Crime and cryptocurrency, frauds and fungibility

The recent devastating ransomware attack on Travelex has once again raised the issue of cryptocurrencies, or more specifically Bitcoin, being used for criminal purposes. At the time of writing, my bank (Barclays) as well as other high-street banks including HSBC, Virgin and Tesco Bank, all of whom rely on Travelex for foreign exchange services, are still unable to offer online exchange services or process orders for foreign currency. The company was infected with a “ransomware” virus that encrypted its data — Travelex left critical security weaknesses in the Pulse Secure virtual private network (VPN) servers unpatched for eight months — and the attackers demanded a $6m payment in Bitcoin to decrypt the data.

(Travelex has not disclosed whether it has paid the ransom.)

The scale of the damage here may have been unusual, but the attacks are not. Every single day there is another such story in the media. And while none of us may care that much if financial institutions do not implement appropriate security and have money stolen, there are attacks on hospitals and public services all of the time as well. Perhaps we ought to consider following the lead of Finland. Back in November 2019 more than 200 Finnish municipalities and public organisations had a “war game” co-ordinated by The Population Register Centre to practice their response to possible cyberattacks. I am not an expert, but I imagine that one of the things they learned was to make sure that the IT people install security patches on their computers and to make sure they have backups of their data, but I digress.

Back to the issue of ransoms. Ransomware wouldn’t be much good if the attacker could only be paid by cheques or bank transfers. This is why ransomware and cryptocurrency are a package, although ransomware datanappers are not the only criminal users of the new digital dosh. According to the Daily Mail, the police have seen an “explosion in the use of digital currency by criminals who are strolling into cafes, newsagents and corner shops to dump their ill-gotten gains in virtual currency ATMs”.

Well, let’s not panic. If you look at the actual Bitcoin transactions going on out there in cyberspace, you’ll have to admit that even crime isn’t proving the vehicle for mass market adoption that the more hysterical parts of the media might have made you think. Frankly, if the demand for Bitcoin were all about crime (and not speculation) then it would actually be worth far less than it is today. There just isn’t enough crime. Calculations based on the use of Bitcoin in this sector of the economy put its value at something like one-twentieth of the current price.

Now, I have to say that I think that these kinds of calculations are highly spurious.

First of all, such calculations are often based the value of the global market in illegal drugs. Now, while no-one can be sure of the exact size, this is undoubtedly a vast market. But it is a market that is conducted almost entirely in cash. Were these transactions to be converted to digital money, the sums involved are so vast that it would be almost impossible to create to an AI machine-learning transaction monitoring services to ignore them.

Secondly, I have yet to see any evidence that criminals are adopting Bitcoin at scale for anything else. And the reason for this is obvious: it’s not anonymous enough. Wallet addresses are pseudonyms, and once any of these pseudonyms has been linked to a mundane identity in anyway, the identities can be connected, monitored, tracked and traced. While people often refer to bitcoin as anonymous, it really isn’t. 

Why Bitcoin?

It can be made anonymous, though, right? In the world of bitcoin, smart criminals will use “mixers” or “tumblrs” that jumble together Bitcoins to obfuscate their origin. Well, whatever. If Bitcoin were to be widely used in serious criminal enterprises then the authorities would step in. What if law enforcement agencies go to the biggest miners in the world and tell them that if they continue to confirm easily identifiable mixing transactions, they will be accused of money laundering? As I write, 49% of all of the Bitcoin “power” is in the hands of five Chinese mining pools, so this is not difficult to imagine. Bitcoin’s fungibility means that it has little long-term prospect for criminal enterprise.

Wait! Whatibility?

Fungibility.

Whatever Bitcoin is, it isn’t cash for the inescapable reason that cash is fungible. This matters. Remember that IRS Ruling about Bitcoins being a commodity, so that traders would have to track the buying and selling price of each individual Bitcoin in order to assess their tax liability? No? Here’s a reminder from [CreditSlips]: “For a payments geek, the real lesson from the IRS Bitcoin ruling is that for a currency–or any payment system–to work, its units must be completely fungible”.

Fungible (from the Latin “to enjoy”) is a great word. One of my favourites, in fact. In this context, money, it means that all tokens are the same and can be substituted one for another. You owe me a pound. It doesn’t matter _which_ pound coin that you give me. Any will do. Any pound coin can substitute for any other pound coin because they are all the same: no-one can distinguish one pound coin from another. This isn’t true of Bitcoins. They are all different. and because they are all different, their history can be tracked through the blockchain, its immutable public record of all transactions.

The existence of the blockchain means that clever analysts can set their bots scampering along the chain of transactions to find out where money is coming from and where it is going. While Bitcoin has a media image of secrecy, it has long been understood that blockchain analysis means that it could be surprisingly easy for a law enforcement agency to identify many users of the currency [MIT Technology Review]. So you can what is actually going on at all time. If you want to get a picture of Bitcoin’s role as the currency of crime, a good place to start is the Chainalysis report on “The 2020 State of Crypto Crime”. Chainalysis, founded by Jonathan Levin, have sophisticated tools for cyber currency transaction monitoring and are used by the FBI and such like to track down miscreant moolah.

Bitcoin isn’t fungible (unlike the £50 notes so helpfully provided to the criminal fraternity by – yes, couldn’t make this up and I will call the Daily Mail in the morning – it’s only the Bank of England wouldn’t you know it) which means that the money can be traced from wallet to wallet and that should make it easier for these detectives to get a handle on where the ill-gotten gains are heading. 

The lack of fungibility has major implications for criminals. We have just the English High Court (in the decision of AA v Persons Unknown & Ors, Re Bitcoin [2019]) determine that crypto assets such as Bitcoin are considered to be ‘property’ capable of being the subject of a proprietary injunction against a cryptographic exchange, which was indeed granted. You can see what is going to happen here: the exchange will be required to identity who owns the stolen coins and the owner will then be the subject of legal action to recover them. This owner might be entirely innocent about the origin of the coins and will say that they didn’t know that the Bitcoins they bought are the proceeds of a ransonware attack and may ask to the keep them. But, as the economist J.P. Koning points out, that’s not how property law works. Even if you accidentally come into possession of stolen property then a judge can still force you to give them back to the rightful owner.

(To recap. Bitcoin isn’t cash, because cash is fungible. If we want something to be cash, we need to make it fungible. But do we want cash? I’m always ready to listen to informed views. If you do too, then someone you should listen to is Adam Back. He is a brilliant guy. He has already forgotten more about cryptography than I could conceivably learn from now on if I dedicated the entire rest of my career to the topic. His masterful lecture on “Fungibility, Privacy and Identity” delivered to Bitcoin Israel is well worth 90 minutes of your time. Get a notepad, a cup of tea, packet of fruit shortcakes and fire up the video.)

What happens when they get anonymous on our asses?

This is why ransomware rogues convert their Bitcoins out into something more suited to the less-regulated corners of the economy. The people behind the famous “WannaCry”, which hit more than 300,000 computers in over 150 countries, took their rewards and converted them into Monero, a privacy-focused cryptocurrency that has seen some growth in its popularity over the last year or so. This, in turn, makes me wonder why criminals continue to use a payment mechanism that leaves behind a perpetual record of all transactions that anyone can look it, particularly when there are more private alternatives already in the wild. One such example is Zcash, a cryptocurrency with the added special sauce of genuine anonymity rather than the pseudonymity that, as noted, hampers the exploitation of Bitcoin for nefarious purposes. Transactions remain confidential unless the counterparties reveal their addresses by “selective weakening” of the cryptographic protection. Now, I am sceptical about whether confidential transactions will get much traction in the mass market, but that does not mean that advocates of Zcash do not have a point when they say that “If you start with a perfect electronic cash system building block, then you can build an electronic cash system with selective weakening in a way that makes sense for society” [IEEE Spectrum].

You can understand why, of course. An electronic cash system that is going to offer some forms of privacy must be built on a truly anonymous infrastructure. You can’t do it the other way round. But… a truly anonymous infrastructure provides ample opportunities for mischief and some of this mischief might be of significant harm to society as whole. So what will happen?

In Zcash, there are two types of addresses, “transparent” and “shielded”. The transparent addresses and the amounts sent to and from them show up on the blockchain as they would in bitcoin. But if a user opts to use a shielded address, it will be obscured on the public ledger. And if both the sender and receiver of funds have opted to use shielded addresses, the amount sent will be encrypted as well [American Banker].

(The idea that counterparties can choose whether a transaction is visible or not is interesting and under explored. This reminds of the idea for light transactions and dark transactions that artist Austin Houldsworth put forward and that we presented at the BCS back in 2012!)

Trying to think this through, it seems to me that there is something of a paradox here in our mental transaction models. We want our transactions to be anonymous because we are good people but we want other people’s transactions to be tracked, traced and monitored because they might be criminals. Obviously we don’t want child pornographers and terrorists to have access to anonymous electronic cash but we do want freedom fighters and oppressed minorities to have access to electronic cash.

Hhhmm…..

So how might this paradox be resolved? Well, one option might be to assume that the anonymous cash will be used primarily by criminals and possession of it will be taken to be prima facie evidence of criminality, but not to ban it because free speech trumps crime according to our cultural values. Thus law enforcement resources can be targeted. Remember, in an anonymous world no-one knows you’re a dog but no-one knows that you’re from the FBI either. Hence you could argue that anonymity can actually help law enforcement to carry out old-fashioned police work (and since no-one knows you’re a bot either, I’d assume that the police will have large-scale big data analysis and pattern recognition and machine learning and all sort of other things to help them). It’s not at all clear to me that a terrorist child-pornographer will be any further beyond the reach of the law because their cash is anonymous when their mobile phone location is recorded every 50ms and their face is scanned at every street corner, but I’m open to debate.

In the mass market I can therefore envisage an environment where some kind of anonymous cash is in existence but is never used in its “raw” state, because people, companies and governments will only use the privacy-enhanced layers on top of it. Getting your ransomware cryptocurrency might remain easy, because companies don’t do proper risk analysis and don’t design secure products, but spending that cryptocurrency might become increasingly difficult.