Privacy –vs– Anonymity

My friend and business partner, Manny Perez holds elective office. As New York State politicians go, he is an all around decent guy! The first things colleagues and constituents notice about him is that he is ethical, principled, has a backbone, and is compassionate for the causes he believes in.

Manny wears other hats. In one role, he guides an ocean freighter as  founder and co-director of CRYPSA, the Cryptocurrency Standards Association. Manny-guitar-sWith the possible exceptions of Satoshi Nakamoto and Andreas Antonopoulos, Manny knows more about Bitcoin than anyone.

But Manny and I differ on the role of privacy and anonymity in financial dealings. While he is a privacy advocate, Manny sees anonymity —and especially civilian tools of anonymity—as a separate and potentially illegal concept. He is uneasy about even discussing the use of intentionally architected anonymity in any financial or communications network. He fears that our phone conversation may be parsed (I agree) and trigger a human review (I agree) and that it could be construed as evidence of promoting illegal technology. This is where we differ… I agree, but I don’t care how anyone who is not party to a private conversation construes it! Yet, I see anonymity as either synonymous with privacy or at least a constituent component. You can’t have one without the other.

Manny was raised in Venezuela, where he was schooled and held is first jobs. He was involved in the energy industry. He acknowledges that experience with a repressive and graft-prone government, lead to a belief in a more open approach: free markets coupled with a democratic government.

Perhaps this is a key source of our different viewpoints. Manny comes from a repressive land and has come to respect the rules-based structure within his comfort zones of banking, energy and government. He is a certified AML expert (anti-money laundering) and believes strongly in other financial oversight rules, like KYC (Know Your Customer) and RICO (Racketeer Influenced and Corrupt Organizations Act).

Because Manny is appreciative of the opportunity and benefits conveyed by his adoptive country, he may overlook a fact that whispers in the minds of other privacy advocates: That is, we may one day need protection from our own government. After all, who but a conspiracy nut or white supremacist could imagine the US government suppressing its populace. Sure, they engage in a little domestic spying—but if you have nothing to hide, why hide at all?!

This week, Manny posted an open letter to the cryptocurrency community. His organization, CRYPSA is at the intersection of that community with law, technology and politics. His letter addresses privacy, anonymity and transparency, but the title is “How can you report a stolen bitcoin?” For me, the issue is a non-sequitur. You needn’t, you shouldn’t, the reporting superstructure shouldn’t exist, and in a well designed system, you can’t.* More to the point, the imposition of any centralized reporting or recording structure would violate the principles of a decentralized, p2p currency.

To be fair, Manny is not a sheep, blindly falling into line. He is shrewd, independent and very bright. But in response to my exaggerated and one-dimensional Manny, I have assembled some thoughts…

1. Privacy, Anonymity and Crime

Bitcoin pile-sThe debate about Bitcoin serving as a laundering mechanism for cyber-criminals is a red herring. Bitcoin does not significantly advance the art of obfuscation or anonymity. There have long been digital E-golds and stored value debit cards that offer immunity from tracking. They are just as easy to use over the Internet.

Moreover, it’s common for crime or vice to drive the early adoption of new technology, especially technology that ushers in a paradigm shift. The problem with linking Bitcoin to crime is that it drives a related debate on transparency, forensics and government oversight. This is a bad association. Transparency should be exclusively elective, being triggered only after a transaction—if and when one party seeks to prove that a payment was made or has a need to discuss a contractual term.

On the other hand, a good mechanism should render forensic analysis a futile effort if attempted by a 3rd party without consent of the parties to a transaction. We should always resist the temptation to build a “snitch” into our own tools. Such designs ultimately defeat their own purpose. They do not help to control crime—Rather, they encourage an invasive government with its fingers in too many people’s private affairs.

CRYPSA is building tools that allow Bitcoin users to ensure that both parties can uncover a transaction completely, but only a party to the transaction wishes to do so!. For example, a parent making a tuition payment to a college can prove the date, amount and courses associated with that payment; a trucker or salesman with a daily expense account can demonstrate to his employer that a purchase was associated with food and lodging and not with souvenirs. And, of course, a taxpayer under audit can demonstrate whatever he wishes about each receipt or payment.

But in every case, the transaction is opaque (and if properly secured, it is completely anonymous) until the sender or recipient chooses to expose details to scrutiny. I will never accept that anonymity is evil nor evidence of illicit intent. Privacy is a basic tenet of a democracy and a government responsible to its citizens. CRYPSA develops tools of transparency, because commerce, businesses and consumers often need to invoke transparency—and not because any entity demands it of them.

We are not required to place our telephone conversations on a public server for future analysis (even if our government saves the metadata or the complete conversation to its clandestine servers). Likewise, we should not expose our transactions to interlopers, no matter their interest or authority. The data should be private until the data generator decides to make it public.

2. Reporting a Transaction (Why not catalog tainted coins?)

Manny also wants to aid in the serialization and cataloging of tainted funds, much like governments do with mass movement of cash into and out of the banking network. This stems from an earnest desire is to help citizens, and not to spy. For example, it seems reasonable that a mechanism to report the theft of currency should be embedded into Bitcoin technology. Perhaps the stolen funds can be more easily identified if digital coins themselves (or their transaction descendants) are fingered as rogue.

The desire to imbue government with the ability to trace the movement of wealth or corporate assets is a natural one. It is an outgrowth of outdated monetary controls and our comfort with centralized trust-endowed. In fact, it is not even a necessary requirement in levying or enforcing taxes.

Look at it this way…

  1. Bitcoin transactions are irreversible without the identification and cooperation of the original payee (the one who received funds). Of course, identification is not a requisite for making a transaction, any more than identification is required for a cash purchase at a restaurant or a newsstand.
  2. There are all sorts of benefits of both anonymous transactions and secure, irrevocable transactions—or least those that cannot be reversed without the consent of the payee. This is one of the key reasons that Bitcoin is taking off despite the start-up fluctuations in exchange rate.
  3. Regarding the concern that senders occasionally wish to reverse a transaction (it was mistaken, unauthorized, or buyer’s remorse), the effort to report, reverse or rescind a transaction is very definitely barking up the wrong tree!

The solution to improper transactions is actually quite simple.

a) Unauthorized Transactions

Harden the system and educate users. Unauthorized transactions can be prevented BEFORE they happen. Even in the worst case, your money will be safer than paper bills in your back pocket, or even than an account balance at your local bank.

b) Buyer’s Remorse and Mistaken transactions

Buyer beware. Think before you reach for your wallet! Think about what you are buying, from whom, and how you came to know them. And here is something else to think about (issues that are being addressed by CRYPSA)…

i.   Do you trust that the product will be shipped?
ii.  Did you bind your purchase to verifiable terms or conditions?
iii. Is a third party guarantor involved (like Amazon or eBay)?

All of these things are available to Bitcoin buyers, if they only educate themselves. In conclusion, “reporting” transactions that you wish to rescind is a red herring. It goes against a key tenant of cryptocurrency. It is certainly possible that a distributed reverse revocation mechanism can be created and implemented. But if this happens, users will migrate to another platform (call it Bitcoin 2.0).

You cannot dictate oversight, rescission or rules to that which has come about from organic tenacity. Instead, we should focus on implementing tools that help buyers and businesses identify sellers who agree to these extensions up front. This, again, is what CRYPSA is doing. It is championing tools that link a transaction to business standards and to user selective transparency. That is, a transaction is transparent if—and only if— the parties to a transaction agree to play by these rules, and if one of them decides to trigger the transparency. For all other p2p transactions, there is no plan to tame the Wild West. It is what it is.

* When I say that you should not report a stolen coin, I really mean that you should not run to the authorities, because there is nothing that they can do. But this is not completely accurate.

20130529_102314a1. There are mechanisms that can announce your theft back into a web of trust. Such a mechanism is at the heart of the certificate revocation method used by the encryption tool, PGP (Pretty Good Privacy). CRYPSA plans to design a similar user-reporting mechanism to make the cryptocurrency community safer.

2. Authorities should still be alerted to theft or misuse of assets. They can still investigate a crime scene, and follow a money trail in the same way that they do with cash transactions, embezzlement or property theft. They can search for motive and opportunity. They have tools and resources and they are professionals at recovering assets.


 

Disclosure: Just like Manny, I am also a CRYPSA director and acting Co-Chairman. (Cryptocurrency Standards Association). This post reflects my personal opinion on the issue of “reporting” unintended, unauthorized or remorseful transactions. I do not speak for other officers or members.

4 thoughts on “Privacy –vs– Anonymity

  1. Your statement about already existing opportunities to move money anonymously, specifically the mention of prepaid debit cards, got me interested to know more about what you mean, because of an experience that I had. I was curious about prepaid debit cards due to prior professional interest, and I picked up one at a Walmart one day and read the fine print. For this one (green dot) you had to provide all kinds of identifying information to get the card. So I wonder, to really get an untraceable prepaid card, where would you have to go? Somewhere like a title loan/paycheck loan place. I have a pretty significant prejudice against those kinds of places.

  2. Not a comment for the public, really, but you used the word “tenant” when you meant to use “tenet”.

  3. With a little effort, I suspect that you can find a “mixmaster” network for any form of currency or credit. It is to cash what TOR is for data. Your equity or credit is combined with that of many other users and then separated out through a random port. You can then provide the seller or payee with an identifier that proves the “random” payment is from you. For additional security, the payment can arrive as a torrent from multiple locations at once. A properly designed distributed does not rely on trusting any nexus or node.

    But intentionally moving money through a mixmaster is a risky venture. Regulatory agencies (like Fincen in the US), see this as a criminal practice.

    I do not advocate using debit cards in this way. Currently, it is too easily confused with the tools of criminals. Therefore, it attracts attention or breaks laws. However, I believe that money-movement mechanisms are headed in this direction.Eventually, “the law” will be forced to reckon with facts on the ground…

    When privacy becomes ubiquitous, it protects everyone because the act of using secure practices no longer attracts forensic inquiry. If the law takes too long to catch up with reality, it becomes an anachronism. In this case, it is unfeasible to prosecute civilian and commercial activities, because they are both innocent and widespread.

Ellery reads all feedback. 1st comment delayed for moderation