Authored by Simon Chandler via CoinTelegraph.com,

Much noise has been made about the untraceable qualities of Bitcoin and other cryptocurrencies. Bitcoin "can be used to buy merchandise anonymously" said early primers on crypto, it offers users the kind of financial privacy that was previously available only from a "Swiss bank account," say more recent commentators. And given its ability to provide people with a layer of anonymity and privacy, it has been smeared by politicians, experts and mainstream journalists alike as a hiding place for almost any hacker, drug dealer, gang member, terrorist or despot you could possibly name (even if cash is still the preferred financial medium of such personae non gratae).

image courtesy of CoinTelegraph

It's therefore no wonder that, for several years, governments have been feverishly trying to trace Bitcoin's circulation, as well as that of other digital currencies. And despite the popular reputation of most cryptocurrencies as anonymous, they've been aided in this pursuit by the fact that most cryptos are not anonymous, but rather pseudonymous. In other words, by linking transactions to fixed wallet addresses, and by keeping a public record of every single transaction ever made on their chains, most popular cryptocurrencies provide national governments with an almost perfect means of keeping tabs on our financial activity.

However, while many governments have begun capitalizing on this very convenient affordance by building systems that compile transaction data and scraped private info into a single database, most have only just begun moving in this direction. And more importantly, there are a number of privacy coins – Monero being the most prominent – that don't offer a public record linking transactions to wallets, while there are also mixing tools for making the transactions of non-privacy coins private. As such, there are still ways to remain anonymous in crypto for those who want to keep a low profile, despite the best efforts of governments in the US, Russia, Japan, and elsewhere.

Japan and Russia

As the most recent example of government crypto monitoring, the Japanese National Police Agency (NPA) announced plans to implement a system that can reportedly "track" cryptocurrency transactions within Japan. While specific technical details are scarce, the software is being developed by an unnamed private company and will cost the NPA around $315,000 next year to run. In particular, its main function will be to trace transactions reported to it as 'suspicious', linking them together into a visualization that will, in theory, enable it to pinpoint the sources and destinations of illicit money.

For the most part, it will receive its reports of suspicious activity from Japanese crypto-exchanges, which ever since the May introduction (by the Financial Services Agency) of anti-money laundering(AML) legislation have been sending it intelligence on potentially illegal transactions and the accounts associated with them. Indeed, this reporting is precisely what makes a 'transaction-tracking system' possible, rather than the invention of some novel cryptographic technology capable of breaking through the pseudonymity/anonymity of most cryptocurrencies. Simply, exchanges are being legally required to follow strict know-your-customer (KYC) policies, which enable them to link real-world identities to addresses and to transactions recorded on public blockchains. And given that they're supplying this info to the NPA, all the NPA will really be doing with their system is feeding such info into a database and creating visualizations of the flow of crypto.

What this means is that such a system isn't likely to have much direct application to anyone who circumvents (regulated) exchanges when receiving and sending crypto. That said, even if certain users stay away from Japanese exchanges they could still be linked to illicit crypto if said crypto has passed through an exchange and already raised suspicions. Either way, another area to which the system isn't likely to have much direct application are privacy-enabling coins such as Monero, Zcash and Dash, since rather than attempting to track such coins the Japanese authorities have merely decided to ban exchanges from carrying them.

A similar story is currently emerging in Russia, where the Federal Financial Monitoring Service (Rosfinmonitoring) has contracted for a system that will collate various sources of information regarding suspects in finance-related crimes. As reported by the BBC Russia service, the system will be used to create profiles for suspects, to which the authorities then add whatever relevant info they can gleam about him or her: phone numbers, bank card details, physical addresses, and crypto wallet addresses. Once again, the system hasn't been designed specifically to compromise the cryptography of Bitcoin or any other crypto, but rather seeks to simply add wallet information – where available – to any other data Rosfinmonitoring has on a suspect.

By doing this, the Russian authorities clearly hope to prevent suspects from laundering any illicitly gained money via crypto, while they also assert that they intend to stop crypto being used directly for illegal purposes. "Because of their anonymity and the inability to trace them," German Klimenko – an ex-advisor to Vladimir Putin on internet development (and head of the cryptocurrency group at the Russian Chamber of Commerce and Industry) – told the BBC. "Cryptocurrency is used in grey areas, in the dark web, for buying weapons, drugs, or violent videos. Lawmakers of many countries are wary of this phenomenon: this was confirmed by the analysis that we conducted under orders from the president [Putin]."

While Russia hasn't introduced regulations requiring exchanges to uphold strict AML and KYC policies, the State Duma is in the process of negotiating a digital assets bill that would do just that. And once this bill has passed, Russian authorities will – like their Japanese counterparts – have access to info on the identities of wallet holders. As a result, the Rosfinmonitoring service will be able to enter this information in the soon-to-be-launched system (coming at the end of 2018), which will enable it to link transactions, wallets, and identities together.

But because this system will be tapping into crypto-exchange records rather than novel 'crypto-hacking' technology, it's likely that it won't apply to all cryptocurrencies and all cryptocurrency users. Some experts even believe that it will have a largely counterproductive effect, forcing many cryptocurrencies and their users to become more untraceable.

"If you look at the entire volume of laundered funds, the share that is laundered through cryptocurrency is very small," Anton Merkurov – an advisor with US-based the Free Russia Foundation – said. "Let's say the turnover of the local exchange is about one billion rubles [around $14.7 million] a week. This, in fact, is not very much. Instead of catching the proverbial Colonel Zakharchenko [a former anti-corruption officer who was caught with around $140 million in bribe money in 2016], authorities are trying to find a microbe under a microscope in a drop of water. This should not be a priority. And most importantly, start pressing there and opposition will begin, you will think up real tools for laundering."

The United States

While the systems being rolled out by Japan and Russia largely depend on cooperation from crypto-exchanges and on piecing together disparate sources of information, there are indications that some governments at least have taken a more direct approach to identifying crypto users.

The US, to take the most notable – and disconcerting – example, has developed a covert piece of technology that can actually extract raw internet data from fiber-optic cables in order to identify the IP addresses and IDs of those sending and receiving Bitcoin. According to documents obtained by whistleblower Edward Snowden in 2013 and published by the Intercept in March 2018, the technology in question is a program developed by the National Security Agency (NSA) and known as OAKSTAR. Masquerading as a piece of virtual private network (VPN) and downloaded by some 16,000 users in such nations as China and Iran, the program instead siphons data from an "unspecified ‘foreign’ fiber cable site," according to the Intercept.

Using this data, the NSA can then extract such information from Bitcoin users as their password information, their internet browsing activity, and their MAC address, while certain whistle-blown docs also discuss extracting users’ internet addresses, timestamps, and network ports. Effectively, OAKSTAR can be used to gather much more than the information necessary to identify someone and link them to specific Bitcoin addresses and transactions, and it can do so without having to rely on crypto-exchanges.

This is a big blow for Bitcoin privacy. As Cornell University professor Emin Gün Sirer told the Intercept:

"People who are privacy conscious will switch to privacy-oriented coins […] when the adversary model involves the NSA, the pseudonymity disappears. You should really lower your expectations of privacy on this network."

Similarly, Matthew Green – an assistant prof. at Johns Hopkins University Information Security Institute (and a key Zcash developer) – explained to the Intercept that the NSA's exploits are "bad news for privacy, because it means that in addition to the really hard problem of making [crypto] transactions private […] you also have to make sure all the network connections [are private]."

As alarming as OAKSTAR and the activity surrounding it are, no new information has emerged recently to indicate that the NSA has extended its Bitcoin-tracking endeavors to other cryptocurrencies. There's also the fact that its ability to link certain people with Bitcoin wallets is predicated on these people unwittingly downloading a piece of software that secretly extracts their internet data (while purporting to provide some other service). As a result, if users stick to VPN packages (and other pieces of software) they know and trust, it's likely they will avoid the NSA's long claws.

This reassurance aside, there is still the predictable reality that the United States government has been seeking user data from cryptocurrency exchanges, and has been doing so for longer than either the Japanese or Russian governments. In November 2016, for instance, it filed a legal summons that required Coinbase to provide the Inland Revenue Service (IRS) with the identities of an unspecified number of individuals associated with a number of cryptocurrency wallets. As Cointelegraph reported at the time, this summons was significant not so much in itself, but because it indicated that the IRS had been able to track certain wallets to an extent sufficient to determine that they'd been involved in the violation of tax legislation. Similarly, it also indicated that the IRS had been able to determine that the wallets were attached to Coinbase.

While the IRS unsurprisingly hasn't divulged how it was able to track these wallets, a 2015 document leaked to the Daily Beast in 2017 revealed that it awarded a contract to Chainalysis, a Switzerland-based "blockchain intelligence" provider that monitors cryptocurrencies such as Bitcoin for compliance reasons. As Cointelegraph reported at the time, Chainalysis uses "data scraped from public forums, leaked data sources including dark web, exchange deposits and withdrawals to tag and identify transactions." It attempts to combine what's made publicly available on blockchains with personal info unthinkingly/carelessly left by crypto users on the web. It runs, therefore, another system that is less about cryptographically penetrating blockchains and more about simply putting together all the disparate threads of info strewn across the Internet.

And even though the IRS hasn't explicitly acknowledged its employment of Chainalysis or any other service, it's also interesting to note that past instances where an agency of the federal US government has succeeded in tracking crypto users have potentially involved input from the NSA. In October 2013, Ross Ulbricht was arrested by FBI agents in San Francisco and then charged (almost a year later) with conspiracy to traffic narcotics, money laundering, and computer hacking. During his trial, he claimed his prosecution violated the fourth amendment (i.e. right to protection against unwarranted searches), since the only way the FBI could have identified him was through the illegal help of the NSA and its data-gathering trickery. Needless to say, this defense didn't exactly work, yet the Intercept noted that the NSA's OAKSTAR project got under way six months before Ulbricht was arrested. More interestingly, the website also published classified documents in November 2017 revealing that the NSA had secretly helped the FBI secure other convictions in the past.

Whatever the truth behind Ulbricht's conviction, it's clear that the NSA has had the ability to covertly identify Bitcoin users for over five years, while it's also true that other US agencies have been tracking crypto transactions (using undisclosed means). As such, it's a safe bet to say that American crypto users should probably think carefully before engaging in anything Uncle Sam wouldn't condone.

China, India and beyond

It would appear that few nations can match the US in the reach and power of their crypto-tracking activities. However, this isn't stopping many from trying. In China, reports emerged in March that the Public Information Network Security Supervision (PINSS) agency has been monitoring foreign crypto-exchanges that serve Chinese customers. Even though the government has banneddomestic exchanges and trading on foreign alternatives, this hasn't stopped every Chinese trader from seeking out crypto abroad. Because of this, PINSS has been 'monitoring' foreign exchanges so as to "prevent illegal money laundering, pyramid schemes [and] fraud," according to Chinese news outlet Yicai.

While Yicai could confirm via sources at PINSS that such monitoring had been underways since September 2017, it couldn't explain just what kind of monitoring was being pursued, or whether the Chinese government was actively trying to identify individuals trading in crypto. Still, whatever the extent of the surveillance involved, the knowledge that other nations are tracking crypto would indicate that Chinese traders should also add themselves to the growing list of 'people who ought to be careful.'

So too should Indian traders, who in January may or may not have learned that their government was keeping tabs on them for tax purposes. Actually, chances are they would have learned about this, since the Indian tax department sent notices to "tens of thousands" of investors (according to Reuters), after having conducted national surveys and having obtained user data from nine Indian exchanges. This provided a clear signal that the government was indeed tracking cryptocurrency transactions, something which it had begun contemplating in July 2017, when India's Supreme Court demanded information from it and the Reserve Bank of India on the steps being taken to ensure that crypto isn't being used for illicit purposes.

As reported in July by Indian news website LiveMint, the system the government was considering, would involve cooperation between the central bank, the Securities and Exchange Board of India (SEBI), and India's intelligence agencies. However, as the involvement of India's crypto-exchanges in January's tax notices reveals, it's once again likely that the system currently rests on input from these exchanges, rather than on technology comparable to the NSA's, for instance.

Other than the prominent examples of Japan, Russian, the US, China and India, there are few other cases of national governments going public with (or being known for) crypto-tracking systems. Nonetheless, even if there's currently no public record of other governments investigating the potential for tracking systems, it's highly probable that those governments with a significant interest in crypto have contemplated a tracking system in one form or another.

UK and EU

For example, the UK and EU governments jointly announced in December 2017 that they're planning a "crackdown" on crypto-enabled money laundering and tax evasion. UK economic secretary to the Treasury Stephen Barclay said in last October:

"The UK government is currently negotiating amendments to the anti-money-laundering directive that will bring virtual currency exchange platforms and custodian wallet providers into anti-money laundering and counter-terrorist financing regulation, which will result in these firms’ activities being overseen by national competent authorities for these areas."

While this doesn't confirm tracking, it would at least imply it, since the ability to enforce AML legislation entails that governmental bodies and departments should have some means of not only detecting when someone is earning crypto that needs to be taxed, but also determining just who that person is. Hence, UK and EU authorities need to have some kind of tracking system in place, otherwise their threats of 'cracking down' on money laundering and the like will equate to only so much hot air.

And in the future, it may become increasingly possible for them or any other government, regardless of technological development, to carry through with such threats. In April, a corporate giant none other than Amazon, received a patent for a "streaming data marketplace" that would permit the combining of multiple data sources, thereby enabling the real-time tracking of cryptocurrency transactions and the users involved. As the text of the patent makes clear, this technology could potentially be offered to governments, who would be able to link crypto addresses to official IDs:

"The electronic retailers may combine the shipping address with the bitcoin transaction data to create correlated data and republish the combined data as a combined data stream. A group of telecommunications providers may subscribe downstream to the combined data stream and be able to correlate the IP (Internet Protocol) addresses of the transactions to countries of origin. Government agencies may be able to subscribe downstream and correlate tax transaction data to help identify transaction participants."

Given the arrival of such technology (and the current existence of such firms as Chainalysis), it's only a matter of time before transactions involving Bitcoin, Ethereum or any other non-privacy cryptocurrency will be systematically de-anonymized. It will take some time, particularly given that Amazon's patent requires its users (e.g. retailers and telecoms providers) to combine separate pieces of data in order to create correlations. Still, it's becoming increasingly apparent that things are moving in only one direction when it comes to the privacy and anonymity of crypto.

Privacy coins

And in light of this direction, anyone wanting to keep their chances of being identified as low as possible is advised to migrate to one of the so-called privacy coins. Monero is the most well-known of these, having entered into 10 most valuable cryptocurrencies by market cap since its initial launch in April 2014. More than anything else, what distinguishes it from the likes of Bitcoin is its CryptoNight proof-of-work algorithm, which uses a mix of ring signatures and stealth addresses to not only bury the sender's wallet address in those of multiple other users, but also to hide the precise amount being transferred.

It's because of this that the cryptocurrency has proven popular with those who've needed to evade government power (for whatever reason), and such is Monero's apparent ability in preserving anonymity that its price increased by around 2,883% between Jan. 1 and Dec. 31, 2017 (from $12.3 to $358). By contrast, Bitcoin's 2017 growth rate was a slightly less impressive 1,357%.

2,883% may be impressive, but it pales in comparison to the 9,000% growth enjoyed in 2017 by Dash, another altcoin with certain privacy-enhancing qualities. The 13th most valuable cryptocurrency by total market cap, its PrivateSend feature mixes addresses so as to obscure the origins and destinations of transactions, in the process making it noticeably harder for any interested authority to put the pieces together.

This may be a part of the reason why the currency has took off so spectacularly in Venezuela, where the government cracked down on such cryptocurrencies, such as Bitcoin, in a big way last year (before showing favoritism towards its own oil-backed Petro coin). Venezuelans also turned increasingly to Zcash during this period, which has become the 21st biggest cryptocurrency since launching in October 2016. Building upon Bitcoin Core's architecture and using zero-knowledge proofs, it keeps the sender and receiver's pseudonyms private, while also doing the same for the quantity being transacted.

Therefore, a choice of privacy coins is available for anyone worried about the growing ability of governments to track crypto transactions. And even if a concerned crypto user holds no Monero, Dash, or Zcash, they can still take advantage of the various mixing services available for non-privacy coins. For example,there are anonymization protocols available that, much like the features available via Monero and Zcash, enables senders and receivers of Bitcoin to mix their transactions with those of other senders and receivers, making it very difficult to disentangle the multiple threads involved. Such protocols include the likes of CoinJoin, Dark Wallet, bestmixer.io, SharedCoin, and CoinSwap, all of which also provide holders of Bitcoin and other cryptos with the ability to anonymize their transactions.

So even though cryptocurrency tracking is increasing, crypto investors and holders needn't be overly fearful of government surveillance. For one, most of the tracking systems in use or which are being developed rely on input from crypto-exchanges, while others (such as those provided by Chainalysis) depend on scavenging data that users may have left carelessly throughout the web. Meanwhile, more direct and intrusive methods being honed by the NSA also rely on crypto users unknowingly compromising their internet connections, something which couldn't be counted on for monitoring all cryptocurrency transactions en masse. This is why, in addition to such privacy coins as Monero and Zcash, privacy-conscious crypto holders shouldn't be too concerned, since there are ways of remaining anonymous for those who want it bad enough.