The Satoshi Trifecta: Code, Transparency and Privacy

Decentralized Finance

Decentralized finance (‘DeFi’) is a broad term for financial services that build on top of the decentralized foundations of blockchain technology. DeFi is a global, open alternative to every financial service used today; i.e. from savings, loans, trading, insurance and more. DeFi protocols use a non-custodial design, meaning assets issued or managed on DeFi platforms theoretically cannot be moved or expropriated unilaterally by parties other than the account owners. With legacy banking, all financial services are controlled by a central party who acts as a middleman between the sender and the receiver of funds.

Bitcoin Origins

Bitcoin in many ways was the first DeFi application, which enabled digital cash payments without needing to rely on costly third parties and to prevent the double spending problem. Bitcoin arose due to severe economic pressures and a desire to regain control and ownership at the onset of the global financial crisis in 2008.

Bitcoin is based on cryptographic proof instead of trust, allowing any two willing parties to transact directly with each other without the need for an intermediary. Bitcoin’s protocol encompasses a distributed timestamp server to generate computational proof of the chronological order of transactions. This way, the protocol remains secure as long as honest nodes collectively control more CPU power than any cooperating group of attacker nodes.

The accumulated “Proof-of-Work” of the whole network acts as a signal that the miners, who are highly invested parties, have come to agreement as a means to determine the validity of any given block or transaction. The steady addition of a constant amount of new coins is analogous to gold miners expending resources to add gold to circulation. In Bitcoin’s case, it is CPU time and electricity that is expended. Bitcoin is an open source protocol, its design is public and no one has the authority to change its rules of governance except through a vote or a fork.

There is a theoretical risk in the Bitcoin protocol of a so-called ‘51% attack’, meaning that a single miner–or a group of collaborating miners–might capture an absolute majority of the network’s computing power which could then be used to manipulate transactions.

Smart Contracts

In DeFi, a smart contract replaces the financial institution in the transaction. Smart contracts are self-executing pieces of code on a blockchain that execute business logic when predetermined conditions are met. Smart contracts work by following simple “if/when…then…” statements that are written into code on a blockchain. A smart contract cannot be altered once it is deployed – it will always run as programmed, however, in practice developers often do maintain the protocols with upgrades or bug fixes.

In 2015, Ethereum debuted as the first smart contract-enabled blockchain. Today, Ethereum dominates as the protocol of choice for providing decentralized finance applications (DApps). Ethereum leverages the same principles of ‘digital trust’ and governance as Bitcoin and applies them to smart contracts.

Although Bitcoin has always possessed smart contract capability, it has never been utilized to its full potential due to the problems associated with the scaling of transactions. With Bitcoin’s November 2021 Taproot update, smart contracts will become more efficient on the Bitcoin blockchain and this will definitely take a huge chunk out of Ethereum’s market share.

Ethereum’s native currency ETH commands the most funds in terms of Total Value Locked (TVL) for different blockchain protocols in DeFi with $175.12 billion i.e. 65.87% of the entire DeFi. (At the time of writing – 29 November 2021)

Transparency -vs- Privacy

The three main properties of blockchains and other Distributed Ledger Technologies (DLTs) are transparency, immutability and decentralization. Blockchain makes data open/transparent in a way that has not existed in financial systems, which is why many argue that blockchain could be used as the new standard for transparency.

With the Bitcoin protocol, all transactions are public, traceable and permanently stored in the network, which means anyone can see the balance and transactions of any Bitcoin address despite keeping public keys anonymous.

Bitcoin’s pseudonymous nature, therefore, provides the ultimate paper trail for law enforcement agencies, tax authorities and compliance professionals. This plainly suggests that Bitcoin is a terrible means to conduct illegal activity because the blockchain evidence trail is permanent. However, there is a whole set of cryptocurrency blockchains focusing on being anonymous like Monero and Zcash amongst others.

Although blockchain promises increased transparency and trust amongst parties it may be incompatible with national data protection and privacy rules. The GDPR for instance enshrines various data protection rights including a right to rectification, a right to erasure (“right to be forgotten”) and a right to object to the processing of personal data, etc. The issue with blockchain is the absence of a central database. Consequently, decentralized nodes cannot respond to tasks the GDPR requires of centralized agents in their capacity as data controllers.

In legacy banking a level of privacy is maintained by limiting access to information to the parties involved and the trusted third party. Banks have an obligation to ensure that information relating to processing of personal data and the storage period are communicated to the data subjects (clients) prior to the start of processing, in fulfilment of information obligations.

Circumventing the Privacy Hurdle in Bitcoin Transactions

With Bitcoin, a network participant can ensure personal data privacy by:

1. Using a new Bitcoin address each time they receive a new payment
2. Using clustered or multiple wallets for different purposes
3. Not publishing a Bitcoin address and any transaction information on websites or social media networks
4. Hiding one’s computer’s Internet Protocol (IP) address using VPNs or anonymizers such as The Onion Router (Tor), the Invisible Internet Project (I2P) and other anonymizing software or anonymity enhancements

Mixers’ or ‘tumblers’ could also be used to break up the paper trail by exchanging one set of bitcoin for another with different addresses and transaction histories. Although mixers/tumblers can break traceability for small amounts, it becomes increasingly difficult to do the same for larger transactions. Mixers/Tumblers also require you to trust the individuals running them not to lose or steal your funds and not to keep a log of your requests.

Enhanced Privacy – Taproot 2021

Bitcoin’s Taproot upgrade aims to improve the privacy and efficiency of its network. Taproot only exposes the details of the executed transaction while also obscuring some private transaction information. Those auditing the Bitcoin chain would be unable to view unexecuted transaction conditions or outcomes, which may have contained sensitive private information such as what type of wallet was used. Committing less data also creates space in each block for more transactions, which should reduce fees and increase transaction throughput.

Privacy -vs- Anti-Money Laundering (AML) / Terror Financing (TF) Regulation

Financial Action Task Force (FATF) guidelines indicate that a lack of customer and counterparty identification is especially concerning in the context of cross-border Virtual Asset (VA) transactions. Although DeFi transactions are generally transparent and traceable, new privacy-enhancing protocols and/or tools such as mixers/tumblers (discussed above) and Anonymity-Enhanced Cryptocurrencies (AEC) may create additional regulatory challenges.

The potential for increased anonymity or obfuscation undermines a Virtual Asset Service Provider’s (VASP) ability to know its customers and implement effective Customer Due Diligence (CDD) and other AML/FT measures. Jurisdictions under FATFs purview should be aware of the intersection and potential impact AML/FT requirements have on other regulatory requirements and policy areas, such as data protection and privacy, financial inclusion, derisking, consumer and investor protection and financial innovation.

…

Author: Brian Sanya Mondoh, Esq.
Barrister, England and Wales (NP) and Attorney at Law, Trinidad and Tobago
Titan Chambers, 19 Dundonald Street, Port of Spain
Co-Founder: BLOCK6TY and NXTDIMEN$ION – ‘Empowering Women and Children in Tech’

Disclaimer: The information provided on this opinion does not, and is not intended to, constitute legal advice; instead, all information, content, and materials available on this opinion are for general informational purposes only. Information on this opinion may not constitute the most up-to-date legal or other information. Readers of this opinion should contact their Barrister/Attorney to obtain advice with respect to any particular legal matter.