FinCEN’s Proposal of Special Measure Regarding Convertible Virtual Currency Mixing, as a Class of Transactions of Primary Money Laundering Concern would criminalize Bitcoin privacy tools under the suspicion of money laundering. The proposal cites Section 311 of the USA PATRIOT Act, which enables the bulk collection of data by intelligence agencies.

If FinCEN has its way, all regulated entities will have to provide customer data for funds suspected to have interacted with “mixing” tools and services to federal agencies, and could go as far as including the use of the Lightning Network as a reportable act. To understand the motivation for FinCEN’s proposal, we need to look at the relationship between blockchain surveillance firms, intelligence agencies, and the methods informing heuristics to track funds on-chain.

Blockchain surveillance firms use a range of heuristics to track funds on-chain. Some heuristics stem from publicly available, peer-reviewed research, such as the common input ownership or co-spend heuristic, in which it is assumed that all inputs to a transaction are owned by the same person. Other heuristics are less publicly known due to the proprietary nature of blockchain surveillance software. What we do know is that Chainalysis has “developed thousands of other heuristics based off [of] an understanding of idioms of usage in the bitcoin ecosystem”, according to a research paper.

There may be a thousand ways to skin a cat, but if “thousands” of heuristics are necessary to track funds in Bitcoin, we can assume that the processes applied are not necessarily very reliable. This lack of a scientific framework to complete blockchain surveillance tasks is highlighted by the aforementioned paper as well, citing the lack of a “ground-truth dataset for address clusters”.

FinCEN’s proposal is now supposed to come to blockchain surveillance’s rescue, by enabling the bulk feeding of the so-called intelligence heuristic. In the intelligence heuristic, blockchain surveillance firms pair on-chain data with real-world data that is either openly available – such as by sharing addresses via public communication channels – or obtained via service providers. But private information can, at this point, only be obtained lawfully such as via warrants or subpoenas, which require probable cause and constitute lengthy processes. This should currently make the intelligence heuristic a slow and costly one complicated to apply in bulk – a problem FinCEN’s proposal would solve by requiring alleged mixing transactions to be directly reported to the federal government, disregarding the people’s right to protection from arbitrary search and seizures in favor of anti-terrorism legislation.

“You can’t trace funds through a service, because the way that services store and manage funds deposited by users inherently makes further tracing inaccurate,” writes Chainalysis. “Transactions coming into services can’t be connected to transactions leaving services”. By attributing transactions to known entities, blockchain surveillance aims to make funds traceable on-chain – But blockchain surveillance software can’t attribute what it doesn’t know. “Only the exchange itself knows which deposits and withdrawals are associated with specific customers, and that information is kept in the exchange’s order books, which aren’t visible on blockchains or in analysis tools like Reactor.” Without the regulation of privacy tools under the PATRIOT Act and the consequential reporting of user data, a large part of its business would continue to be rooted in suspicion.

The systematic inaccuracy of blockchain surveillance software is, too, reflected in the US government’s own procurement records, showing that departments such as the US Treasury contract not one, but at least two different blockchain surveillance firms for law enforcement purposes, namely Chainalysis Inc. and Elliptic Enterprises Limited. This is because, as illustrated in the case US vs. Sterlingov, different blockchain surveillance providers historically yield different results.

The unreliability of blockchain surveillance software becomes even clearer when investigating the reasoning brought forward to support FinCEN’s proposal, namely that terrorists, such as Gaza’s Hamas, allegedly turn to cryptocurrency for fundraising – a claim that’s been excellently debunked by former US Chamber speechwriter and director of public policy at Riot Platforms Sam Lyman, highlighting that Hamas’ previous crypto fundraisers were, in fact, an absolute disaster, leading to the covert funneling of funds toward the US Government.

But facts don’t stop former IRS investigator and current Elliptic strategic engagement lead Matthew Price from claiming that “using crypto is ‘much easier than smuggling cash over Egypt’s border’”. Chainalysis disagrees, in a statement issued to clarify the widespread misinformation that Hamas allegedly received millions in cryptocurrency leading up to the October 7th attacks: “Given blockchain technology’s inherent transparency and the often public nature of terrorism financing campaigns, cryptocurrency is not an effective solution to finance terrorism at scale”.

We now have three different blockchain surveillance providers all claiming three different things. In the original article, Tel-Aviv based BitOK claims for Hamas to have received over 41 Million USD, while Elliptic claims for the Palestinian Islamic Jihad to have received over 93 Million USD in crypto between 2021 and June this year – numbers which, Chainalysis claims, are “overstated”. Apparently, analysts falsely identified an exchange wallet as a personal wallet.

Since the majority of heuristics and clusters applied lack a scientific basis, there’s no way to know for certain whose numbers are correct. Instead, enforcement agencies must decide whose information to trust – picking and choosing whose “science” fits its story best. Here, proximity to the intelligence apparatus comes in handy. In the past three years, Chainalysis has received at least 3.3 Million USD from InQTel, the venture capital arm of the CIA, while its competitor Elliptic was founded out of a GCHQ accelerator.

The only problem: according to Chainalysis’ own data, less than 1/3rd of funds received by mixers in 2022 were identified as illicit. The majority of funds remain perfectly lawful, while terrorist financing makes up less than a fraction of overall illicit funds identified: “[T]errorism financing is a very small portion of the already very small portion of cryptocurrency transaction volume that is illicit,” says Chainalysis.

Regulating privacy technologies under the PATRIOT Act therefore cannot be justified, as its only purpose is the enabling of total surveillance of otherwise law-abiding citizens via intelligence services while furthering the overreach of blockchain surveillance firms, collectively punishing the people for the actions of a few.

Unfortunately for FinCEN, even with total oversight of all alleged mixing transactions, no proposal can change that a science that is not based on fact is fantasy. 

This is a guest post by L0la L33tz. Opinions expressed are entirely their own and do not necessarily reflect those of BTC Inc or Bitcoin Magazine.

Leave a Reply