By Bitcoin Tidskrift - 3 månader sedan - Läsningstid: 20 minuter
Samourai Wallet svar på FinCENs föreslagna regler för Bitcoin Blandning
Den 23 oktober 2023 frågade vi vår advokat, Rafael Yakobi om Kryptoadvokaterna to assemble an expert legal team to respond to the U.S. Department of the Treasury and FinCEN’s proposed rules that would seriously harm your privacy by effectively outlawing bitcoin mixing as well as conflating basic best practices such as not reusing addresses as a suspicious action requiring enhanced reporting.
Nedan är en exakt återgivning av brevet som vi har skickat till Treasury och FinCEN som en del av den offentliga begäran om kommentarer.
Vi vill tacka Rafael Yakobi och teamet som han samlade för att utarbeta detta svar på uppdrag av Samourai och våra användare: Carla Reyes, Sasha Hodder, JW Verret, bland andra som arbetat flitigt bakom kulisserna i månader med att förbereda denna inlämning eftersom de anser att detta skadliga överskridande av den federala regeringen måste åtgärdas.
Vi vill tacka varmt Tio31, som nådigt lovade att hjälpa till att täcka några av de avsevärda kostnaderna vi ådragit oss för att utarbeta detta svar.
Lastly, we would like to thank all 25 of the unaffiliated Bitcoin companies that read and signed this letter to FinCEN in agreement with our position. They are listed individually at the bottom of this page.
Du kan ladda ner en PDF av brevet nedan:
Avsnitt 311 Blandning av transaktioner Beteckning NPRM Kommentar Brev PDF
Andrea Gacki 22 januari 2024
Direktör
Nätverk för finansiell brottslighet
US Department of Treasury
PO Box 39
Wien, VA 22183
LÄMNAS ELEKTRONISKT
Re: Dokumentnummer FINCEN–2023–0016 – Förslag till särskild åtgärd beträffande konvertibel virtuell valutablandning som en klass av transaktioner av primärt problem med penningtvätt
Kära regissör Gacki:
We appreciate the opportunity to comment on Docket Number FINCEN-2023-0016 (the "Mixing Transaction NPRM"), released by the Financial Crimes Enforcement Network ("FinCEN") on October 22, 2023.[1] Vi är en mängd icke-anslutna företag som förlitar sig på viktiga cybersäkerhetsgarantier och integritetsmöjliggörande programvara för att skydda våra företag och våra användare. Den extrema vidden av reglerna som föreslås av Mixing Transaction NPRM skulle överdrivet belasta vår användning av sådan teknik på ett sätt som inte skulle hjälpa FinCEN att uppnå sitt uppdrag att förhindra penningtvätt och annan olaglig användning av pengar. Som ett resultat av detta skriver vi för att uttrycka vår allvarliga oro angående nyheten och omfattningen av de föreslagna särskilda åtgärderna och de otillräckliga definitionerna i dem.[2]
The Proposed Special Measures would unreasonably infringe upon the legitimate financial privacy interests of cryptocurrency users, and would apply to a variety of digital techniques that are not mixing transactions at all, but rather simply represent good cybersecurity practices. Moreover, the Proposed Special Measures are unnecessary to achieve FinCEN's aim, and we encourage FinCEN to either withdraw the Mixing Transaction NPRM altogether or to pursue a less invasive, less restrictive, and more effective approach—the same approach it has used since its first enforcement activities in the cryptocurrency space in 2013—to enforcement against specific bad actors.
1. FinCEN bör iaktta försiktighet och antingen dra tillbaka helt eller snävt skräddarsy blandningstransaktionens NPRM eftersom om den antas skulle blandningstransaktionens NPRM inte bara representera första gången FinCEN använde sina Section 311-befogenheter mot en klass av transaktioner, utan också första gången FinCEN har någonsin infört särskild åtgärd 1.
Historically, FinCEN has exercised caution in making designations under Section 311 and implementing Special Measures. Section 311 (31 U.S.C. 5318A), authorizes the U.S. Department of Treasury ("Treasury") to designate a foreign jurisdiction, financial institution, class of transactions, or type of account as being of "primary money laundering concern" and impose one or more of five possible "special measures." Treasury delegated that authority to FinCEN, which has used its power quite sparingly since Section 311's enactment. The first Section 311 action instituted by FinCEN in the virtual currency space occurred in 2013, when FinCEN instituted special measures against Liberty Reserve. Prior to that time, between 2002 and 2013, FinCEN had only ever implemented special measures against just four jurisdictions and 13 financial institutions. After a protracted legal battle regarding a Section 311 action between 2015-2017, FinCEN seemed reluctant to use its Section 311 powers widely. [3] Skapandet av Global Investigations Division (GID) 2019 [4] and the enactment of the Anti-Money Laundering Act of 2020, which increased FinCEN's authority "to prohibit or impose conditions upon certain transmittals of funds (to be defined by the Secretary) by any domestic financial institution or domestic financial agency," [5] coincided with an uptick in the use of Section 311 powers and a broadening of FinCEN's attention to all 5 available Special Measures.
Importantly, throughout its use of Section 311, FinCEN traditionally imposes Special Measure Number 5 to isolate a specific foreign financial institution and prevent it from accessing the U.S. financial system. Until this Mixing Transaction NPRM, FinCEN has only used Special Measure Number 1 one other time—in 2012 against JSC CredexBank ("Credex").[6] FinCEN drog senare tillbaka den föreslagna regeln 2016. [7] Om blandningstransaktionen NPRM antas skulle den utgöra första gången FinCEN har infört specialåtgärd nummer 1 vid utövandet av sina 311-befogenheter. Dessutom representerar denna Mixing Transaction NPRM den allra första gången som FinCEN har försökt utse en hel klass av transaktioner som ett primärt problem för penningtvätt. Vi uppmuntrar FinCEN att utöva yttersta försiktighet när de utövar sina befogenheter enligt avsnitt 311 på ett så nytt sätt – den första utnämningen någonsin av en klass av transaktioner och den första införandet av specialåtgärd 1 någonsin.
Exercising caution in Section 311 powers reflects the seriousness of Treasury's policy purposes for invoking its powers to make primary money laundering concern designations and impose special measures—namely, to act as a signal to the world that FinCEN is "serious about ensuring that the international financial system is safeguarded against the threat of money laundering." [8] As Treasury explained in the press release announcing the very first use of its Section 311 powers in 2002, when FinCEN uses Section 311, "[FinCEN] tell[s] the world clearly that these jurisdictions [or entities or transactions] are bad for business and that their financial controls cannot be trusted." [9] For the reasons further explained below, FinCEN's targeting of convertible virtual currency ("CVC") [10] purported "mixing" transactions does not achieve these aims. Rather than target transactions that are "bad for business," the Mixing Transaction NPRM targets an overly broad range of technical approaches used as best practices both by businesses and individuals for ensuring the security of CVC and impinges on privacy rights of legitimate users of CVC. In an attempt to exercise authority it has never used before (class of transactions) through a special measure it has never previously imposed successfully (special measure 1), FinCEN created a proposed rule fraught with misunderstandings and overreach. We urge FinCEN to withdraw the rule and reconsider its approach to this novel use of its authority.
2. The Mixing Transaction NPRM proposes a rule that is an improper and overbroad application of Section 311 measures to achieve transaction surveillance and suppression that FinCEN does not otherwise have a lawful basis to undertake.
Although the Mixing Transaction NPRM ostensibly designates a class of transactions as being of Primary Money Laundering Concern, its real goal is to uncover an alternative method for collecting information about and suppressing the use of digital currency in general. The Mixing Transaction NPRM is an improper and overbroad application of Section 311 measures for that purpose. Indeed, although the Mixing Transaction NPRM allegedly sanctions a class of transactions, it inconsistently throughout refers to "CVC mixers," "CVC mixing" and "CVC mixing services" by reference to specific business entities [11] och som en typ av affärsmodell mer generellt.[12] Om FinCEN har anledning att tro att specifika enheter bedriver olaglig verksamhet, kan FinCEN använda de befogenheter enligt Section 311 som det traditionellt och framgångsrikt har använt för att rikta in sig på specifika enheter som finansiella institutioner av primärt intresse för penningtvätt. Ett sådant tillvägagångssätt erbjuder ett mer riktat sätt att ta itu med faktisk penningtvätt och samtidigt skydda legitima användare av legitima integritetsförbättrande verktyg.
Särskilt har Treasury separat sanktionerat vad det refererar till som CVC-blandningstransaktioner genom dess Office of Foreign Asset Control (OFAC) myndighet för att utse personer eller egendom som utför transaktioner med specifikt utsedda utländska jurisdiktioner som identifierats genom exekutiv order som utgör terroristhot. [13] Treasury is currently facing legal challenges to, and has been widely criticized for, its attempt to sanction the Tornado Cash open source software as property of a non-existent entity Treasury alleges is called "the Tornado Cash DAO entity." [14] Although we agree with the many arguments as to why Treasury's OFAC action with regard to Tornado Cash software is an example of agency overreach, we wish to make a different but related point here. To justify its OFAC sanctions against the Tornado Cash software, Treasury had to designate the software as property of an entity. [15] OFAC officially explained as part of defending its sanction to a judge that the Tornado Cash software was property under Treasury's regulations because it fell within the broad reach of "any contract whatsoever." [16] Although the definition of "transaction" under the BSA regulations is quite broad, it does not encompass "any contract whatsoever" but rather centers on monetary transfers and specific services offered by financial institutions, and provides a catch-all for "any other payment, transfer, or delivery by, through or to a financial institution, by whatever means effected." [17] Ingen del av definitionen som är tillämplig på CVC-blandning är också ett kontrakt.[18]
In other words, in proposing the Mixing Transaction NPRM, one arm of Treasury is classifying CVC mixing as a transaction type while another arm of Treasury argues that mixing is a contract for services. Under the regulations governing both enforcement actions, mixing activity cannot be both a transaction type and a contract for service simultaneously. Treasury's attempt to designate mixing software as both a type of transaction and a contract is evidence of the arbitrary and capricious nature of its attempt to regulate open-source software that enhances the digital privacy of legitimate CVC users. To the extent that FinCEN really wants to target non-custodial, open-source software that individuals can use on their own accounts, FinCEN exceeds its statutory authority.
Indeed, tools that enhance digital privacy in CVC transactions simply seek to enable a form of digital cash. As a result, in its rush to find a way to suppress CVC mixing transactions, by whichever means, even if inconsistent amongst different internal branches of its own agency, FinCEN's Mixing Transaction NPRM amounts to an attempt to sanction "all transactions conducted in cash," which is both impossible and an unreasonable over-extension of its rulemaking authority.
3. The Mixing Transaction NPRM should be withdrawn because the proposed definition of "CVC mixing" is overbroad and targets lawful activity in a way that makes the agency's proposed action arbitrary and capricious.
Setting aside FinCEN's own apparent confusion about whether CVC mixing is a transaction, a service, a business, or a specific business entity, when FinCEN does attempt to define the "class" of transactions that it considers to be CVC mixing, the Mixing Transaction NPRM's definition of "mixing" is extremely broad and includes numerous activities routinely conducted by legitimate users as a matter of routine safety precautions in online transacting in CVC. Specifically, the Mixing Transaction NPRM provides:
The term "CVC mixing" means the facilitation of CVC transactions in a manner that obfuscates the source, destination, or amount involved in one or more transactions, regardless of the type of protocol or service used, such as: (1) pooling or aggregating CVC from multiple persons, wallets, addresses or accounts; (2) using programmatic or algorithmic code to coordinate, manage, or manipulate the structure of a transaction; (3) splitting CVC for transmittal and transmitting the CVC through a series of independent transactions; (4) creating and using single-use wallets, addresses, or accounts, and sending CVC through such wallets, addresses, or accounts through a series of independent transactions; (5) exchanging between types of CVC or other digital assets; [19] eller (6) underlätta användarinitierade förseningar i transaktionsaktivitet. [20]
De flesta av de aktiviteter som omfattas av den föreslagna definitionen av CVC-blandning anses vara etablerade bästa praxis inom branschen för användning och förvaring av CVC. Specifikt omfattar den föreslagna definitionen blixttransaktioner, engångsplånböcker, atomswappar, decentraliserade finansprotokoll, sekretessmyntfunktioner och flersignaturplånböcker, bland annat. Det huvudsakliga gemensamma för detta breda utbud av mjukvaruverktyg är att de förbättrar den digitala integriteten och erbjuder grundläggande cybersäkerhetstekniker till ägare eller vårdnadshavare av CVC. Att använda dessa tekniker för att skydda värdefulla digitala tillgångar är lika rutinmässigt och vardagligt och fritt från olagliga syften som att använda tvåfaktorsautentisering för att säkra en digital plånbok som innehåller betalkortsinformation eller ett X-konto (tidigare Twitter) för att förhindra ett obehörigt meddelande.[21]
4. The Mixing Transaction NPRM should be withdrawn because its inaccurate depiction of standard security practices as "mixing" impermissibly restricts the capacity of users to protect their property so that FinCEN can conduct a fishing expedition.
The proposed rule describes as red flags such everyday practices as "creating and using single address wallets" and "splitting CVC for transmittal." [22] The standard practice among cryptocurrency users is to change addresses with every transaction. For example, Coinbase Exchange describes to their users that: "[w]e automatically generate a new address for you after every transaction you make or when funds are moved between your wallet and our storage system. This is done to protect your privacy, so a third party cannot view all other transactions associated with your account simply by using a blockchain explorer." [23]
The fact that a small subset of users, who may be criminals, engage in the same operational security practices as ordinary users does not make those operational security practices suspect. The fact that criminals may use two-factor authentication to protect the security of their online applications does not mean that the use of two-factor authentication is itself an indicator or facilitator of criminal activity. In exactly the same way, the fact that users do not reuse Bitcoin addresses is merely indicative of basic operational security.
Som ett uppenbart erkännande av det faktum att dessa verktyg legitimt möjliggör viktiga cybersäkerhetsförebyggande åtgärder, befriar FinCEN finansinstitut från att rapportera om några av sina egna blandningstransaktioner som de kan utföra under tillhandahållandet av tjänster till allmänheten.[24] Genom att undanta finansiella institutioner från regeln skapar FinCEN en regim där finansinstitutioner kan vidta lämpliga cybersäkerhetsåtgärder för att använda CVC, men vanliga människor inte kan.
Kanske ännu mer problematiskt, genom hela Mixing Transaction NPRM, motiverar FinCEN den föreslagna regeln som nödvändig för att göra det möjligt för brottsbekämpande myndigheter och byrån att bättre förstå transaktionerna och i vilken utsträckning olaglig aktivitet sker genom CVC-blandning. [25] The extraordinary and never before successfully invoked Section 311 power to designate a class of transactions and implement special measure 1 is not appropriate for use in a fact-finding mission. Employing such overly broad definitions as proposed in the Mixing Transaction NPRM for the purpose of authorizing an invasive fact-finding mission represents an arbitrary and capricious use of FinCEN's delegated rulemaking authority because FinCEN's justification for the rule lies outside of the statutory criteria for determining a class of transactions is of primary money laundering concern.
Specifically, FinCEN is statutorily required to consider the following factors when determining that a class of transactions is of primary money laundering concern: (1) the extent to which the class of transactions is used to facilitate or promote money laundering in or through a jurisdiction outside of the United States, including money laundering activity with connections to international terrorism, organized crime, and proliferation of WMDs and missiles; (2) the extent to which a class of transactions is used for legitimate business purposes; and (3) the extent to which action by FinCEN would guard against international money laundering and other financial crimes." [26] Under hela Mixing Transaction NPRM erkänner FinCEN att på grund av brist på data och bristande förståelse för CVC-blandare kan den inte tillräckligt bedöma i vilken utsträckning CVC-blandningen och den föreslagna regeln motsvarar något av dessa tre kriterier. [27] FinCEN's assessment ultimately boils down to: FinCEN does not have sufficient information to properly assess the statutory criteria required to justify the proposed rule, so the proposed rule is justified because, in FinCEN's own words, it "is necessary to better understand the illicit finance risk posed by CVC mixing." [28] Att använda en sanktion för att erhålla den information som krävs för att motivera utförandet av sanktionen även när myndigheten vet att det sannolikt kommer att lägga en hög börda på legitima användningar och finansiella institutioner är definitionen av godtyckliga och nyckfulla regleringsåtgärder.
5. The Mixing Transaction NPRM should be withdrawn or significantly narrowed in scope because FinCEN's required statutory analysis fails to adequately value the legitimate uses of CVC mixing services and unduly burdens legitimate users and financial institutions.
FinCEN admits that public blockchains "make it possible to know someone's entire financial history on the blockchain" [29] and that it "recognizes that there are legitimate reasons why responsible actors might want to conduct financial transactions in a secure and private manner given the amount of information available on public blockchains." [30] Yet, in the same document, alleges that the Mixing Transaction NPRM is necessary because CVC "is not without its risks and, in particular, the use of CVC to anonymize illicit activity undermines the legitimate and innovative uses of CVC." [31] Dessa två förslag kan inte vara korrekta samtidigt.
As a matter of technical reality, FinCEN's assertion that public blockchains expose a user's entire financial history on the blockchain to the public for everyone to see and inspect is correct. [32] Det skapar faktiskt det grundläggande behovet för legitima CVC-användare att utföra CVC-blandningstransaktioner – att återinföra samma nivå av ekonomisk integritet som de åtnjuter i det traditionella finansiella systemet [33] to their transactions via CVC (for example, the traditional financial system does not expose a consumer's entire credit card history to the public, and indeed, federal law requires that financial institutions protect such information from being exposed to the public [34]). [35]
Att säkerställa att deras CVC-transaktioner åtnjuter samma nivå av integritet som transaktioner inom traditionell finans minskar den potentiella risken för personlig skada för legitima användare och gör det möjligt för legitima användare att undvika att avstå från sin konstitutionella rätt till integritet. När identiteten för en legitim CVC-användare är känd och kopplad till plånböckerna som innehåller CVC-tillgångar, blir användaren ett mål för kidnappning, rån, utpressning och hackning. [36] Vidare, på grund av denna inneboende transparens genom design av offentliga blockkedjor, beslutade den femte kretsen nyligen att det inte finns några förväntningar på integritet för användare av tillståndslösa offentliga blockkedjor som inte vidtar några ytterligare åtgärder för att integritetsskydda sina transaktioner. [37] Legitima användare använder integritetsförbättrande programvara när de gör transaktioner i CVC för att undvika att oavsiktligt avstå från sina konstitutionellt skyddade integritetsrättigheter.
I slutändan har FinCEN fullständigt misslyckats med sin skyldighet att på ett adekvat sätt redogöra för effekterna på legitima användare som krävs av dess regelverksmyndighet. När FinCEN försvarar sitt val av specialåtgärd 1 över 2 till 5, betonar FinCEN, utan förklaring, att specialåtgärd 1 – ytterligare registerföring – tillåter legitima användare att fortsätta använda integritetsförbättrande programvara utan avbrott. [38] This is false, as covered entities must report on any transaction that may have involved CVC mixing and a foreign jurisdiction. Indeed, read broadly, it is possible that the rules proposed by the Mixing Transaction NPRM require reporting on transactions that involve CVC that were transacted through mixing software at any point in the asset's transaction history. Such reporting directly impedes the reasons for which legitimate users employ mixing software (to enhance financial privacy) by requiring the elimination of financial privacy (it is not a private transaction if an intermediary must surveil and report on the transaction). Software tools like mixers that enhance digital financial privacy provide a true electronic equivalent to cash. Notably, transactions in cash are not subject to rules such as those proposed in the Mixing Transaction NPRM. In an apparent acknowledgment of this deep and inherent conflict between the rules proposed by the Mixing Transaction NPRM and the legitimate uses to which legitimate users put CVC mixing software, FinCEN itself predicts that the rule will chill the use of CVC mixers.
6. The Mixing Transaction NPRM should be withdrawn because it requires covered financial institutions to perform law enforcement's function to accomplish FinCEN's AML goals, which FinCEN, DOJ, and law enforcement can achieve using existing tools when they have a proper legal basis to employ those tools.
Like the definitions of CVC mixing and CVC mixer, the Mixing Transaction NPRM's information reporting requirements demonstrate a deep lack of technological understanding. Notably, all of the transaction information that the Mixing Transaction NPRM proposes to include in required reports by covered financial institutions involves data that, in most circumstances, FinCEN can just as easily obtain itself through blockchain data analytics. Similarly, the customer information that FinCEN would require covered financial institutions to report includes the same kinds of information such institutions must already report if a transaction raises sufficient red flags to trigger the filing of a Suspicious Activity Report (SAR). Nevertheless, the Mixing Transaction NPRM seeks to require covered financial institutions to file such reports on every single transaction for which the CVC involved may have ever been transacted through the extremely broad set of software that FinCEN's proposed rule defines as CVC mixing software. In other words, because law enforcement investigations into activity involving CVC are sometimes more difficult, FinCEN seeks to impose broad surveillance of individuals without cause through covered financial institutions. Covered financial institutions should not have to become de facto brottsbekämpande tjänstemän för att göra utredningar lättare för FinCEN.
FinCEN, justitiedepartementet och brottsbekämpande myndigheter har tidigare och framgångsrikt använt de verktyg som FinCEN ber finansinstitut att använda för att rapportera efterlevnad enligt Mixing Transaction NPRM för att rikta in sig på specifika olagliga aktörer. FinCEN har visat att de vet hur man korrekt utreder och verkställer mot specifika leverantörer av frihetsberövande CVC-blandningstjänster som inte följer de regler som de lyder under. Att specifikt rikta sig mot illegala aktörer som FinCEN och brottsbekämpande myndigheter har byggt upp ett tydligt och starkt argument för med hjälp av tillgängliga blockchain-dataanalysverktyg balanserar bättre behovet av att bekämpa olaglig CVC-blandning med den legitima användningen av CVC-blandning av individer som försöker skydda sin legitima, konstitutionella och lagstadgade integritetsintressen.
Av alla skäl som diskuterats ovan uppmanar vi FinCEN att dra tillbaka Mixing Transaction NPRM helt och hållet.
Tack för din fråga.
Om du har några frågor eller vill ha ytterligare information, se kontaktuppgifterna nedan:
Rafael Yakobi, Esq.
Managing Partner
Crypto Lawyers, PLLC.
[e-postskyddad]
(619) 317-0722
Vänliga hälsningar,
Samourai plånbok, Tio31, River, Strike, RoninDojo, Svan Bitcoin, Primal, GRIID, Zaprite, Persika, Mempool Space, Uppströmsdata, Stakwork, Vida Global, Spänning, Coinkite, Myteri plånbok, Standard Bitcoin Företag, Satoshi energi, cathedra Bitcoin, AnchorWatch, Bitnob, Oshi, Battery Finance,Vik, Start9
FinCEN, förslag till särskild åtgärd avseende konvertibel virtuell valutablandning, som en klass av transaktionerof Primary Money Laundering Concern, Dkt. FINCEN-2023-0016 (Oct. 22, 2023) https://www.fincen.gov/sites/default/files/federal_register_notices/2023-10-19/FinCEN_311MixingNPRM_FINAL.pdf [hereinafter Mixing Transaction NPRM”] ↩︎In this regard, we intend this letter to specifically respond to FinCEN’s request for comments A(1)-(8), B(2)-(3), C(1), D(2), and D(11) as listed in the Mixing Transaction NPRM. ↩︎See FBME Bank Ltd. v. Lew, 125 F. Supp. 3d 109 (D.D.C. 2015); FBME Bank Ltd. v. Lew, 142 F.Supp.3d 70 (D.D.C. 2015); FBME Bank Ltd. v. Lew, 209 F.Supp.3d 299 (D.D.C. 2016); FBME Bank Ltd. v. Munchin, 249 F. Supp.3d 215 (D.D.C. 2017). ↩︎FinCEN, Press Release, New FinCEN Division Focuses on Identifying Primary Foreign Money Laundering Threats (Aug. 28, 2019),https://www.fincen.gov/news/news-releases/new-fincen-division-focuses-identifying-primary-foreign-money-laundering-threats. We note with some alarm that the timing of GID’s creation coincided with the release of FinCEN’s 2019 CVC guidance, indicating that perhaps the two were coordinated and greater targeting of CVC users has been underway for some time. ↩︎2021 NDAA, Section 9714, https://www.congress.gov/116/bills/hr6395/BILLS-116hr6395enr.pdf. ↩︎77 Fed. Reg. 31,794 (Mar. 30, 2012). ↩︎81 Fed. Reg. 14,408 (Mar. 17, 2016). ↩︎U.S. Dept. Treas., Press Release, Fact Sheet Regarding the Treasury Department’s Use of Sanctions: Authorized Under Section 311 of the USA PATRIOT ACT (Dec. 20, 2002), https://home.treasury.gov/news/press-releases/po3711. ↩︎Id. ↩︎We note that we dislike the term convertible virtual currency, as it does not fit industry understanding of the technical realities of cryptocurrencies and their many uses. We use the term in this letter only because it is the language that FinCEN has adopted for the implementation of its regulations. As an aside, we would encourage FinCEN to adopt more technically accurate vocabulary for implementing its regulations, as doing so would help FinCEN avoid proposing unworkable and overbroad regulations such as the Mixing Transaction NPRM. ↩︎See, e.g., Mixing Transaction NPRM, supra note 1, at 15 (“ChipMixer, a darknet CVC ‘mixing’ service”); 16 (referring to Bestmixer.io as a CVC mixing transaction); 20 (referring to enforcement against “Bitcoin Fog”). ↩︎See, e.g., id. at 5 (“persons who facilitate…CVC mixing transactions”); 18 (“RAILGUN falls under the umbrella of CVC mixing…because it uses its privacy protocol to manipulate the structure of the transaction to appear as being sent from the RAILGUN contract address, thus obscuring the true originator.”); 20 (“CVC mixing services often deliberately operate opaquely…”.) ↩︎U.S. Dpt. Treas., Press Release, U.S. Treasury Sanctions Notorious Virtual Currency Mixer Tornado Cash (Aug. 8, 2022), https://home.treasury.gov/news/press-releases/jy0916. ↩︎See, e.g., Van Loon et. al., v. OFAC, No. 23-506669 (5th Cir. 2023) (notably, a variety of amici intervened with arguments critiquing the OFAC sanction at both the District Court and 5th Circuit Court of Appeals); Peter Van Valkenburgh, New Tornado Cash Indictments Seem to Run Counter to FinCEN Guidance, CoinCenter (Aug. 23, 2023), https://www.coincenter.org/new-tornado-cash-indictments-seem-to-run-counter-to-fincen-guidance/. ↩︎OFAC, FAQ 1095, https://ofac.treasury.gov/faqs/1095 (“OFAC designated the entity known as Tornado Cash, which is a “partnership, association, joint venture, corporation, group, subgroup, or other organization” that may be designated pursuant to the IEEPA.”). ↩︎See, Order, Van Loon et. al. v. Dpt. Treas., 1:23-CV-312-RP at 18 (W.D. Tx. Aug. 17, 2023). ↩︎31 CFR 1010.100(bbb)(1). “Except as provided in paragraph (bbb)(2) of this section, transaction means a purchase, sale, loan, pledge, gift, transfer, delivery, or other disposition, and with respect to a financial institution includes a deposit, withdrawal, transfer between accounts, exchange of currency, loan, extension of credit, purchase or sale of any stock, bond, certificate of deposit, or other monetary instrument, security, contract of sale of a commodity for future delivery, option on any contract of sale of a commodity for future delivery, option on a commodity, purchase or redemption of any money order, payment or order for any money remittance or transfer, purchase or redemption of casino chips or tokens, or other gaming instruments or any other payment, transfer, or delivery by, through, or to a financial institution, by whatever means effected.” ↩︎Notably, in the Mixing Transaction NPRM, FinCEN refers to Tornado Cash as a “CVC mixer,” not as a CVC mixing transaction. Is mixing a transaction? Is mixing a contract? Is mixing a type of business? The fact that FinCEN cannot decide belies the inappropriateness of using its Section 311 sanctions as proposed. ↩︎We note that the Mixing Transaction NPRM does not include a definition of “other digital assets” anywhere. Further, we are unaware of any definition of “digital assets” in FinCEN’s regulations or guidance. Finally, it is not clear to us how FinCEN has authority to impose regulatory reporting requirements upon exchanges of CVC for digital assets that are not CVC. See FinCEN, Application of FinCEN’s Regulations to Persons Administering, Exchanging or Using Virtual Currencies, FIN-2013-G001 (Mar. 18, 2013) (the phrase “digital assets” appears nowhere in the 2013 Guidance); FinCEN, Application of FinCEN’s Regulations to Certain Business Models Involving Convertible Virtual Currencies (May 9, 2019) (the only time that the phrase “digital assets” appears in the 2019 Guidance is in footnote 75 in reference to the title of the SEC “Framework for Investment Contract Analysis of Digital Assets”). This is just another small but notable way in which FinCEN seeks to overreach its authority through the Mixing Transaction NPRM. ↩︎Mixing Transaction NPRM, supra note 1, at 30-31. ↩︎True Tamplin, How to Protect Your Digital Wallet from Cyber Threats, Forbes (Dec. 19, 2023, 2:00 pm EST), https://www.forbes.com/sites/truetamplin/2023/12/19/how-to-protect-your-digital-wallet-from-cyber-threats/?sh=1e9146825981 (noting the importance of 2FA for securing digital wallets). ↩︎Mixing Transaction NPRM, supra note 1, at 30-31. ↩︎Se https://help.coinbase.com/en/exchange/managing-my-account/crypto-address-change ↩︎Mixing Transaction NPRM, supra note 1, at 31. ↩︎See, e.g., id. at 24 (“Furthermore, the information generated by this special measure would support investigations into illicit activities by actors who make use of CVC mixing to launder their ill-gotten CVC by law enforcement. At present, there is no similar or equivalent mechanism possessed by law enforcement to readily collect such information, depriving investigators of the information necessary to more effectively understand, investigate and hold illicit actors accountable.”). ↩︎31 U.S.C. 5318A(a)(1). ↩︎See Mixing Transaction NPRM, supra note 1, at 19 (not enough data to know how much CVC mixing is used in money laundering); 22 (not enough “available transactional information” for FinCEN to “fully assess the extent to which or quantity thereof CVC mixing activity is attributed to legitimate purposes”); 22 (essentially claiming that FinCEN’s lack of information itself is reason enough to show that getting more information would guard against international money laundering). ↩︎Id. vid 23. ↩︎Id. vid 7. ↩︎Id. vid 21. ↩︎Id. vid 6-7. ↩︎Matthias Nadler & Fabian Schar, Tornado Cash and Blockchain Privacy: A Primer for Economists and Policymakers, 105 Fed Res. Bk. St. Louis Rev. 122 (2023); Vitalik Buterin, et. al., Blockchain Privacy and Regulatory Compliance; Towards a Practical Equilibrium (Sept. 9, 2023) (unpublished manuscript), ↩︎See, e.g., 12 U.S.C. §§ 3401-3423 (the Right to Financial Privacy Act of 1978 (RFPA), which protects the confidentiality of personal financial records by creating a statutory fourth amendment protection for bank accounts). ↩︎16 C.F.R. Part 314, 67 Fed. Reg. 36484 (May 23, 2002) (FTC rule addressing the requirement that covered financial institutions safeguard non-public information”) ↩︎Matthias & Schar, supra note 32. ↩︎For a documented timeline of physical attacks on Bitcoin users, see Known Physical Bitcoin Attacks, GitHub
https://github.com/jlopp/physical-bitcoin-attacks/blob/master/README.md (last visited Jan. 22, 2024). ↩︎See United States v. Gratowski, No. 19-50492 (5th Cir. 2020). ↩︎Mixing Transaction NPRM, supra note 1, at 25 (special measure 1 is the only special measure that will preserve “legitimate actors’ ability to continue conducting secure and private financial transactions.”). ↩︎
This is a guest post by Samourai Wallet. Opinions expressed are entirely their own and do not necessarily reflect those of BTC Inc or Bitcoin Tidskrift.
Ursprunglig källa: Bitcoin magazine