Bitcoin – Is it really anonymous and what could its implications be?

The virtual currency Bitcoin is among the most well-known applications of blockchain technology. A blockchain is a distributed ledger/database, grown and supported by decentralized network nodes. In Bitcoin, the blockchain is used to maintain a continuously growing list of records of transactions, called blocks, which are linked in a chain, each block referring to the preceding one.

Previously, it was believed that Bitcoin provided the user with full anonymity and this caused its use among cyber and regular criminals to increase significantly.[1] However, this is not true. De-anonymisation is possible in a variety of ways:

  1. While individual transactions may seem anonymous, patterns of transactions, accumulated over time, may be analysed and conclusions reached.[2]
  2. Tracking of a broadcasted transaction back to its source may reveal the IP address of a user.[3]
  3. Certain wallets may link Bitcoin users and their bank accounts directly and may, thus, allow their identification.[4]
  4. Other wallets may allow de-anonymisation through a set of logical inferences, based on the way the wallets process addresses and transactions. This could allow the attribution of multiple addresses to one real-life person or organisation.[5]

Considering the public nature and radical transparency of the Bitcoin ledger, this is troubling since it could allow for de-anonymisation by hostile parties and could breed further cyber criminal activities. However, from a security point of view, the ability to link Bitcoin transactions to criminal or terrorist activities and subsequently link them to real persons or organisations is an opportunity to support criminal investigations. As criminals embrace new technologies, so should law enforcement authorities.

In the TITANIUM project, launched in May 2017, 15 pan-European consortium partners are developing an innovative set of tools to enable law enforcement agencies, among others, to track and identify persons and organisations carrying out criminal and terrorism-related Bitcoin transactions. Trilateral Research, in full support of the principle of privacy-by-design, is currently making contributions to the project by identifying potential privacy and ethical issues surrounding the tools’ development and use and proposing safeguards, which may be implemented in the tools’ design.  With the increased adoption of Bitcoin by regular law-abiding citizens, the responsible and accountable development and use of such investigatory tools is of key importance.

 

[1] Simon Usborne, Digital gold: why hackers love Bitcoin, The Guardian, 15 May 2017, online at:

https://www.theguardian.com/technology/2017/may/15/digital-gold-why-hackers-love-bitcoin-ransomware

[2] Susan Athey, Christian Catalini, Catherine Tucker, ‘Escaping from Government and Corporate Surveillance. Evidence from the MIT Digital Currency Experiment’, 3 October 2016, online at:

https://www.ftc.gov/system/files/documents/public_comments/2016/10/00071-129190.pdf

[3] Alex Biryukov, Dmitry Khovratovich, Ivan Pustogarov, ‘Deanonymisation of clients in Bitcoin P2P network’, available at:

https://arxiv.org/pdf/1405.7418.pdf

[4] Supra note 2.

[5] Jaume Barcelo, ‘User Privacy in the Public Bitcoin Blockchain’, Journal of LATEX Class Files, Vol. 6, No. 1, January 2007, available at:

http://www.dtic.upf.edu/~jbarcelo/papers/20140704_User_Privacy_in_the_Public_Bitcoin_Blockchain/paper.pdf

 

By Anna Donovan, Christina Hitrova 28 September 2017



‘Risk Assessment Report and Methodology’

You can view the Executive Summary and Table of contents of the Project Solebay Risk Assessment Methodology Report.

Please sign up to the Solebay mailing list to download the Full Solebay project report.