How Financial Surveillance Threatens Our Democracies: Part 1
Authored by Alexandre Stachtchenko via Bitcoin Magazine,
When they descended into coal mines, miners would take a caged canary with them.
The toxic gasses, notably carbon monoxide, that accumulate in these places and pose a deadly risk to miners, would kill the canaries before the miners.
This information made them aware of the danger, enabling them to evacuate before it was too late.
On May 14, 2024, Alexey Pertsev, a software developer who built an open-source tool to preserve online privacy, was found guilty of money laundering and sentenced to more than 5 years in prison by a Dutch court.
In the court’s decision, the following can be read:
“The tool developed by the suspect and his co-authors combines maximum anonymity and optimal concealment techniques with a serious lack of identification functionalities. Therefore, the tool cannot be characterized as a legitimate tool that has been inadvertently used by criminals. By its nature and operation, the tool is specifically intended for criminals.”
Seeking to preserve one’s privacy is thus at worst proof of criminality, at best complicity in a crime. A threshold has been crossed.
Unfortunately, it is likely that this case will generate little empathy and interest, as the person involved worked in the crypto industry, and the tool developed, Tornado Cash, was intended to preserve transaction confidentiality.
However, it would be a grave mistake to consider this an isolated incident limited to a fledgling industry for which the public has little affection.
This is our canary in the coal mine.
It has stopped singing and is dying. If we do not react, all the miners will perish. Cryptos are an early and glaring revealer of an insidious phenomenon that has been eroding our liberal democracies for about thirty years and is reaching a point of no return.
Despite the lack of evidence of their effectiveness, financial surveillance measures continue to be regularly reinforced, defying all democratic rules and requirements: the primacy of secrecy, freedom as a norm, the principle of proportionality of rights limitations, technological neutrality, presumption of innocence… Preemptive control prior to any offense becomes the norm, the enforcement of law becomes selective and arbitrary, bank account closures take on the appearance of censorship and financial suffocation, and property rights are reduced to a mere shadow.
The fight against money laundering and terrorist financing has degenerated into collective hysteria worthy of authoritarian or even totalitarian regimes, to the point of criminalizing a fundamental and constitutional right: privacy. The famous American computer engineer Phil Zimmermann warned us in 1991: “if privacy is outlawed, only outlaws will have privacy.”
Far from being a “crypto” issue, this shift away from liberal democracy concerns everyone. There are numerous examples in regimes known for their democracy, spanning from India to the United Kingdom, and from Canada to France.
Note: If the crypto part does not interest you, you can proceed directly to part II.
I. LESSONS FROM THE CANARY
1. THE UNITED STATES INVOLVES ITSELF
Less than a year ago, the arrest of the Tornado Cash developers had already legitimately caused quite a stir. But the scope of the case, limited to the crypto world, perceived as a den of terrorists and money launderers, had quickly confined the indignation to a small group of insiders.
In April 2024, American and European public authorities, emboldened by this success, continued to move forward in a worrying direction.
Several events occurred almost simultaneously. The arrest of the developers of the Bitcoin wallet developers of Samourai Wallet, by the FBI in cooperation with the IRS (the American tax authority), with the guilty cooperation of European authorities, kicked things off. Their crime would be to have “conspired to launder money” and to have “operated an unlicensed money transfer business”. They face 20 years’ imprisonment for the first charge and 5 years for the second. By comparison, the maximum irreducible life sentence in France is 30 years.
Following this was an FBI notice urging all Americans not to use “money transmitting businesses” that do not collect their identity and are not registered. And the Federal Bureau continued by threatening to freeze all funds that had been mixed with funds obtained through illegal means.
To better understand the absurdity of such an announcement by the FBI, let us transpose the reasoning into the physical world, and highlight two major issues.
The first concerns the accusation of operating an unlicensed money transfer business.
Samourai Wallet is a company that provides Bitcoin wallets with enhanced transaction privacy. It does not operate transactions on behalf of its clients; it provides the wallet software. In the physical world, their equivalent would be a leather craftsman who crafts leather wallets enabling their users to store cash. He facilitates cash management but has no say in how the wallet owners spend their cash.
Here, the U.S. federal services conflate and lump together a large bank that operates transactions on behalf of its clients and a leather craftsman, holding the latter responsible for how his clients use their cash.
How far can we go with this line of reasoning? To ATMs? To the people at the Central Bank who print these bills? To the lumberjacks who produce the wood used for the paper of the bills?
Similarly, should we hold a carpenter responsible for what his clients decide to put in the furniture they make? Or an architect if the house they build ends up being used for drug trafficking?
It quickly becomes apparent that this conflation is completely absurd. A wallet creator is not responsible for what the wallet owner decides to do with the money stored in it. Being part of the cash or cash storage value chain should in no way imply responsibility for its final use, as there is no limit to this reasoning.
This question was actually raised 20 years ago regarding peer-to-peer exchanges, which allow multiple people to exchange information directly in a decentralized manner. This communication protocol and the software that enable it are sometimes used to commit offenses, particularly against intellectual property rights. However, despite attempts to criminalize the tool itself4, European5 and American6 courts have ruled in favor of technological neutrality, stating that the software in question allows both legal and illegal exchanges and that their providers are not responsible for the use made by third parties. The case law then focused on the responsibility of each individual involved in a potentially illegal activity, acquitting some individuals due to lack of evidence of their criminal intent7. These judicial solutions are obviously in line with the normal exercise of fundamental rights.
The second issue lies in the threat of fund blocking.
Freezing any money mixed with funds obtained through illegal means would be equivalent to arresting anyone whose bills, whether in their leather wallet or pocket, have passed through the wrong hands.
In 2009, a university study covered by CNN showed that 90% of American dollar bills carry traces of cocaine, and up to 100% in some major cities. This helps us better understand the absurdity of the FBI’s threat: almost all the cash in the world has already passed through the wrong hands. Should all cash holders be imprisoned? Of course not.
Following these absurd coercive actions, on 26 April 2024, the United States Attorney for the Southern District of New York published the government’s rationale against Roman Storm, the lead developer of the privacy software Tornado Cash. The author insists, considering Tornado Cash as a “money transmitting business.”
According to this argument, “the definition of “money transmitting” in Section 1960 does not require the money transmitter to have ‘control’ of the funds being transferred. […] For instance, a USB cable transfers data from one device to another […].”
A very broad definition of a “money transmitting business” that would even include USB cables, according to their own admission. At this rate, the question will soon become “who is not a money transmitter?”
Here, the DOJ (Department of Justice) is so ambitious that it goes against the guidelines provided by FinCen (Financial Crime Enforcement Network, a bureau of the U.S. Treasury Department). In other words, the U.S. government does not agree with itself, which indicates a certain uneasiness.
In 2013, FinCen explained that software developers were not “money transmitters” (“The production and distribution of software, in and of itself, does not constitute acceptance and transmission of value, even if the purpose of the software is to facilitate the sale of virtual currency.”).
In 2019, following an inquiry regarding certain programmable features on Bitcoin (Time-locked and multi-signature), FinCen reiterated that the partial control that could be exercised by wallet developers was not sufficient to qualify them as “money transmitters” (“the person participating in the transaction to provide additional validation at the request of the owner does not have totally independent control over the value.”).
2. EUROPE AT THE FOREFRONT OF AN ILLIBERAL SHIFT
Beyond the opportunistic qualifications of various parties and to return more simply to the way the law should be applied in a liberal democracy, let’s recall that cryptocurrency transfers are transfers of electronic communications according to the definition provided by European Union law.
Moreover, cryptocurrencies like Bitcoin or Ethereum allow for the exchange of communications that can be qualified as correspondences (the possibilities of exchange are not limited to monetary units). Electronic communications are protected by the right to privacy and personal data protection, and a limitation such as lifting confidentiality or blocking can only be justified if it is necessary for the effective pursuit of a defined objective, in a strictly proportionate manner, particularly in the case of a proven offense and personally committed by the individual whose communication is limited.
The Court of Justice of the European Union has also ruled in this sense, considering that the systematic analysis of communications, even when possible, infringes on the fundamental right to the protection of users’ personal data, in violation of the Charter of Fundamental Rights of the European Union. The Court specifies that an injunction to block communications that does not distinguish “between illegal and legal content […] could result in the blocking of communications with legal content” and thus infringe on the freedom of expression and communication. Regarding cryptocurrency transfers, we can also invoke an infringement on the right to property.
It is therefore inconceivable, in a liberal democracy, to ask a private actor to block transactions or other types of communications without being certain of their illegality.
We can note another convenient schizophrenia on the part of the American authorities, which Lyn Alden aptly summarizes by referring to “Schrödinger’s Currency”: Bitcoin is considered as a currency only when it allows for the prosecution of individuals. The rest of the time, it is a speculative tool to which this qualification is denied. Indeed, to apply the definition of “money transmitter,” it is necessary to consider that what is being transmitted (bitcoins) is indeed money. To the point that the government argues that “Bitcoin clearly qualifies as money” in order to prosecute Roman Storm.
Europe regularly engages in this distortion as well, as I had already shown in the justification invoked to include “crypto-assets” in the TFR regulation. Cryptos have indeed appeared in a text that previously targeted exclusively “banknotes and coins, scriptural money, and electronic money.” But to say that Bitcoin is a currency…
Moreover, in Europe, coincidentally, a new regulation was voted on April 25 imposing new financial constraints, still with the laudable objective of combating money laundering.
Among the constraints, we can particularly note a €10,000 cash payment limit across Europe, but also the requirement for digital asset service providers (DASPs) to collect even more information about their clients, including for transactions under €1,000, and for personal wallets, known as “self-custodial,” “self-hosted,” or “un-hosted,” i.e., not managed by a financial intermediary on behalf of third parties. The leather wallets of the digital world.
A small digression into Newspeak here: by imposing the terminology “self-hosted” or “un-hosted,” regulators and legislators are trying to enforce the view that third-party custody is the norm, and self-custody is the exception. This is obviously a dangerous and insidious view, suggesting that wanting to keep one’s own money is suspicious, even though it is part of the normal exercise of freedoms. There are no “un-hosted” or “self-hosted” wallets. There are just wallets, period. And there are third parties who hold wallets on behalf of others.
Returning to the text, let’s casually note that it is particularly precise and imposes know-your-customer (KYC) requirements for transactions under €1,000 only on DASPs, exempting banks and other financial institutions, which handle far larger volumes than DASPs. The proportionality of this amount and this discrimination is not justified.
In addition, there is a ban on supporting enhanced privacy cryptocurrencies. Let us recall here that historical commodity monies (gold, silver, copper, bones, etc.) are anonymous, as is still cash today. The ban is therefore inequitable and strikes under the pretext of its electronic nature. It is again unjustified, although it unacceptably hinders the normal exercise of a freedom since we are talking about its outright extinction (such a disproportion is not admitted by the European Court of Human Rights).
As previously mentioned, all these actions are extremely problematic in several respects.
First, because these constraints are based on no rational reasoning or relevant justification and are simply the result of paranoia related to cryptos, coupled with a KYC model (Know Your Customer, the customer identification processes imposed on financial institutions) that has been elevated to a religion despite the lack of convincing results over several decades. Second, because they disregard the requirements for the protection of fundamental freedoms on which the European Union was built and to which it is subject. Third, because they are counterproductive, meaning they create new threats, the consequences of which are increasingly severe.
3. AN UNFOUNDED PARANOIA
Nearly all texts dealing with the “necessary” regulation of “crypto-assets” have abandoned scientific and legal rigor to the point of never proving the initial assertion from which their reasoning starts: “cryptos are a good means to facilitate money laundering.”
To appreciate this, one only needs to analyze all the texts on the subject issued in recent years. This is an exercise I have already done for the TFR text. Indeed, in the “proportionality” paragraph of the proposed amendment to the regulation, there is a small phrase indicating that, according to the opinion of EU surveillance authorities, “specific” risk-increasing factors have been identified concerning cryptos.
Why is proportionality an extremely important principle in a state governed by the rule of law?
Because the adequacy of a legislative standard or instrument to the pursued objective, i.e., the balance between the infringement on a right and the general interest, is absolutely crucial to avoid authoritarian and liberty-infringing drifts. One cannot hide behind an objective, however commendable, to impose disproportionate restrictions on rights.
For example, one might think that by installing a policeman in everyone’s home, crime would be reduced. The objective may be considered laudable, but the individual rights that would be compromised in the process represent an unacceptable reduction in freedoms. Thus, society decides to tolerate potentially higher crime rates (subject to the risks to freedoms generated by surveillance itself) in order to preserve the rule of law and fundamental freedoms, without which democracy cannot exist.
Conversely, the prohibition of alcohol while driving is a restriction that can be considered proportionate: alcohol consumption is not prohibited, but it is prohibited in situations where its consumption is systematically dangerous for oneself and others. The impacts of such legislation can be monitored by observing the number of accidents, for example. A right has been restricted, certainly, but the general interest prevails since the effectiveness of the measure in relation to an important objective (the preservation of life) can be demonstrated, and the infringement on rights is minimized by limiting the restrictions as much as possible.
In a liberal democracy, freedom is the norm and constraints the exception. It is up to the state, when it wishes to restrict a freedom, to demonstrate that it does not go further than necessary to achieve its objective and that this objective is effectively achieved. Furthermore, the state is obliged to adopt norms to ensure that all persons and institutions, both public and private, respect this rule.
In the case at hand (money laundering and terrorist financing), and despite the assertion that “supervisory authorities have identified specific risk factors,” when one plays the detective wishing to trace back to the source, one realizes that the opinion in question, dating from 2019, itself admits that the so-called “competent authorities” do not have the “knowledge and understanding of these products and assets, which prevents them from carrying out a proper impact assessment.”
It also deflects by referring to another opinion (sic) from the European Banking Authority, which dates back to… 2014. In this “original” opinion, we find a rather laconic analysis: “the phenomenon of Virtual Currencies being assessed has not existed for a sufficient amount of time for there to be quantitative evidence available of the existing risks, nor is this of the quality required for a robust ranking.”
In other words, the TFR regulation, imposing monitoring of all crypto transfers from one provider to another, was built on the basis of two reports. One report stated that there was no evidence to qualify or quantify the risks, while the other admitted that competent authorities lacked the knowledge and understanding to conduct an analysis.
Therefore, concluding the paragraph on the “proportionality” of the TFR regulation by stating that “In accordance with the principle of Proportionality as set out in Article 5 of the Treaty on European Union (TEU), this regulation does not exceed what is necessary to achieve its objectives” is questionable at best. Since the risks are not assessed, it seems difficult to characterize the restriction of rights as “proportionate.”
In his fight against FINMA, Alexis Roussel made the same observation for Switzerland. The Swiss National Risk Assessment (NRA) of 201822 regarding money laundering risks in crypto indicates, from its very first sentence, that no cases of terrorism financing related to crypto have been identified, and only rare cases of money laundering. However, the subsequent statement recommends classifying these assets as “high-risk” by their very nature. Specifically, this means that a crypto transaction, even of €10, carries the same level of risk as a €100,000 transfer to an account in Russia. This equivalence is established without democratic processes in Switzerland and without any evidence.
The 2024 NRA23 does not seem to have made much progress and still admits to lacking data to assess risks.
We can clearly see a pattern emerge: anti-money laundering regulations and increasingly stringent data collection requirements are imposed without legitimate basis or factual data to justify their implementation.
A more comprehensive overview has been provided by L0la L33tz in Bitcoin Magazine24, allowing us to supplement this inventory of breaches of the most basic rigor in Europe, as well as by sister institutions of Bretton-Woods, the IMF, and the World Bank, which are true compasses for global decision-makers.
For example, in 2023, the annual report for 2021 from the European Union’s FSRB (the European branch of the Financial Action Task Force, FATF)25, an intergovernmental group established in 1989 to combat money laundering and terrorism financing, was released.
The report begins with the following quote: “It is well known that money launderers have abused cryptocurrencies, initially to transfer and conceal profits generated from drug trafficking. Nowadays, their methods are becoming increasingly sophisticated and on a larger scale.”
Unfortunately, starting an argument with “it is well known” reads the same as an essay that begins with “Throughout history, mankind”: it does not exude the rigor of thorough research.
The report itself admits that a study will be dedicated in 2022 to analyzing money laundering trends in cryptocurrencies, suggesting that it did not exist at the time of writing the report, asserting as an obvious truth what had never been studied.
This report dedicated to the study of money laundering trends in cryptocurrencies has indeed been published26, but it focuses not on the phenomenon itself but rather on the analysis of the implementation of regulations. Regulations that, it is worth noting, are based on unproven money laundering.
Regarding the study of facts and the field, the report interestingly notes that the risk assessment “lacks depth.” It also observes that the majority of regulators lack the tools and expertise necessary to effectively analyze and investigate cases of money laundering and terrorism financing related to “virtual assets.”
The study also takes the same shortcut as the aforementioned Swiss analysis: finding very few cases of money laundering involving virtual assets, it prefers to conclude that it is because more regulation is needed, rather than considering that money laundering is not overrepresented in these assets.
As for the IMF, it’s no better: the latest report on public policies related to crypto-assets (September 2023)27 points out the lack of data on money laundering and terrorism financing risks, stating that “such impacts have not been specifically studied in relation to crypto-assets.”
The IMF’s Global Financial Stability Report for 202428 relies on Chainalysis figures and proposes the figure of $1.1 billion received in cryptocurrencies for ransomware globally, which is less than 0.07% of the crypto market capitalization.
The IMF’s twin institution, the World Bank, does not significantly differ from the aforementioned views. In a 2023 report the institution indicates that the issue of “Virtual Assets” was not addressed in the Risk Assessment and calls on public authorities and companies to provide more data regarding these assets.
In its money laundering-related publications for 2020 and 2022 the World Bank simply makes no mention of cryptocurrencies. In its articles on crypto adoption, the World Bank merely sidesteps the issue by redirecting to FATF papers.
We have come full circle: reports cite each other, asking for more clarity on the figures, but nobody ever conducts the study itself. We rely on FATF, an unelected body, not subject to the rules of a respectable democracy, especially regarding proportionality, as I mentioned earlier.
The objective is no longer to allow a proportionate fight against money laundering but to raise the standards of controls every year, forgetting the reason why these controls were implemented in the first place.
Moreover, financial institutions use the term “compliance” to emphasize the fact that they comply with the expected control standards. The objectives of efficiency and proportionality are no longer at stake. There is no doubt that if FATF recommended putting a policeman behind every computer, legislators would rush to transpose this “best practice” into law…
It’s not even hidden. In the regulation voted on April 24 by the European Union34, the justification for imposing new standards on crypto companies is absolutely not focused on combating money laundering and its effectiveness. Indeed, since MiCA has not even entered into force yet, and the adaptation of the TFR text to cryptos is very recent, how could we conduct a posteriori analysis of the effectiveness of measures that have not yet had an effect and possibly judge that they need to be strengthened?
The reasoning behind the strengthening of controls is in fact much simpler: “Due to rapid technological developments and the advancement in FATF standards, it is necessary to review that approach.”
It is not the evolution of the threat, its assessment, the means used by criminals, or the results of a study, etc., but rather the advancement in FATF standards that leads Europe to align itself.
And the next steps are already laid out: “At the same time, advances in innovation, such as the development of the metaverse, provide new avenues for the perpetration of crimes and for the laundering of their proceeds.”
While the most popular metaverses are still in the experimental stage and barely see a few hundred people connecting simultaneously, and as the hype subsides, they are already being talked about as nothing less than “avenues” for money laundering.
If you’re looking for numbers and analyses, look elsewhere. The imposition of additional surveillance standards relies more on beliefs and perceptions than on facts because no one dares to oppose as a policymaker, risking being equated with a supporter of terrorism or money laundering. It’s therefore a genuine religion, one that becomes almost impossible to question at its core.
The digital transition has been greatly beneficial for states: with the need to be banked to take advantage of financial globalization, leading to the omnipresence of banks, the number of potential targets to monitor has drastically diminished, until it ended up concerning only a handful of banks. The transition from a world in which everyone held their cash at home to one where, at least in the OECD, banking is the norm, entails an inevitable financial intermediation.
In this regard, Bitcoin was a huge wake-up call because it signifies that the entire financial regulation of the past 30 years is obsolete, as it is based on an assumption that is no longer valid, namely the need for a financial intermediary to conduct transactions in the digital world.
In tomorrow’s world where companies will make wallet-to-wallet payments, who will perform KYC? Will we only realize the absurdity of the model when half the planet is working to monitor the other half?
Bitcoin shakes the very foundations of anti-money laundering efforts. And rather than questioning the regulation and its relevance, both in terms of effectiveness and in terms of respect for fundamental freedoms, we prefer the path of blindness, which leads to restricting the use of a technologically neutral tool by arbitrarily impeding innovation, the right to property, and the protection of exchange confidentiality, the importance of which for democracy, notably through encryption of exchanges, has recently been reaffirmed by the European Court of Human Rights35.
Bitcoin is a canary in the mine. A signal that something is slipping away from us, not concerning cryptocurrencies, but concerning the fundamental freedoms of all citizens, threatened by financial surveillance.
Tyler Durden
Tue, 07/02/2024 – 23:00
Share This Article
Choose Your Platform: Facebook Twitter Linkedin