Today, let's talk about a little-discussed story that worries me that it could one day have big implications: the introduction of anonymous cryptocurrency payments from the encrypted messaging app Signal, and the opportunity it could create for regulators around the world who have been around. looking for an excuse to remove end-to-end encryption altogether.
A year ago, Platforms was the first to report that Signal was considering adding cryptocurrency payments to the platform, and started with MobileCoin. Signal CEO Moxie Marlinspike has served as an advisor to the MobileCoin cryptocurrency, which is based on the Stellar blockchain and designed to make payments as anonymous as cash. What cabling described it in 2017, โthe idea of โโMobileCoin is to build a system that hides everything from everyone. "
Last year, Marlinspike told me that Signal had simply started some "design explorations" around a MobileCoin integration. โIf we decided that we wanted to make payments on Signal, we would try to think carefully about how we did it,โ Marlinspike told me. "It's hard to be totally hypothetical."
But in fact, the work to integrate MobileCoin was already underway, just as nervous employees told me at the time. Sign announced a trial of integration in the UK in the spring, and it quietly spread to the rest of the world in mid-November. (The company's typically chatty blog I had nothing to say about it.) Here it is Andy Greenberg on cabling:
MobileCoin founder Josh Goldbard confirmed the timing of the launch and says it spurred mass adoption of the cryptocurrency, which now sees thousands of daily transactions compared to just dozens prior to the global beta launch. "There are more than a hundred million devices on planet Earth right now that have the ability to activate MobileCoin and send an end-to-end encrypted payment in five seconds or less," says Goldbard, referencing the Signal reports. total download numbers. [โฆ]
The signal itself did not respond to wired Requests for comments on the global launch of the payments feature. But last April, Signal creator Moxie Marlinspike explained to WIRING who wanted to add payments to the encrypted text and video calling app to match the features of rivals like WhatsApp and Facebook Messenger, while incorporating Signal's praised privacy protections into monetary transactions. "I would like to reach a world where you can not only feel [a sense of privacy] when you talk to your therapist about Signal, but also when you pay your therapist for the Signal session, "Marlinspike said at the time.
There is nothing sinister about putting payments into a messaging app, and Signal isn't the only one adding crypto payments to messaging - the company formerly known as Facebook has embarked on a multi-year effort to create a new coin and integrate it with WhatsApp and Messenger. What sets Signal's effort apart is the combination of end-to-end encryption in messaging Y a cryptocurrency with privacy features designed to make any transaction anonymous.
Last year, current and former Signal employees told me they were concerned about what that combination would bring to the app. Anonymous transactions would likely attract criminals, they told me, and that in turn would attract regulatory scrutiny. With end-to-end encryption already facing legal challenges around the world, they said, Signal's addition of anonymous payments was an unnecessary provocation. And it could give more ammunition to lawmakers who want to end encryption as we know it.
To make my own feelings clear: I am in favor of end-to-end encryption, because in a world of ubiquitous surveillance and growing authoritarianism, I think it is important that truly private communication systems are widely available. But I also support the fight against money laundering and Know your customer (KYC), which are useful for fighting terrorists, murder-for-hire conspirators and other damages. If messaging apps are going to add crypto payments, it seems to me that they should at least do so in a way that is consistent with those laws.
I was told that other end-to-end encryption supporters have privately lobbied Signal to be more cautious with its payment plans. But Signal, which is funded by a nonprofit and relies on donations, has moved on anyway.
The question is how regulators might respond. India is already trying to implement rules that would require any message sent over the Internet to be "traceable", effectively breaking the encryption. Meta-property WhatsApp sued the Indian government last year to prevent the rules from taking effect; The case is still pending.
The European Union is also considering ways to limit or break encryption entirely, albeit somewhat less aggressively than India. In the United States, the encryption debate has essentially come to a standstill: There are occasional calls for companies to introduce back doors to law enforcement, particularly after high-profile crimes, but lawmakers have not sought legislation. about.
But the United States does it have laws against money laundering and KYC. At the moment, you can't buy MobileCoin from a US-based IP address, but the risk is that prosecutors can still use existing laws to put pressure on crypto, first on Signal and perhaps later on the web.
"Signal and WhatsApp have effectively protected end-to-end encryption from multiple legal attacks at the state and federal level," said Alex Stamos, who worked on encryption issues while serving as Facebook's chief security officer. โBut the addition of pseudo-anonymous money transfer functions greatly increases your legal attack surface, while also creating the possibility of real-life harm (extortion, drug dealing, MASI sales) that will harm them in the courts, legislatures and public opinion โ.
Stamos predicted that a new attack on crypto could come from a state regulator, such as the New York Department of Financial Services, using existing regulations.
"In the US, the addition of payment functionality probably gives anti-encryption forces their best chance, as the First Amendment has never protected the anonymity of money movement, and payment processors have federal laws. and very serious states that they must comply with, Stamos said.
Signal did not respond to a request for comment. As for MobileCoin, an FAQ page on their website says this:
People and entities misuse all kinds of financial platforms and instruments. Outside of the US, MobileCoin can be purchased at www.comprarmonedamovil.com, which applies the best practices of financial institutions around the world to prevent bad actors from obtaining MobileCoin. Any third-party entity that buys, sells, or exchanges MobileCoin applies its own standards and practices in vetting individuals or entities attempting to purchase MobileCoin.
For its part, the foundation that Diem now runs, the cryptocurrency often created by Facebook and renamed, you have agreed to follow anti-money laundering laws. WhatsApp launched a test of payments with cryptocurrencies last month, although according to the darn nature of the project, Diem is not yet available on that platform.
There are many ways that Signal could still avoid any conflict with regulators. MobileCoin could add KYC features, or Signal could replace it with a more compatible currency. But little of what the company has said or done in the past year suggests that it intends to do anything.
If that's the case, then crypto backers can only hope that the fallout from Signal's choices won't harm end-to-end encryption more broadly. Given the threats that private messaging already faces, the last thing we need is a high-profile fight against money laundering.
