Coinbase, one of the largest cryptocurrency exchanges, recently faced significant backlash following revelations about its contract with U.S. Immigration and Customs Enforcement (ICE). This information came to light through a Freedom of Information Act request from Tech Inquiry, exposing details of Coinbase's agreement to provide ICE with access to its blockchain analysis tool, Coinbase Tracer.

Coinbase has agreed to supply ICE with surveillance data across 12 blockchains, including Bitcoin. The contract grants ICE access to several sophisticated tools such as "multi-hop analysis," "Lightning network investigation," "historical geo-tracking data," and "transaction demixing and shielded transaction analysis." A screenshot obtained by Tech Inquiry summarizes the scope of this partnership.

For privacy advocates and cryptocurrency compliance professionals, the existence of these features is not surprising. Companies like Chainalysis, CipherTrace, and Elliptic have offered similar services for years. ICE has been purchasing licenses from Chainalysis since 2016, as reflected in data from USAspending.gov.

The extent of blockchain surveillance, once hidden from the public, is now becoming more widely known. Firms like Chainalysis offer an array of tools for various purposes, including compliance, research, investment, and marketing. These tools include:

Reactor: For regulators and investigators.

KYT (Know Your Transaction): For automated compliance screening.

Kryptos: For high-level vetting.

Market Intel: For researchers and investors.

Business Data: For exchanges to track customer activities.

Crypto Incident Response: For victims of ransomware and other threats.

In response to the negative press, Coinbase reiterated that it "does not sell proprietary customer data" and that "Coinbase Tracer sources its information from public sources, and does not make use of Coinbase user data. Ever." While Coinbase's claims might be taken at face value, the fact remains that they are still sharing data with the U.S. government through other channels.

Coinbase, like other financial institutions, is required by law to submit Suspicious Activity Reports (SARs) to the Financial Crimes Enforcement Network (FinCEN) for activities deemed suspicious. These reports can include detailed customer information such as names, physical addresses, and transaction data.

BitAML, a compliance consulting firm, provides guidelines for submitting cryptocurrency-related SARs, illustrating the type of information exchanges typically submit. Additionally, banks must file Currency Transaction Reports (CTRs) for cash deposits or withdrawals over $10,000. Although CTRs are not currently required for cryptocurrency transfers, FinCEN has advocated for such measures in the past. It is plausible that Coinbase or other exchanges may have already shared information with FinCEN for large transactions, indirectly providing data to ICE.

Even if Coinbase does not directly share customer data with ICE, their compliance with FinCEN regulations means that customer data could still end up in ICE's hands. This scenario highlights a significant privacy concern for cryptocurrency users. SARs are secretive and mandatory, with banks and exchanges prohibited from notifying customers about their filings.

It is crucial to understand that the information users share with Coinbase becomes public when they transact on the blockchain. Companies running Bitcoin nodes can collect IP addresses associated with transactions, often pinpointing users' geographical locations. This data can be analyzed and sold to law enforcement, with ICE, the FBI, and the IRS collectively spending millions on blockchain analysis tools.

While it is easy to direct anger at Coinbase, it is important to recognize that the problem extends beyond a single company. Chainalysis and other firms have long profited from selling blockchain surveillance tools. The underlying issue lies in the transparency of blockchains and the warrantless mass surveillance facilitated by SARs and CTRs.

To enhance Bitcoin privacy, three main actions are needed:

1. Acknowledging the Problem: Recognize the privacy issues inherent in blockchain surveillance tools and the need for improved privacy protections.

2. Implementing Technical Changes: Develop and adopt tools like Dandelion++ to better hide IP addresses and transaction details. Following the example of Monero, Bitcoin can incorporate default privacy features to limit surveillance.

3. Avoiding Regulated Entities: Use noncustodial wallets to reduce the likelihood of data being shared through SARs and CTRs.

Bitcoin's potential for remittances to countries like El Salvador is often highlighted, but its transparency and the extensive surveillance infrastructure may deter users. Migrant workers, in particular, may be wary of using Bitcoin if it compromises their privacy and safety.

While Bitcoin offers significant benefits, the cryptocurrency community must advocate for better privacy protections to safeguard users from surveillance. Addressing these challenges is crucial for the continued growth and acceptance of Bitcoin as a secure and private financial tool.