Governments should attack high-privacy blockchains

An academic study published in the Journal of Cybersecurity effectively advises governments to attack privacy-protecting blockchains.

The study, conducted by Iwona Karasek-Wojciechowicz, was published more than three years ago, in March 2021, but only recently has the news of its publication spread. 

The attack of governments on high-privacy blockchains

The key issue is the fight against money laundering, so much so that the study is titled “Reconciling anti-money laundering tools and European data protection requirements in permissionless blockchain spaces“.

The problem is the compliance with European data regulations, the so-called GDPR (General Data Protection Regulation) which came into effect in 2016, and those concerning anti-money laundering (AML) and counter-terrorism financing (CFT). 

The conclusion reached by the author of the study is that governments should adopt two AML/CFT tools, including exceptional government access to transactional data written on non-transparent ledgers.

It therefore refers not to all public and permissionless blockchains, but only to those that obfuscate some data with advanced anonymization encryption, or to those with “strong pseudonymization technologies”.

Among these, the most well-known is probably Monero, but there are also others like Zcash or Dash. It is not clear, however, if the matter would also concern those blockchains like Bitcoin or Ethereum that write all data in clear text on their public ledgers, always freely accessible by anyone, since they are still pseudonymous blockchains. 

Although the study indicates that such tools should be optional for networks, it also specifies that in their absence, regulations should allow governments to counteract their development. 

In other words, it suggests to governments to target high-privacy blockchains, unless their developers grant the same governments backdoors to decode the data hidden with encryption. 

The tools for the fight of governments against high-privacy blockchains

The study highlights how at the current state – since 2021 nothing significant has changed from this point of view – in the absence of other effective AML/CFT measures, governments should in fact obtain full read access to all data present on encrypted blockchains. 

The hypothesized tool for accessing the decoding of these data is, in all respects, an exceptional access given by the developers to the governments. 

In reality, technically it is impossible to have decoding access, for example, to the public data of the blockchain of Monero and similar, otherwise it would mean that the developers could read data that they themselves have promised to be unreadable by anyone, except by the sender and the recipient of the individual transactions.

In fact, probably realizing the impracticality of this proposal, the study suggests as a last resort tool actual “state attacks that would undermine the community’s trust in a specific network”.

However, at a certain point it also specifies: 

“The search for new political tools is necessary to ensure that governments do not hinder the development of all privacy blockchains in order to allow a high level of privacy protection and data processing compliant with GDPR”.

The GDPR

The curious thing is that the study admits that what favored permissionless blockchains in implementing anonymization, or strong pseudonymization technologies, was precisely the GDPR regulation, because otherwise there would not have been compliance of data processing with its requirements. 

So on one hand the European GDPR pushes towards greater privacy protection, while on the other hand anti-money laundering policies aim to combat privacy. The regulations therefore end up being in collision with each other. 

For this reason, the author suggests adopting new political measures, in order to make permissionless blockchains and European regulations coexist. 

Furthermore, the adoption of executive sanctions is also hypothesized, particularly against exchanges that are unable to comply with anti-money laundering regulations. 

In light of this, it is easy to imagine why many exchanges are delisting high-privacy cryptocurrencies.

The effectiveness of the study

As is easy to understand, in the last three years the governments have not yet accepted the suggestions reported in this study. 

However, several exchanges have decided, probably out of caution, to stay increasingly away from high-privacy crypto, precisely because of the real risk of not being able to comply with anti-money laundering regulations. 

On the other hand, one thing is to use permissionless and decentralized blockchains, while it is a completely different matter to use centralized exchanges responsible under the law for managing transactions and conducting the necessary checks. 

High-privacy blockchains work well only as long as they remain decentralized and are used with decentralized tools like non-custodial wallets. However, when these cryptos are used, for example, on a centralized exchange, much of the advantage of their use is lost. 

The study actually suggests that governments should in fact attack decentralized blockchains with a high level of privacy, but to date, it appears that no government has yet begun to do so concretely. 

In fact, even just preventing the exchange of high-privacy crypto with fiat currencies on centralized exchanges reduces the problem enormously, to the point that it can then be simply ignored.