Europe’s hidden agenda on crypto wallets
On Wednesday, I covered the misleading messages around the new EU anti-money laundering law, which was billed as “banning anonymous crypto wallets”. That wasn’t really true – the law only affects third-party custodians, not software or hardware wallets.
However, it turns out that the rules, while not prohibiting self-hosted anonymous wallets, could indirectly strangle them.
In addition to this, you need to know more about it.This article is taken from The Node, CoinDesk’s daily recap of the most crucial stories in blockchain and crypto news. You can subscribe to get the full bulletin here.
Related: Money reimagined: set the coins, don’t suffocate them
The provisions, and the broader strategy behind them, point to some truly frightening encroachments on financial freedom and should be addressed.
On the other hand, these pernicious parts of European Union rules could be restricted or removed before their planned implementation in 2024. According to members of the European Data Protection Authority, they could violate the “General Rules”. data protection policies, recently implemented in Europe, ”or GDPR.
The poison pill can be found in section 58 of the proposed regulation (full PDF here):
“The owners and beneficiaries of anonymous accounts, anonymous passbooks, anonymous safes or crypto-asset portfolios will be subject to customer due diligence measures before these accounts, passbooks, safes or portfolios of crypto-assets are not used in any way. “
Related: Washington should let DeFi succeed
According to Simon Lelieveldt, compliance advisor for the Dutch crypto exchange Bitonic, this language would require the owners of hosted crypto wallets and the owner of any crypto wallet with which they transact, including self-hosted wallets, be subject to know-your-customer procedures under the new rules. (At least in the United States, we tend to use the term “beneficiary” to refer to the recipient of the assets after the owner’s death, but in this context it simply means the recipients of the transaction.)
According to Lelieveldt, this is part of a larger strategy to kill anonymous crypto wallets.
“In short, the displacement rule is used as a wedge to push decentralization [wallets] in a world of legitimate custody, making everything else illegitimate and criminalized, ”he told CoinDesk. “And it will be used to ban anonymous wallets from existing in the regulated world. Therefore, the intentions expressed by the (European) Commission are correct.
Lelieveldt explores the subject in more detail in this excellent Twitter feed, and wrote at length about Bitonic’s successful confrontation with similar rules.
It is difficult to say whether the European authorities fully understand how draconian, malicious and downright absurd this measure is. At the highest level, this could be seen as making it illegal for any crypto custodian account holder to withdraw their cash holdings. It sets a European agenda fundamentally hostile to the right to deal in private on the Internet.
It is also very difficult to imagine how it would work. The Financial Action Task Force (FATF), which globally sets the agenda for international anti-money laundering measures (AML), itself declares that it “is not aware of any technically proven means of ” Identify the person who manages or owns an unhosted wallet, with precision and accuracy under all circumstances Any system allowing identities to be linked to on-chain wallets would be subject to errors and abuse, for deep technological reasons.
But what is even more worrying is the indirect nature of the initiative. As I wrote on Wednesday, the proposed rules do nothing to directly “ban” self-hosted wallets. But they would create a huge divide between third-party hosted wallets and self-hosted wallets, significantly compromising the usefulness of cryptocurrencies. Like residents of urban neighborhoods bifurcated by American freeways in the mid-20th century, crypto users would be cut off from each other, undermining the promise of peer-to-peer transaction technology.
Surprisingly, this is an explicit enforcement strategy launched by the FATF in a March guidance document on virtual assets (thanks again to Lelieveldt for the advice here). The document includes a list of “options to mitigate the risks posed by P2P [peer-to-peer] transactions at the national level if the risks of ML / FT (money laundering / terrorist financing) are unacceptably high. This includes measures that aim to bring greater visibility to P2P transactions, as well as to limit the jurisdiction’s exposure to P2P transactions.
(Remember here that “the exposure of jurisdictions to P2P transactions” is synonymous with “the rights of citizens to transact freely.”)
The FATF’s third recommendation for monitoring peer-to-peer transactions is to “deny licensing to VASPs (virtual asset service providers) if they allow transactions to / from non-subject entities (ie. i.e. private or unhosted wallets).
The GDPR problem
Now, there is some good (and quite funny) news here. Before the draft anti-money laundering rules were released publicly, the European Financial Commission received a rather harsh letter from the European Data Protection Board (EDPR), which oversees the application of the European general rule on data protection. data. When implemented, GDPR was widely viewed in the context of social media and advertising, as it did in the wake of the Cambridge Analytica data scandal.
But the Data Protection Council is making it clear that it also considers financial data to be subject to GDPR. And while the letter tiptoes the issue, it does suggest that the board may view the proposed new AML frame as flawed.
“The EDPS… has repeatedly noted the privacy and data protection challenges related to the AML framework… a fair balance must be found between the interest of preventing money laundering and terrorist financing, d ‘on the one hand, and the interests underlying fundamental data protection and privacy rights, on the other,’ the letter reads.
The board highlights principles such as “data minimization” and “necessity and proportionality” as keys to crafting anti-money laundering regulations that do not violate the GDPR. Digging into these is a task for another day. But suffice it to say that requiring operators’ detailed personal information to be sent with every major financial transaction, as current anti-money laundering rules often do, does not easily align with these principles.
“Why disseminate 99.8% of redundant data of innocent citizens through payment channels to capture 0.2% of people [committing crimes]”Asks Lelieveldt,” at a time when other surveillance technologies are better suited? Data breaches [of financial services] are just around the corner. Rules requiring the on-demand delivery of suspicious transaction data to police, he said, would be equally effective while maintaining confidentiality.
Additionally, the new AML rules could create a perverse incentive for companies whose data-centric business models are threatened by rising privacy standards such as GDPR and Apple’s recent opt-in tracking feature. .
Companies like “Cambridge Analytica (or Facebook itself) will take the opportunity to use the FATF crypto travel rule to pass all customer data to all business partners under the pretext of complying with FATF rules,” warns Lelieveldt.
It would be great if cold heads prevail and European anti-money laundering rules are revised before they are implemented. But whatever the letter of the law, it seems unlikely that the Data Protection Council will have the strength to oppose the Finance Committee, which may simply start talking about “terrorist financing” and use fear. to pass pretty much whatever she wants.
The retaliation will require broad resistance. It is time for the strong voices of the whole world to be heard.