There is a growing recognition that Bitcoin is just the first “app” to ride on the blockchain, and that there are endless other possibilities as we seek to maximize the potential of this technology.
In a sense, it’s as if we’ve gone back to the early 1990s, to the earliest days of commercial exploitation of the Internet. Netscape Navigator was still in development. “Google” sounded like a noise a baby makes. Mark Zuckerberg was in grade school. At that stage in the life of the Internet, who could have foreseen Google, Facebook, Twitter, Uber, Airbnb, Expedia, online streaming of movies and TV shows, or many of the other Internet applications that are now part of the fabric of our daily lives?
That’s where we are today with the blockchain – a world of possibilities that most of us can’t even imagine. Fortunately, there are a lot of people who are a lot smarter than me applying their energy and creativity – not to mention their money – to trying to conceive and develop the applications that will make the blockchain a truly transformative force in the years to come.
But for that potential to be realized, it’s critically important that law enforcement be able to go after those who would use Bitcoin and the blockchain for criminal purposes. A stable, secure blockchain that is safe for lawful commerce is good for everyone – except criminals.
Although the blockchain is revolutionary, in a sense it represents just the latest example of law enforcement needing to innovate in response to new technology. Indeed, the Department of Justice and other federal law enforcement agencies have a long history of adapting and evolving in order to pursue criminals who use “new school” technology to commit “old school” crimes. They’ve done it time and time again – from fax machines to pagers to “push to talk” cellphones to email to Skype to mobile devices to Internet-based methods of payment, just to name a few examples, law enforcement has had to evolve as new technology designed for legitimate purposes is used to facilitate criminal activity.
So with that perspective, the challenge for law enforcement here is not unique. What is unique is that we have the opportunity, at this embryonic stage of the blockchain’s development, both to help law enforcement get up the learning curve and to implement other innovations that will help make the blockchain more secure for commerce and less secure for criminals.
As a first step, with all of the attention paid to the difficulties that virtual currencies pose for law enforcement, it’s important to focus on the significant ways that the blockchain is actually helpful to law enforcement.
Why the Blockchain Is Good for Law Enforcement
To be clear, are there aspects of Bitcoin that present challenges to law enforcement? Of course there are. For instance, there is the problem of identifying an individual user from bitcoin addresses, or the need for cooperation from foreign partners who may operate under different regulatory and legal regimes. But I would suggest that these issues are in no way unique to virtual currencies but rather are endemic to crimes facilitated using the Internet.
Indeed, the problem of attribution – often referred to as “putting fingers at the keyboard” – is perhaps the greatest challenge for any investigation of cybercrime, or any other type of crime committing using online means. Every day, agents and prosecutors have to figure out ways to tie a particular IP address or MAC address or even an email address to a particular human being. That process is made harder when that human being uses multiple IP addresses, or proxies, or TOR, or other anonymizing technologies. It also doesn’t help law enforcement with attribution that webmail providers do not have “know your customer” requirements, so they cannot verify the accuracy of user information. The same is true for cellphone companies; indeed, if you go by subscriber records, the most prolific drug dealer during my time as a federal prosecutor may have been “Mickey Mouse,” based on the number of cellphones subscribed under that name. Yet law enforcement agents work tirelessly to overcome those challenges, and the solution often lies in analyzing data from multiple sources to try to zero in on the particular bad actor. Similarly, foreign cooperation is part of everyday life for U.S. law enforcement. Because cybercrime, organized crime, and so many other types of crime are increasingly global, it’s difficult to investigate and prosecute crimes facilitated by online means without the cooperation of foreign counterparts – some of whom are in countries that are not so cooperative.
But Bitcoin and the blockchain provide significant advantages for law enforcement as well. The most obvious is that the blockchain allows one to trace all transactions involving a given bitcoin address, all the way back to the first transaction. That gives law enforcement the records it needs to “follow the money” in a way that would never be possible with cash.
That’s true despite the perceived anonymity of Bitcoin — because reports of Bitcoin’s anonymity are greatly exaggerated. A user’s bitcoin address is just an account number that stays with the user; if you can connect that address to a particular user, you can identify and trace all of the transactions in which that individual has participated using that address. Indeed, if the individual uses an exchange or wallet service as the “on ramp” to the blockchain, then the bitcoin address is essentially about as anonymous as a bank account number, because the exchange or wallet service will maintain records linking the address to a particular identity, much like a bank maintains records establishing the owner of each bank account. Even if you don’t use an exchange to obtain bitcoins, and even if you take advantage of existing methods for enhancing your anonymity, you’re still not truly anonymous, because there are techniques available to help link users to their addresses.
But some of the blockchain’s other advantages for law enforcement are less obvious, including the following:
- The blockchain does not present the problem of data retention. It has been a persistent challenge for law enforcement that phone and Internet providers have inconsistent practices on retaining customer and transaction data. In cybercrime, child exploitation, and numerous other types of cases, it can take months or even years to follow the trail of a sophisticated criminal, involving the service of process on provider after provider, sometimes in different countries, until investigators finally get to the provider whose records will finally identify the suspect – only to find that those records no longer exist. With the blockchain, that’s not an issue – the records aren’t going anywhere.
- The blockchain does not raise “third party doctrine” issues. For the past few years, there has been a vigorous debate over the future of the “third party doctrine,” the legal principle that says that you don’t have a reasonable expectation of privacy in information you voluntarily share with a third party, such as a bank or ISP. The third party doctrine is essentially what makes it possible for law enforcement to obtain bank, ISP, or cellphone records with a subpoena rather than a search warrant. The viability of this doctrine has been called into question by Supreme Court justices and other judges, members of Congress, academics, and privacy advocates, and the outcome of this debate will have a profound impact on the way law enforcement operates. While the third party doctrine may impact the legal process used to obtain records from exchanges, the blockchain itself raises no such issues. Law enforcement has the ability to access the blockchain and trace transaction histories without even a subpoena, let alone a search warrant, because it is public, and freely accessible, by design.
- The blockchain is borderless. Contrary to popular belief, borderless is not a bad word from a law enforcement perspective. That’s always been the case, because when evidence is within another country’s borders, U.S. law enforcement must go through the cumbersome Mutual Legal Assistance Treaty (MLAT) process to seek foreign law enforcement assistance to obtain that evidence. But it’s never been more true than it is today, when DOJ is in the midst of heated litigation with Microsoft over whether DOJ has jurisdiction to use a search warrant to get data held by Microsoft at a data center in Ireland. Microsoft and a who’s who of other providers are arguing that DOJ cannot use a search warrant to get data that a U.S.-based provider chooses to store overseas and instead should be required to go through the MLAT process. That issue never arises with the blockchain, which knows no borders and is available from anywhere, no MLAT required.
If nothing else, the Silk Road case demonstrates that, even at this early stage of Bitcoin adoption, law enforcement has already developed an impressive capacity to analyze and trace transactions using the blockchain. As Jerry Brito first pointed out in this space, the case against Carl Force, the DEA agent accused of stealing bitcoins during the Baltimore phase of the Silk Road investigation, is a great recent illustration of how far law enforcement has come in a short time when it comes to blockchain analysis. One of the exhibits to the affidavit in support of the complaint in that case is a chart showing how law enforcement was able to use the blockchain to follow the money despite Force’s alleged attempts to break up the bitcoins into multiple transactions involving multiple addresses in an effort to disguise their source and destination. And law enforcement is just beginning to get up the learning curve; they will get even better over time, particularly as analytics capabilities improve and new tools are developed.
Why Law Enforcement Is Good for the Blockchain
The overwhelming majority of people who care about Bitcoin are interested in the blockchain’s potential to be transformative and want to see it thrive for legitimate users and uses. For that to happen, Bitcoin cannot become the “currency of criminals”; on the contrary, we must make the blockchain a place where criminals feel less safe and less secure.
For that reason, all of us in the “Bitcoin ecosystem” have a role to play in helping law enforcement continue to advance up its learning curve. One way to do that is by fostering an open dialogue with law enforcement agencies. This can be done in a variety of ways — perhaps through a public-private information-sharing process modeled after similar processes for exchanging cybersecurity threat information, or perhaps through less formal channels. Having this sort of dialogue would provide a mechanism for the Bitcoin community to provide expertise and assistance in response to technical or other challenges faced by law enforcement during investigations.
There will always be unlicensed money remitters – but that was true even before anyone heard of Bitcoin. There will always be people trying to disguise their identities – but that, too, has always been true. And there will always be people seeking to use technology to commit crimes – but that has been true for every technological advance since the telephone, if not before. We will never drive criminals entirely off the blockchain, just like we will never eliminate crime on the Internet. But we can explore innovations that would make the blockchain safer for legitimate commerce but inhospitable for bad actors, and that would allow law enforcement to focus its resources just on those parts of the network where criminals are able to operate despite our best efforts.
Last year, then-Attorney General Holder said that “[t]hose who favor virtual currencies solely for their ability to help mask … illicit conduct should think twice.” He was right on the money – and we all have a shared interest in making sure that those who seek to use the blockchain for criminal purposes do think twice. To that end, we should explore ways to help law enforcement innovate, and to innovate ourselves, so the full potential of the blockchain can be realized in the years to come.
Jason Weinstein is a partner at Steptoe & Johnson LLP, focusing on white-collar criminal defense, government investigations, and privacy and data security matters. Prior to joining Steptoe, he was a longtime federal prosecutor, and Deputy Assistant Attorney General in the Department of Justice’s Criminal Division. Jason is also a member of the Strategic Advisory Board of BitFury.