Feds Wrongly Demonize Privacy in Liberty Reserve Case

The anonymity-bashing has begun.

"The only liberty that Liberty Reserve gave many of its users was the freedom to commit crimes. The coin of its realm was anonymity," Preet Bharara, the U.S. Attorney for the Southern District of New York, tut-tutted Tuesday. Bharara was unveiling an indictment of the Costa Rica virtual currency issuer Liberty Reserve in a $6 billion money-laundering case.

"Cybercriminals should be reminded today that they are unable to hide behind the anonymity of the Internet to avoid regulated financial systems," added Secret Service Special Agent-in-Charge Steven Hughes.

Granted, the things that Liberty Reserve was accused of doing — conspiring to launder money, operating an unlicensed money transmitter business, and wiring some of that allegedly laundered money through New York — are against the law. And according to the indictment, some of the customers that Liberty Reserve failed to "know" in the regulatory sense were involved in truly nasty activities (identity theft, Ponzi schemes, child porn).

But some skepticism is warranted regarding the high dudgeon from authorities over the notion that Liberty Reserve's stated goal of facilitating untraceable, private transactions was in itself somehow nefarious. I've previously argued that some payments should remain anonymous after physical cash fades away and that wanting to leave no paper trail for certain transactions doesn't necessarily make someone a bad person. (If you doubt it, go read what I wrote — here, here and here — then we'll talk.) I've also been a fan of the decentralized bitcoin network because, while not perfectly anonymous, it allows a greater degree of privacy than other electronic payment systems.

So it pains me to hear anonymity treated like a dirty word — particularly now that the government has also begun cracking down on bitcoin businesses. Even if no legitimate merchants accepted the private currency Liberty Reserve issued (which was not bitcoin, by the way), and even if bitcoins are often spent on contraband, there are legitimate reasons for wanting to keep transactions off the grid. Even when executed online.

Among those reasons: Some people just don't want all their personal information or their entire shopping history floating around on so many databases, private or public — no matter how many rewards points or tailored offers they might earn. It's an invitation to voyeurism and abuse.

In 2004, Blogdial, a weird and wonderful blog run out of the U.K., made a fascinating prediction:

Privacy will be taken very seriously when … there is very little privacy; in other words, when it becomes scarce. When that happens, people will pay for privacy.

There will be legions of people and services providing privacy, in the same way that there are professional dog walkers in the major cities of the world. You will pay someone to do your shopping for you, in their name though the goods will be going to you. These Dorian Grays will take on all the sin of your shopping, and heap it onto themselves, leaving your record clean and lean. Your ID will show that you never buy anything, except (if you are careless) the services of one or two people, who might not even be real people, who will seem to have the buying power of 100 human economic units.

I don't know of any services today that fit the description perfectly, but at least one company has come close, thanks in part to Bitcoin.

As its name implies, BitSpend was founded simply to give people a way to spend bitcoins online, even at merchants that don't accept the digital currency (which would be most of them). You find something at Amazon or eBay you want to buy, send the URL and a description to BitSpend and pay the company in bitcoins. BitSpend takes a fee (usually $2 to $5), purchases the item from the merchant on your behalf in dollars and has it shipped to you.

According to BitSpend CEO Justin Whelchel, during an early test of the service, the Pompano Beach, Fla., startup ordered a set of high-end binoculars for a customer for about $6,500. "The bank said that as they were reviewing our charges, that one stood out" as suspicious, Whelchel says. But rather than denying that one charge (a regular occurrence for the company), the bank (which Whelchel wouldn't identify) froze the company's accounts

He was livid. "Why should any of us be tracked like that?" Whelchel says. "You shouldn't even know what I'm buying. It's not your business."

But the incident gave him an idea: In addition to people who had bitcoins and nowhere to spend them, BitSpend could also market its service to the privacy-conscious.

"We focus on retailers and big box stores not getting your data," Whelchel says, proudly. The privacy policy on BitSpend's website puts Facebook to shame:

During your order process we collect your name, shipping address, phone number (if provided), and email address. This is as little information as we can get away with collecting while still being able to order products for you and be able to offer great customer service — all while still respecting your privacy. We do not store your information permanently, only long enough to complete your order and ensure it was shipped.…

We will never share, sell, lease, loan, provide, give (or any other adjective describing someone else obtaining your data from us) your data with any 3rd party whatsoever.

BitSpend is now beta testing an "anonymous payment" option, which allows customers to make their payments to the company hard to trace and highlights another issue. For some people, Bitcoin isn't private enough.

Matthew D. Green, an assistant research professor of computer science at Johns Hopkins University, notes that all Bitcoin transactions are recorded on a public ledger known as the block chain. If a patient pays a psychiatrist in bitcoins, for example, and both parties previously identified themselves as the holders of the respective numbered addresses on the bitcoin network, data-mining could reveal who's been seeing a shrink. This could hurt someone's job prospects, Green notes.

He and his colleagues have designed a solution called Zerocoin, which he candidly describes as "a distributed laundry" for bitcoins. It would serve the same purpose as the "mixer" or "tumbler" services, in which users send their bitcoins to a pool and have a like amount sent from that pool to a different address they control, obfuscating the links. (BitSpend uses a similar "send shared" service for its anonymous payment option, Whelchel says.) The difference is that while a mixer is typically run on a couple servers by a single party that a government could easily shut down, Zerocoin would be decentralized, just like Bitcoin itself.

Initially, the team of cryptographers thought they might deploy this software themselves, but the Liberty Reserve situation has made them wary of doing so, Green says. "My grad student told me, 'the last thing I want is to be indicted by the federal government.' "

Green acknowledges that governments have good reasons to want to monitor huge movements of money that may be used for terrorism or crime. And simply setting a threshold like $10,000 for reporting transactions wouldn't suffice for that purpose, because crooks can launder amounts just below the trigger. It's called structuring and is why banks are also required to file suspicious activity reports. Law enforcement then looks at the data in aggregate for patterns of wrongdoing.

Unfortunately, "there's no way to do that kind of data mining, and having it linkable, without violating someone's privacy," Green says. "But that doesn't mean we want to have every transaction done in the open way government wants it."

"Fundamentally," the legitimate goals of monitoring illicit activity and protecting anonymity "will come into some kind of conflict," he says. "Governments want all the tools they can have … and individuals want to be able to do things in private."

"I don't know what the solution is," he says. "I wish I did."

I don't know the answer either. But it would be a start if public officials would stop demonizing anonymity.

Marc Hochstein is the executive editor of American Banker.
The views expressed are his own, and his purchases are none of your business.