone to war with tech companies over warrant-proof encryption, blockchain advocates rightly point out that cash and fiat transactions still have a much higher percentage of illicit transactions than crypto does. Even if this was not the case, Americans still have financial privacy rights that supersede any financial surveillance regime.
The Treasury Department’s actions against Tornado Cash show the coming clash between everyday crypto users and the financial-sanctions apparatus, a problem highlighted but not fully comprehended in the report on ”Illicit Finance Risk Assessment of Decentralized Finance.” In it, the agency notes that “[s]everal virtual-asset industry participants are exploring measures to increase privacy for virtual-asset transactions … [w]hile the U.S. government supports privacy-enhancing technologies that simultaneously allow for or even promote compliance with AML/CFT obligations, the use of non-public blockchains by entities that do not comply with AML/CFT obligations or services that may fall outside current regulations will heighten AML/CFT risks.” But the Treasury Department fails to comprehend that many privacy focused blockchains may fall outside of existing legal authorities for AML/CFT, and extending those rules to privacy-focused blockchains may be technologically difficult, and legally problematic given various constitutional protections.
This coming conflict between on-chain privacy and financial surveillance won’t be easy to solve. Most of the rules and regulations for AML/CFT are built on obligations of centralized intermediaries such as banks and financial institutions. But crypto reduces or completely obviates the need for most financial intermediaries, and requiring a borderless, permissionless and immutable computer program such as a blockchain to follow country-specific laws will present a difficult challenge for global financial enforcers, not just American bureaucrats.
AML and CFT enforcers have become significantly better at international coordination and cooperation in recent years, with the U.S.largely leading the way. But expanded enforcement against privacy focused blockchain technologies is likely to run headfirst into U.S. constitutional objections and further strain the existing legal underpinnings to various parts of the Bank Secrecy Act and the existing AML/CFT regime. As many have already pointed out, it is difficult if not impossible for decentralized finance protocols to abide by the BSA, a point largely glossed over by the recent Treasury report on the topic.
It may take time, but U.S. constitutional protections are a stronger bulwark against financial surveillance than the guarantees offered in most other countries. Perversely, while the Biden administration continues to push blockchain developers overseas with their muddled enforcement and policy decisions, U.S. constitutional law paired with the lead role of the U.S. in the global banking system and AML enforcement may mean that U.S. enforcers, reined in by constitutional protections, offer the best option for privacy focused blockchain technologies over the long run.
While this fight is still a few years away, should policy such as Warren’s proposed legislation get enacted into law, it may very well be the proverbial straw that breaks the BSA camel’s back by accelerating this clash. Enforcing constitutional guarantees against expanded financial surveillance such as Warren’s, either by existing crypto protocols or future privacy focused blockchains, may ultimately require strategic litigation on the part of industry.
The good news is that Warren’s legislation is unlikely to go anywhere, especially in an increasingly politicized crypto environment. But that does not mean that serious national security thinkers and crypto advocates can ignore this growing issue. Industry must wrestle with the idea that bad actors can and will exploit untraceable blockchains in the future, and must continue to offer solutions that protect privacy and national security interests.