Two bills threatening encryption are driving headlines in the cryptocurrency space, the Lawful Access to Encrypted Data (LAED) Act and the Eliminating Abusive and Rampant Neglect of Interactive Technologies (“EARN IT”) Act. While these bills are genuine threats to messaging companies that provide centralized end-to-end encryption services and hardware manufacturers who could be forced to compromise device security, these bills are not, in fact, particularly relevant to cryptocurrency networks or their developers. Much more worrisome is a recent forward-looking statement from the Financial Action Task Force (FATF), suggesting the potential need for future bans on transactions with unhosted wallets.
Why LAED and EARN IT aren’t real threats to cryptocurrency.
Both of these bills target communications intermediaries. EARN IT attempts to leverage existing immunity from intermediary liability (under CDA Section 230) as a carrot that (on threat of revocation) could pressure intermediaries to provide law enforcement with backdoor access to user data. This is less of a concern in the cryptocurrency space because our networks are smartly designed to avoid any reliance on such intermediaries. Bitcoin doesn’t rely on a government grant of immunity from liability to guarantee that the network will continue unsurveiled and uncensored; it relies on technology rather than law to create censorship resistance. That technology is, in brief, open competitive mining and massively redundant peer-to-peer networking. Any particular node or miner in the network might desire immunity for content it relays as part of the blockchain, but the network as a whole doesn’t rely on any particular node.
We should nevertheless oppose EARN IT for two reasons: (1) because it could do damage to centralized networks upon which we all continue to rely (like Signal or WhatsApp) and (2) because it could, in theory, be used to generate liability for individual miners or node-operators. But EARN IT does not pose an existential threat to cryptocurrency developers or cryptocurrency networks because no particular intermediary within these networks is ever essential. As bitcoiners might put it, honey badger don’t care.
LAED also targets choke points in information infrastructure. A person or company would be made to cooperate with lawful requests to decrypt user information, but (and this is key) there would be no obligation to decrypt any information if “the independent actions of an unaffiliated entity make it technically impossible to do so.” Again, cryptocurrency networks are deliberately engineered such that no single party is able to take actions averse to the interests of users of the network. A single miner acting alone cannot block a user from transacting without amassing a tremendous amount of computing power, a single software developer can propose new code but cannot force anyone else to run their software, a single node can no more stop signed transaction messages from rippling across the peer-to-peer network than King Canute could stop the tide from coming in on the shores of his kingdom. So, even if law enforcement wanted to press a member of a cryptocurrency network to decrypt user information, that member can, in good faith, argue that “the independent actions of [several] unaffiliated entit[ies]” (every other miner, node-operator, and software developer) “makes it technically impossible to do so.”
This doesn’t mean that the cryptocurrency community shouldn’t oppose these laws. We all have phones and we all (mostly) use intermediated chat apps, and on principle we should reject attempts to force the companies behind those products to break their own security models.
A bigger threat from FATF?
Largely unreported by the crypto press is a new report issued by FATF last week stating that, while no action is necessary now, future threats from money launderers and terrorist financiers may necessitate stricter policies toward unhosted wallets, including:
banning or denying licensing of platforms if they allow unhosted wallet transfers, introducing transactional or volume limits on peer-to-peer transactions or mandating that transactions occur with the use of a VASP or financial institutions
These proposals would essentially outlaw usage of cryptocurrencies as peer-to-peer digital cash. No one supports terrorist or criminal use of cryptocurrency, but reasonable regulation of intermediaries remains the best approach to preventing those abuses. For reasons we’ve explained in depth before, bans on peer-to-peer digital cash would be an anathema to our basic freedoms and dignity, as well as unconstitutional.