Bitcoin Tracker Chainalysis in Dutch Court as Fight for Data Privacy Gets Hotter
As Facebook, Google, Amazon and Twitter struggle to contain the data collection scandal that only continues to deepen, the cryptocurrency sector has been dragged into the overall debate. Now a Dutch court has allowed the use of controversial blockchain forensics software by Chainalysis in a money laundering prosecution. We take a look at this case, and how it sits on the broader battlefield for your privacy.
For privacy advocates, the social media news is not new. The long list of terms and conditions required for a Facebook or Google account has always been controversial, as it allows the social media giants to collect and track all kinds of personal data while also giving third party applications similar access — for a price.
In essence, every call, message, photo, tag, Like, place you’ve been, group you’ve supported and search you’ve ever made is mined for profit, adding up to a treasure trove of metadata that can be used for a multitude of purposes.
Near-anonymity and privacy of transaction was one of the founding tenets of Bitcoin. While the blockchain allows all transactions to be publicly verified, they are not linked to identities, only addresses, giving users a degree of anonymity that was initially misinterpreted as being foolproof. Now it is widely understood that Bitcoin is only pseudo-anonymous and keeping it that way requires some strategy by individual users.
For governments of the world, being able to freely transact in an anonymous way is anathema to tax collection. The narrative surrounding Bitcoin quickly became about drug dealers, tax evaders and money launderers using an evil software program to commit their dirty deeds.
The Rise of Chainalysis and the Blockchain Forensics Industry
From this, in 2014, Chainalyisis — “the leading provider of Anti-Money Laundering software for Bitcoin” — was born, designed to forensically trace bitcoins through the blockchain and “track, apprehend, and convict money launderers and cyber criminals.”
Often maligned and controversial to many in the community, the company works with Europol and other international law enforcement agencies, such as those in the Netherlands who are using the Chainalysis software against a defendant charged with money laundering.
The unnamed defendant has been accused of acting as a middleman in the sale of bitcoins for cash, advertising his services on P2P trading platform LocalBitcoins. Police say the man would receive BTC from the client, sell them using his personal account on an exchange, withdraw the proceeds to his bank account and then transfer the cash to the client, minus a fee.
The service was meant to provide a measure of anonymity to the client.
The police used a combination of the defendant’s Telegram and Twitter messages to discern the methods used to conduct this service, and once established, they moved onto characterizing the defendant by relating the bitcoins sold to the illicit darkweb drug dealing scene, using Chainalytics to track the ‘tainted’ coins.
It was deduced that over half the coins had been used in darknet purchases only a few ‘hops’ previously.
Validity of Blockchain Evidence Challenged
The case highlights the increasing usage of data analysis in cryptocurrency related cases, but also the first time a defense attorney has challenged the validity of Chainalysis’ evidence.
Ah, finally a case where the defendants lawyer explicitly calls out @chainalysis for being inadmissible evidence due to lack of methodological transparency.
Judge reverses burden of evidence; suspect needs to disprove chainalysis conclusion, somehow… https://t.co/R6QiFMZ3Hj
— Sjors Provoost (@provoost) March 31, 2018
The defense argued that due to the non transparent nature of Chainalysis’s methodology, the evidence may well be flawed and therefore non-admissible in court. They stated that due to this opacity, the defense did not have opportunity to validate or analyze the claims made, or test the program for such things as false positives.
Somewhat controversially, the judge ruled against the defense, stating [translation] “there are other research programs with which the origin of the bitcoins could be investigated. Counsel has not attempted to compare the outcome of Chainalysis with such a different research program … The court therefore assumes the correctness of these results.”
This effectively meant the police could use an unexamined piece of software that no-one other than the prosecution had access to.
It gets worse. Since Chainalysis doesn’t offer a public service, the defense can’t even demonstrate false positives to the judge.
They also don’t disclose their data sources, so can’t rule out inadmissible evidence, based on which suspect could be convicted indirectly.
— Sjors Provoost (@provoost) March 31, 2018
Echoing the social media drama, the use of blockchain analysis tools raises some interesting questions about the legality of the data Chainalysis collects. @nopara73, Bitcoin developer and creator of HiddenWallet, believes that the legality is questionable.
Is blockchain analysis even legal? Private entities are mining metadata on millions of people's financial history, not only without any permission from the users, with users explicitly against it.
— nopara73 (@nopara73) March 31, 2018
While it is clear that many bitcoin users wish to maintain their financial privacy, they do willingly transact on a public blockchain. Using an exchange or wallet service complicates the matter, as users must specifically agree to their terms and conditions.
@nopara mentioned that he has never given Chainalysis permission to collect his wallet provider’s Bloom filter (which enhances privacy) but @paul_btc noted that the issue lies with Bread Wallet and not Chainalysis:
But in light of the European area’s (EUGDPR) changes to privacy and data collection, the rules have now changed and “the conditions for consent have been strengthened … companies will no longer be able to use long illegible terms and conditions full of legalese, as the request for consent must be given in an intelligible and easily accessible form.”
It may only be a matter of time before this is applied to exchanges and wallet providers in the Euro area.
I am thinking recently, it's probably good idea to start sending GDPR letters to blockchain analysis companies after may. At least EU based ones.
— Kristaps Kaupe (@kristapsk) April 1, 2018
Paired with the intrusive social media data collection practices, it seems the battlefield of data collection is heating up. While social media companies claim euphemistically that they only enable the data collection in order to “serve their users” better, the reality is they monetize such a plethora of data as it enables them to charge advertisers a higher rate “per ad” due to the apparent precision with which they can target a preferred demographic.
But the concern is how and where they store such information, and most importantly, who can access it.
‘Home Assistant’ Devices That Spy on You
Recent cases in the U.S. have highlighted the fragile line the collection of data straddles. The 2015 murder of Victor Collins saw police request the data from the Amazon Echo owned by the suspect. The Echo is a “home assistant” device with a microphone that can be keyword activated to follow commands and answer questions.
Amazon fought the police request citing First Amendment and privacy concerns:
“Given the important First Amendment and privacy implications at stake, the warrant should be quashed unless the Court finds that the State has met its heightened burden for compelled production of such materials.”
In this particular case, the defendant agreed for the device to be used, however his lawyer Kathleen Zellner (of Making A Murderer fame), commented that the device had been recording more than it was supposed to, and “It was just extremely sloppy the way the activation occurred.”
But now with the integration of “home assistant” products backed by slick, irreverent advertising campaigns, Google Home, Amazon Echo (Alexa) and Apple HomePod are bound to become ubiquitous in our homes. 22 percent of Americans already use one.
The convenience they provide is tempered however by privacy concerns and the fact that companies such as Amazon, Google and Facebook have lodged patents that go much further than just having the ability to tailor advertising to you.
It’s Spyware and Surveillance, Says Consumer Group
Non profit group Consumer Watchdog commented on the patents, saying “When you read parts of the applications, it’s really clear that this is spyware and a surveillance system meant to serve you up to advertisers.”
Google pushed back on the claims, calling them unfounded and saying that “Prospective product announcements should not necessarily be inferred from our patent applications.”
Facebook is rumoured to have shelved plans to introduce its own offering in this department, in light of the revelation that Cambridge Analytics had allegedly paid a researcher for millions of users’ information. The company claimed the researcher had access to the information for “academic purposes”.
In the U.S., many believe the information helped sway the 2016 elections, handing Donald Trump victory and strengthening the conservative movement’s position in the so-called “Culture Wars”.
The overall trend of harvesting the public’s personal, private information is quickly turning into a social battleground and highlights the extent to which all of our interactions on the web are being logged; liable to be used to construct a profile of us should the need arise.
Bitcoin and cryptocurrencies have not escaped the dragnet, as it seems any past engagement or communication regarding the topic on social media, to adapt a well known phrase, can and will be used against you in a court of law.
Is electronic surveillance going to change the way we live? Please share your thoughts in the comments.
Images via Pixabay, TIME, Chainalysis
Subscribe to the Bitsonline YouTube channel for more great interviews featuring industry insiders & experts