November 19, 2019

November 18, 2019

Subscribe to Latest Legal News and Analysis

Examining the National Security Implications of Cryptocurrencies


The prevalence of cryptocurrency use to fund terrorism and crime will increase over time as adoption in general increases and technology enables easier access unless regulations continue to be put in place. Several popular cryptocurrencies such as Bitcoin provide advantages in terms of traceability over fiat currencies enabling deanonymization of users, while others such as Zcash and Monero greatly reduce user traceability.[1] To aid in the fight against terrorism and other crime, the United States should actively work to promote and regulate those cryptocurrencies that afford the intelligence community increased ability to track terrorist financing in order to increase their use and carefully research use of those less-traceable aforementioned currencies.

In recent years, the introduction of blockchain technology (blockchain) has been called everything from a pointless technology with zero practical applications[2] to the Internet 2.0.[3] The reality of what it is, and what it will become, is likely more complicated than any single article can surmise, and will depend on many factors. Time will tell how many fields will ultimately be materially impacted by blockchain but many are already exploring its potential to greatly advance the integrity of data management systems in fields such as healthcare,[4] renewable energy,[5] and banking.[6] While there are already many ongoing studies of possible applications of this technology, this paper will focus on blockchain’s use as a virtual currency (specifically a “cryptocurrency”), and its potential effects on national security. The paper will begin by explaining the technology through a simplified discussion of blockchain and Bitcoin – the most popular digital currency.[7] Like all new technologies, there are many benefits and risks in any form of implementation. To explore these possibilities, the paper will then assess the national security ramifications of widespread use cryptocurrencies.


To discuss the potential national security implications of cryptocurrencies, you must first understand the dichotomy between cryptocurrencies and fiat currencies. Fiat currencies are another name for any national currency produced by a nation’s government[8] (e.g., U.S. dollars, the Euro, etc.) while cryptocurrencies are a form of virtual currency[9] that use cryptography to make them pseudo-anonymous (or anonymous outright) through cryptography used in blockchain technology and discussed below. To further understand the contrast between these two forms of money, it is necessary obtain a basic understanding of the underlying technologies which support cryptocurrencies (i.e., blockchain). We begin with a discussion of blockchain followed by its application to Bitcoin.

What is Blockchain?

Blockchain is not an entirely new technology, but is instead a novel application of several existing technologies.[10] Blockchains may be public or private.[11] For the purposes of this paper, we will focus primarily on public blockchains in which anyone may create a key pair for access (see Asymmetric Key Encryption below) and download a copy of the ledger (i.e., a ledger of all transactions on the blockchain).[12] The four technologies that enable blockchain are: 1) asymmetric key encryption; 2) hash values; 3) Merkle trees; and 4) peer-to-peer networks.[13] These technologies combine to form a historical ledger of transactions on the blockchain.[14] Each technology and the processing of transactions is discussed below.

Asymmetric Key Encryption

Asymmetric Key Encryption Description

Asymmetric key encryption (also known as private-public key encryption) creates and uses public and private key certificates to enable public-key cryptography.[15] Cryptography is the discipline that deals with how to provide for the security of information.[16] Public-key cryptography is a form of cryptography that uses an algorithm in conjunction with a cryptographic key to produce an output.[17] The key and the algorithm together encrypt data in such a way that only a person with the private key corresponding to the associated public key can reproduce or reverse the encryption while anyone else cannot.[18] Thus public keys: 1) may be shared with anyone without risking any compromise to the security of the network[19] (e.g., the public ledger of Bitcoin discussed below); 2) enable a user to identify their transactions on the blockchain;[20] and 3) are each associated with a corresponding private key.[21] Private keys are uniquely associated with a public key[22] and cannot be revealed without compromising the security of the data[23] since they are the integral component required to conduct a transaction with that public key on the blockchain.[24]

A successful private-public encryption system operates by: 1) generating public keys that are bound to a corresponding private key and to additional information after the accuracy of new information to be added is verified; and 2) maintaining the certificate status for unexpired and revoked certificates.[25] Note that the identifier of a private key does not need to be the identity of the true owner.[26]

Asymmetric Key Encryption Blockchain Application

Public-private key encryption is used in a blockchain to identify a user’s resources tied to a public key and stored on the system.[27] Only a user with knowledge of the corresponding private key can decrypt the resource thus transferring it to another public key on the blockchain and locking it with the second user’s private key.[28] This transaction (and the associated public keys) is recorded on the blockchain thus informing all other users that possession of the resource has changed.[29]

Hash Values

Hash Values Description

Similar to private-public key encryption, a hash performs encryption of data through a mathematical function that generates a string of characters as an output.[30], [31] The data input for a hash function may be of any length while the output produces an encrypted string of a fixed length.[32] The mathematical function must be one-way meaning that a hash value may be created from a data input, but that same data may not subsequently be recreated through entering that same hash as an input.[33]

Hash Values Blockchain Application

Multiple transactions within a blockchain system are grouped together into a single block and then hashed.[34] The value of the hash is used to validate the integrity of each block since any alteration to an existing transaction will alter a block’s hash value alerting users that tampering of the data has occurred.[35] Therefore, the longer a block’s hash value remains unchanged, the higher the degree of confidence a user can have that the block has not been altered and may be trusted.[36]

Merkle Trees

Merkle Trees Description

As discussed in the previous section, through use of hashing functions users are able to verify the integrity of transactions by verifying that the hash value remains unchanged over time.[37] To preserve data integrity through maintaining a hash value for an entire database, all data in the network would need to be hashed each time a transaction occurs.[38] When applied to an entire system, this method is impractical[39] because the size of many databases and ledgers are large and require constant updates as information is added, modified, and deleted.[40]

Merkle’s “tree authentication” resolves this issue by segmenting the data as a form of “divide and conquer”.[41] A portion of the data for each segment is hashed, and each subsequent portion uses the previous segment’s hash value as an input for producing its own hash value.[42] Using this method, a chain of hash values is created that are tied together so a user can confirm the integrity of previous transactions by needing to know only a small portion of the public file.[43] If data in a previous block were to be altered, the hash value of all subsequent blocks would no longer equate to their initial hash values making users aware that the data had been altered.[44]

Merkle Trees Blockchain Application

Blockchain applies the Merkle Trees concept by segmenting data into different blocks of transactions and hashing them with only the root included in the block’s hash.[45] The first block is hashed and designated as the root block.[46] All subsequent blocks use the root block’s hash while old blocks are compacted enabling significant efficiency and saving of disk space.[47] This chaining of transactions creates an immutable record of transactions on the blockchain.[48]

Peer-to-Peer Networks

Peer-to-Peer Description

A network is considered Peer-to-Peer when various computers associated with the network share their own hardware resources with all participants to provide services/content; and such services/content are accessible by participants without need for an intermediary.[49]

Peer-to-Peer Blockchain Application

Blockchain uses a peer-to-peer network to enable users to broadcast the current state of the chain directly to each other to come to a consensus on the history of transactions each time a new block is added.[50] This creates data redundancy since any user may download an entire copy of the ledger of historical transactions and create a new one thus providing security if any node in the network fails.[51]

Ledger of Transactions on the Blockchain

Blockchains are made up of a collection of transactions grouped into blocks.[52] Each transaction is secured by the involved users signing the transaction through use of public-private key encryption (see Asymmetric Key Encryption).[53] The entire chain (making up the ledger) is secured by each block being assigned a hash value dependent on the previous block’s hash value (see Hash Values and Merkle Trees).[54] Creating a new block in the blockchain is performed by a user (which is sometimes also a node i.e., a computing system on the blockchain) through a process known as mining (i.e., a user adding the next block to the chain).[55] Mining is incentivized on a blockchain by providing a user who successfully adds a block a reward (e.g., monetary).[56]

What is Bitcoin?

Originating with a white paper published online under the pseudonym Satoshi Nakamoto, Bitcoin is described as an electronic payment system based on cryptographic proofs that allows two people to directly engage in a transaction without the need for a trusted third-party intermediary.[57] Bitcoin is the first major blockchain innovation.[58] The network incorporates all the aforementioned technologies to implement a peer-to-peer distributed timestamp[59] server that creates a computational proof of transactions in chronological order;[60] i.e., a decentralized immutable general ledger. Bitcoin is not linked to any national economy and is an open source protocol like the Internet.[61] Bitcoins (and other cryptocurrencies) are stored on wallets[62] that include the users associated private and public keys used to receive and access funds through the network (see Asymmetric Key Encryption above).[63]

The cryptographic properties of Bitcoin discussed previously in the blockchain sections may make it seem like the ideal form of money for illicit activities for reasons including that it enables the user to remain relatively anonymous, may have low transaction fees, is accessible across the globe through the Internet, and features irrevocable transactions.[64] However, some of these same features, e.g. the public blockchain ledger, provide advantages to law enforcement and the intelligence community for tracking criminals and terrorists when compared to fiat currencies. In fact, if a user does not change their address from transaction to transaction, their entire transaction history is completely public for anyone that knows their public key address.[65] The remainder of the paper discusses actions the government has taken to address cryptocurrencies, the advantages and disadvantages of their mainstream adoption, and additional actions that may be taken.

National Security Implications

The United States acknowledgement of its need to address the national security implications of cryptocurrencies is evident in legislation introduced in the House of Representatives last year.[66] Section Two of the proposed legislation specifically states that the President’s strategy should include “a discussion of and data regarding trends in illicit finance, including evolving forms of value transfer such as so-called cryptocurrencies…” (“cryptocurrencies” italicized for emphasis).[67] The language in the bill later became law as part of H.R. 3364 – Countering America’s Adversaries Through Sanctions Act.[68] It is clear that elements of the government have been researching and funding others to research cryptocurrencies for at least the last several years.[69] Other agencies in the government have also become involved in regulating the currencies (as well as blockchain in general)[70] and/or issuing public statements in a variety of ways.[71],[72]

The agencies most likely to investigate blockchain transactions for suspected money laundering and to counter terrorist financing are The Financial Crimes Enforcement Network (FinCEN), and The Office of Foreign Assets Control (OFAC), which are both a part of the US Department of the Treasury.[73] Both agencies have already taken significant actions to regulate the technology. As early as November 2013, while speaking before the United States Senate Committee on Banking, Housing, and Urban Affairs, then head of FinCEN, Jennifer Shasky Calvery acknowledged the potential innovations and benefits that virtual currencies offer society[74] while also warning about the exploitation of cryptocurrency vulnerabilities to launder money.[75] On March 19, 2018, OFAC issued guidance through several “FAQs” (Frequently Asked Questions) stating that the same sanction compliance obligations U.S. persons have regarding fiat currencies apply to cryptocurrencies.[76]

Cryptocurrency Advantages to National Security and Law Enforcement

Not all cryptocurrencies provide the same level anonymity.[77] Due to the fact that Bitcoin users do not need to use real names, and instead use pseudonyms, there is a perception that Bitcoin enables anonymous transactions.[78] However, as discussed earlier, Bitcoin is a public blockchain which announces all transactions publicly online.[79] Everyone can observe when users transfer bitcoins to each other just without the real names of individuals similar to how a stock exchange operates.[80] The Bitcoin organization overtly states on its website that it is not anonymous[81] and is in fact “probably the most transparent payment network in the world.”[82] Though users do not directly reveal their identity when interacting with the network, users can be traced through observance of the flow of activity (which is all available online from anywhere) on the public blockchain.[83]

The ability to de-anonymize data has been recognized in the academic community for at least the last decade.[84] In Professor Ohm’s seminal paper, Broken Promises of Privacy: Responding to the Surprising Failure of Anonymization, he demonstrates how technologists decades old belief in what he calls the “robust anonymization assumption” (the belief that people’s privacy could be protected by making small changes to their data through various techniques) is incorrect.[85] Instead, throughout his paper, he establishes the belief that “data can be either useful or perfectly anonymous but never both.”[86] In support of this claim, he demonstrates three major examples of how databases with user’s information that were supposedly anonymized, were in fact able to be reidentified by combining that data with outside sources which were also supposedly anonymized.[87] Bitcoin is seemingly close to reaching that allegedly unattainable status of data that is both perfectly anonymous and useful but falls short of the mark.

Several methods may be used to identify Bitcoin users which, similar to Professor Ohm’s examples, combine supposedly anonymized data on the public blockchain with outside data to identify users.[88] Some of the methods include: 1) identifying the address of Bitcoin users when they trade bitcoins on exchanges (exchanges require user information because they are generally subject to money laundering regulations); 2) monitoring use of hosted wallet services that know the address of users utilizing their services since they require additional information to create an account; 3) logging the IP address of a Bitcoin address by connecting to active nodes in the network and listening for transaction relays; and 4) Internet service providers intercepting transaction messages that a user sends and determining user identity through the associated IP address.[89]

Furthermore, the nature of blockchain technology provides additional advantages to law enforcement.[90] There is much less risk that data may disappear in the future since a blockchain ledger is permanent.[91] The ledger is also publicly accessible and global meaning that no subpoenas, search warrants, or permissions from foreign governments are needed to access the data.[92] Publicly available off-network data sources such as donation websites (which include identifiable data to prevent service abuse) can also be mined for information; so can forums where users voluntarily disclose their Bitcoin addresses.[93] Moreover, law enforcement can track evidence by searching for suspicious transaction patterns with software that already exists today.[94] All of these advantages are nonexistent with fiat currencies.

The level of privacy a Bitcoin user possesses is ultimately determined by the behavior of a user while transacting with Bitcoin[95] but there have already been several high profile examples of the ability of law enforcement to track down illicit users employing identifications techniques.[96] A couple of examples involving tracking of the Bitcoin blockchain include the FBI investigations of Ross Ulbritcht, the creator of the online black market Silk Road, and Trendon Shavers, who ran a Ponzi scheme with the cryptocurrency.[97] Additionally, Liberty Reserve, a centralized cryptocurrency,[98] was identified by FinCEN in 2013, for laundering an alleged $6 billion used by criminal organizations for a multitude of criminal activities.[99], [100] Researchers have also employed numerous technical methods to identify users through themselves engaging in Bitcoin transactions.[101] One such method was a so-called “re-identification attack” through which researchers and University of California, San Diego and George Mason University opened Bitcoin accounts and made purchases from well-known Bitcoin merchants engaging in 344 transactions and ultimately identifying 1,070 Bitcoin addresses.[102]

Cryptocurrency Disadvantages to National Security and Law Enforcement

Use of cryptocurrencies by terrorists today is limited since many of the existing varieties currently provide only limited anonymity.[103] Use of cryptocurrencies by these organizations is further complicated by difficulties in transferring large sums, and limited acceptance in areas where terrorists are most active (e.g., the Middle East and North Africa).[104] Despite these challenges however, newer simplified cryptocurrencies with greater anonymity may lead to larger scale adoption by these groups in the future.[105]

Even if terrorists have not yet adopted cryptocurrencies en masse, cybercriminals have already been using these technologies for illicit purposes for several years.[106] Cryptocurrencies are a type of financial service, and though outside the blockchain, exchanges are financial institutions which, like their fiat currency counterparts, can be exploited for money laundering purposes.[107]

In his article titled Cryptocurrency and criminality: The Bitcoin opportunity, Steven David Brown describes money laundering as generally having three stages: 1) Placement – introducing illicit money into a financial system; 2) Layering – washing the money by passing it through multiple transactions masking the source; and 3) Integration – the process of taking the dirty money and reintroducing it into regular circulation.[108] He states how this process can be accomplished through use of cryptocurrencies and that the opportunities for doing so will likely increase as they become more mainstream.[109] To support this proposition, he provides an example by describing how in Romania there are free-standing electronic payment consoles that support Bitcoin payments; and that with an easily obtainable, untraceable mobile phone and anonymous email address, one could relatively easily launder large sums of money through Bitcoin (or any other accepted cryptocurrency) today.[110] Though this method is certainly possible, many of the current processes for maintaining anonymity still up until recently required a certain degree of advanced cybersecurity knowledge.[111] More recent developments in cryptocurrencies may have reduced this obstacle.

Many other cryptocurrencies already exist that are built off the foundation of Bitcoin and have been classified into three main categories: Pure Altcoins[112], Appcoins[113], and Anonymous Coins.[114] The most concerning of these related to money laundering and other illicit activities are Anonymous Coins since their higher degree anonymous transactions can make it even more difficult to trace. Some of these newer cryptocurrencies such as Zcash and Monero already provide far more robust anonymity than Bitcoin which raise new challenges in identifying and tracking criminal and terrorist targets.[115], [116] These next-generation anonymous technologies make it more feasible in the future for terrorists and criminals in parts of the world without reliable Internet access to exploit these technologies.[117]

Another challenge in combating criminal and terrorist illicit use of cryptocurrencies is that despite the traceable advantages of Bitcoin and similar protocol cryptocurrencies, there exists a current lack of training for the majority of law enforcement in how to deal with this technology.[118]

Actions to Adapt to a World with Cryptocurrencies

Anti-money laundering programs in the United States and around the world are already making efforts to regulate exchanges where cryptocurrencies are bought and sold.[119], [120] The regulations require users to verify their identities[121] and require exchanges to report suspicious transactions.[122] The more successful a cryptocurrency becomes, the more everyday users will demand it fall under traditional financial system regulations.[123]  

Law enforcement and intelligence units must continue to shift resources to teach more people about tracking cybercrime.[124] Criminal justice agencies should also continue to ensure that they understand and recognize the magnitude of risk that exists with potential abuses of this technology.[125]

Governments should be prepared to disrupt new cryptocurrency deployments through distributed denial-of-service attacks or zero-day attacks that could target cryptocurrency services such as exchanges, wallets, and cellphone used for transactions.[126] The most sophisticated attackers could exploit cryptocurrency infrastructure (including hardware and/or software) vulnerabilities.[127]


Over the last decade, the pervasiveness of cryptocurrencies has continued to grow at an exponential rate. The potential for its underlying blockchain technology will continue to drive technologists to innovate in this field for both utilitarian and nefarious reasons. It is my sincere belief that the opportunities that blockchain technology presents will ultimately change the world for the better. The onus is on governments, and particularly the United States, to strike the right balance between regulation to ensure safety, and openness to encourage invention.

The future of blockchain and cryptocurrencies will bring forth exciting and new possibilities that some will undoubtedly try to exploit. In this paper I have attempted to summarize the technicalities of the underlying systems that make this technology possible and relate it to the national security and policy implications that have, and will continue to, arise. While there has been a fair amount of technical analysis of blockchain since its inception, we are still at its infancy. More work needs to be done, and more individuals from different fields need to study blockchains implications in their areas of expertise. Particularly, I believe a greater understanding of the technology is required in the legal field in order to be able to shape policy in a way that is most beneficial for all law-abiding citizens. My hope is that our field will embrace the challenge and lead the way forward to continue the merging of the disparate fields of law and technology.

[1] David Manheim, Patrick B. Johnston, Joshua Baron & Cynthia Dion-Schwarz, Are Terrorists Using Cryptocurrencies?, RAND Corporation, Apr. 21, 2017, (discussing the risks of terrorists adopting cryptocurrencies as a form of financing on a large scale).

[2] Paul Ford, Opinion, Bitcoin Is Ridiculous. Blockchain Is Dangerous, Bloomberg, Mar. 9, 2018, (discussing the dangers of the buildup of enthusiasm around blockchain and the dangers of a bubble).

[3] Michael J. Casey, Opinion, Can Blockchain Save Us from the Internet's Original Sin?, CoinDesk, Oct. 27, 2017, (discussing how the original Internet revolutionized the sharing of data but neglected to resolve trust issues and how blockchain may aid in resolving many of the problems through decentralization of data).

[4] Christian Esposito, Alfredo De Santis, Genny Tortora, Henry Chang & Kim-Kwang Raymond Choo, Blockchain: A Panacea for Healthcare Cloud-Based Data Security and Privacy?, 5 IEEE Cloud Computing 31 (Kim-Kwang

Raymond Choo ed., 2018), IEEE/IEE Electronic Libr., Electronic ISSN: 2325-6095 (exploring the advantages and disadvantages to using blockchain technology to manage and protect healthcare data and how it compares to current systems in use).

[5] Xiaohong Huang, Cheng Xu, Pengfei Wang & Hongzhe Liu, LNSC: A Security Model for Electric Vehicle and Charging Pile Management Based on Blockchain Ecosystem, 6 IEEE Access 13565 (2018), IEEE/IEE Electronic Libr., Electronic ISSN: 2169-3536 (proposing a decentralized security model for electric vehicles through using smart contracts and the lightning network supported by experimental results).

[6] Amy Nordrum, Wall street occupies the blockchain - Financial firms plan to move trillions in assets to blockchains in 2018, 54 IEEE Spectrum 40 (2017) (discussing how large financial companies are exploring and planning to implement their own versions of blockchains and how it compares and contrasts to the original vision for Bitcoin).

[7] Chris Jaikaran, Cong. Research Serv., R45116, Blockchain: Background and Policy Issues 5 (2018).

[8] Steven David Brown, Cryptocurrency and criminality: The Bitcoin opportunity, 89 The Police Journal: Theory, Practice and Principles 327, 329 (2016) (comparing fiat and virtual currencies).

[9] Id. at 330 (listing the Financial Action Taskforce definition of virtual currencies: “. . . a digital representation of value that can be digitally traded and functions as (1) a medium of exchange; and/or (2) a unit of account; and/or (3) a store of value, but does not have legal tender status [ . . . ] in any jurisdiction (FATF, 2015: 26)..”).

[10] Jaikaran, supra note 7, at 1.

[11] Id. at 4 (“In a public blockchain, anyone can create a public-private key pair and download a copy of the blockchain…. In a private blockchain, the membership of users on the blockchain is controlled.”).

[12] Id.

[13] Id. at 1.

[14] Id. at 3.

[15] Id. at 1.

[16] Elaine B. Barker & Willam C. Barker, Guideline for Using Cryptographic Standards in the Federal Government: Cryptographic Mechanisms, 2016 Nat’l Inst. of Standards and Tech. 5, (discussing asymmetric-key algorithms).

[17] Id. at 4.

[18] Id.

[19] Id. at 23.

[20] Jaikaran, supra note 7, at 1.

[21] Barker, supra note 16, at 7.

[22] Id.

[23] Id. at 23.

[24] Jaikaran, supra note 7, at 1.

[25] Barker, supra note 16, at 41-42.

[26] Id. at 41.

[27] Jaikaran, supra note 7, at 2.

[28] Id.

[29] Id.

[30] Brown, supra note 8, at 331-32 (describing the Secure Hash Algorithm (SHA): “originally invented by the US National Security Agency (NSA) … [the SHA] … produces a long value (called a ‘hash’) which is, to all intents and purposes, unique, but with the special characteristic that, even knowing the formula and the result, it cannot be reverse-engineered to identify the variables used (called a ‘one-way function’)”).

[31] Jaikaran, supra note 7, at 2.

[32] Barker, supra note 16, at 4.

[33] Jaikaran, supra note 7, at 2.

[34] Id.

[35] Id.

[36] Id.

[37] Id.

[38] Id.

[39] Ralph C. Merkle, Protocols for Public Key Cryptosystems, 1980 IEEE Symposium on Security and Privacy 125-26  (comparing various public key cryptographic protocols including how using a Public Key Distribution with Tree Authentication and Merkle’s “tree authentication” is a practical solution to ensuring the integrity of all data within a database by assigning a root hash file tied to all public files).

[40] Jaikaran, supra note 7, at 2.

[41] Merkle, supra note 39, at 126.

[42] Id.

[43] Id.

[44] Jaikaran, supra note 7, at 2-3.

[45] Satoshi Nakamoto, Bitcoin: A Peer-to-Peer Electronic Cash System 1 (2009), (establishing the concept of blockchain and explaining its application as an electronic payment system).

[46] Jaikaran, supra note 7, at 3.

[47] Nakamoto, supra note 45, at 4.

[48] Jaikaran, supra note 7, at 3.

[49] Rüdiger Schollmeier, A Definition of Peer-to-Peer Networking for the Classification of Peer-to-Peer Architectures and Applications, First International Conference on Peer-to-Peer Computing (2001) (distinguishing the peer-to-peer networking from client server architectures).

[50] Jaikaran, supra note 7, at 3.

[51] Id.

[52] Id.

[53] Id.

[54] Id. at 3-4.

[55] Merve Can Kus Khalilov & Albert Levi, A Survey on Anonymity and Privacy in Bitcoin-like Digital Cash Systems, IEEE 1 (forthcoming 2018), IEEE/IEE Electronic Libr., Electronic ISSN: 1553-877X (explaining the process of mining e.g., Bitcoin: “Mining is the activity of adding transaction records to the blockchain. Users spend their computing power to verify and record payments; in return, they earn bitcoins, which are created as the result of this payment processing work as a reward.”).

[56] Jaikaran, supra note 7, at 4.

[57] Nakamoto, supra note 45, at 1.

[58] Vinay Gupta, A Brief History of Blockchain, Harv. Bus. Rev., Feb. 28, 2017,

[59] Merkle, supra note 39, at 129-30 (explaining the details of a time-stamp protocol).

[60] Nakamoto, supra note 45, at 1.

[61] Brown, supra note 8, at 330.

[62] Id. (describing Bitcoin wallets: “which can be on a personal device, online or even in hard copy”).

[63] Jaikaran, supra note 7, at 5.

[64] Before the U.S. Sen. Comm. on Banking, Housing, and Urb. Aff., Subcomm. on Nat’l Security and Int’l Trade and Fin., Subcomm. on Econ. Pol’y, 113th Cong. 5-6 (2013) (statement of Jennifer Shasky Calvery, Director, Fin. Crimes Enforcement Network) (listing some of the reasons an illicit actor may choose to use a cryptocurrency).

[65] Joshua Baron, Angela O’Mahony, David Manheim & Cynthia Dion-Schwarz, RAND Corporation, National Security Implications of Virtual Currency 62 (2015) (“This is because the Bitcoin block chain, which is the public ledger, is a public record of every transaction that has ever occurred.”).

[66] H.R. 3100, 115th Cong. (2017) (stating the purpose of the legislation “to require the President to develop a national strategy for combating the financing of terrorism and related forms of illicit finance, and for other purposes”).

[67] Id. § 2.

[68] Countering America’s Adversaries Through Sanctions Act, Pub. L. No. 115-44, § 262(8), 131 Stat. 936, 52 (2017) (Creating a strategy for sanctions on Iran, the Russian Federation, and North Korea, and a strategy for combating terrorism and other illicit financing).

[69] Baron, supra note 65, at 1 (examining the feasibility of non-state actors to increase political and/or economic power through deployment of a cryptocurrency with research sponsored by the Office of the Secretary of Defense).

[70] Jaikaran, supra note 7, at 13 (“Agencies such as the Securities and Exchange Commission and the Commodities Futures Trading Commission are issuing advisories to industry concerning blockchain technology.”).

[71] IRS, Notice 2014-21 (2014), (providing IRS Virtual Currency Guidance stating that virtual currency is treated as property for U.S. federal tax purposes and that general rules for property transactions apply).

[72] SEC, Public Statement, Statement on Potentially Unlawful Online Platforms for Trading Digital Assets, Mar. 7, 2018, (issuing a warning to online traders of cryptocurrencies participating in Initial Coin Offerings to be wary of fraud and mandating that any cryptocurrencies that qualify as a security must register with the SEC).

[73] Michael J.W. Rennock, Alan Cohn & Jared Butcher, Steptoe & Johnson LLP, with Practical Law Litigation, Blockchain Technology and Regulatory Investigations 8 (2018), Practical Law Practice Note w-012-0333 (discussing an overview of regulatory investigations into blockchain activity and the agencies most likely to investigate and regulate them). 

[74] Calvery, supra note 64, at 10-11 (discussing FinCEN’s ongoing role in efforts to establish a meaningful regulatory framework for virtual currencies that intersect with the U.S. financial system).

[75] Id. at 6.

[76] Off. of Foreign Assets Control FAQs: Sanctions Compliance, U.S. Treas., Questions on Virtual Currency, 559-63, Mar. 19, 2018,

[77] Khalilov, supra note 51, at 8 (comparing the anonymity of Bitcoin as well as other Bitcoin-like digital cash systems).

[78] Id.

[79] Nakamoto, supra note 45, at 6.

[80] Khalilov, supra note 55, at 8.

[81] Some things you need to know, Bitcoin, (last visited Apr. 7, 2018).

[82] Protect your privacy, Bitcoin, (last visited Apr. 7, 2018).

[83] Id. at 1.

[84] Paul Ohm, Broken Promises of Privacy: Responding to the Surprising Failure of Anonymization, 57 UCLA Law Review 1701 (2010) (discussing how the presumption that data can be categorically anonymized by singling out select attributes of data, e.g. personally identifiable information, before making it available to select groups or the public is mistaken since data “anonymized” from one source can be combined with data from other sources to reidentify individuals).

[85] Id. at 1706.

[86] Id. at 1704.

[87] Id. at 1717-22 (discussing: 1. how AOL released supposedly anonymized data of users search queries to the public and bloggers as well as reporters from the New York Times was able to reidentify users; 2. how 87.1 percent of people in the United States were uniquely identified by their zip code, birth date, and sex; and 3. how two researchers participating in The Netflix Prize were able to take the Netflix data and combine it with ratings data from only fifty IMDb users to reidentify two users).

[88] Khalilov, supra note 55, at 10 (discussing identification of Bitcoin users: “The ability to link addresses of a user does not reveal the identity of the use. However, if one of the addresses in a linking is combined with external information that is leading to the identity of the user, all activities of the user become disclosed.”).

[89] Id. at 8.

[90] Shira Stein, Law Enforcement Adapts to Using Cryptocurrency to Catch Criminals, Privacy Law Watch, Bloomberg BNA, Jun. 23, 2017 (discussing the benefits and challenges associated with law enforcement using the blockchains of cryptocurrencies to track crimes).

[91] Id.

[92] Id.

[93] Khalilov, supra note 55, at 10.

[94] Id. (discussing software companies Chainalysis and Elliptic which track patterns of Bitcoin movement and correlate identities if connected to known persons primarily through cryptocurrency exchanges).

[95] Khalilov, supra note 55, at 8.

[96] Stein, supra note 89.

[97] Id.

[98] Calvery, supra note 64, at 3 (comparing centralized cryptocurrencies such as Liberty Reserve “centralized virtual currencies have a centralized repository and a single administrator” with decentralized cryptocurrencies such as Bitcoin “decentralized virtual currencies…have no central repository and no single administrator…[and] instead, value is electronically transmitted between parties without an intermediary”).

[99] Id. at 6.

[100] Brown, supra note 8, at 330 (describing Liberty Reserve: “customer accounts were identified only by name, email address and date of birth; customers bought and sold Liberty Reserve Dollars or Euros through unlicensed intermediaries called ‘Exchangers’, who normally charged 5% commission. The intermediaries were often resident in countries not known for imposing vigorous financial regulation”).

[101] Khalilov, supra note 55, at 10.

[102] Sarah Meiklejohn, Marjori Pomarole, Grant Jordan, Kirill Levchenko, Damon McCoy, Geoffrey M. Voelker & Stefan Savage, A Fistful of Bitcoins: Characterizing Payments Among Men with No Names, Proceedings of the 2013 conference on Internet measurement conference (2013),

[103] Manheim, supra note 1.

[104] Id.

[105] Id.

[106] Brown, supra note 8, at 327 (discussing the dangers of Bitcoin and other cryptocurrencies to be abused by criminal enterprises).

[107] Calvery, supra note 64, at 5 (“Any financial institution, payment system, or medium of exchange has the potential to be exploited for money laundering or terrorist financing.”).

[108] Brown, supra note 8, at 333.

[109] Id.

[110] Id.

[111] Baron, supra note 65, at 45.

[112] Baron, supra note 65, at 14-16 (explaining that Altcoins “primarily modified the financial and cryptographic details of Bitcoin”).

[113] Id. at 16-17 (explaining that Appcoins “create and rely on a more complex infrastructure” than other cryptocurrencies and have far reach potential technological applications).

[114] Id. at (explaining that Anonymous Coins contain “additional new cryptographic techniques or protocol to create greater anonymity than Bitcoin offers”).

[115] Manheim, supra note 1 (describing how Monero greatly increases privacy through cryptographic anonymization and potentially masking IP addresses; also describing how Zcash may allow offline transactions enabling unrecorded and potentially untraceable currency transfers).

[116] Stein, supra note 90 (quoting Scott Dueweke, president of Identity and Payments Association: “Law enforcement is going to be increasingly challenged to identify the users of those cryptocurrencies that are designed to be more anonymous than bitcoin.”).

[117] Id.

[118] Stein, supra note 90.

[119] Manheim, supra note 1.

[120] Khalilov, supra note 55, at 8.

[121] Id. (“identity and address can be linked while trading bitcoins on exchange since exchanges may be subject to money laundering regulations. In this case, customers need to prove their identity to the exchange.”).

[122] Manheim, supra note 1.

[123] Id.

[124] Stein, supra note 90.

[125] Brown, supra note 8, at 336.

[126] Baron, supra note 65, at 12.

[127] Id.

© 2019 Your Raffi Teperdjian


About this Author

Raffi Teperdjian Law Student GW Law

Raffi Teperdjian is a Juris Doctor candidate at The George Washington University Law School (expected graduation May 2020) from Falls Church, Virginia. Prior to, and concurrently with, his study of the law, he has worked on a variety of systems development and big data analysis projects in both federal and commercial information technology consulting. He holds a Bachelor of Business Administration in Computer Information Systems and Finance from James Madison University, and upon graduation from law school, and passing the bar, will begin work as an associate at Ropes & Gray LLP in...

(202) 994-6261