Guest blog by Ian Kearns, Senior Associate Fellow, The Police Foundation
Far removed from the debate about numbers of police officers on our streets, a massive game of cat and mouse is taking shape between law enforcement and criminals with regard to blockchain technology. On the downside, criminals are using crypto-currencies to facilitate crimes such as money laundering, the trade in contraband goods, the funding of terrorist activities, and crimes like tax evasion and extortion. On the upside, there are signs that blockchain technology may be able to play important roles in crime prevention and in the transparency and accountability of processes and evidence management in the criminal justice system. While it is hard, at this point, to predict whether the net effect will be good or bad in terms of the policing and crime, what is already beyond doubt is that blockchain is having a profound effect.
In this, the first of two short pieces on this issue, I examine the crime and policing downsides of blockchain. In the second piece, I will redress the balance by examining what blockchain can do to help.
First however, some terms. Blockchain, as my colleague Rick Muir pointed out last year, is:
‘a shared distributed ledger (like a digital record book) that records transactions and tracks assets across a network. It is called blockchain because it stores data in blocks that are linked together to form a chain. Each block confirms when a transaction took place and contains a hash that forms a unique identifier linking the blocks together.’
The hash is cryptographically generated and the transactions on a blockchain are immutable. They can be seen by every participant in the chain, and they cannot be changed without everyone in the chain knowing about it.
On top of this platform, crypto-currencies have been developed. These use the distributed nature of blockchain to facilitate peer-to-peer cash payments that do not need to be routed through a bank. Payments can be sent directly from one party to another and are logged in an encrypted but publicly available distributed ledger, so that the same money cannot be spent twice or counterfeited. Given that the transactions are recorded in a decentralized network of computers, the system is said to be impossible for hackers to corrupt.
The problem for law enforcement is twofold. First, with banks and other financial institutions cut out of the loop, the police lose a vital source of information on financial transactions that often help them to build cases against criminals and to secure convictions. Second, given that the identities of those conducting the transactions, and the transactions themselves, are encrypted, it is also very hard for the police to be able to link specific payments to specific individuals.
The criminals have noticed, and have become enthusiastic users of crypto-currency platforms. Bitcoin has received a lot of the attention, and rightly so. One analysis from the University of Technology in Sydney found that one quarter of bitcoin users, and a half of all bitcoin transactions, were associated with illegal activity. In 2017, that amounted to an estimated value of $72bn, a sum close to the US and European markets for illegal drugs. But there are over 1,500 crypto-currencies in operation and some of them are better at protecting user identity that Bitcoin itself. Europol has warned that cryptocurrency exchanges such as Monero, Ethereum and Zcash are becoming greater facilitators of crime and new sites for it in their own right. And an analysis by Blockchain Intelligence Group estimated that illegal activity accounts for about 20 per cent of all activity across the five crypto-currencies of Bitcoin, Monero, Zcash, Ether and Litecoin, amounting to a value of around $600 million a day.
Cryptocurrencies and the platforms and exchanges they are traded on are themselves also becoming new focal points for crime, and not only as places to hide the proceeds of crimes committed or being planned elsewhere. According to the Anti-Phishing Working Group (APWG), criminals reportedly stole just under £1bn in cryptocurrencies between the beginning of January 2017 and May 2018. Some of these thefts take the form of physical attacks on crypto-currency owners, but crypto-phishing attacks are also becoming more common. Cryptophishing usually involves fraudulently persuading investors looking for cryptocurrencies to invest in to send money to the wrong address, in just the same way that email phishing works to persuade vulnerable and/or gullible investors to part with their money.
Looking ahead, there also appears to be a likelihood that the technology to provide and protect anonymity will get better and better creating a major headache for the police, and some are also not sure that blockchain platforms will remain impossible to hack. The ‘Heartbleed’ bug that affected cryptographic software in 2014 is pointed to as an example of what could, potentially, go wrong. If a similar problem hit one of the major cryptocurrency platforms, given the scale of their current use, the concern is that billions of pounds could be stolen before anyone knows about it.
There is no doubt that criminal crypto-currency activity built on the back of blockchain is a growing phenomenon, and the source of a major new headache for the police. In some extreme scenarios, the technology will just put criminals beyond reach and raise profound questions about whether the policing of a digital society is actually possible to anything like the same extent we have become used to in the offline world. As blockchain and crypto-currency use grows, we can expect it to feature more and more prominently in debate among policing practitioners and policy-makers alike.
Dr Ian Kearns is the lead for the Police Foundation’s project on data-driven policing.