Look ... up in the sky ... it's a bird, it's a plane ... it's .. it's ... the FATF "Travel Rule"!

It's rather perplexing to see so much interest about the Financial Action Task Force's (FATF) travel rule that was a topic of the latest guidance from the intergovernmental organization. In the last couple months, dozens of companies have flooded the internet with ways to solve this "new problem".

Although ... it's not new by any stretch, nor is it a problem, US service providers have had to deal with this since the beginning of bitcoin time.

This went into effect in 1996 in the United States and over 10 years before bitcoin ever graced the land and most recently reinforced by the Financial Crimes Enforcement Network (FinCEN), with it's May release of virtual currency guidance document FIN_2019_G001.

However, that doesn't make it legal.

The Illegal Travel Rule

Under the "travel rule", which derives from the United States BSA (Bank Secrecy Act) 31 CFR 103.33(g), service providers are required to send specific identifying information about themselves and their customer along with the transaction. In other words, the expectation is to write data to the blockchain containing the identity of the exchange or service provider, name of the customer sending the bitcoin, and the account number of the customer.

Here's the problem.

This is about as silly as the flood of efforts to store PII (personal identifying information) and/or identification document attributes and information on the blockchain. The problem with this thinking is that it may be secure today, but it will not be secure tomorrow..

Sure, currently nothing can realistically crack SHA256 encryption given the fact that with current technology ... that would take about 6.4 quadrillion years.

However, it can and will be cracked. It's just a matter of time.

When it happens, bitcoin will adjust and implement the next 6.4 quadrillion year algorithm and that's fine. Nothing will be lost and no harm will be done, bitcoin will continue to chug along as it has for the past decade. At least that's the theory anyway, but then again, look at the block-size debate and the length of that fiasco.

Point being, its something already being worked on today and there will be a solution.

This doesn't solve the problem of storing personal data on the blockchain, encrypted or not. There are plenty of copies and backups of old blockchain data-stores all over the planet and that's all a fraudster need do, backup a copy and wait.

Once the encryption is broken, they merely need pull out the old copy and start cracking. Any personal or sensitive data, including that required by the... wait for it ... TRAVEL RULE is spread eagle and open to the world.

Every single transaction that complies with the travel rule would be exposed, 100% visible to the entire planet along with first name, last name, account number, transaction details, etc...

This violates GDPR, this violates US privacy laws, and this violates the regulations of half the countries in the world, if not more. These regulations clearly state, in some form or fashion, that no person shall knowingly put data in a position that could lead to any kind of disclosure.

If you know the above can happen and you follow the travel rule, it sounds rather illegal to follow this rule, yet, will soon be illegal not to. If that's not bad enough, given the immutable nature of bitcoins blockchain, once the data is there, you can't remove it ... ever.

FATF is essentially asking service providers to break the law because it's simply not possible to do this without risking disclosure and every solution that's floating around the internet shares this same dilemma.

Legal in the USA?

Now there's the trillion dollar question and the answer is, most likely, sort of, maybe not. Just to be crystal clear.

Privacy laws protect the people from the man (government) requiring warrants and red tape under specific guidelines to access just about anything when it comes to private data, in fact this is a common defense that often works when police grab more than they were supposed to under a court order. This very defense was used n the Silk Road case, although it didn't work too well for the defense.

Privacy laws are very strict regarding the illegal use of private data or anyone with data they are not entitled to. Identity theft, for example, can land one in prison for up to 20 years and just a 1st offence and aggravated identity theft  has a mandatory term of no less than 2 years in prison.

However.... a business, and certainly a financial services company or bank, operates under the regulations in most jurisdictions that require a whopping "reasonable effort" to secure private data. That's it. Just a "reasonable effort" that is often not well defined if defined at all.

Just think about all of the Western Union and Money Gram wires sent over the last 20 years under this law.

The protection of personal data at these organizations is about as secure as a billboard, complete with the uber-secure method of maintaining records on paper, face-up, and well hidden in plain view under the maximum security of a giant thumbtack operated by a clerk who hates their job.

How s that for a "warm fuzzy"?

Notably, these "reasonable efforts" refer to internal networks secured by the company, or 3rd party company, and not slapped out on the blockchain for the world to start hacking at and given that, it's not so clear as to the legality.

The government may well elect to provide a "pass" or not charge anyone following federal regulations, but this doesn't stop a customer from filing a civil lawsuit or a class action against anyone who follows the travel rule. Short of a suspicious transaction accompanied with a SAR, there's also no safe harbor.

Next Steps

Regulators and FATF need to revisit the travel rule. These rules need to be updated for modern times as do all ancient regulations. Trying to stuff blockchain into the same carton that holds private networks is ridiculous. They are completely different and this is not going to go well.

In the meantime, there's plenty of ways to comply with the travel rule just as companies have been doing and nothing against all of these companies coming out of the woodwork with "solutions" to the travel rule, but ... the justification of spending a single dollar on anything right now is flat out unrealistic.

This is because the more likely scenario is that this backfires and nobody ever sends bitcoin, or any virtual currency, between service providers anymore. The "travel rule" will just completely defeat the entire purpose of its existence.

Which pretty much puts this article right up there with FATF's travel rule guidance ... a complete waste of time.


[accordion] [item title="Author and Credits"] Article by dinbits
Image Credits: Banner Image by dinbits.com staff
[/item] [item title="Disclaimer"]The opinions expressed by authors of articles linked, referenced, or published on dinbits.com do not necessarily express, nor are endorsed by, the opinions the of dinbits.com or its affiliates. Please review the Terms of Use for more information.[/item] [/accordion]










Post a Comment

  1. Many binary operations are rippers. I invested about $20,000 then i decided to withdraw after several week but the withdrawal wasn’t successful, then I tried to contact the binary operation email and phone number, but got no response from them that was when everything started looking weird. Some weeks later I got a mail from them insisting I should invest more money if I want to withdraw my money which I rejected, and I never hear from them again that was when I knew I had been scammed. I was really devastated at those moment and felt so bad that my hard earn money is gone. After some month I came across a lot of testimonies on many bitcoin site how ([email protected] dot com) had helped many people recovered there stolen, scammed or duped money on bitcoin or any other form on digital currency. I contact them and they promised to help me get my money back, asked me some personal details of the scammer which I provided. The result was amazing I recovered all my stolen money back within 72 hours I was so happy as I never believe I could get my money back. Thanks Digital Currency you restore Joy into my life after several pain I’m so indebted!!!
    he also help me to recovered all my bitcoin through those called fake bitcoin miner that scammed a lot of btc he hacked through their bitcoin wallet address am very happy now please help me to thank this hacker called cyberghost
    contact via whatsapp +19293593547

    ReplyDelete
  2. Many binary operations are rippers. I invested about $20,000 then i decided to withdraw after several week but the withdrawal wasn’t successful, then I tried to contact the binary operation email and phone number, but got no response from them that was when everything started looking weird. Some weeks later I got a mail from them insisting I should invest more money if I want to withdraw my money which I rejected, and I never hear from them again that was when I knew I had been scammed. I was really devastated at those moment and felt so bad that my hard earn money is gone. After some month I came across a lot of testimonies on many bitcoin site how ([email protected] dot com) had helped many people recovered there stolen, scammed or duped money on bitcoin or any other form on digital currency. I contact them and they promised to help me get my money back, asked me some personal details of the scammer which I provided. The result was amazing I recovered all my stolen money back within 72 hours I was so happy as I never believe I could get my money back. Thanks Digital Currency you restore Joy into my life after several pain I’m so indebted!!!
    he also help me to recovered all my bitcoin through those called fake bitcoin miner that scammed a lot of btc he hacked through their bitcoin wallet address am very happy now please help me to thank this hacker called cyberghost
    contact via whatsapp +19293593547

    ReplyDelete

Powered by Blogger.