SLP165 Rafael Yakobi – Should Coinjoin users be flagged? Is Privacy Illegal?

Rafael Yakobi, Managing Attorney at The Crypto Lawyers joins me to talk about privacy in Bitcoin and the law. We talk about:

Financial surveillance laws
Obligations on bitcoin companies
How it works in practice
Blockchain surveillance companies

Links:

Twitter: @CACryptoLawyer
The Crypto Lawyers: www.thecryptolawyers.com
Bitcoin Magazine article: https://bitcoinmagazine.com/articles/bitcoin-fungibility-mixing-and-the-legal-limits-on-maintaining-privacy

Other links:

Bitcoin wiki transaction surveillance company by Chris Belcher
6102 Bitcoin coinjoin infographics:

Other relevant interviews:

Sponsor links:

Stephan Livera links:

Podcast Transcript:

Stephan Livera:

Rafael, welcome to the show.

Rafael Yakobi:

Thank you. Thank you, Stephan. Appreciate you having me.

Stephan Livera:

So Rafael, just before we get into all of the stuff maybe just tell us a little bit about yourself what you’re doing currently and how you got into all this Bitcoin stuff.

Rafael Yakobi:

Sure. So I’m a lawyer in California and I’ve got a law practice that’s focused on crypto. Obviously a large part of that, I would say a large majority of that involves Bitcoin. But you know, crypto is the broader category and obviously there’s a lot of different terminology that people use to talk about Bitcoin and crypto, right? Each in the US at least each government agency, you know, use, its own terminology, right? The SEC will say digital assets and you know, FinCEN will say convertible virtual currency and other agencies, you know, call things differently. So crypto seems to be the most common term among them, even if it doesn’t exactly fit my personal, I would say ideological position. Cause I do consider myself, you know, a Bitcoiner first and a lawyer second for whatever that’s worth. But in terms of, you know, what I do a lot of it relates to Bitcoin On ramps and that, you know, involves dealing with money transmitter laws and the Bank Secrecy Act.

Rafael Yakobi:

But I also deal with other regulatory work you know, including securities laws and dealing with the SEC representing people that have, you know, are being investigated by the SEC, or prosecuted, prosecuted by the SEC. So you know, a little bit of everything that that comes up in the crypto world, you know, outside of tax and things like that, which I leave to the people that are more interested in that, at least from a practicing perspective.

Stephan Livera:

Of course.

Rafael Yakobi:

one, one quick disclaimer that I make and I guess, you know, this is just a thing that lawyers say, but you know, I’m going to be talking about broad concepts and hopefully I’ll get things right. I may get things wrong, but in any event, not legal advice. And I would also say that I don’t consider myself an academic and intellectual or historian. And so, you know, I consider myself a practitioner who’s really concerned with the reality of what’s happening on the ground, you know, as opposed to, I don’t know, very big picture ideological concepts. So yeah, I would say for putting my, you know, experiences and opinions and context that that would be a relevant note.

Stephan Livera:

Sure, great. Yeah. Thank you for that. And yeah. So I was interested to talk with you because I saw you recently co-wrote an article on Bitcoin magazine alongside Sasha Hodder. And also I know you’re interested in some of the Bitcoin privacy techniques and as well, and using things like Samourai wallet, which is as listeners know, my favorite Bitcoin wallet. So maybe we just start with a little bit around what’s the high level, what are some of the key pieces of legislation or pieces of the law that apply when it comes to Bitcoin use?

Rafael Yakobi:

Sure. Well, you know, as far as individual users go, fortunately there are not that many regulations that apply to people who just want to, buy and sell and use Bitcoin for its normal purposes. Whether that’s, you know, using it to transact on the internet or, or holding it as a store of value or whatever else you might want to use it for. You know, other than really tax implications. But for normal people, there’s not that much that you need to do or really anything. I mean, I’m hesitant to make, you know, definitive statements about the law because in the US there are, there are so many laws and regulations that nobody knows how many there are. Nobody knows the total, at least as far as I understand it, for the research I’ve done, because I’ll have clients call me and ask me, well, I just want to make sure I’m following all the laws.

Rafael Yakobi:

Right? And so there’s like literally hundreds of thousands of laws. So the answer is probably that nobody can follow all the laws because there’s too many. But as far as Bitcoin goes, there are, I guess two sets of laws that are most relevant. And you know, there’s the state and federal level, right? So the federal government, you know, covers all of the States and then each state has the ability to regulate certain kinds of activities on its own. And so at the federal level, the most important one is probably the Bank Secrecy Act. Right. And the Bank Secrecy Act. I did a little background research on it and it’s not actually, the name of the law is not actually the Bank Secrecy Act. It’s the Currency and Foreign Transactions Reporting Act of 1970. But in 1974, there was a Supreme court case where its constitutionality was challenged by the ACLU and interestingly the banker’s association of California and also individual depositors who challenged the constitutionality of the Bank Secrecy Act, which requires that banks collect lots of information, keep records of it, report certain kinds of transactions to the government.

Rafael Yakobi:

And so the way it got its name is the Bank Secrecy Act is that one of the Supreme court justices referred to it as the so-called Bank Secrecy Act. And I don’t actually know why they called it that. I’m sure there’s some, you know, something happened somewhere in the legislative process or at a hearing or something like that. But now we just call it the Bank Secrecy Act, even though that’s not the real name. But yeah, at the federal level it’s the BSA, which regulates primarily financial institutions. And so, you know, well FinCEN is the government agency that oversees businesses that are regulated by the BSA among others. And their goal is to prevent money laundering as opposed to the States. You know, they have a different set of regulations that potentially apply to Bitcoin transactions and exchanges. And those are typically referred to as money transmitter laws.

Rafael Yakobi:

So the States are focused on consumer protection, whereas the federal government is focused on preventing money laundering. I mean, there’s a lot more details to it than that, but that’s like the big picture.

Stephan Livera:

Yeah, sure, sure. And I guess the other big one is OFAC and Sanctions. Right? So what’s that?

Rafael Yakobi:

Right. So, so OFAC is a, I can’t remember if it’s a division or a Bureau of the department of treasury. I believe that deals with international sanctions and you know, specially designated persons who the government has decided that you cannot do business with essentially. And so, you know, as this relates to the BSA and financial institutions, you know, the government has certain affirmative obligations that are placed upon these businesses that they need to, search every customer or search every transaction to make sure that through the government database to make sure that they are not dealing with, you know, let’s say countries or individuals that are on the list.

Rafael Yakobi:

That being said, you know, there’s a lot about OFAC that is not clear even to most lawyers that I talk to, you know, or to me or most regular people in terms of how does it apply to, you know, normal people. Because regular people are still not supposed to, you know, deal with people who are on the sanctions list. And I don’t know what, what obligations we’re supposed to have. I mean in terms of are we supposed to screen all of our business counter parties, you know, through the government list to make sure that they are an approved person to deal with. That sounds kind of horrifying and Orwellian, but as far as I understand the law, if you, if you, if you do deal with somebody who’s, you know, on that list, who’s not you’re not supposed to work with. There’s like very severe penalties and I’m pretty sure it’s a strict liability statute.

Rafael Yakobi:

So that means that you don’t have to intentionally violate the law. You just, if you do it like speeding in the car. I don’t know how it is in Australia or anywhere else, but in the US if you speed, you get a ticket, you don’t have to intend to speed. It doesn’t have to be willful, you know, that’s what we consider strict liability. So the OFAC issue is, is an important one. And it’s something that I think I’m planning to research and write an article about, cause I’ve asked a lot of lawyers and everyone knows generally that, you know, financial institutions need to screen for these things, but the obligations on individuals, it’s not clear, at least to me, if you’re a vendor who sells sandwiches, do you need to get somebody’s name and screen them to make sure they’re not, you know, on the bad list, right? That seems like a strange way to operate. But if the law is written that way that anyone can, you know, go to prison for violating it, then that’s something that people need to know about.

Stephan Livera:

Right.The other complicating factor is that there are multiple sanctions regimes. So if you are an international business, now you’re dealing with not just US sanctions, but there’s EU and other countries who have their own terrorist lists and whatever else they say you’re not allowed to transact with these people. And I guess hypothetically if somebody is a Bitcoin user and they wanted to buy something from someone in say Iran, right? That’s probably an example where you have to be careful there from that perspective. Now I think bringing it to the Bitcoin perspective as well, so many of us, many of us Bitcoiners and listening to this podcast, we interact with Bitcoin businesses and many, though not all of those Bitcoin businesses are subject to the KYC and AML laws, right with the Bank Secrecy Act. Here in Australia I think it’s actually called the Anti Money Laundering act, but nevertheless, this places certain obligations on those businesses to do various things.

Stephan Livera:

Right. And I think the main one you were referring to there was that idea of collection and verification of identity information, right? And then they’ve got to now screen that person’s name against various lists or these terrorists lists and so on, the sanctions, OFAC lists and so on. And then it also requires screening of their transactions. And the, I guess that’s in like the traditional banking environment, you, they would have to screen the transaction description. So can you tell us a little bit about how that interaction works there between the Bitcoin companies and then BSA and Sanctions laws and other relevant, you know, financial surveillance laws or whatever you want to call them.

Rafael Yakobi:

Sure, sure. So at a high level, and you know, I try to lay this out in the article, but although I’ve like, you know, deal with these things on a regular basis, I understand that for most people it seems foreign and unclear and honestly there are nuances to it that have not been solved and potential conflicts in the law where the law seems like it requires something. But you know, there’s been no case and no court to decide what exactly is required under what circumstance. But you know, qualifications aside generally the BSA requires that you take reasonable steps to prevent money laundering. And when I say reasonable, I don’t mean that as a value judgment to say that, you know, I think it’s reasonable. I’m saying that that’s the legal standard. And I the reason why I mention that is because I’ve talked to people about it and I repeat this to them and they say, well, I don’t think it’s reasonable at all.

Rafael Yakobi:

Right. But I’m not saying that it’s great and I’m not a fan actually. But so as a general principle, you know, you have to have procedures in place reasonably designed to prevent money laundering. You know, and I’m paraphrasing here, but basically based on the risks of your business. And so that’s the legal obligation. But what that means in practice is a matter of industry standards and what each business decides to do. And you know, what the government decides they think might be appropriate or not appropriate. There are some bright line requirements, you know, at certain thresholds. For example, in the U.S. If you deal with $10,000 in cash or more you’re going to have to file a currency transaction report, right? Or maybe it’s above 10,000 or more, something like that. Anyway, you have to file a certain report which requires that you have certain information about the customer.

Rafael Yakobi:

Right? And so that’s a clear rule that either you can follow it or not follow it, but in general reasonable steps to prevent money laundering. And so now we’re in this position with Bitcoin where we’ve got, you know, all these financial institutions popping up that want to sell Bitcoin or you know, allow people to help facilitate people trading it. And the industry has to decide how they’re going to follow this spirit of the law in terms of taking reasonable measures and how to do that is up for dispute obviously. You know, I expect, we’ll talk about it. There’s blockchain analysis companies that would like, you know, would like to make themselves essential for purposes of following the law. And I think that they’ve made a lot of progress in doing that. You know, it seems like all the major exchanges use them and you know, they’re inserting themselves in there.

Rafael Yakobi:

And if they can do that well enough then that’s probably going to be the standard. ‘Cause I think it’s a matter of industry standards in terms of what will be, you know, what will be relevant when this is eventually tested in court. ‘Cause at some point the government is going to go after somebody to say, you know, your procedures weren’t reasonably designed to prevent money laundering and then somebody a court, or you know, a judge, jury has to figure out whether they were reasonable or not. And then, you know, eventually there’ll be case law about it and there’ll be standards that inaudible from that based on the technology. So there’s a lot of it that’s up in the air at the moment. And you know, that’s why part of the reason why I was interested in writing this piece with Sasha is because well in particular about coinjoin in that I like to, if I can encourage people who run financial institutions like exchanges to reconsider what it is they think they have to do and to question the people that have a financial interest in, selling them potentially privacy invading services.

Stephan Livera:

Sure. Yeah. And so typically a bank or a financial institution that is subject to these laws, they would, when they take on a new customer, they are collecting, verify the information, they would check it against various government databases. They might check the name of the person if they are a political, there’s a thing called a politically exposed person, so they might check on that basis. And there’s, there’s this whole raft of requirements and as I understand as well, based on the products that they offer, they would do some kind of what’s called a financial crime risk assessment and they would say based on this type of product, whether it’s say it’s a credit card or it’s a, you know, international, whether it’s an account that you can send international money payments from, they would assess the risk of that.

Stephan Livera:

And then based on that they have to kind of blend all of that together into, okay, now am I also layering on the various monitoring things like transaction monitoring and so on. And it’s kind of like that’s all that part of that world, that KYC world, which again, I’m not saying I’m a fan of that. Obviously I think it’s quite wrong, but again, we have to know our enemy. So again, bringing it back to the Bitcoin aspect of it, I guess the question here is around how far do these companies have to go in terms of assessing the risk of a hypothetical new customer? Are they required to try and use some of these privacy invading Bitcoin blockchain analysis techniques to try and understand what was the source of that money? Because there are arguably some kind of parallels within some of this financial regulation stuff, that talks about, okay, what’s the source of your funds? Who is the beneficial owner? That kind of those kinds of languages. Well, that kind of language is used. So maybe we could just talk a little bit about what those blockchain analysis companies are doing. So could you just outline a bit around that?

Rafael Yakobi:

Sure. Well, I did get to listen to the, you know, the interview from yesterday with Jon Levin, I believe from chain analysis and, you know, it was informative, but I wouldn’t say that I’m an expert on exactly what they do. And I don’t know that they’re transparent about what they do. And I don’t know that we know definitively how effective they are at what they do or whether the results that they provide to their clients are reliable. Right. And there’s a lot of people that are much better at, you know, assessing the technical validity of their operations than I am. But generally they will work with exchanges to analyze the blockchain, to assign certain activities, certain labels to activities that are going on, on the blockchain and, you know, come up with risk scores or flags or, you know, something that they can bring to the exchange’s attention so that the exchange, if the government ever, you know audits them and their AML policies, for example, they can say, look, we’re doing things right?

Rafael Yakobi:

And I don’t know if this is, maybe it’s not a good analogy, but I’ll make it anyway. So I think that in Soviet Russia, there was some kind of saying where they said like, “We pretend to work and they pretend to pay us”. And I’m not saying that that’s exactly like that here, but a lot of this is just like everyone has to do something so that they can show that they’re doing something so that they can show that they’re not breaking the law because the law says you’ve got to do something. And, you know, I don’t know how, I don’t know the motivations of the exchanges themselves, particularly the big ones that employ these, you know if they’re really on board for these causes or if they consider it a necessary evil, it probably varies from exchange to exchange.

Rafael Yakobi:

I bet there are some that seem to have a more pro privacy perspective, like Kraken versus others, maybe like Coinbase that may not be as interested in privacy and you know, also black list, you know, controversial persons from their platform and things like that. But so in general, the blockchain analysis companies are giving flags and giving a history of the activity of the money, let’s say before the Bitcoin for example, because they can’t really analyze the dollar blockchain as far as I know. You know, they’re giving a history of the money and I struggle to see how valuable that really is. I mean, just from a practical perspective, let’s say I deposit some Bitcoin into an exchange and they realize that like 65 hops ago, my Bitcoin was on Mt. Gox and like maybe somebody stole it from Mt. Gox what are they supposed to do with that information?

Rafael Yakobi:

I don’t know. And then, and then 25 hops later, you know, it was on BTC-e and you know, BTC-e got in trouble because, you know, they didn’t follow US regulations about KYC or AML. Right. And so users seem to be expected to give up the privacy of the entire history of their money, theoretically, since it was created or released, you know, via the block reward or Coinbase transaction. And that’s a lot of privacy compromising information for seemingly questionable probative value in terms of preventing crime. You know, but that being said, we don’t, we don’t know without being able to like, you know, get to these kinds of tools ourselves and see what they can see. You know we can’t really tell. So certainly there’s some kind of a balancing act here because, you know, just in listening to Levin from chain analysis, you know, I thought he used a lot of political loaded moral language, right.

Rafael Yakobi:

Where, you know, let’s say Peter McCormack would say, well, what about the privacy? And he would say, well, what about North Korea as if the choice is either privacy or North Korea and, nuclear programs or something like that. And so I don’t know howI don’t have that much of a response to, loaded political language as I would call it. I think it’s, I consider that kind of stuff to be a false dichotomy. I mean, I really want to hear what you have to say about this cause this is a, you know, recent development and I haven’t really heard too much commentary on it yet. So curious to hear your perspective. But I feel like there’s a lot of things that could theoretically be done to prevent crime, but they would be terrible, right? I mean, or to achieve any particular, you know, goal that the government might be interested in. For example, the government might be interested in the public health and so maybe it would be a net positive for the public health if they required you to get out of bed at nine o’clock in the morning and go outside and jog and do jumping jacks. We could just get everyone of that get, you know, get everyone out of the house and get them exercising.

Stephan Livera:

Right? Like have fat camps. Right. And say, Hey, you’re putting people at risk by, you know, being diabetic or whatever and we’re going to put you into a fat camp. Right. And like, would that be, you know, and that’s the political philosophy question of is it right to force this onto people? So that, I guess that’s probably a bit of a example that’s more out there. But let’s say coming back to the chain analysis idea of as well privacy versus you know, North Korea and missiles and you know, the so-called, you know, pedophiles are going to use Bitcoin or whatever. I think it just has to come down to all Bitcoins should be treated as though they are fungible. Because that’s the only way like money could really work right now I guess the counter back from, some people would say, Oh well look, I can try certain things back and I know that certain things were done with it and that is kind of gets into how confident are you about that link?

Stephan Livera:

And I guess there’s something to it about if that link was less hops ago or less transactions back in the chain, that it might be more clear that, you know, for example, let’s say your coins came straight from the Mt. Gox hacked coins. I don’t know, like what, what’s the, ’cause, I mean, not just the law, but like kind of the moral and ethical question of how should, should we treat that as you know, for example, if I were to buy a piece of gold from you, I wouldn’t necessarily go to you and say, Hey, Rafael, who was the previous owner of that gold? Were they a criminal? And did you see as this the, you know but I know, again, I’m not a lawyer, I don’t know the specifics, but I know there are certain laws in different countries around the proceeds of crime, right? Like knowingly, buying that might be against the law and it, depending on what country you’re in. So I guess maybe if they were to try and think of it like “Oh those Bitcoins were the proceeds of a crime.”

Stephan Livera:

Yeah. I guess that’s a more complicated question. I wouldn’t have the answer on that. But let’s, bring it back to this chainanalysis idea and the heuristics, right? Because they are relying on certain heuristics right they’re not really proven or they’re not really like 100%, you know, for sure.

Stephan Livera:

What is the? I don’t know if you’ve looked into any cases on this, but are there any examples where that kind of thing is used and held up as evidence? Or is it more like that’s a string for an investigator or detective to pull on and find other leads or other pieces of information or other collect other evidence?

Rafael Yakobi:

Right, right. Well, as far as what it means for it to be evidence, I mean, I think it could be evidence of something, you know how persuasive or probative or valuable it is. You know, it would be circumstantial evidence. Right and so I think like you said, it depends on, well how, how many hops for example, are there between, you know, what you, where it started, for example, and, where it ended and what is the significance of those places. And I guess, you know, an example might be if you withdraw from a major exchange and you send the withdrawal, the Bitcoin from your exchange account to an address that is controlled by the Taliban. Right? That seems like pretty strong evidence, you know, but then if there’s like five hops in between, it’s less than it’s, you know, it’s not as strong.

Rafael Yakobi:

And this is not, you know, you don’t need to be a lawyer to figure this out. It’s just a matter of common sense. I mean, after all, if you’re going to be tried and there’s going to be a jury that’s going to decide if you’re convicted, then what matters to them is the only thing that matters, right? It’s not really a matter of convincing you know, the judge that this shouldn’t be evidence, although I’m sure there’ll be lots and lots of debate about that. You know, eventually as these cases develop. But you know, eventually you’re going to need to convince the jury that the government has proved their case, for example, beyond a reasonable doubt. If it’s a criminal case. And I think what, will happen if it hasn’t already happened and it’s possible that it has, but there’s going to be evidentiary hearings where this kind of evidence is used and it’s basically going to be a battle of the experts.

Rafael Yakobi:

And so I don’t know who will be qualified as an expert for this kind of thing. I’m sure there are some people, but it’s going to be a battle of the experts and maybe, you know, as a threshold matter for probably for the judge to decide, okay, is this credible enough that it even meets the threshold that it’s admissible? And then, you know, if so, then it’ll be a matter of having the experts convince the jury that it’s, you know, persuasive, right, that it’s good evidence if anything. But we’re still in the in the early stages of that and like our common law system and I think you guys have one there too. It takes a long time to develop, right? Somebody has to pay probably a ridiculous amount of money to, go through the entire trial process of defending themselves and go to the court of appeals and maybe even get to the Supreme court on these important issues and well, who wants to do that? Not everyone wants to bet their company or their life on, you know, solving a problem that is good for all of us.

Stephan Livera:

I see. And as I understand, I think Sjors Provost has mentioned a few cases in the Netherlands, I believe he’s from where this sort of thing has happened and there are a couple of cases here and there. But it was also funny you were saying that they could bring in an expert. I’m just laughing cause I was just thinking I’m they’re going to haul in Ergo and get him to talk through where those coins came from. Now the funny thing, one funny thing was some of this is, so bringing it back to say in the case where there was a scammer and those coins were then, you know, the scammer tried to use the wasabi wallet to mix the clients. And the funny thing is that there were customers who got their deposits or withdrawals or had their account in general flagged by the exchange, right? So presumably what’s going on here is that exchange has some compliance team or some AML compliance staff and they’re looking, they’re using this, you know, chain surveillance tools such as chain analysis or ciphertrace or one of these. And they are then flagging that customer and saying, okay, this guy looks like he’s high risk because those clients have proximity with Wasabi or with Mt Gox or a known hack coins. Right. But the irony is that

Stephan Livera:

Some of these exchanges might unknowingly be used as a form of custodial mixer because people might just deposit coin and withdraw them out and effectively quote unquote wash them through the exchange. Now, hypothetically, it might be that the financial laws are there to stop them from doing that, right? Like it should be like you’re the exchange, you should be knowing what’s going on and you shouldn’t be allowing people to use your service as a custodial mixer. But do you have any reflections on that? What I was just talking about there?

Rafael Yakobi:

Well, I mean, as far as exchanges, flagging coinjoin, I know it’s a, it’s a sensitive topic for a lot of people, myself included because we all, you know, have a way that most of us want this to go right. We don’t want them to treat coinjoin as suspicious activity, you know. But as far as, as far as I know, you know, there haven’t been that many reports of it actually happening, but at some point soon, each exchange is probably going to decide, you know, either officially and publicize it or off the record decide how they’re going to, how they’re going to treat coinjoin. And I would say that the position that I’m hoping that they’ll go for is that if they don’t have any reason to believe that anything suspicious is happening besides the fact that, you know, they could tell that the transaction resulted from a coinjoin that by itself, that shouldn’t be enough to treat the transaction as suspicious. You know, that’s right I’d like to go for because that means that if there’s, if the government wants to prosecute crimes and they can just do a police work and detective work right, without having to do Dragnet surveillance like they probably do on everything else, like do they not have enough? You know, they can probably listen to everything that everyone says near their phone and they can read everyone’s emails. Almost everyone’s emails, right, and all your Facebook messages and your Twitter messages. And there’s just an unbelievable amount of data available to the government already I think. And you know, to the extent that we can maintain a tiny little piece of financial privacy, I think that would be a good thing. And I don’t think it, I don’t think it materially impairs, you know, law enforcement’s ability to, prosecute actual crimes. I mean, it just seems like the cost is just not worth the benefit that they, that they believe that they’re getting from this. So I’d say that’s my initial reaction.

Stephan Livera:

Right .Yeah. And I think I would agree that exchange users should not be flagged merely for using coinjoin basically now it may be the case that, that some chain surveillance companies are doing that practice or, and I guess there’s a lot of things that are unclear. Here because it could be that the tool is flagging. Yes. This could have come from a CoinJoin. And then actually the compliance stuff at each exchange is the one making the final call of whether I flag this customer, I lock their account. Or I’d send them a letter and say, Hey, we saw you deposited this money to XYZ address and we don’t like that, blah, blah blah. But I think it, to me, maybe this is an imprecise analogy and I know it’s not technically precise, but it might be sort of like saying, Oh, Hey, you customer, you’re not allowed to use a VPN when you come to my website. And it’s sort of like, you might want to, you might have legitimate reasons for wanting to mask your internet traffic from corporate surveillance and that’s why you use a VPN or you might use Tor. Would it be like, imagine if you went to a website and they said, no, why were you using a VPN? Explain to me why you were using a VPN? Are you trying to hide something?

Rafael Yakobi:

Right, right. I think it’s a good analogy. And, well, hopefully the government doesn’t figure that out and you know, start getting involved there too. Although, you know, they already do to some extent, right? If you, if you’re an American and you go to bitmex.com that’s exactly what they say. Or you know, they, they have a big red thing saying you’re not allowed to be here. Right. If you use a VPN, even if you use a VPN, if they, they’ll, they’ll kick some people off even who are using VPNs you know, because they suspect that you might be American for some other reason. I don’t know what other data they collect. Maybe they, you know, get some unique token from your browser, from a cookie or something like that. I’m not a software developer, so you might know better than me, but I think it’s a good analogy. And

Rafael Yakobi:

I would say the blockchain analysis Coinjoin situation is, it’s more severe than that, right? That that wouldn’t be, that would be an inconvenience and probably has bad implications. But the full analogy would be, well, if you want to access our website, first of all, you can’t use a VPN because that’s suspicious. And also you just need to share your browsing history with us, right? Yeah. You didn’t know if your IP is going to come to our website then where was your IP before? Was it somewhere suspicious? Right. So it’s not just that they want to know that you, you know, really control, I think an analogy to what you’re saying with the VPN would be, you know, the exchange saying you need a sign, a transaction from your Bitcoin wallet that made this deposit, right. So you can prove it’s really you so that we, so we know you’re not just using your account here at the exchange to like, you know, accept the money from someone else for purposes of laundering it.

Rafael Yakobi:

Right. We want to know what’s really yours, but they’re not just asking for that. That wouldn’t be that bad. They’re asking for is the entire history, right? If you’re not coinjoining, it seems like, you know, and I’m not an expert on the technical aspect of it, but if you’re, if somebody hasn’t coinjoined the Bitcoin that you’re using when you deposit, then those hops can go back many, many years and many, many hundreds of times. And so it’s a well too much way too much data that people should, should be concerned about it. I mean, yeah. So I think it’s a big concern. Yeah.

Stephan Livera:

And the other point that might be worthwhile making here is that it’s almost like they’re expecting you to remain defenseless against any other person trying to understand what your, how many Bitcoins you have, for example, because if they were to go down this pathway or flagging any CoinJoin use at all, then that basically stops people from protecting themselves against other threats.

Stephan Livera:

Right? It’s saying you must remain defenseless and every time you transact with somebody you’re not allowed to use any coinjoined then then you effectively might end up doxing your stash or your prior transactions or your salary to your counterparty. And then like the non exchanges is normally you’re doing a transaction with somebody in the Bitcoin world. So it’s like it’s like forcing you to remain in this state of defenselessness so that the exchange compliance department can satisfy the regulator, the KYC AML regulator.

Rafael Yakobi:

Right. Yeah, I agree. Those are obviously, you know, important security concerns for everyone that uses Bitcoin. You know, not wanting to share all this information with everyone that you interact with. And another thing is that some exchanges, and we don’t know how this is going to play out, there’s some game theory here, but some exchanges want to implement CoinJoin as by default when they, you know, when a user goes to withdraw from an exchange, I think Bull Bitcoin already does that CoinJoin by default.

Rafael Yakobi:

And other exchanges that I’ve spoken to are considering this and the question that they are faced with is, let’s say they, they, they want to, you know, get some pro privacy points for their brand and they want to implement coinjoin by default when you withdraw from their exchange. The real, you know, the main reason why they’re doing this is to protect themselves, right? So that the user doesn’t know how much money they have and at what addresses, right? So they can maintain privacy from their users and you know, maintain the security of their exchange since they’re going to be a custodian of some kind. But the risk there is that if they do this, are they screwing their customers down the line? Right? You buy Bitcoin from an exchange and then you take it off there so you can put it in your cold storage and then they do CoinJoin on the way out.

Rafael Yakobi:

And then when you try to deposit it later somewhere else, that exchange flags you, right. That exchange flags you as, you know, a CoinJoin person and it’s not clear to me at this point, you know, I think you, you had talked with Cory Klippsten about the intransigent minority .Yep. Did I get that right? The first word?

Stephan Livera:

Yep.

Rafael Yakobi:

All right. You know, that Nassim Taleb talks about. And I think that that’s how it’s gonna work with CoinJoin is who can fight back better. You know, if a lot of people use CoinJoin the exchanges, have no choice but to accept it. I think because if it’s a majority of the participants, you can’t blacklist 50% of your customers, you know, but if not enough people use it and the exchanges, you know, quickly take an affirmative stance against coinjoin, then other exchanges will be in a difficult position where even if they want to, you know, if you get Bitcoin from Kraken and you’re not allowed to sell it in Coinbase, that’s not good. You know, new customers are going to complain about that. You know, new customers are not gonna understand this. And so I think it can go either way. I mean I, I don’t know, I want to know what you think about this. You know what, cause a lot of the stuff that we’re talking about is not, it’s not a matter of legal expertise. And I think you probably know more about it than I do.

Stephan Livera:

Yeah. So for me, my perspective on that is there will be naturally competition between the exchanges. And I think most exchanges, they’d not, they’re probably taking the approach of I need to do the minimum to get past the regulations so that I can maximize my customers and maximize my revenue. Right. And so it’s, I think it’s kind of like most exchanges begrudgingly have been pushed into this, that at least that’s my guess, my speculation. I don’t know for sure. I think it’s probably the case that many, it’s becoming, it’s sort of, I view this like it’s becoming this little cottage industry of blockchain analysis, right? And they want to try to, well, it’s like that saying you fake it and you make it, right? Like if you just keep putting it out there and keep trying to say that you’re required and all, look, all these other people are using something like this.

Stephan Livera:

Right. And in that Jonathan Levin episode, he said something like, Oh, typically if you’re not using something like chainanalysis, you need to be using something like this to assess the risk of your customers. Blah blah, blah. Right? And so they’re trying to make it a thing. And fundamentally it, I think there are a lot of reasons why you can poke holes in that theory. As we were saying, right, the VPN analogy, the forcing you to remain defenseless point and also around what is considered a privacy technique to begin with. Like another quick example would be if you look at some of those chain surveillance company, public reporting that they put up, sometimes it’s actually just address reuse that gets people right. So like the criminal was doing address reuse, which is a well known bad privacy practice. Nowadays, basically any Bitcoin wallet that you use nowadays does not do address reuse. Like generally they have what’s known as HD wallets hierarchical deterministic wallets. Now would it be considered a privacy technique to not reuse addresses? Surely not. I mean that’s just like the, the Bitcoin best practice. And so that is also an interesting practice because then it’s like, well, are they going to flag people for doing address reuse?

Rafael Yakobi:

Right. I agree. And you know, I’ve thought about this particular issue of address reuse because I think it’s not a stretch of an analogy or metaphor maybe to say that, you know, take the similarity between, using new addresses each time you receive Bitcoin and CoinJoin is that you’re taking affirmative steps. You’re doing something in order to maintain your privacy. And they really don’t seem that different to me. I mean, in principle you’re doing something and you’re doing it for this same purpose and same reason. And so, you know, it’s really just a, it’s a matter of almost a, I don’t know if cultural is the right word, but it’s like everyone has been conditioned to accept that you can use new addresses and there’s nothing weird about that, right. But coinjoin has to deal with this branding problem you could say, or marketing problem maybe that, you know, it gets associated with custodial mixers or tumblers and those get associated with, you know, all the bad things that the Baptist in the bootleggers and Baptists analogy are trying to prevent.

Rafael Yakobi:

That’s the reference I’m making there is to some commentary that Guy Swann gave he was nice enough to read my, the article that we’ve been talking about and everyone should go listen to that. He gives some commentary after his reading of the article and he mentioned this concept of the Bootleggers and the Baptists, which you might already be familiar with, but how there’s this kind of unholy Alliance between, you know, the preachers in the government who want to prevent all the bad things and, you know, the industries that profit from this war on the alleged bad things. So I think, I think that’s something that also comes into play here. As far as the compliance companies go.

Stephan Livera:

Another interesting point as well is to consider from the so-called taint, you know, quote unquote Taint point of view. There aren’t that very really any ways that it makes sense. And I think, here we have to shout out for 6102 Bitcoin, only, 6102 did a bunch of graphs and charts and he was pointing out that it’s quite nonsensical to have this conception of taint because effectively every coin eventually becomes tainted at some point. And then as a question of how many hops back and so on, did you have any thoughts to share on that and how and perhaps that influenced your article or any of your work?

Rafael Yakobi:

Right. Well, I agree with the shoutout. He’s got those great infographics and you know, some of it regarding proximity and the reliability of the heuristics is a little bit above my technical abilities. But I think a lot of it is very informative in terms of the, let’s see, I’m sorry, can you repeat the question again?

Stephan Livera:

Oh, I was just saying, did that inform any of your article and this concept that if we were to try and run with this idea that, you know, hypothetically, let’s say taint existed, it might be the case over time, every coin becomes tainted and then it’s just like, well that’s not really going to help anyone if every coin is tainted.

Rafael Yakobi:

Yeah, yeah. I think the concept of taint is conceptually flawed and you know, not pragmatic for money, but the, you know, the concept is something that’s used by the government. Right. And it’s not the government’s goal to make sure that Bitcoin is money, you know, so for their perspective, they call it tainted and then, you know, I guess all the coins are tainted and then I guess that’s bad. And maybe they want to ban it or restrict its use or you know, make you do even more due diligence to prove that you’re not a criminal. Right. To prove your innocence or something like that. So, you know, from their perspective, this is all great for them. Or, you know, I guess them being, let’s say, a government that is disapproving of Bitcoin or a particular agency that thinks that Bitcoin is getting in the way of, you know, whatever it is that they’re trying to do.

Rafael Yakobi:

So I certainly agree. I certainly agree with that idea. And I think one minor thing I wanted to go back to from, from the Chainanalysis interview with Levin was his point that I think from his view that doing chain analysis or you know, doing what his company does helps the adoption of Bitcoin because it allows, you know, financial institutions to deal with Bitcoin and then people get access. And I think while there’s a tiny bit of truth that maybe, you know, if a company works with chainanalysis, then they’re more likely to get a bank account. I guess I have maybe a more cynical theory that blockchain analysis companies, let’s say, exert their influence or buy their influence with banks and legislators to make themselves a requirement, right? So they create the conditions by which they become necessary so they can solve a problem that they created.

Rafael Yakobi:

And I think that at the highest levels for the big exchanges, this is pretty much what happened, right? You have you know, a large exchange that wants to get a bank account at a big bank and then, you know, compliance company comes along and makes very good friends with the bank and then the bank will tell the exchange, okay, if you want to keep your bank account here, then you need to use blockchain analysis. Right? And then, you know, you just mush in some hand-waving about the law and anti money laundering and now you, you get to where we are now, where, you know, people will say that chain analysis is required by law. You know what I mean? So yeah, I just wanted to go back to that just popped into my head now.

Stephan Livera:

No, fantastic. I think, I think you’re spot on there. I think that basically is what’s happening is that there are these chain analysis compliance companies that stand to gain from these big government contracts. And I can’t remember the exact number, but I think chain analysis actually do have some, a federal government contract for, you know, millions of dollars. Right? And so there, there is money in this and there’s money in them selling that vision, even if that vision is not necessarily accurate.

Rafael Yakobi:

Right. That that would be, that would be best case scenario. If it’s not accurate. I mean, I guess maybe not best case scenario, best case scenario is just, you know, let people use Bitcoin unrestricted. But one good scenario would be that blockchain analysis ends up being useless maybe because lots of people coinjoin and then the exchanges waste some money hiring these companies and pretend to do surveillance. But the surveillance doesn’t actually work. Right. Going back today, we pretend to work and they pretend to pay us. So.

Stephan Livera:

Exactly.

Rafael Yakobi:

You know, I mean, they’ll still be economic costs that will, that will be passed to consumers because of this, you know, and maybe, I don’t know if it raises the price, you know, the price of fees on an exchange by 5%, but it doesn’t actually change anything. You could just call it a tax. Right. Except in this scenario, the tax isn’t going directly to the government. It’s just going to some companies that have, you know, bought the requisite power from the government so that they can make themselves required.

Stephan Livera:

Yeah. And it’s just sort of like how big companies try to be the ones who set the new regulatory framework, which in turn puts a regulatory cocoon around them and protects them from newcomers and upstarts because they, because they can more easily deal with the compliance costs of having an army of lawyers and accountants and IT people to help deal with those new regulations.

Rafael Yakobi:

Right. To add to that about, about the big companies doing that has definitely happened in the Bitcoin world. Right. There are big exchanges like Coinbase for example, that you know, seemed to take the approach very early on that if you wanted to operate a Bitcoin exchange, you needed to get a money transmitter license in each state or almost every single state, right? And so they went out and got all these very expensive state licenses that are separate from the Bank Secrecy Act and FinCEN and all that.

Rafael Yakobi:

They went and got all these very, very expensive licenses to kind of set the industry standard before anyone really, you know, figured out whether these licenses were required. So now they kind of pushed the industry in the direction where, well, if you want to compete with a big exchange like them, then you need to get these licenses too, right? And then when they get to the bank, you know, they get, you know, their account at the big bank and now if you want to get the account, you need to have the level of compliance that they have, right? And so the result of this is that consumers suffer because of the lack of competition. And they also suffer because their privacy suffers as a result of just the particular kind of, I don’t know if you could call it regulatory capture, but the particular kind of, you know, capture that has happened.

Rafael Yakobi:

So I think it’s worth people remembering that it’s not just the government. I mean, big companies have a fiduciary duty to, you know, make as much money as possible under the circumstances that they’re operating in. And that’s exactly what they’re going to do, even if that is not necessarily what is best for you. And a quick point about last point about this big versus small companies. For example, you know, we had talked about the Bank Secrecy Act and risk-based, you know, procedures to prevent money laundering. Those, the expectations on smaller businesses are much, much lower than they are in bigger businesses. And I think that that’s something that Bitcoiners can potentially use to their advantage. Right. Obviously somebody who runs one Bitcoin ATM, I don’t think that they can be reasonably expected to hire chainanalysis or some expensive company like that to do, you know, how many compliance people do they need to hire?

Rafael Yakobi:

Right? They might have one person running the business. Are you supposed to have compliance team of 10 people to, you know, for a one man business? Right? So you know, although there’s a lot of negative things about these financial surveillance laws, I would say that there’s also silver lining that if bitcoiners care with their dollars or their satoshi about privacy, then you know, start small businesses. And maybe you can help, I don’t know, I don’t want to say even the playing field, but help a contribute to a better, better market for Bitcoin.

Stephan Livera:

Yeah, that’s a really interesting point. I hadn’t considered that before. One other topic I’m keen to get your opinions on is this question of custodial versus non-custodial mixing. Now, the article you wrote was also in relation to Harmon,

Stephan Livera:

Larry Harmon, sorry, Larry Harmon of the company, one of the guys behind DropBit. And so as I understand, Harmon was operating inaudible, which was a, like a centralized or a custodial mixer. Are you able to shed some light for us on if there’s any legal difference? So in the eyes of the law, is it different if you are using a non-custodial service such as Samurai Whirlpool?

Rafael Yakobi:

Right. Yes, very big difference. So essentially to be what’s considered a money transmitter under, under federal law, you need to, you know, accept and transmit, you know, currency or funds or value that substitutes for currency, right? So FinCEN’s definition for what makes a money transmitter and therefore somebody that must register and follow the BSA and do all this stuff is somebody that has taken control of, you know, another person’s funds and you know, either exchanging it or sending it to another person on their behalf. Right? Like Western union might be a typical example in the traditional world of a money transmitter. And that’s what these laws were created to originally created to regulate. And so if you’re using a custodial service like a tumbler, then you know, if the person that’s running the tumbler is accepting control over your Bitcoin and then sending it somewhere else, then they are a money transmitter.

Rafael Yakobi:

Therefore they need to register as a money services business and comply with the Bank Secrecy Act, right? Which requires the risk based approach and it means they have to appoint a chief compliance officer and make suspicious activity reports, currency transaction reports, right? There’s all these things they have to do. But you know, if you, if you’re not taking control of other people’s funds, then you’re not a money transmitter and you don’t have to do that. So fortunately as it is now, at least in my opinion, and maybe there’s other people, other lawyers who disagree, but as it is now, non-custodial wallets, even if they, you know, allow the coordination of CoinJoin through the wallet are not money. Transmitters don’t have to register with FinCEN and don’t have to do KYC or AML, which is great, right? And it’s great, not just because you know, good for privacy, but it’s great because not your keys, not your coins.

Rafael Yakobi:

Right. And that’s like, well, probably at least to me, really one of the most important principles in Bitcoin. And just from my own experience as attorney, you know, I know that the people we talk to are mostly sophisticated, some level or another you know, about, about Bitcoin or crypto and custody and things like this. You know, you have really high level people on your podcast. But I get calls, I don’t know, five or six or seven times a week from people that lose a lot of money because they send their Bitcoin to like strangers on the internet, like all the time. Just an unbelievable amount of people who lose just crazy amounts of money because they send their Bitcoin to people on the internet. And so it might not apply to us so much, but I try to tell them that if there’s one rule you can follow, it’s not your keys, not your coins.

Stephan Livera:

Right. That solves like, I don’t know how you get scammed if you can follow that rule. Yeah. So in that case, well again, obviously don’t dox anything about those individuals, but were those individuals thinking they were buying a product online and they were paying for it, or like why did they even send the money?

Rafael Yakobi:

Oh, offer alleged investment opportunities. It’s just greed. It’s just greed. Unfortunately. You know, there’ll be websites that look kind of official except that you’ll never find anyone’s name on it or some of them will have, you know, fake names and they all, you know, will say things like promising a percentage return in a short amount of time. Although in one instance, I mean, you know, we’ve all seen like, there’s like thousands of scams out there that are promising, you know, double your money, send me a Ethereum or Bitcoin and I’ll send it back and double it or whatever.

Rafael Yakobi:

You know, there it’s like noise that we blend out now because it’s so obvious, you know. But maybe for some people, I don’t know, boomers or something, it’s not obvious to them. And so they’re more often the victims and you know, there’s definitely an overlap there with, I would say a lot of people that you know will call me that use Coinbase for example, are maybe the same ones that are new users or don’t know what they’re doing. You know, they’ll get into these issues where they have all their Bitcoin on their exchange, you know, and they’ll give somebody their 2FA or give somebody their login information it’s a major issue. But yeah, most of them are trying to invest in things on the internet, you know, basically Ponzi pyramid or other kinds of investments schemes though. There’s one guy that had called me that fell for this and invested a bunch of money in some kind of a scam and then they, and then it actually worked and it was totally, it’s definitely a scam, but for some reason they actually sent him back like a ton of Bitcoin.

Rafael Yakobi:

Like, I don’t know, I don’t remember the numbers exactly. So I’m just going to make them up. But let’s say he sent like five or 10 Bitcoin and like got back like 35 Bitcoin, right. And then called me and he was like, Oh, what do you think I should do? How should I pay taxes? And I’m like, dude, you just got the miracle of a lifetime happened to you, right. Because 99.9% of people that this happens to your money is gone forever from the second that you send it, you know? Yeah. So I don’t know.

Stephan Livera:

It could be that maybe it was like a Ponzi and he was one of the early people and they had to make a payout to make it look legit to everyone else. And I don’t know, he’s like one of the lucky 0.01% of people. I don’t know I’m speculating. Right?

Stephan Livera:

Yeah. Yeah, that’s a pretty crazy thing there. But I guess anyway, the broader lesson is non-custodial mixing is a superior from a having to do work regulatory, you know, in a regulatory and legal sense if you’re just staying non-custodial, that generally is better for people. So I think that’s something that’s a good takeaway for people when they’re thinking about how they’re operating in this Bitcoin world. Rafael, did you have any other tips for listeners?

Rafael Yakobi:

Well, I did just go on a rant about not your keys, not your coins. So, so I think that’s the main one. I’m going to re endorsed that one. I mean, I try to send, you know, when those people email me or call me with those, you know, unfortunate stories, I’ll try to direct them to places where they can, you know, I don’t know, report the crime or try to help educate them a little bit. But one video that I’ll always send them is like this very short 15 second clip of Andreas Antonopoulos. Repeating not your keys, not your Bitcoin, your keys, your Bitcoin, not your keys, not your Bitcoin. Right. And he just keeps repeating that for like 15 or 20 seconds and you know, try to drill that into their heads. So I think I’m gonna re endorse my, not your keys, not your coins advice. And just in terms of safety. And so obviously that’s at least an implicit endorsement of non-custodial services, like some of the ones that you had mentioned.

Stephan Livera:

Sure, Okay, so Rafael, if listeners want to find you online, they want to follow your work, where can they find you?

Rafael Yakobi:

Sure. So I’ve got a website for my firm called thecryptolawyers.com and if you Google crypto lawyer, generally I do pretty good on Google. So depending on where you are. I try to be, well I’ve gotten lucky that Google has just blessed me by putting me at the top or close to the top for crypto lawyer. So if you Google that hopefully should be able to find me. But I’m also on Twitter at CA, like California, @CACryptoLawyer. And you know, I think some of your, I probably know a bunch of your listeners already. I try to talk to people and be involved cause like I said, I’m a bitcoiner before I’m a lawyer. So, you know, I’m just a regular guy who also happens to be a lawyer and working in this, in this area. So I certainly, you know, be happy to connect with anyone, particularly anyone that, well, I guess this is my five second chance to shill. Anyone who wants to start a Bitcoin ATM business or a crypto exchange or is dealing with these issues and wants to talk to a lawyer about it. Happy to help anyone like that.

Stephan Livera:

Fantastic. Well, yeah, definitely. Listeners go and hit Rafael up. And Rafael, thank you for joining me.

Rafael Yakobi:

Yeah, thank you very much.

Leave a Reply Cancel reply