FinCEN proposes insane special measures

from yesterday FinCEN Rule Proposal It is incredibly broad, comprehensive, and perfectly designed to allow for the collection of arbitrary information in whatever scope they choose to apply. It really is a mind-boggling attempt to get private information from anyone they can get access to. They want all regulated entities (VASPs, banks, financial institutions or entities like casinos, etc.) to default to submit reports of any transaction that interacts with mixing within 30 days of notification of the relevant transaction and its association with the mixing activity. These days, most exchanges and companies keep these records anyway, but they don’t send copies of them to regulators by default, unless further inspection really warrants a reason to do so. FinCEN wants that to change.

To get a real sense of the scope of things, the first thing to consider is the mixture definitions provided in the proposal. Obviously, the act of mixing obscures the source of the funds, but the specific technical definitions they give for what is included in the definition of mixing are incredibly broad when taken together. Let’s review them:

“Pooling or aggregating (funds) from multiple people, wallets, addresses or accounts” This encompasses many different activities in addition to a traditional custodial commingling service. Lightning channels? That is, several people pool and add funds. Multi-signature wallets held by multiple people generally do the same thing. Simply combining a recent withdrawal from Coinbase with coins you had from Kraken from both exchanges’ point of view is pooling funds from multiple addresses. Under the language of this proposal, something that simply happens regularly in the normal course of bitcoin use, without any attempt to hide or make private anything about the activity, fits the definition of mixing.
“Use programmatic or algorithmic code to coordinate, manage, or manipulate the structure of a transaction” Again, that completely covers the Lightning Network. Coinjoins fall into this definition. In fact… you know what? This is so ridiculously and absurdly broad (it doesn’t even specify manipulating the structure of a transaction to achieve confusion of the source of funds) that it literally encompasses any piece of bitcoin software that handles making and signing transactions. 100% of transactional activity on the bitcoin blockchain by pure logical necessity fits this definition of mix.
“Dividing (funds) for transmission and transmitting the (funds) through a series of independent transactions” This is also incredibly broad. How should independent legitimate transactions between the same parties be distinguished from a single transaction divided into many for purposes of confusion? What about situations where that is a perfectly legitimate thing to do for no other reason than your personal privacy? What if I only have three different UTXOs that three different people know and I don’t want to reveal to all three my payment history with the other two to make a payment that requires all three UTXOs? Does opening multiple independent Lightning channels with the same node constitute this?
“Create and use single-use wallets, addresses or accounts, and send (funds) through such wallets, addresses or accounts through a series of independent transactions.” Therefore, does the default behavior of the vast majority of bitcoin wallets, which do not reuse addresses, constitute shuffling? When I go to my exchange to withdraw with a unique address each time, are they required to consider that action of “mixing” my coins? Do physical bitcoin bearer instruments constitute “single-use wallets”?
“Exchange between types of (cryptocurrencies) or other digital assets” So every person who trades NFTs, dumb tokens, utility tokens and just plain shit, whether on an exchange or on-chain through different mechanisms, is now mixing?
“Facilitate user-initiated delays in transactional activity” Uhm… time blocking in Lightning? Some kind of 2FA rate limited multi-signature setup? Only the DCA scheduled withdrawal function on different access ramps? Is all this now getting mixed up?

The definition of (cryptocurrency) mixer is “any person, group, service, code, tool or function that facilitates mixing (cryptocurrencies).“

Now, of course, FinCEN creates an exception for regulated companies and institutions covered by the proposed rules for “internal processes” (i.e., the DCA withdrawal functions mentioned above) so as not to interfere with their business operations. provided that they can provide the required records to authorities when necessary. If a business is unsure whether or not its activity falls under the mixing and exemption category, By default, they must begin maintaining the required records to provide to authorities if necessary..

Of course, there is no such exemption for individuals who simply seek to keep their financial activity private from the public. Here is the information, within 30 days of being noticed by a company subject to the proposed rule, that would need to be reported to the government: for each transaction:

The amount of cryptocurrency transferred, in native units and value in USD at that time.
The cryptocurrency involved.
The protocol/service/etc. of the mixer. used, if known.
Any address associated with the mixer used.
Any address associated with the user you merged.
The TXID of the relevant transaction.
The date of the transaction.
Any IP address associated with the transaction.
A “narrative” that explains the context, the transaction itself, what the institution did, etc.

In terms of private information about the user involved in the transaction, here is the information that is proposed to be collected and reported directly to the government for each transaction:

User’s full name.
User’s date of birth.
Full address of the user.
User’s email address.
User’s IRS taxpayer identification number (TIN) or foreign equivalent.

Now really think about the broad scope of things that FinCEN proposes to define as mixing and the type of information that they want to report directly to the government whenever a regulated company in this space sees a customer engage in any of those behaviors. These rules, if enacted, would allow FinCEN at any time to arbitrarily capture almost any activity on the blockchain and delegate all regulated companies in the space to act as an outsourced chain analysis service that labels, catalogs and reports all information to the government.

The authority to propose and promulgate resolutions such as this is authorized to the Secretary of the Treasury under the Bank Secrecy Act, and is delegated by the Secretary to FinCEN. Under the BSA, the Secretary may require the maintenance of records of net money flows and individual transactions, require additional recordkeeping requirements or reporting requirements for certain types of transactions, or prohibit the maintenance or permitting of accounts or services that allow specific types of transactions, as long as they can argue a material risk of money laundering. During this assessment, they should consult with the Secretary of State and the Attorney General, and consider the extent to which the relevant class of transaction facilitates money laundering and terrorist financing compared to the extent to which that class of transaction facilitates business. and legitimate trade. .

Their argument that it presents a material risk of money laundering and terrorist financing is supported by all the factual examples of bad people mixing it up as they would be expected to do. Ransomware, exchange and cross-chain bridge hacks, etc. They mention TornadoCash and North Korean groups that mix funds with it, its use to launder funds from bridge hacks, etc.; All the great examples of exactly the type of activity that these proposed rules are intended to stop are brought to light and have been detected, analyzed and cataloged in the chain. But when does it come time to analyze the legitimate uses of the mixture?

They cannot determine or evaluate the percentage of legitimate mixing due to lack of data.

Yes, you read that right. When it comes to identifying chain activities that fit their argument, they have plenty of examples to cite and point to, but when it comes to activities that would reinforce the counterargument, the data is somehow not there to be found. It is not possible to observe and analyze transactions occurring on-chain, regardless of whether they are coinjoins, centralized mixing services, or anything that flows into those mixers, and determine if there are “illicit connections.” It is impossible to look at the percentage coming from regulated exchanges where you know there is some registration present if you need it. It is impossible to see which coins come from places like darknet markets. It is also completely impossible to see what percentage of the outputs from those mixers go to regulated exchanges, or innocuous transactions that do not intersect with any known “illicit activity”, versus obvious illegal activities like darknet markets.

The data just isn’t there for some mystical reason. I call bullshit. It’s there, just like in cases of someone like North Korea hacking an exchange and mixing the stolen funds. They’ll just pretend it isn’t so they can create a legal justification for taking all this information that companies are already processing and storing and making a nice, complete copy in the hands of the government regulators themselves.

This is nothing less than a systematic preparation for a potentially increasingly antagonistic crackdown and regulatory scheme. The nature of how FinCEN has to argue just cause for promulgating new rules centers on scrutiny of the nature of specific classes of transactions. The overly and absurdly broad definitions of “mixture” in this proposal would essentially take everything broken down in the six definitions provided and bring them together under the same class of transactions, “mixture.” Having demonstrated just cause for categorizing and regulating them as a single class, there is a much stronger basis for further dividing this single general class into subclasses and arguing just cause for subjecting specific subclasses to additional regulatory burdens. After all, they can also prohibit entirely specific classes of transactions, as long as there is a strong enough argument to mitigate serious harm to the financial system or the geopolitical interests of the United States.

First of all, you have to avoid this. Every substantial piece of bitcoin must be designed with the possibility of jurisdictions becoming hostile to them, if not outright hostile, in mind. The extent of this is something that all of you should seriously consider as you think about how you have interacted with bitcoin, how you interact with bitcoin, and how you will interact with it in the future.

But having said that, this is also something that must be fought against. It is tremendously broad in its scope, and the reasoning behind the positive results outweighing the harmful ones is fundamentally broken. They just pretend they can’t even determine the data to compare it to each other in the first place.

Actions by the government will no longer be absurd jokes that will be easily ignored or ignored. Things will continue to become more reasoned to effectively achieve the outcome they want, and that is something we all need to start taking more seriously.