Privacy II - Why we need safeguards against privacy
We need institutions and other safeguards to protect us from the danger of privacy
POSTED ON: 29.11.2022
Errol Drummond
Exlusive content by Zero Knowledge Natives
Why we need safeguards against privacy
If you read the first article, then you will have recognised some of the danger we put ourselves in by not having privacy by default in an online environment. So we need privacy on blockchains too. But does this not work in favour of powerful, nefarious entities too? Won’t money laundering or tax evasion become easier, and won’t bad actors be able to transfer billions in secret for their dark purposes?
Let’s explore the dangers of not having sufficiently effective or properly enforced safeguards against privacy abuses, and then move on to exploring some properties we should see in our safeguards.
For clarity, the first article explores how having privacy benefits us, and this article explores both how privacy puts us in danger, and what safeguards we should take to protect against these dangers.
Privacy is useful for bad actors
Individual responsibility
The first thing we want to tackle here is the idea that the privacy debate should focus on individual choices of privacy, i.e. that privacy precautions should largely happen on the level of the individual, that each user must ensure that the services they use are private enough for them. For crypto this means your data being looked after by companies or publicly viewable by all on chain, rather than being completely anonymous in all your actions. This idea is so ridiculously unrealistic, and it means a world where privacy violations will be rife.
Individual choice like this falls under the default practice which is Notice & Consent. This is the term for online interactions taking that format; they give you a notice about how your data will be used, and then you choose whether to consent or not. You can find a great number of other people lamenting the failure of this approach too.
If we don’t have better regulations or institutions, the only stick companies have to respect privacy is for users to switch services (and don’t hold out hope on getting old services to delete your data). Do you really want to have to stay up to date on privacy violations for every single service you use, and prior to using any service spend ages researching their privacy reputation? Of course not, in the same way that when you go to your local hospital or school or shop or town you are expecting minimal standards.
If you were to read the privacy policies for every service you use, it is estimated to take around 244 hours . That is around an hour a day for each weekday in a year. Sounds like a great way to use your daily energy. And that says nothing about whether you would understand the language used, rationally recognise every conceivable outcome of how your data could be used based on what is said, read any additional privacy updates when services change their policies, or investigate privacy lapses through faulty security practises. What a great environment to be in. We will return to the topic of an individual right to privacy in the third article, where we argue that there are more suitable philosophies to fight for. This isn’t to say that public backlashes aren’t important, just that having them as the first layer of defence is an unworkable idea. So weak regulation means a worse time for users. But what about privacy violations that you don’t directly notice?
Tax evasion
Tax evasion involves not paying tax that you are legally bound to pay. So here is one of the things with private transactions - what’s stopping more and more people & companies from not paying portions of their tax because with the power of private transactions they’re hoping to get away with it?
Say what you will about corruption or the quality of governance in Western democracies (even though you are possibly right), these societal governance structures are still the best governance structures we have ever developed. If we are to make widespread tax evasion easy and a reality, we will see the greatest things we have ever built dwindle even faster than we already fear they are. If there is not enough regulation or effective enforcement, and tax evasion rises because the rewards outweigh the risks, then we are not helping create a better future.
This is without even investigating how private transactions would make tax avoidance (legal tax loopholes) easier too. This may be legal, but it is as immoral as tax evasion, and unfortunately harder to prevent.
National security
In the first article we saw how a lack of privacy endangered national security; here we want to touch on some ways in which *having* financial privacy endangers national security.
To protect our nations we need to be able to identify destabilising forces. Meddling in democracies is not a new phenomenon, but the digital and technological nature of our age has made meddling a far greater threat. Thus far, this meddling appears to be in forms such as espionage, trying to sway specific national debates through targeted campaigns, or trying to destabilise democracies through funding of various extreme organisations and individuals.
If funding of the example tactics mentioned above becomes easier, we are likely to see more extreme examples of said tactics, as well as more instances of them. Given how fragile our democracies already seem to be, and the work involved in maintaining democracies (let’s not forget that their maintenance takes works and if we drop the ball we can end up in an autocracy), we should be very wary of fanning the flames.
Financial privacy does not make things invisible
We want to argue here that the benefits of blockchain privacy to nefarious actors are limited, and therefore that the risk-reward tradeoff is very much in favour of the rewards. The reason why benefits are limited to nefarious actors is because, in the case of national security, meddling forces essentially achieve privacy anyway, and in the case of tax evasion, tax avoidance is still possible.
The first thing to recognise here is that invisible blockchain transactions do not mean actions are invisible. If a nefarious entity sends a billion pounds to the UK, then when that capital starts to be spent, it will create a ripple - there will be real world evidence that it happened. If the number of radical political groups with good finances rises, we will notice; then we can ask the question of who is funding them.
Similarly for individual or corporate tax evasion; the ripple created won’t be so large, but these people and companies interact with the ‘legal’ economy and from this it will be possible to find evidence of and prosecute bad actors. But that is only assuming we have well thought out regulation and institutions with the right tools.
Reports account that between $1 billion and $2 billion are missing from the accounts of FTX, and investigators don’t yet know what became of it. This money didn’t vanish because of the use of privacy-preserving blockchains, it vanished via a number of other methods available to nefarious actors. According to Kurt Opsahl operational security of organisations is hard, and there are many traditional tools for security services to make use of. But “what privacy-enhancing tools most protect you against is suspicion-less surveillance”. This is because pseudonymous blockchains make it possible to aggregate and analyse data from everybody, regardless of necessity. But traditional investigatory tools have to be targeted and therefore will only be done when there is reasonable suspicion. So even with financial privacy, there are still tools at our disposal to combat bad actors - but *we* have to build them, and use them.
No private blockchains?
Let’s explore the counterfactual, the scenario of not having private blockchains; would our bad actors care that much?
Remember the Panama Papers scandal? The scandal where evidence was released proving that a huge proportion of the world’s wealthiest people had been avoiding tax on profits they very clearly made in the nations we live in, but because they did some weird legal stuff their profits accrued in tiny nations where their companies were based so they got to keep it all, and keep it hidden. Well, this is tax avoidance, and it annoyed a lot of people, as it should have done. But tax avoidance is *legal.*
If a person or company doesn’t want to pay tax, they already have an avenue for this - there are legal loopholes that they can exploit. Any one of these people or companies that would be willing to evade tax if they thought they could hide it, would probably be more convinced of just avoiding it instead - because it’s legal. Private blockchains aren’t a zero to one for tax avoiders, it’s more of a three to four. It is helpful to them, but not providing them something they didn’t already have.
And if you are a large, nefarious force looking to destabilise a democracy, then there are several other ways to essentially achieve the same level of privacy anyway. Shell companies, cash, complicated financial networks that obscure what money came from where and went where. So the gain to these entities of private blockchains isn’t zero to one either, it’s maybe five to six.
The conclusion is that private blockchains provide a lot of safety in a variety of ways, and although it is also useful for bad actors, it doesn’t provide them anything new. If we implement this privacy, and strengthen our regulations and institutions for prosecuting violations of how we want our societies to run, we end up with a big net positive.
In short, privacy-preserving blockchains aren’t that helpful, but that is not a free pass to not think about our safeguards.
Institutions
We need an effective regulatory framework, and a fundamental philosophy to help determine this regulation will be presented in the next article. For now, let’s assume we have a regulatory framework we are happy with, and discuss how this should be effectively enforced.
The arguments presented above made clear that individuals and companies have to interact with the ‘legal’ economy, and from here we can identify abuses of our regulations, such as tax evasion. As such, our institutions need:
1. to have access to data representing ‘legal’ economy activity
2. to have the capacity to analyse this data in an effective way
3. to have the ability to investigate violations
Blockchains should actually help the first two points; data availability is given thought to no end in this data structure, and the organisation of activity lends itself to easier analysis. This is why Walmart built its own blockchain for supply chain management in response to a food poisoning disaster. There is more to be said about ensuring the first two points are achieved, but here we want to focus on the third. Regardless of how clear it is to regulatory institutions that rules might have been breached, unless there are tools to conduct a formal investigation and properly prosecute, it wont matter.
If evidence or reasonable suspicion of regulatory breaches are present, the likelihood is that the potentially breaching party has put a reasonable amount of effort into ensuring there is no accessible evidence. This means that our institutions will have to conduct hands on investigations. They need to have the authority and capability to investigate what might be out of sight of the ‘legal’ economy. In order to ensure our institutions have the right tools to do so in the modern information age, we should welcome government pushes in that direction. But we should also maintain vigilance that this is done so in good faith via a committee of mixed representatives.
The investigations in FTX should be welcomed. This firm lied about it’s behaviour and recklessly gambled with the savings of millions of customers. Many of these customers lost a lot, and this is a horrible injustice. The SEC and other institutions have a lot of experience in making rules that will protect everyday people. Even if you disagree with some of the SEC’s choices, we are all better off working with them to determine effective regulation rather than pretending that the current way we do things is working.
The crypto industry has gone through a lot of growth, but as of yet there aren’t too many rules to help maintain what has been grown; it is time to start creating these rules bit by bit. It is also time to start encouraging rules that will favour good growth, rather than bad growth (growth built of deception and risky bets that look enticing in the short term).
Effective tools, but limited use
After having argued for the need of institutions to have investigative tools, we now want to highlight that these tools should be effective, but hard to use often. It should be possible to investigate reasonably suspected breaches, but it should also be costly such that any attempt to use these tools to oppress or threaten are game theoretically unrealistic.
In Britain, regular police do not carry guns. Instead, there are armed response units that do, and they are highly trained. Part of the philosophy for this is that the police owe their duty to the public, not to the state. It is there to make a better society for the public, not to be used by the state for oppression in a more effective manner - the police police through consent of the public.
The arrest of the Tornado Cash engineer represents a scary action on the part of our governing bodies. This action in no way serves the purpose of investigating privacy breaches, its primary goal is to put fear in the public regarding private blockchains. This is not policing by consent, this is policing by oppression.
If this engineer had reasonably been suspected of actually working directly in money laundering, rather than just being an engineer in essential privacy infrastructure for the future, there should have been cause to investigate. But from the public’s perspective, this does not seem to be the case; this arrest seems to have taken place so that our states can suppress attempts to build privacy tools in Web3.
To help ensure we move towards a privacy landscape in the future that cultivates a better society, we need to keep being vocal about violations such as the arrest of this engineer, but also to keep trying to work with regulatory bodies and government to create this effective regulatory landscape.
A final safeguard
Our democracies take work to maintain, and sometimes we wobble. As things currently stand, we have very few ways to undo the damage of some of these wobbles. For example, if we agree to lose some of our rights, there is no targeted way to get them back. Protesting is an important democratic expression, but is has very limited effectiveness. If you want to hear a pragmatic way to build a mechanism that would act as a final safeguard against institutional capture or rights losses, read Dynamic Democracy . Conclusion
Technology is phenomenally powerful and making our lives better, but it is a double edged sword that will do more harm than good if we’re not careful. We need to consider and embed privacy wherever we can, but we can’t forget about working on regulation and institutions at the same time. The best habit we can have to ensure we reap more of the rewards and eschew the dangers, is to regularly read about such public discussions.
Errol Drummond
Exlusive content by Zero Knowledge Natives