David Jevans, CEO of CipherTrace, recently spoke at a panel discussion held by the Chamber of Digital Commerce. During the discussion, Jevans said that cryptocurrency is the most global phenomenon he’d ever seen, with money being moved around the world every second.
“This is one of the great powers [of cryptocurrency], but it also makes it challenging for us to do investigations and have compliance, when every country has different sets of regulations.”
He further spoke about the FATF and how their recommendations are typically adopted by all G20 nations, as well as most of Europe, within 12-18 months. Citing the major rule being recommended by the FATF, the Travel Rule, Jevans said that it makes cryptocurrency look more like banking.
“When we send a wire transfer, we send not only the amount, but also the name of the person, the account number of who’s sending it and where they’re sending it from. When it’s sent to the other bank, you also have to send the beneficiary name. This allows both sides to perform scans on sanctioned entities, terrorists, known criminals and block or freeze those funds or create governmental reports.”
Jevans also said that this is a fundamental change, because of the sheer number of cryptocurrencies which exist today, active and inactive. He stated:
“There’s not three cryptocurrencies or ten cryptocurrencies — there’s probably 700 active ones and over 2000 that exist. Changing 2000 cryptocurrencies is going to be a massive challenge, so the industry is really struggling with this.”
He added that there are multiple approaches to this, with Japan coming up with their own, more government-driven approach, and the U.S. coming up with more of a consensus-driven industry approach. He also spoke about how FATF is facilitating a conference in San Francisco next month to focus on and discuss international regulation. On the topic of tracing cryptocurrency transactions, Jevans said,
“We’re tracing about 700 different currencies now. It involves being able to monitor transactions globally, interacting with companies on a global scale — thousands of different companies involved in cryptocurrencies, to profile their transactional activities and to know if they have KYC compliance or not. If not, typically that’s where the bad guys go.”
Further, he said that their work involved monitoring the dark web, drugs, weapons and stolen credit card forums. Through this, they can understand transactional patterns and how they might solicit funds through both regular payments and cryptocurrencies.
“At our company, we have over 1000 servers running 24 hours a day, computing this data, gathering it all and linking it together. It’s a very complex technical problem, but it’s also a tradecraft problem.”
According to Jevans, there will be unintended consequences of rules such as those proposed by the FATF, perhaps pushing criminal activity toward privacy-enhanced coins like Monero. He also said that currently, most criminal activity is done using Bitcoin or Ethereum because of their brand name and how easy it is to buy or cash out.
“Customer identification is key. It’s not just customer identification — it’s verification and identification of organizations, their true domicile and what regulatory regime they fail under. It does bring up an interesting problem, which I call the ‘sunrise problem’. Regulation like this will not be enforced or technologically implemented by all of these exchanges on June 1st next year. It will take time for this to happen so there will be this challenge of which exchanges are in compliance and which ones aren’t.”
Answering a question from the audience, the CipherTrace CEO also spoke on quantum-resistant encryption algorithms, and how many researchers in the field of mathematics have been working on this problem for quite some time.
“It’s not just Bitcoin that uses cryptography — every single secure communication we ever do requires cryptography. It cannot protect you from decrypting stuff from the past, but it certainly can be used to keep future looking systems secured from quantum attacks.”
He also noted that quantum attacks only work on certain kinds of encryption algorithms and that many scientists would argue that quantum computers will not be able to break encryption in our lifetimes.
“The progress that Google has made is on some very simple, artificial problems. There’s a lot of investment going on at IBM and other companies as well, but when you look at the material science of it and at the errors generated with it, it’s not clear that error correction techniques can actually be developed that will allow it to scale to the level that you’d be able to attack 4890-bit RSA key. But if I’m wrong, let’s adopt quantum resistant algorithms anyway.”