This makes me very nervous about the Monero I own. It is understandable that the government would eventually use AML against Bitcoin mixing services. But how will the government go after cryptocurrencies that have mixing and transaction obfuscation built into their protocols?
I've heard the argument that it is impossible for the US Government to regulate decentralized cryptocurrencies. FinCEN cannot force a change in the Bitcoin or Monero protocols. However it is entirely within the government's authority to regulate the users of said currencies. So I imagine the government would add onerous reporting requirements for any citizen or corporation holding privacy based coins in order to circumvent their privacy features.
Creator of the Breaking Monero series and a compliance analyst at a cryptocurrency OTC desk here.
This mixer was penalized for running an unlicensed MSB. This is far more about that then it is about banning privacy technologies generally. For traditional Bitcoin mixers as in this case, someone receives money from users and then transmits money to many users. This is money transmission and requires registration with FinCEN and sometimes requires registration with states (though some states have exemptions for completely crypto to crypto transmission that doesn't touch USD or other fiat).
Mixing in this case is interactive where there is a clear money transmitter. In Monero's case, the ring signature "mixing" (mixing is a terrible/misleading way to refer to ring signatures) is non-interactive, and there is no intermediary (eg: a mixer) acting as a money transmitter. Thus, there is nothing to fear from this specific enforcement action.
I'm happy to answer other questions as well. But for money transmission to occur, an intermediary needs to accept customer funds. For a Monero transfer, there is no intermediary. Someone could build an MSB on Monero itself which would require registration, but using Monero to send funds directly to a merchant for one's own purchase, for example, is not money transmission.
I don't necessarily disagree with you that the specifics of this case may not be exactly applicable to Monero. However, I think people are being woefully naive if they think that the US Government will be OK with people sending large sums of money anonymously. Whether it be through finding existing laws that can be applied, or just flat out changing the law to explicitly ban these types of transactions, I can guarantee that when people think they have found a technical loophole the law usually comes down on the side of "does what you're doing constitute behavior that the original legislation was meant to prohibit". Just look at what happened with Aereo [1], I think the same thing will (at least eventually) happen with cryptocurrencies where the ledger isn't fully traceable.
There has been so much legislation going on in the past couple of years to make sure a lot of financial reporting happens to the US, to an extent that some chinese instutions flat out refused taking payments from US based payment providers simply to avoid that reporting burden.
We would be kidding ourselves if we denied the geopolitical implications of that reporting burden. For Taiwan for example every single international transaction is proxied through a US bank.
I believe the geopolitics behind it is to ensure that the US is able to enforce their international sanctions. Anything bypassing that definitely a thorn in their eyes.
However we shouldn't forget that there are those that would like to reduce the reliance on those systems. So while US banks may cut off access other countries may not.
EDIT: yes, the US is not the only country doing that. Iran for example while bartering with China also completely banned cryptocurrencies for the longest time. Then finally allowed blockchain applications but only if they are used for non payment purposes.
All really has to happen is to make ACH transfers to cryptocurrency exchanges illegal. Banks will very happily comply with blocking those transactions.
I wholeheartedly agree with your assessment. But at the end of the day, this defense is predicated on making a US federal judge understand all those technical details.
I think the most commonsense reform is to have computer crime handled by specialized courts, much the same as tax law currently is. These domains are simply too complex to have them handled by legal generalists, who are expected to learn it all from first principles on each and every case.
>>But for money transmission to occur, an intermediary needs to accept customer funds. For a Monero transfer, there is no intermediary. Someone could build an MSB on Monero itself which would require registration, but using Monero to send funds directly to a merchant for one's own purchase, for example, is not money transmission.
They are huge fines and decades in jail sentences at play in money laundering. How sure are you? Not that anyone is going to do X or Y because someone in a thread said so, but things aren't as simple sometimes. Add the potential penalties and...
It should also be noted that government does not seem to know how to deal with privacy oriented coins ( ref#1 - discussion of current regime for crypto as seen by US AG ). That said, they seem to suggest ( page 41 ) that using Monero is inherently risky and prone to illicit activity and businesses allowing its use "should consider the increased risks". Knowing how banks read those types of documents, you can safely bet banks will simply refuse to bank anyone if there is even a whiff of transaction with Monero, Zcash, Dash.
You are not wrong, but the link I listed is relatively recent. Things like that rarely change that fast. Not to mention, both of your examples likely have working compliance units ( and FinCEN wants exchanges to be compliant ). The mixer FinCEN busted didn't and wasn't.
Also, again, I am not a lawyer. In other words, I fully accept the possibility that I am wrong.
I understand the argument with interactiveness, but even so, do you think it'd be unreasonable to think that Monero miners/node operators could be targeted?
>This is money transmission and requires registration with FinCEN
Could you clarify the practical constraints on this assertion? If I am an alien living on the moon and connected to the Internet with lasers, who is enforcing any "requirement" and how?
> Providers of anonymizing services, commonly referred to as “mixers” or “tumblers,” are either persons that accept CVCs and retransmit them in a manner designed to prevent others from tracing the transmission back to its source (anonymizing services provider), or suppliers of software a transmittor would use for the same purpose (anonymizing software provider).
> An anonymizing services provider is a money transmitter under FinCEN regulations. The added feature of concealing the source of the transaction does not change that person’s status under the BSA.
> An anonymizing software provider is not a money transmitter. FinCEN regulations exempt from the definition of money transmitter those persons providing “the delivery, communication, or network access services used by a money transmitter to support money transmission services.” This is because suppliers of tools (communications, hardware, or software) that may be utilized in money transmission, like anonymizing software, are engaged in trade and not money transmission.
> Providers of anonymizing services, commonly referred to as “mixers” or “tumblers,” are either persons that accept CVCs and retransmit them in a manner designed to prevent others from tracing the transmission back to its source (anonymizing services provider), or suppliers of software a transmittor would use for the same purpose (anonymizing software provider).
How does that not make Monero itself liable as an "anonymizing software provider"?
> An anonymizing software provider is not a money transmitter. FinCEN regulations exempt from the definition of money transmitter those persons providing “the delivery, communication, or network access services used by a money transmitter to support money transmission services.” This is because suppliers of tools (communications, hardware, or software) that may be utilized in money transmission, like anonymizing software, are engaged in trade and not money transmission.
In simple terms, the Monero developers are providing software (the Monero network, nodes, and wallet software) that can be used for money transmission, but the developers do not need to register as MSBs unless they also have a side company that conducts money transmission.
Legal advice is regulated where it means applying the law to the specific facts of another person's case, because that is considered the "practice" of law.
Applying the law to a generic set of facts, or to your own facts, is fine.
No, a preexisting attorney-client relationship isn't always required. Offering advice pertaining to the application of laws or regulations to a specific person's facts is generally considered offering legal advice.
Some states regulate this very heavily, others don't care as much. Generally, California tends to regulate this pretty heavily for lawyers (for purposes of creating an attorney-client relationships that can subject them to malpractice claims) but otherwise not at all for non-lawyers unless they specifically hold themselves out to be in the business of providing legal advice (very common with immigration issues). So, offering random advice on the internet wouldn't be an issue for a non-lawyer (but could be one for a practicing lawyer if they get too specific).
My understanding (that is, I was told by a lawyer I know) is that if the person receiving the information thinks there's an attorney-client relationship, there is. Presumably there's some defense of "a reasonable person wouldn't have thought that", but this is why lawyers tend to be very diligent about saying "this is not legal advice".
If transaction obfuscation violates laws regarding trackability of financial transactions, then and cryptocurrency that builds obfuscation into their protocols has a product that is inherently illegal. It would be no different than building any feature into software that violates the law, say DRM circumvention as an example.
However I don't know if obfuscation alone would be considered illegal: In this case, the services went beyond merely facilitating obfuscation. They were not properly registered as a Money Services Business, and they specifically marketed their services for use in illicit transactions. Going back to the DRM example, it's the difference between software that has legitimate uses but could be used to break DRM (Think binary editors to crack a video game's DRM) as compared to advertising your binary editor not as a general purpose tool, but for that specific illegal purpose.
(Disregarding, for a moment, the philosophical issues surrounding the use of DRM, on which I tend to lean more towards less use of DRM)
The DOJ just released a report that explicitly says that use of privacy coins like Monero is a "high risk activity" and "indicative of possible criminal conduct".
So is using cash. Lots of things could be 'indicative of possible criminal conduct'. Thankfully, the US operates under presumed innocence until proven guilty. This attitude of people claiming you shouldn't seek privacy lest you 'look like a criminal' is disappointing. I expect better from HN.
> This attitude of people claiming you shouldn't seek privacy lest you 'look like a criminal' is disappointing. I expect better from HN.
"Indicative of possible criminal conduct" means more than just "looking like a criminal." That means, if you were to be arrested for something, your use of Monero might count as evidence that you were involved in criminal activity. Combined with enough other circumstantial evidence, it might even contribute to your conviction, even without a smoking gun. This would depend on the judge and jury, but it's worth noting.
I don't think it's "better" for people to ignore the risks of certain behaviors and pretend those risks don't exist. You apparently care a lot about optimizing a particular dimension: privacy. Recognize that other people have different mixes of priorities. Not everyone must agree with yours. Some people who disagree with you might even comment on this very site, as offensive as that is.
> "Indicative of possible criminal conduct" means more than just "looking like a criminal." That means, if you were to be arrested for something, your use of Monero might count as evidence that you were involved in criminal activity. Combined with enough other circumstantial evidence, it might even contribute to your conviction, even without a smoking gun. This would depend on the judge and jury, but it's worth noting.
A bigger issue might be if it counts as "probable cause" to get a warrant. Seizure of records and computers would put a crimp in anyone's day, even with no conviction or even an arrest.[0] Heck, even if all it does is in practical terms is to raise the odds of an IRS audit a bit, or raise the odds of an audit becoming a criminal investigation (by being considered a "badge of fraud"[1]), that would be enough to squelch adoption.
[0] Maybe Steve Jackson Games should start working on a "Cryptopunk" GURPS module and get raided[2] again: http://www.sjgames.com/SS/
I think he was lamenting the loss of priority of privacy within the general hn makeup.
If everyone took your advice no one would protest, write a political comment against anyone in power, take any position that isn't accepted by all and be ready to drop that opinion when society shifts.
You live in a free society.
Use your freedom or risk losing it.
What is my advice that would lead to this tragic outcome? I'm rereading it and I don't see it. Do you mean my advice to be respectful of individual people who disagree with you?
Privacy has never been more important to the aggregate HN commenter than it is today. Moreover, nothing I said enjoins people from making political statements or protests.
Perhaps not. Private communication is more central to our national values than customized money. That's why only one of those two things is protected by the constitution. That being said, I don't think they'd really get far with such a rule, since any prosecution based on it would be easily challenged on constitutional grounds. So we will probably never find out what in fact I would say about it.
This answer is completely grounded in fact, so I vouched for it. Even without the bank card number itself, many places used tokenized versions of the card number for tracking purposes.
I wonder how many people (as a percentage) use monero "correctly" enough that they can remain anonymous even when faced with the resources of a nation-state hacking team. I'd wager it's single digit percentages at most and even that is pretty high.
> Lots of things could be 'indicative of possible criminal conduct'.
Deliberately hiding the origin of funds is itself criminal conduct, though. It's true that AML statutes tend to be hyperspecific, because it's a difficult area to regulate. So areas like crytocurrency mixing are gray and uncertain even among law enforcement lawyers. It's not true, however, that there is an inherent right to unrestricted private transfer of money.
Bascially, the statement you're reading is not saying "Mixing is probably illegal because the money must have been illegal to begin with". It's saying that "Mixing is probably money laundering on its face, no matter where the money came from."
At some point governments are going to need to step in and clarify this with laws. But don't fool yourself: Crypto mixers are going to end up being subject to effectively the same reporting requirements that banks are. What you want (perfect financial privacy) you can't have, sorry. That ship sailed decades ago.
> But don't fool yourself: Crypto mixers are going to end up being subject to effectively the same reporting requirements that banks are.
I'm sort of amazed they didn't outlaw mixers ages ago, however
> What you want (perfect financial privacy) you can't have, sorry. That ship sailed decades ago.
Perhaps that's true in principle, just as it's true to say obtaining (insert illicit drug of choice here) in perfect safety from the law enforcement agencies is not possible. The USA can only shut down USA mixers. The only way to deal with mixers operating outside of USA law is to prosecute the USA citizen sending his money to a mixer. That is orders of magnitude harder because they can't know if a newly minted bitcoin address is owned by a mixer, or belongs to a USA citizen.
It may not be perfect, but given one of bitcoin's niche's is a payment system for illegal activities that are already very much imperfect, the protection offers is undoubtedly good enough.
You can have it. You just need to do everything in cash and not use the banking system. Of course, there's a lot of advantages to the banking system... But you can still use things like safety deposit boxes for storage, gold to help protect against inflation, etc.
AML reporting requirements cover cash transfers too, though. Yes, there are more holes in the protocols because of the messiness of the medium (broadly it's the same thing crypto regulation would face), but in general MANY people who would have to touch that cash you're hoarding are required to report large transfers.
Money laundering is a crime, all by itself. It doesn't matter where the money comes from or what form it takes. The spirit behind AML legislation, long established, is that the government has the right to see where money is held and to whom it is transferred.
Minutiae about mechanism might appeal to software nerds, but it doesn't address the underlying issue. This fight was fought, and lost, more than half a century ago.
You can't do everything in cash anonymously, at least not legally, because large cash transactions are subject to similar laws and require the business receiving the cash to identify you and report the transaction - e.g. Form 8300 in USA.
>>Deliberately hiding the origin of funds is itself criminal conduct, though.
No, money laundering is deliberately hiding the origins of the proceeds of crime. Making an effort to maintain financial privacy is not in itself illegal.
>>It's saying that "Mixing is probably money laundering on its face, no matter where the money came from."
No, money laundering is by definition hiding the origins of illegally obtained money. If the money is not the proceeds of criminal enterprise, then hiding its origins is not, by definition, money laundering.
Exercising privacy-protection with respect to legally obtained money may be illegal, or with new laws be made illegal, but it does not and will not ever fall under the definition of money laundering, as that is not the definition of money laundering.
Ok, you aren't wrong, but let's try not to be too naive - unluckily what's good for you (privacy, flexibility, speed, ...) is good as well for the "bad" guys.
I guess that the final question will be if it's used more for "good" or for "bad" purposes (or maybe just if the amount of "bad" purposes surpasses a certain acceptable level).
(same thing about cash - I think that most governments keep introducing stricter rules about cash withdrawals/deposits/transfers)
The bad guys can also be IN the government. When the government consistently omits threats from state bodies in its risk analyses, then the public tends to overlook that danger and heed, or at least not vigorously oppose, calls by the government to reduce privacy and increase surveillance.
Yes, possible, focus on the "can/might". In general I would say that it's less likely (on the other hand there will always be 100% chances of the opposite, meaning that there will always be N bad citizens brainstorming about how to use "the system"/"any system" for their own advantage).
> When the government consistently omits threats from state bodies in its risk analyses, then the public tends to overlook that danger and ...
Well, it can be true (meaning that in general people are probably more prone to accept compromises when they feel threatened), but such a general discussion is in my opinion out of context here. Monero was designed to handle transactions in a way that pushes privacy to the extremes, unluckily at the same time the same mechanism can be used as well by criminals.
Personally I think that "currently" the ones benefiting of the features offered by a cryptocurrency like Monero are mostly criminals as I don't think that most people have a strong need for highly-private transactions (might change in the future). Monero's other features of flexibility/access/etc... (to e.g. be able to trade in 3rd world countries without the need to have a bank account) are already offered by other cryptocurrencies.
There are many ways to account for this in a risk-based approach however. Asking for basic information about a customer's occupation and source of funds (as is common when opening a bank account) can adequately address ML/TF risks. You don't see exchanges freaking out over other higher-risk activities like onboarding PEPs, but they can do this with proper risk controls.
In reference to companies accepting it, not individual users. Come on man.
“Companies that choose to offer AEC products should consider the increased risks of money laundering and financing of criminal activity, and should evaluate whether it is possible to adopt appropriate AML/CFT measures to address such risks.”
I suppose the liability, if so broadly interpreted, would fall on the miners, but only if it could be proven that they won a block that contained a transaction used for illicit purposes.
The interpretation that somebody is liable for mixing at all, with no illicit use proven within the transactions, is probably questionable. The miners are also not receiving dirty money as compensation, so even more so.
And even with illicit use shown, laundering can happen with just about anything you can buy and sell, so, unless every retail store is doing KYC, then they could also be exposed to such liability.
Above all, I don't know if coercion is a successful long-term strategy for defeating privacy coins. Even for criminals, the value must tie back to average citizens purchasing it from them, and even with no enforcement they would not want to be part of that, and the value would collapse. If a privacy coin does have value, it reflects political fears of the average citizen, and aggressive enforcement unaligned with common values may actually increase its value.
The dollar system is the most valuable partially because it does enforce common values, and permits all else within. But obviously not everybody believes that this is guaranteed in the future.
Money laundering does not require the actual source of the money be illegal. You can fall foul of 18 USC 1956 through a.2.B.ii route, where merely deliberately concealing the source or destination is punishable by a fine for the entire amount concealed. a.2.C provides for 2 years in prison if you didn't report when you had to. This is not a questionable interpretation, this is the law as written -- mixing is illegal on its face, no matter the source or destination.
Thank you for the citation, but now that I've read the law, every section in here seems to require that at least part of the money is proceeds of unlawful activity: https://www.law.cornell.edu/uscode/text/18/1956
If reporting is already required for all cash transactions, then certainly it will be built into the digital USD.
And Monero miners would have a problem here too. KYC required on every transaction in every block.
Okay, so, what if you did KYC on all the inputs, but you ran a mixer such that the outputs would be obfuscated? Is that legal? What if you take outputs from a set of those mixers? Is there any legal way to provide irreversible privacy for known legal sources?
If you report your earnings when you sell I don't know if there's an issue. I think the government is going to be losing if they want to go after people before they cash out. Technology will always be miles ahead of bureaucracy.
Lock you up for what? Using Monero doesn't mean you're a criminal. Am I misunderstanding, or are you implying that caring about my privacy is a criminal act, and that paying taxes on perfectly legitimate income is (or would become) illegal?
that's the point: even if you're not doing anything shady you don't really know what sort of long term risk you're taking on if you're using something that looks to governments as if it's tailor made for money laundering
I guess I shouldn't use a VPN, because that might look like I have something to hide. Using cash? No way! If I use cash I might look like a criminal. Leave my cell phone at home? No way, I wouldn't want to be suspicious, would I? I need the government to surveil me every second of every day, because if they don't, maybe I'm a criminal.
At what point do you say enough is enough, and embrace the idea that you should minimize your digital footprint whenever possible?
I'm not a lawyer, but I believe regulatory agencies would need new legislation to make use of privacy-protecting cryptocurrency software illegal. It's that legislation that I would worry about.
Mixing and transaction obfuscation are built into good old fashioned cash, right? I wonder what the legal basis is there, and how that could be applied to a cryptocurrency with cash-like properties.
It's not an assumption, normally people DON'T keep track of any of this. When I go to the bar and buy a beer with $10, the bar tender is for sure NOT writing down the serial number on the bill, checking my ID, and forwarding that information off to the FBI. The $10 can sit for a day or two in the till, and then be returned to another customer as change. In this way it continues its anonymous passage through the economy.
What about coins then? Those don't have any serial numbers or anything like that, and there's some legal basis that makes that "untrackable" currency legal.
I sold off all my crypto and put the money into regular stock as soon as my country announced it would start taking an interest in taxing it and that you were responsible for proving whatever they though wrong.
It’s just too much of a risk and a bother, and I suspect it will only get worse from here.
I really don’t need something that might come back to bite me financially or even criminally 25 years from now.
The Department of Justice released an enforcement memo just last week that states merely using Monero, zcash, etc. are treated as criminally suspicious :(
Governments could certainly compel exchanges to not list Monero or other privacy coins.
But even if they compelled users to list addresses of the coins they own, the nature of Monero makes it very redundant. It would be ineffective and a waste of time, and it wouldn't stop users from exchanging it.
In a way having Monero is like having large piles of cash. As long as you can prove they came from legitimate sources and that all taxes on them were paid, you have nothing to worry about.
You also need to be careful not to deny in an official way that you own Monero if that is the case.
No, there is another risk here. At some point Monero could be dropped by exchanges due to regulatory pressures or even perceived exposure, since every transaction involving it is untraceable they could find it impossible to implement future tracking and reporting requirements. This sort of thing is not unprecedented, just look at Poloniex (which never dealt in actual dollars, only Tethers) who finally gave up and banned all US custmers. This, of course, would devalue the currency.
I've heard the argument that it is impossible for the US Government to regulate decentralized cryptocurrencies. FinCEN cannot force a change in the Bitcoin or Monero protocols. However it is entirely within the government's authority to regulate the users of said currencies. So I imagine the government would add onerous reporting requirements for any citizen or corporation holding privacy based coins in order to circumvent their privacy features.