As commerce becomes increasingly global, the financial system grows and digital assets become more ingrained in our lives than ever before, governments and regulators are pushing back with even more restrictions to maintain control over the industry. Some would argue that they have gone too far, or are fighting the wrong battles. In light of the pace of innovation, especially in the cryptocurrency space, where privacy is often mandatory, these distractions are likely to keep them playing catch up and perhaps on the wrong side of history.
In May 2021, the Treasury Department released the Biden administration’s revenue proposals for fiscal year 2022. They include a key requirement that would apply stringent reporting requirements to all business and personal accounts from financial institutions. Specifically the proposal covers, “bank, loan, and investment accounts, with the exception of accounts below a low de minimis gross flow threshold of $600 or fair market value of $600.” In other words, financial institutions will report any flows in and out of business and personal accounts of more than $600 regardless of whether they are based in fiat or cryptocurrency. Then in late October the Treasury offered an additional threshold of more than $10,000 in transfers in a given year.
All of this adds to a restrictive climate towards crypto, especially for ‘privacy coins’, a part of the industry that promotes privacy as its key value proposition. This sentiment has put them under the regulatory microscope and led several exchanges to de-list certain tokens to avoid regulatory ire.
Things are not stopping at US shores either. Internationally, in late October 2021 the global AML agency, the Financial Action Task Force (FATF) released its updated guidance for firms that handle cryptocurrency and virtual assets. The guidance increased transactional reporting requirements for virtual asset service providers (VASPs), which are defined to include a lot more companies than just centralized exchanges.
However, rather than lying down, as governments continue to encroach on financial privacy, the cryptocurrency community is pushing forward with privacy initiatives to safeguard this basic human right. The most recent example came last week when Findora, a privacy-centric blockchain developed by Discreet Labs announced a $100 million ecosystem fund to be used for research, development of new applications, infrastructure such as staking, and liquidity so these platforms and ‘privacy coins’ offer similar levels of utility to more prominent blockchains such as Bitcoin or Ethereum.
Investors are noticing. Many privacy coins have proven to be solid investments in 2021, as several have quietly outperformed bitcoin during this bull market, which bodes well for the industry moving forward.
- Treasury Department & Internal Revenue Service (IRS)
- Financial Action Task Force (FATF)
- New York Department of Financial Services (NYDFS) – Jon Blattmachr (Deputy GC of INX, former Virtual Currency Chief of NYDFS)
- Zcash – Zooko Wilco and Josh Swihart
- Monero – Riccardo Spagni
- Cake Wallet – Vik Sharma
- Findora/Discreet Labs – Warren Paul Anderson
- Secret Foundation – Tor Blair
Contrary to the popular narrative, bitcoin and other cryptocurrencies do not provide a high degree of anonymity or privacy. Bitcoin is pseudonymous, meaning transactions are linked to your wallet address rather than your name. Bitcoin’s transactional records are stored on the public blockchain in plain view; so as a result, Bitcoin is one of the more transparent ways to send money. While someone’s full name would likely not be connected directly to a Bitcoin transaction, the network can see everyone’s public address and it doesn’t take much to pair an identity to a public key. This means transaction amounts, frequency, and balances are all open for the entire public to see. Many cryptocurrency exchanges also require their users to go through their anti-money laundering/customer due diligence (AML/KYC) to define customers’ identities before using the platform. Additionally, the growing cottage industry of crypto forensic and analytic companies led by Chainalsyis, Elliptic, and CipherTrace have proven adept at attaching identities to illicit transactions. In this sense, legal tender today is much more private than bitcoin.
According to Warren Anderson, VP of Product at Discreet Labs, the team behind Findora, “[w]hen someone exchanges coins or banknotes for a good or service, that transaction is only known to the two parties involved. . .Further, if you hand a $10 bill to the woman at the local farmer’s market, she can’t look up how much you have left in your bank account.”
Privacy coins are specifically designed to add a much needed layer of privacy to the benefits and functionality of cryptocurrency. A privacy coin can keep information about its users hidden, including identity, size of cryptocurrency transactions, or the amount of cryptocurrency a person holds. Most projects have some sort of “view key” in which a user, exchange or regulator can pierce through the privacy layer and access the encrypted information.
Examples of Privacy Coins
There are a variety of privacy coins that function in different ways. A few are listed below:
- Zcash — Zcash was launched in October 2016 as a fork of Bitcoin and uses zero-knowledge proofs to provide a means for nodes on the network to verify that a transaction is valid. It accomplishes this feat without giving them any information about the transaction, including sender, receiver, or transaction amount. One unique characteristic about Zcash is that it not only facilitates fully private transactions, but it also offers public transactions similar to Bitcoin or the ability to make certain aspects of a transaction public or private. Zcash’s transparent setting is its default, not shielded and exchanges can reveal information to law enforcement. This makes it arguably more friendly to regulators than other options.
- Monero – Monero launched in 2014 as a Bytecoin fork, a privacy focused cryptocurrency based on CryptoNote technology and launched in July 2012. Monero relies on stealth addresses and ring signatures to hide everything from the addresses of the sender and recipient to the full transaction amount. Privacy coins that use stealth addresses create new addresses for every single cryptocurrency transaction while Ring signatures group many public keys together in a transaction so that outside observers cannot determine the exact participants. Monero also offers optionality for users to reveal their transaction but it cannot be forced by law enforcement or an exchange. Only the key holder can reveal their transactions.
- Findora — Findora is a public blockchain with programmable privacy. Findora utilizes zero-knowledge proofs and multi-party computation to allow users transactional privacy with selective auditability. Whereas some privacy protocols, namely Zcash and Monero, offer simple reveal keys to allow transaction auditability, Findora takes it a step further with selective disclosure agreements by supporting a variety of other compliance proofs to allow for more enhanced auditability without compromising privacy. Findora began as a research project in 2017, but mainnet beta launched March 2021 after a fund raise in late December 2020.
- Secret Network – Secret Network is said to be the first blockchain to integrate privacy by default for Ethereum smart contracts. Smart contracts are self-executing pieces of code that are managed on a blockchain like Ethereum. Secret Network improves upon traditional smart contracts by supporting encrypted information within the contract.
“Regulators inherently dislike privacy. But that’s only because when they hear privacy, they think secrecy. These concepts are not one in the same.” – Warren Anderson, VP of Product at Discreet Labs
Financial Privacy – A Historical Review
The desire and need for privacy is a generally accepted concept that started long before crypto. Most people are very familiar with the Fourth Amendment, which originally enforced the notion that “each man’s home is his castle” that is secure from unreasonable searches and seizures of property by the government. The Fourth Amendment protects against arbitrary arrests, and is the basis of the law regarding search warrants, stop-and-frisk, safety inspections, wiretaps, and other forms of surveillance.
The Fourth Amendment’s protections apply to financial privacy as well. The Right to Financial Privacy Act of 1978 protects the confidentiality of personal financial records by creating a statutory Fourth Amendment protection for bank records. Generally, the Act requires that federal government agencies provide individuals with a notice and an opportunity to object before a bank or other specified institution can disclose personal financial information to a federal government agency, often for law enforcement purposes. The Act was in response to the U.S. Supreme Court’s 1976 ruling in United States v. Miller, where the Court found that bank customers had no legal right to privacy in their financial information held by financial institutions.
The United States also understands the importance of privacy and encryption of transactions and payments on the internet. Once commerce became a large use-case for the internet, thieves made efforts to steal credit card numbers printed in clear text in the unencrypted HTTP traffic. According to Zooko Wilcox, founder of Zcash, the solution turned out to be encryption, though this was initially controversial. In the early days of the Internet, the National Security Agency (NSA) and others were concerned about the potential use of cryptography by terrorists and criminals. Today, HTTPS is a requirement for transmitting data on the internet and is mandatory for all US government agencies, including those which were initially against public access to encryption.
Privacy is fundamental to security and usability, and users deserve and expect strong privacy protections no matter where they’re active online.” – Tor Bair, Founder of Secret Foundation
Regulatory Mistrust of the Desire for Privacy
Like the days of the internet and the introduction of HTTPS, regulators are still uncomfortable with the concept of financial privacy and privacy coins. The Right to Financial Privacy Act of 1978 offers clear classes of exceptions in which certain financial records are not protected by the Act, for example as it relates to tax reporting, pursuant to other federal statutes or rules, administrative or judicial proceedings, and legitimate functions of supervisory agencies or if the subject of a suspicious activity report (see 12 U.S.C. §3403(c)). In these situations, disclosure by a financial institution is permitted, and no subpoena or warrant is required. In many ways, regulators seem to equate the desire for privacy with someone who has something to hide. This can be especially true when it comes to cryptocurrency, and was a key point of contention when the IRS submitted a John Doe summons to Coinbase in 2016 in hopes of identifying crypto tax evaders.
A primary concern of regulators is preventing money laundering and terrorist financing. Bank Secrecy Act (/BSA) Requirements require companies to implement KYC and transaction monitoring. Further, BSA rule 31 CFR 103.33(g) — often called the ”Travel Rule” — requires all financial institutions to pass on certain information to the next financial institution, in certain funds transmittals involving more than one financial institution.
Under the Travel Rule, all transmittor’s financial institutions must include and send the following in the transmittal order to the recipient financial institution:
- The name of the transmitter,
- The account number of the transmitter, if used,
- The address of the transmitter,
- The identity of the transmitter’s financial institution, The amount of the transmittal order,
- The execution date of the transmittal order, and
- The identity of the recipient’s financial institution;
and, if received:
- The name of the recipient,
- The address of the recipient,
- The account number of the recipient, and Any other specific identifier of the recipient.
FATF recently released its updated guidance to include firms that handle cryptocurrency and virtual assets. Since 2018, FATF has issued a series of draft papers that sought to define VASPs and virtual assets, and also recommend how countries implement the Travel Rule for cryptocurrency transfers.
More recently, FATF has tried to account for transactions to and from “unhosted wallets,” decentralized finance (DeFi), non-fungible tokens (NFTs) and decentralized autonomous organizations (DAOs).
The above requirements appear to stand in conflict with the goal of privacy coins which can shield potentially identifying information about transferors, transferees, and holders. Regulators are worried that these features can enable money laundering and terrorist financing by preventing their ability to track the movement of the coins.
Privacy coin laws vary by country, as with any other cryptocurrency. Some ban them outright, while others leave them in a legal gray area. South Korea and Japan, for example, have decided to make the use and possession of privacy coins illegal.
Josh Swihart of Zcash noted to me, “The categorization of some coins as ‘privacy coins’ is going to lead to brittle regulations with regulators trying to play privacy whack-a-mole. Policy makers should be pushing for privacy rather than fighting against it in order to protect civil liberties as well as national security.”
New York Department of Finance Services As a Microcosm Of Privacy Coin Scrutiny
Perhaps the competing priorities of privacy and regulation are no better exemplified than what is happening in New York. Privacy coins are especially limited for New York residents as a result of the New York Bitlicense. Section 200.10 states that any Bitlicensee “must obtain the superintendent’s prior written approval for any plan or proposal to introduce or offer a materially new product, service, or activity, or to make a material change to an existing product, service, or activity, involving New York or New York residents.” In New York, for many years this meant that exchanges like Coinbase and Gemini who have the Bitlicense still needed to obtain approval from New York on a coin-by-coin basis.
“At NYDFS, we had presentations that helped folks understand that there are many existing methods by which most cryptocurrencies, even BTC and ETH, can have their transactions masked. This masking can lead to transactions that make them as private as the privacy coins we’re discussing. This engagement didn’t lead to DFS’s backing down from its position on privacy coins, but the more regulators know, the more they can make rational, informed decisions about policy.” – Jon Blattmachr
As Bair told me, “Regulators are often nervous about centralized exchanges listing privacy coins because it breaks the link between fiat onramps and Web3 activity. Control and oversight of onramps and offramps is critical to extending the control and surveillance regulators already exert over the traditional financial system.”
In 2019, NYDFS responded to years of complaints that the Bitlicense slowed adoption of new products and services in New York by proposing a token approval procedure. The new procedure allows exchanges to bring their token listing policy to New York and, once approved, there is an automatic approval of tokens that the exchange puts through their process. This removed NYDFS involvement in approving coin by coin basis.
There is just one problem. NYDFS explicitly stated, “Consistent with the intent and purpose of 23 NYCRR 200.15(g), a VC Entity cannot self-certify any coin that may facilitate the obfuscation or concealment of the identity of a customer or counterparty. Thus, for example, no privacy coin can be self-certified. A VC Entity also cannot self-certify any coin that is designed or substantially used to circumvent laws and regulations (for example, gambling coins).” (emphasis added).
NYDFS also offers a green list of tokens for New York but no privacy coins are included.
As Vik Sharma, founder of Cake Wallet, a noncustodial wallet for Monero, told me, “As NYDFS slightly opened the door for Bitlicense holders to more quickly list additional assets, they kept the door closed for ‘privacy coins.’ The issues with this decision remain: 1) ‘privacy coin’ is ill-defined, meaning it is applied based on optics instead of actual money laundering and terrorist financing risks, and 2) the vast majority of money laundering and terrorist financing risks remain on the Bitcoin network.”
“If a regulator were to allow the coins to be listed on its regulated exchanges, the regulator is endorsing the use of these coins and opening them up to many more users. Ironically, of course, if people are using privacy coins on an exchange, they’re far more traceable than between unhosted wallets.” – Jon Blattmachr, Deputy General Counsel of INX and former Virtual Currency Chief of NYDFS
Privacy Coins Outperform As Investments
While over the last two years the outlook for privacy coins appeared bleak from a regulatory perspective, and some such as Monero and Zcash were delisted from certain exchanges such as Bittrex and ShapeShift, privacy coins have still turned out to largely be strong investments. Especially so when compared to bitcoin.
There are a couple of reasons for this. First, like most cryptocurrencies, privacy coins tend to move in the same direction as bitcoin. Second, many of these platforms have loyal followings that see these assets as more than just a transactional opportunity, but as a higher calling for a basic human right.
That said, because of their thinner trading volumes, and smaller usage rates, privacy coins may be more volatile than the base asset. Privacy coins are arguably an important tool of asset diversification in any portfolio provided that the regulatory climate does not tighten due to increased concerns about ransomware or other factors.
What does the future of privacy coins look like in the US and internationally? Many would argue it will be similar to HTTPS and how the government eventually agreed with the need for privacy and encryption.
Industry groups and companies must continue to engage with regulators to discuss privacy coins, eliminate misconceptions, and responsibly articulate the value of financial privacy. These issues are unlikely to be solved anytime soon.
In Jon Blattmachr’s words, “Engagement with the regulators is paramount. Regulators are always going to be behind the curve when it comes to new technologies and iterations using those technologies. Regulators are understaffed and are not focused on what’s next, but what’s in front of them right now.”
That’s why industry engagement with regulators is so important. It allows the industry to show regulators that privacy coins are not as detrimental to AML efforts as perceived and alo explain how regulators can oversee in the space while still allowing for innovation.