Article NavigationCryptocurrencies and fundamental rights
Abstract
Cryptocurrencies,1 like bitcoin, raise new legal questions due to their innovative technological concepts. While academic research covers nearly all areas of the technological concepts of those currencies, legal studies focus only on a few topics. The papers that have been published so far discuss mainly economic law, tax law, and financial regulations. At the same time, governments are starting to explicitly regulate cryptocurrencies in terms of anti-money-laundering (AML) and to clarify or strengthen the legal basis for prosecuting crimes in the context of cryptocurrencies. Furthermore, criminal investigation in the context of cryptocurrencies is intensifying with the rising number of cryptocurrency-related crimes. Moreover, governments should also start to consider crime prevention in the context of cryptocurrencies. AML regulation, crime prevention, and prosecution have to take heed of the fundamental rights of the citizens affected. To date, legal research has not discussed the relationship between AML regulation (regarding cryptocurrencies), crime prevention (in conjunction with cryptocurrencies), the prosecution of crimes involving cryptocurrencies and fundamental rights. Many future regulatory concepts will collide with the fundamental right to property of the owners of cryptocurrency units and the freedom to pursue a trade or profession of owners and operators of exchange platforms, mining pools, etc. In cryptocurrencies organized as peer-to-peer systems, the freedom of association also has to be mentioned. With particular regard to prosecution, law enforcement agencies restrict the freedom of telecommunication, data privacy (including the right to informational self-determination), freedom of expression, and the freedom of information. Whenever some of these fundamental rights are impinged upon, regulation concepts and investigation or prosecution approaches must be provided for by law and must fulfill the criterion of necessity. Further interdisciplinary research is needed to develop efficient and legit prevention as well as criminal investigation concepts.
Issue Section: Research Paper
Introduction
This article examines the relationship between cryptocurrencies, regulation concepts, investigation methods, and fundamental rights. Despite the increasing importance of the regulation of cryptocurrencies, the papers that have been published so far discuss mainly economic law [1–3], tax law [4–6], and financial regulations [1–4, 6–14]. To date, legal research has not discussed the relationship between anti-money-laundering (AML) regulation (regarding cryptocurrencies), crime prevention (in conjunction with cryptocurrencies), the prosecution of crimes involving cryptocurrencies, and fundamental rights [15–17]. I will focus on the fundamental rights as codified in the Charter of Fundamental Rights of the European Union (CFR) [18] and the European Convention on Human Rights (ECHR) for two reasons: First, investments in and trade with cryptocurrencies have a cross-border dimension. Hence, regulation concepts require an international context and should be discussed in the context of transnational fundamental rights. Second, the CFR and the ECHR not only belong to the few international fundamental rights charters that are legally binding on Member States but also provide the most extensive jurisprudence with regards to their application [see Art. 6 (2) (3) Treaty on European Union (TEU)].2 Nevertheless, most of the findings can be transferred into other fundamental rights systems. The analysis of other legal systems is surely a worthwhile focus for future research (see “A brief glance at the international situation” section for more details).
Due to the large (and continuously growing) [19] number of so-called “cryptocurrency” systems with different technological characteristics, the term “cryptocurrency” is not easy to define (p. 13 in [20]). The spectrum of classification possibilities is as broad as the technological design space [21] for “cryptocurrencies.”3 In this article, the term “cryptocurrency” only refers to schemes with the following properties: decentralized organization governed by a network protocol, cryptography as means to secure transactions, and a public LEDGER which documents the system state and history. Bitcoin will serve as reference example for these currencies since it is the most popular cryptocurrency with the widest acceptance and the largest market capitalization to date [18]. The arguments also apply to other cryptocurrencies modeled after Bitcoin (e.g. “alt-coins” such as Litecoin). They may in principle generalize to schemes with different (combinations of) properties, but further research needs to reassess the applicability for each instance.
In terms of regulation, the article will focus on crime prevention concepts, especially AML and prosecution measures in the context of cryptocurrencies.
The section “Bitcoin’s specific features in terms of regulation” provides a brief overview of Bitcoin as an example of decentralized, public ledger-based cryptographic currencies and expounds its most important features for the subsequent legal analysis.
The section “Conceivable regulatory approaches and the development of new investigation methods” draws attention on conceivable regulatory approaches in terms of crime prevention, AML, and criminal investigation methods. The lack of a central administrative institution necessitates a regulation concept that is aimed at the natural and legal persons participating in the cryptocurrency system directly or indirectly through its surrounding ecosystem. For the same reason, investigators cannot rely on bank documents, bank employees, or automatic account screening. This section gives an overview of regulatory approaches and investigation methods which seem to be promising.
The section “Natural and legal persons in and around the Bitcoin system affected by regulation and investigation” focusses on the natural and legal persons in and around Bitcoin. Such persons can take various roles in the Bitcoin core system (e.g. users sending and receiving payments in bitcoins), in the “Bitcoin ecosystem” (e.g. exchange platforms), the financial sector (like banks, trusts, etc.), and the real-world economy (e.g. merchants) (p. 18 in [22]). Furthermore, the section “Natural and legal persons in and around the Bitcoin system affected by regulation and investigation” examines in which ways the regulation approaches and investigation methods discussed in section “Conceivable regulatory approaches and the development of new investigation methods” affect the interests and needs of the persons in and around the Bitcoin network.
Finally, section “Regulation, investigation and fundamental rights” analyzes which fundamental rights of the persons mentioned in section “Natural and legal persons in and around the Bitcoin system affected by regulation and investigation” are affected by both, the regulatory approaches and investigation methods described in section “Conceivable regulatory approaches and the development of new investigation methods.” The fundamental rights will therefore be divided into three main categories. The first group consists of fundamental rights affected by nearly every regulatory approach in every cryptocurrency system (e.g. the right to property). The second contains some fundamental rights which become relevant specifically in peer-to-peer-based cryptocurrencies like Bitcoin, for example, the freedom of association. The third group encompasses fundamental rights which do not—at first sight—have an obvious impact on governmental regulation and prosecution, like the freedom of speech or the freedom of information. Authorities have to respect the fundamental rights of the persons affected and find the legitimate balance if multiple conflicting rights are concerned.
Besides the conclusion, section “A brief glance at the international situation” points out that further (interdisciplinary) research is necessary in order to develop efficient prevention concepts and investigation methods and to examine the legal limitations of those measures.
Bitcoin’s specific features in terms of regulation
Fundamental rights protect specific conducts of an individual against interference by the state. For example, the freedom of telecommunication (Art. 7 CFR, 8 ECHR) safeguards any form of undisclosed communication between natural and legal persons from intervention by any governmental authority ([23], Art. 8 paras 3, 4, 28 in [24], para. 60 in [25], para. 01.21?A in [26], Art. 7 para. 25 in [27], Art. 7 para. 24ff in [28], para. 43 in [29]). In order to invoke a particular fundamental right, the conduct in question has to be related to specific objects. For example, a behavior only falls within the scope of the right to property if it is connected to an object that meets the definition of “property.” Hence, to answer the question of which fundamental rights apply to behaviors related to holding, trading and using Bitcoins or running the Bitcoin system, it is necessary to understand which characteristics define Bitcoins, which kinds of behaviors occur in and around the Bitcoin system, and what distinguishes Bitcoin from money, chattels and bank money. This overview will restrict itself to the most important properties for the legal analysis since most readers already possess (basic) knowledge of Bitcoin’s technology. If further information is required, there are specific articles addressing the technical perspective [2, 4, 30, 31].
The Bitcoin system does not operate like traditional currency systems. In real-world currency systems, governments,4 central banks, and private banking institutions function as central administrative and control units. On the contrary, in the Bitcoin system volunteers (i.e. users who run a full client5) contribute processing power to a peer-to-peer network that runs a program (the Bitcoin protocol) to keep track of the account balances of all users. A bitcoin is basically a track of transactions between several public keys in the blockchain [30]. Hence, “holding” bitcoins means controlling the public key (Bitcoin address) which has received the last recorded transaction. A Bitcoin user exercises power over a public key by possessing the corresponding private key. Every transaction is stored in a public distributed ledger, called the “blockchain.” The latter cannot only be viewed by participants in the peer-to-peer network but also by everybody who uses blockchain analytic tools on the Internet like www.blockchain.info. Adding a data block (which contains transactions of the users) to the blockchain is called mining. Bitcoin miners are users who provide their CPU power for the mining process [2, 31, 32]. A successful miner is rewarded with newly mined bitcoins (besides the transaction fees offered by the parties of the transaction [30]) in order to motivate users to provide computing power for the network’s operation [31, 32]. Even if the blockchain is public, participants in the Bitcoin network remain (if they choose to do so) pseudonymous [4]. This is possible because every client can create an infinite number of unique and independent public keys [31]. Thus, no user has to identify himself to an administrative unit (in contrast to opening a bank account). Usually, only the holder of the private key knows to whom the associated public key is related. Besides through the aforementioned mining process, an individual can get bitcoins by changing real currency into bitcoins at specialized exchange markets (also vice versa) [8], Bitcoin ATMs (not vice versa) [33] and on Internet platforms like localbitcoins.com or bitcoin-treff.de.
Due to technological features of cryptocurrencies, governments not only have to face obstacles but can also make use of opportunities when regulating them: on the one hand, regulation scenarios have to find a solution for the lack of central administrative parties. Standard Know-Your-Customer (KYC) systems will not work if users do not have to identify themselves when opening an account [34]. Furthermore, the pseudonymity of cryptocurrencies hinders any concept that is depended on the knowledge of the users’ identity, for example, as it is required by law enforcement agencies’ supervision of an individual (p. 469ff in [7]). On the other hand, the public transaction record enables new regulatory approaches. For example, in comparison to regaining stolen cash from circulation, it is possible to isolate and devalue bitcoins through transaction blacklisting [30, 35]. The same applies to the profit of other illicit activities like drug-trafficking and blackmail [35]. The possibility to track every single bitcoin back to its origin provides for another opportunity for regulators: even if several bitcoins are stored in the same wallet of a user (precisely, the private keys are stored in it) or even if several bitcoins are related to the same public key, every bitcoin in the wallet or related to the public key is distinguishable owing to its traceable and unique history. Hence, unlike in classic banking systems, single transaction outputs are separated from each other at any time and thus can be blacklisted without “poisoning” all bitcoins related to the respective public key [34, 35].
Conceivable regulatory approaches and the development of new investigation methods
What governments and prosecutors have been doing for decades in terms of AML and financial crime investigations is difficult to apply and enforce in the context of Bitcoin and other cryptocurrencies [8, 13, 36, 37].
Regulating cryptocurrencies in terms of AML
Traditionally, AML concepts rely on KYC systems, due diligence, compliance systems and monitoring and reporting duties of banks and other financial service providers [7, 13, 31, 38]. Depending on the scale of transactions, the domicile of the business partner and, especially in contractual relationships with politically exposed persons, financial service providers have to check the identity of their contractual partners, gather information regarding the purpose and the type of the business relationship sought, make a risk assessment and monitor the relationship continuously (see FATF Recommendations No. 10–23 [31, 39]). In the context of traditional, “real” currencies, this concept is (arguably p. 8ff in [31]) effective because a person can only participate in the deposit money system with a bank account (and huge amounts of cash are hard to store and transport, especially across borders). In contrast to that, in the Bitcoin system users can create their own “account” (= the wallet) on their own device and create as many key pairs as they want without involving any financial service provider. Hence, AML measures have to be directed towards the legal and natural persons who exchange cryptocurrencies for real currencies or goods, like exchange platforms and merchants (p. 23 in [31]). Furthermore, “classic” KYC is not effective in cryptocurrency systems for three reasons: first, for merchants in the mass market, KYC is simply not practicable (p. 57 in [38]). Second, if criminals find persons (or exchange platforms located outside the respective jurisdiction; see p. 30 in [31]) who exchange real money for cryptocurrencies, they do not need to use any regulated exchange platforms (located inside the respective jurisdiction) (p. 22 in [40]). Seeking out those persons/exchange platforms—even abroad—is relatively easy, because there are intermediary platforms on the Internet, for example, localbitcoins.com. Moreover, no suspicious-looking amounts of cash have to be physically smuggled over borders in order to exchange them abroad (p. 20ff in [31]). Third, exchange platforms “pop up and disappear so quickly” (p. 23 in [31]) on the Internet that it is not possible for (national) law enforcement agencies to be aware of all platforms located in the respective jurisdiction. Nevertheless, several governments and transnational organizations are planning to install—or have already installed—KYC systems for exchange platforms (and other types of users), like the BitLicense Law of the State of New York, section 200.15 (e) (1), the Payment Services Act of Japan from April 2017, Canada’s Bill C-31 (An Act to Implement Certain Provisions of the Budget Tabled in Parliament on February 11, 2014 and Other Measures, Second Session), the inclusion of Digital Currency Exchange Providers in the Anti-Money Laundering and Counter Terrorism Financing Act in Australia (came into force 2018) or the Proposal for a Directive of the European Parliament and of the Council amending Directive (EU) 2015/849, Art. 2 lit. g, lit. h ([2, 4], p. 457ff in [7, 9, 11, 31, 36, 38, 41], p. 39ff in [42, 43]). As a necessary preliminary stage to KYC and due diligence, governments started to place the permission to trade with and exchange cryptocurrencies under reservation of supervisory approval (e.g. BitLicense of the State of New York [1, 2, 7, 10, 43, 44], Canada’s Bill C-31 or the draft law on digital financial assets of the Russian Ministry of Finances from 20 January 2018 [43]).
Besides classic KYC systems and licensing, there are many conceivable regulation approaches in the context of cryptocurrencies [8, 11, 35]. Again, it has to be mentioned that differently designed “cryptocurrencies” need to be regulated differently depending on their technological characteristics. The (current) technological design of the Bitcoin system offers many opportunities for regulators. First, authorities could restrict the access to cryptocurrencies. Besides a blanket ban (p. 35 in [10]), limiting the access to the Bitcoin software (e.g. Bitcoin clients, online wallets) is a conceivable albeit hardly enforceable regulatory approach. Second, public authorities could try to control or at least influence the mining process by either participate with governmental mining pools or by regulating the production of or the access to mining hardware.6 Third, the exchange of cryptocurrency with real money and goods (and vice versa) could be restricted and/or controlled by authorities [35, 38], like China and India are doing right now [43].
As mentioned above, the decentralized character of the Bitcoin network is a strong argument for implementing prevention concepts which are directed toward the “gatekeepers” who operate on the border between cryptocurrencies and the real world [8]. A notable example of such approaches is transaction blacklisting [34, 35]. The goal of this concept is to blacklist transactions (precise: transaction prefixes) which were caused by criminal offenses like blackmail, fraud or money laundering. Actors in the “Bitcoin ecosystem” like exchange platforms and merchants who accept bitcoins for payment would not be allowed to accept blacklisted transactions or transactions which can be traced back to a blacklisted transaction [34, 35]. The advantage of such an approach is that exchange platforms and merchants are tangible for law enforcement agencies because they operate in the real world [22]. Another benefit lies in the (at least partial [22, 35]) devaluation of bitcoins from blacklisted transactions. This devaluation is caused by both an economic and a legal effect: Bitcoin users will not pay the same price for blacklisted bitcoins as for non-listed bitcoins because they cannot use listed bitcoins to pay for goods or exchange them [22]. If the transaction blacklist were public (or at least users could request whether bitcoins offered originate from a listed transaction), users would be forced to check the list in order to avoid criminal prosecution for money laundering. This makes criminal activities with the aim of gaining Bitcoins less attractive. It has to be mentioned that the devaluation of blacklisted Bitcoins could lead to a problem for the Bitcoin system: It has been stated that blacklisting leads to a dramatic loss of Bitcoins’ fungibility since blacklisted Bitcoins have less value than not-blacklisted ones [22, 45, 46]. Nevertheless, it can be argued, that the lack of fungibility is (from an economic point of view) a necessary consequence of the “unique transaction history” (p. 28 in [22]) of every Bitcoin and the dependence of the price of a Bitcoin on the “information encoded in the transaction history” (p. 28 in [22]). Moreover, there are market mechanisms like risk assessment that could probably manage the problem of different values of different Bitcoins (p. 28 in [22]).
Despite the improvements that transaction blacklisting brings to the regulation of cryptocurrencies, this concept also has shortcomings. First of all, a blacklist maintained by public authorities cannot cover off-chain transactions; the public authorities would therefore be dependent on the cooperation of the service providers carrying out the off-chain transactions. However, these could be forced to cooperate by corresponding laws and sanctions if necessary. Furthermore, the transaction blacklisting system would have to be implemented worldwide in order to develop its full effectiveness. However, it seems unlikely at present that all states will be able to agree on a common blacklist, not least because different activities are classified as “illegal” in different states. Within the EU an agreement seems possible, but a solely European blacklist would possibly collide with the regulation of other states and confederations of states, for example, in cryptocurrency transactions between citizens of the EU and those of non-EU states. In order to resolve these conflicts, appropriate international agreements would have to be concluded with these states. And finally, a functioning blacklisting system could be abused by authoritarian regimes to deprive political dissidents of a so far largely unrestricted possibility of financing. This risk is inherent in any effective cross-border regulatory measure. A current example outside the world of cryptocurrencies is the misuse by authoritarian states of the instrument of the international arrest warrant to detain regime critics.
Other conceivable regulatory approaches (p. 33ff in [35]) using listing of transactions and/or accounts are account blacklisting, account or transaction whitelisting [38, 48] and transaction redlisting [49] (enforced by miners). They will not be discussed in detail here, because they are less effective compared to transaction blacklisting for several reasons. For example, every method that tackles accounts (precise: public keys) is easy to bypass by simply creating new accounts (p. 66 in [38]).
