Why The Bitcoin Greenlist is Structurally Dangerous to the Bitcoin Ecosystem
Several days ago three Bitcoin businessmen based in New York, Alex Waters, Yifu Guo and Matt Mellon, came out with an announcement that has made waves in the Bitcoin community. Their new business, Coin Validation, seeks to create a more regulator-friendly Bitcoin ecosystem by maintaining a Bitcoin “greenlist” – a database of Bitcoin addresses tied to established identities, which any user or business can join by signing up with Coin Validation, going through their identity verification procedures, and integrating their API. A more precise name for what the company is doing would actually be “address validation”; the intent is to allow businesses to deliberately use “green” addresses to make trackable payments that are tied to their physical identities. Some businesses may then choose to only accept payments from green addresses, thereby proving to regulators that they are not accepting Bitcoin funds from unknown and potentially problematic sources. This scheme, the project’s founders hope, will be adopted by Bitcoin businesses and embraced by US government regulators as a quick path to helping Bitcoin businesses in the United States remain compliant with the law.
However, the scheme has been met with almost universal disapproval from the Bitcoin community. “It’s hard to count the number of times newbies have made proposals which would have centralized Bitcoin completely in the name of some fool result or another,” Bitcoin developer Gregory Maxwell wrote. “Powerful businesses interests are now reliving the same history of bad ideas, but this time the bad ideas will be funded and they don’t care if luminaries tell them that they’re horrible ideas, they don’t necessarily care about any of the principles that make Bitcoin a worthwhile contribution to the world.” Bitcoin advocates across the internet have denounced the measure as ruinous to Bitcoin’s privacy, and some are advocating an outright boycott of all US businesses.
But what are the effects of this greenlist potentially going to be, and how could it help or harm the Bitcoin ecosystem? The first question to ask is, does it “affect” the Bitcoin ecosystem at all? That is to say, will this potentially have a negative effect on even those Bitcoin network as a whole, or is it simply an optional layer which those interested can use, similar to colored coins or Mastercoin?
As Waters would have us believe, it’s the latter. “The existing Bitcoin community will find this very controversial from a privacy perspective,” Waters admits, “But it’s simple, straightforward and opt in.” As far as being simple and straightforward, he is entirely correct, at least at first glance. Although anti-money-laundering identity verification procedures are always difficult to go through, a green address mechanism is not particularly technically difficult to integrate. On the “opt in” point, however, the situation is much more tricky. The “it’s voluntary” argument may strike a chord with many in the Bitcoin community, who often hold the philosophy that voluntary interactions are ethically good and should not be restricted. Ordinarily, this philosophy has a solid economic underpinning: a person will only consent to a transaction if that transaction leaves them, in their own view, better off, so a voluntary transaction should benefit all parties who participate. However, in this particular case the economic underpinnings behind voluntarist philosophy fall apart precisely because there is an involuntary actor involved: the US government. Thus, what we have is a bargaining problem, the game-theoretic analysis of which is much less simple.
To understand why bargaining situations are so problematic, consider a fairly simple example. Suppose that armed robbers go into a gold storage facility, and demand at gunpoint that the owners open the safe and hand over all the gold. Fearing for their lives, the owners do, and the robbers get away with some quantity of gold. However, now suppose that the safe had been designed so that it is impossible to open it without waiting twenty minutes. Then, the robbers would know that the owners would not be able to open the safe quickly, and therefore would be less likely to try to mount an attack in the first place. The counterintuitive conclusion is this: under some circumstances, strictly reducing an agent’s freedom in a bargaining problem can actually be very beneficial to them.
The situation is the same here. In terms of privacy, Bitcoin has the potential to be both much, much better and much, much worse than the status quo of the financial system today. On the “better” side, we can have an ecosystem of overlay services such as Zerocoin, trustless mixing and conventional mixing to effectively eliminate the traceability of Bitcoin payments on the small scale – although large-scale financial movements on the order of millions or billions of dollars would still be very difficult to hide. On the “worse” side, however, Bitcoin as it stands allows every transaction to be tracked, and governments may mandate that Bitcoin users only make transactions with Bitcoin addresses verified to their identities. Accepting non-whitelisted bitcoins or mixing non-whitelisted bitcoins along with whitelisted ones may even become a criminal offense. This “greenlist” will make it much easier for businesses to adopt the second model – and therefore, just like removing the twenty-minute timer on the safe, make it much more attractive for governments to mandate that they do just that. In fact, Waters even recognizes this fact himself, saying that eventually “every user who wants to do business in the U.S.” will have at least one registered Bitcoin address.
Furthermore, the consequences of this will extend far beyond the United States. The privacy properties of Bitcoin are such that the more addresses can be reliably linked to their users’ identities the easier it becomes to uncover other identities as well. Without any knowledge of identities, mapping Bitcoin addresses to users is a highly difficult, and imprecise, graph isomorphism problem, and so far researchers have been unable to identify anyone other than very large entities like BitPay and MtGox. Once even a few address-owner pairs are known, however, they can be used as “anchors” to discover other address owners as well – employers, business customers, friends, anyone with whom you have a relationship with that is visible on both the real world level and the Bitcoin level is potentially fair game.
The Bitcoin economy is highly globalized, as the ability to quickly and cheaply send money internationally is one of Bitcoin’s greatest advantages. The globalized nature of the Bitcoin economy is very beneficial to Bitcoin, even in terms of its resilience against regulation – if some governments crack down, Bitcoin businesses can simply move to more welcoming jurisdictions. But this advantage can also be turned on its head. With an entity inside the United States, and heavily cooperating with regulators in the United States, knowing the owners of even ten percent of Bitcoin addresses, as Waters hopes, the United States government will have sole, proprietary access to a large amount of financial data about the entire world – that is to say, a privacy disaster on a scale as vast, if not vaster, than the National Security Agency. Thus, even if Coinvalidation was set up with the noble intention of helping to “proliferate Bitcoin, and to help Bitcoin companies succeed specifically in the United States of America,” what it has done in effect is set itself up as yet another arm for the US government to extend its surveillance and control over the entire world.
Economics and Fungibility
Another major criticism of this system, one that has been most prominently made by “grandfather of Bitcoin” Adam Back, is that it breaks fungibility. Fungibility is an important aspect of Bitcoin as a monetary system; what it means is that every bitcoin is worth the same as every other bitcoin regardless of whether the bitcoin is freshly mined, received two weeks ago from an exchange, earned in the process of employment, received from a known drug seller on Silk Road or seized by the FBI from Silk Road. Any kind of “greenlisting” (or, for that matter, blacklisting) scheme breaks fungibility. What will happen is this. First of all, bitcoins that are inside the green address system will inevitably become worth more than bitcoins outside the system; say, there might be a “green premium” of 1%. Businesses will thus accept green bitcoins at a 1% discount, so it will become 1% more lucrative for ordinary users to buy bitcoins from regulated exchanges than from private employers or localbitcoins. The profit potential for those businesses that have the power to convert non-green bitcoins into green bitcoins by passing them through their system is obvious, and potentially massive – and, necessarily, at the wider Bitcoin community’s expense.
From the merchant’s point of view, Bitcoin would incur a de-facto transaction fee. Any merchant that does not opt in to the list will have no way of knowing if they are receiving “green” bitcoins or “standard” bitcoins; thus, customers would likely end up sending all of their standard bitcoins to merchants, leaving merchants to sell those bitcoins to exchanges without the green premium – paying what is essentially a 1% fee along the way. The greenlisting system may not work exactly as was implied here, but in any case one can figure out how similar consequences will arise. The long-term economic effects of such a system are completely unknown, but in any case Bitcoin’s status as a friction-free, nearly cost-free transaction medium will be fatally compromised.
The final question is, will this actually help reduce Bitcoin-related crime? Bitcoin crime is an issue; although many Bitcoin users proudly support sites like the illegal drug market Silk Road, nearly everyone agrees that “ransomware” bots like Cryptolocker, which infect computers and encrypt their hard drives releasing the unencrypted data only in exchange for a ransom, are undesirable, and ideally there would be some way to prevent such services from existing. But would a green list actually help? Probably not. Criminals likely already avoid the regulated exchange ecosystem entirely, instead either buying and selling through localbitcoins or in-person exchang events or simply using their illicit earnings to buy products. One can even launder the funds cross-chain – send one’s illicit earnings to an altcoin exchange to buy litecoins, mix the litecoins, and then sell the litecoins in exchange for green bitcoins. In order to avoid this, every cryptocurrency in existence would need to have a greenlist mechanism. In any case, the conclusion is the same: even if the greenlist program was effective, it would do nothing against genuine crime, and would instead primarily affect legitimate users that still want to participate in society.
So what can the privacy-conscious Bitcoin community do? First of all, not participating in the greenlist will be a start. But the idea of a greenlist will come back, and grow, if there is an incentive for companies to adopt it. Simply doing nothing and hoping the problem goes away is not a viable solution. Another alternative is to support the adoption of privacy-enhancing technologies. Zerocoin is building a more fully anonymous version of Bitcoin, and trustless mixing provides a good-enough form of Bitcoin anonymization that we can use today. The Dark Wallet, initially derided by many as unnecessarily extremist and dramatic in its announcement, is now appearing much more attractive now that we are seeing what the alternative might be; to guard against Bitcoin de-anonymization, the wallet will include built-in automatic trustless mixing as one of its core features. The project is actively seeking crowdfunding on Indiegogo to fund its development. Finally, of course, there is the political solution: interact with the United States as little as possible. Fortunately, if Bitcoin businesses do choose to take that path, China appears to be quite willing to take them.
Disclaimer: Mihai Alisie and myself have some involvement in the Dark Wallet project