Home
a1icey edited this page Feb 10, 2014
·
9 revisions
[Please note that a lot of similarities exist between cryptocurrencies and we are using the largest one for shorthand. Assumptions: user is geographically located in the US, of above-average technical skill, not conducting a business, and using a wallet on his computer hard drive.]
- Bitcoin is not an anonymous payment system. It is more correctly characterized as a payment system that permits unlimited pseudonymity. Transactions are tracked and verified through the use of a bitcoin address, and every transaction with a bitcoin address is recorded in a public record called the blockchain for all time. The blockchain records the source address, the recipient address, the amount of bitcoin, and the time and date. No centralized mechanism exists to conceal, reverse, or remove these records from the blockchain. You can view the blockchain on http://blockchain.info/.
- This can be considered a provisional pseudonymity. A pseudonym is preserved for all time, and may be linked to an identity any time in the future. The second you link an identity to a bitcoin address, the entire transaction history is visible to every person. Thus, the biggest privacy risk for bitcoin users is the linking of their identity to their bitcoin address.
- Financial privacy was the status quo before computing. However, once electronic transactions emerged, we had to develop a set of principles to protect those electronic transactions. There are two main sources for those principles. A nonprofit group created the Payment Card Industry Data Security Standard which recommends basic data security standards for electronic transactions (https://www.pcisecuritystandards.org/documents/PCI_DSS_v3.pdf). In addition, in 1978 the US added a law called The Right to Financial Privacy (12 U.S.C. §§ 3401 et seq.). This law has exceptions for so many things, including convenience, national security, civil lawsuits and tax compliance, that if you can state any reason for accessing the information, you can get it. (https://epic.org/privacy/rfpa/#Exceptions_to_RFPA) Government agencies are required to comply with the Privacy Act of 1974. It’s important to note that the IRS is also subject to its own set of privacy rules that restrict the sharing of records.
- Why do we allow such extensive government review of financial activity? Most of the time, financial activity is used as a proxy for other illegal acts. Criminalizing money laundering is criminalizing hiding the criminal source of your money. Money may support terrorism, genocide, civil wars, arms trafficking, slave trade, as well as such mundane things like hiding assets during a divorce, embezzlement, or tax evasion. These are objectively bad things. Money may also support drug use, anarchy test cases, illegal immigration, and other fringe activity that may provide social or political progress.
- Preventing the general public from accessing financial records, at the very least, is a normative standard in today's world. We leave it to the user to determine whether their records should be visible to government agencies and private corporations, and for what purpose. Regardless, every time a government agency or private corporation accesses or stores the relationship between an identity and a bitcoin address, it creates an opportunity for the public to access this information. Therefore, we will include these moments in our analysis.
- If all your bitcoin ownership and transactions through that address can be exposed by one place linking your identity to your bitcoin address, we have two choices: blanket, naive trust for all the people who might access or store that information, or attempting to limit where that information is accessed and stored as much as possible.
- Identities are linked to bitcoins at two different points: when they are acquired and when they are spent. It is important to note that there are very few ways to link bitcoin addresses with identities between these two events. Examples include: theft or government investigation of physical hardware, or remote hijacking of the computer to view identity and bitcoin address information (and appropriating said bitcoins, as the case may be).
- It is important to note that bitcoin addresses can be treated as disposable, and if you use a different address for every transaction, this concern is minimized.
- They are linked when the bitcoins are purchased for dollars through an electronic exchange. When a user purchases bitcoins for USD on an electronic exchange, he is obligated to enter in personal identifying information including a social security number, name, street address, signature, and for online verification, a government-issued ID and a second piece of address verification like a utility bill. This is required to be retained for five years by anti-money laundering laws and applies to all exchanges. The Financial Action Task Force on Money Laundering issues international standards adopted by many countries (including via FinCEN in the US). These guidelines have been greatly expanded since 9/11.
- If bitcoins are acquired through mining, they can be indirectly linked to identities by connecting large mining specialty hardware purchases, internet traffic and electricity use to accounts and street address which may be linked to a person.
- Transacting in bitcoin, whether to sell it for dollars, or purchase goods and services, will also require the linking of bitcoin addresses with identities. It will be linked directly to your identity if you use an exchange to sell your bitcoins for dollars, in the same way as if you bought them for dollars described above.
- When you purchase goods and services, you are sending bitcoins directly to the merchant's bitcoin address, and receiving goods in return. In that case, the linking of identities and bitcoin addresses is indirect. In order to purchase physical goods, there may be a mailing address used. Or the person may need to accept the goods in person. This information collection is up to the merchant and is purely for convenience. The merchant is not obligated to retain any information about your personal identity unless they are selling restricted goods and services.
- Tax records: Bitcoin transactions are taxable, so the IRS requires both sellers and buyers in a bitcoin transaction to make filings. The reporting rules do not require the disclosure of bitcoin addresses. They are also required to retain records of the transfer, and this may be interpreted to include not just the value and date of the transaction, but the underlying addresses. The exchanges must report and keep records for four years (IRS Pub. 1220) so the IRS can investigate returns. However, even if the merchants are audited and the customer bitcoin addresses are shown, that will not reveal or associate the address with an identity. Buyers also have to report capital gain from bitcoin transactions but need not attribute the gain to a specific bitcoin address. You do need to retain a matching set of records yourself, which also may include the addresses where you received or sent bitcoins, for at least three years to substantiate your returns in an audit. Both parties have the option of keeping this information by printing it out, if they lack the sophistication to properly protect the data on a hard drive.
We could view the bitcoin world as divided between bitcoins that have never been associated with an identity (darkcoins) and bitcoins that have been linked to identities through the use of service providers with reporting requirements. We might assume the former to be illegal, or used for illegal activity. There are many reasons to police financial activity, but bitcoin presents a special case. For bitcoin users to attain the level of privacy of regular financial activity they have to be cautious about transacting in ways that link their identity to their bitcoin address. This documentation proves that every user who wants privacy in their financial activity should seek to use darkcoins as much as possible.