In an exclusive interview with Binary District, Michael Perklin, an expert in digital forensic examination and head of information security architecture at ShapeShift, discussed the lack of privacy in bitcoin, security issues in storing sensitive user information, and the rapid growth of the cryptocurrency market in general.
In the interview, Perklin described bitcoin as one of the most traceable currencies on the planet, due to its lack of privacy solutions and measures.
The implementation of strict Know Your Customer (KYC) and Anti-Money Laundering (AML) systems by nearly every regulated bitcoin trading platform in the market, makes it easy for government officials and law enforcement agencies to trace the identities behind bitcoin wallets and transactions.
“By storing PII on your servers, your company accepts the risk of safeguarding it for each of your customers, and if your systems are breached you not only lose your data but that of your customers as well.”
Although media coverage depicting bitcoin as anonymous criminal money has drastically decreased since 2016, Perklin emphasized that the mainstream media continues to misrepresent bitcoin as a private currency.
“Bitcoin is one of the most traceable currencies on the planet, and contrary to media misreporting over the last few years, Bitcoin is not anonymous and offers very little privacy protection to its users”, Perklin explained. “If a user values privacy above all else, face-to-face meetings where they exchange value, products, services in private will ensure digital footprints are not left behind.”
There are several innovative and unique privacy solutions, such as Mimblewimble and TumbleBit, that could improve privacy for bitcoin wallet users by mixing bitcoin transaction data. However, as long as strict KYC and AML systems are integrated into the systems of virtually every bitcoin service provider in the market, bitcoin users will not be able to enjoy complete privacy.
Perklin expressed his concerns over the KYC and AML systems that cryptocurrency and bitcoin businesses use. Specifically, the fact that bitcoin exchanges and trading platforms are required by law to maintain sensitive financial and personal data of millions of users, which can lead to various security vulnerabilities.
In 2016, ShapeShift was one of the first companies to publicly reject the New York BitLicense, a licensing program for bitcoin exchanges and cryptocurrency businesses, due to its impractical policies and AML requirements.
Despite having raised enough capital and resources to comply with the new regulations of the state of New York, ShapeShift founder and CEO Erik Voorhees terminated the services of ShapeShift and left the state, taking the responsible approach to securing user data privacy.
“You can bet that if we had, for example, followed the New York Bitlicense and were taking personal, private information of every single customer that was on our website, all of that personal and private information would now be in the hands of the hacker [and] all over the dark web”, Voorhees said in an interview.
Perklin agreed with the sentiment expressed by Voorhees and ShapeShift, explaining that companies at any size should be cautious when dealing with personally identifiable information (PII).
“By storing PII on your servers, your company accepts the risk of safeguarding it for each of your customers, and if your systems are breached you not only lose your data but that of your customers as well”, said Perklin. “The recent Equifax breach clearly highlights the dangers associated with storing PII and underscores the need for data protection, such as encryption. It is for this reason that ShapeShift refuses to collect this information in the first place so that our customers are never placed at risk.”
Interestingly, the growing popularity of bitcoin also sparked the emergence of non-custodial platforms and applications that do not store any sort of personal or private information of users. Examples of non-custodial platforms, include bitcoin hardware wallet Trezor, and web and mobile bitcoin wallet Blockchain.
One way in which traders and investors can guarantee their privacy and full security, is through the use of decentralized exchanges. Traders will soon be able to use decentralized trading platforms to exchange cryptocurrencies. For example, cross-blockchain atomic swaps allow cryptocurrency holders on different blockchains to freely trade their cryptocurrencies.
Technologically, the cryptocurrency industry is not ready to deploy decentralized trading platforms. So until then, investors and traders will have to use centralized platforms.
“Like almost all blockchains in use worldwide, ShapeShift’s asset exchange is fully transparent, allowing anyone in the world to see exactly where funds were sent from and where they were sent to.”
ShapeShift is a unique platform in that, it does not require users to input personal information and financial data to trade cryptocurrencies. As such, it doesn’t store any user information at all. Therefore, even if law enforcement agencies request that the company release information to aid an investigation, it couldn’t provide much assistance.
Furthermore, like public blockchain networks, ShapeShift’s trading platform is transparent. Anyone can see exactly what trades are being settled and which cryptocurrencies are being traded in real-time.
“Like almost all blockchains in use worldwide, ShapeShift’s asset exchange is fully transparent, allowing anyone in the world to see exactly where funds were sent from and where they were sent to”, said Perklin. “For this reason, it is impossible to use ShapeShift to “launder” or conceal their fund movements from others and it makes it easy for anyone to use ShapeShift to trace funds whether they are a law enforcement officer or a hobbyist investigator looking into the theft of their friend’s funds.”
Ethereum, ICOs, and Perklin’s View on Criticisms Against the ICO Market
Over the past few months, cryptocurrency enthusiasts and investors have criticized the initial coin offering (ICO) market for its bubble-like nature. Many blockchain projects are deliberately conducting ICO campaigns to raise funds in Ethereum and bitcoin without presenting any usable software, prototypes, or applications.
Perklin sees ICOs as a novel way of crowdfunding; from a technological standpoint, it is a great form of investment which enables startups to raise money from a truly distributed ecosystem of investors. However, he also noted that many of the ICO projects that have raised significant amount of capital, do not have technologies or solutions to offer.
“ICOs are a novel way of crowd-sourcing funding for projects, but you’re right; some projects are opting to hold an ICO to raise funds when they either don’t have a fully fleshed-out plan, don’t have a clear use for the token, or both”, Perklin concluded. “As with all purchases of any kind, buyers should understand what they will be getting in exchange for their money and avoid any product, service, or ICO that they do not fully understand”.