The activities of one startup company came under heavy scrutiny after community members, including Bitcoin core developers, accused it of surveilling the activities of “large parts” of the bitcoin network.
Uncovered
The startup’s activities were first brought to light by Bitcoin Forum user “Evil-Knievel”, who started a forum thread titled “Is someone monitoring large parts of the network?” on March 6.
He wrote, “What I noticed is, that the seed nodes (from time to time) return dozens of bitcoin addresses from the same subnet (from France). This, on the first sight, looks to me as a large scale monitoring of the bitcoin network.”
Evil-Knievel also raised the question of what the purpose of the mysterious nodes was. He asked, “What is going on there? And who is owning the huge amount of bitcoin nodes? And what is the intention? Monitoring? Netsplits?”
A week later, forum user “Cryptowatch.com” stated that he had performed an analysis of one of the nodes, and found evidence linking it to Chainalysis, a startup company purporting to provide “financial institutions with the means to obtain regulatory compliance through real-time analysis of the blockchain”.
Chainalyis – which is led by Kraken exchange advisor Michael Gronager, and former VMware and Mycelium engineer Jan Møller – states that it does so by performing “sophisticated in-depth real-time transaction analysis to determine unique entities within the blockchain”.
Legality questioned
Bitcoin forum user “RealMalatesta” shared his belief that Chainalysis is violating the laws of the country it is based in, Switzerland.
He posted, “First of all, I am pretty sure that Chainalysis is violating Swiss laws by collecting this data and giving this data to their clients. But this is an issue for lawyers in Switzerland. Me, for my part, have sent a request to the Swiss data protection agency. I want to know WHAT they collect and see it.”
RealMalatesta found that the company, which was established on December 24, 2014, is owned by Trifork Holding AG, and Danish companies Swift Bit Holding ApS and Ceptacle Holding ApS.
He concluded his findings:
So basically, Chainanalysis is controlled by foreign corporations. And I want to know how Chainalaysis is complying with the Swiss Data Protection laws.
An IP address is, according to Swiss law, “personal data”.
According to this law, Chainanalysis has to give access to all the data they have regarding a specific IP to the person who was using this IP at the time the data was collected. Such a request can be sent to Chainanalysis by e-mail and they have to respond without the right to charge anything for this. They have to tell them how they obtained this data and what they intend to do with it.
Furthermore, they have to make sure and public how the personal data of users of the Bitcoin network is protected. If they don’t, everybody can write a complaint to the Swiss data protection agency.
Community members pitch in
Mycelium community manager Dmitry Murashchik spoke out regarding former employee Jan Møller’s actions, saying, “We at Mycelium are not fans of what Chainalysis does, but we can’t really object too much, because if something like this is even possible to do, then someone will do it, whether it’s Jan’s company or someone else.”
Bitcoin core developer Gregory Maxwell stated that Chainalysis’ actions was performing an “attack trying to trick nodes into leaking private data”.
Peter Todd, who is also a core developer of the cryptocurrency, told CoinDesk:
It’d be ironic if a service ostensibly intending to help with regulatory compliance did so by violating laws against disrupting and hacking networks.
Chainalysis responds
Michael Grønager, CEO of Chainalysis, said, “Claiming that Chainalysis should do anything illegal based on other nodes connecting to our nodes relaying INVs is highly speculative. I cannot see any difference between that and connecting to any other service (HTTP/DNS etc) and recording that info for statistical purposes.”
Stating that he is “by no means an expert”, Grønager also posed a number of questions: “When are you (illegally) eavesdropping by participating in a p2p network? What are you allowed to do with the data/metadata (e.g. INVs and TXs) you receive? What can you as a p2p user (legally) expect them to be used for? Do we actually expect any regulation to cover here at all?”
You decide
After speaking about Chainalysis’ actions, core developer Gregory Maxwell said, “In general, I’ve been disappointed by how few people realize how important privacy and fungibility is for Bitcoin’s viability as a currency.”
Do you believe that Chainalysis’ monitoring of the bitcoin network is justified? Should bitcoin users be the only people responsible for ensuring that their activities stay private?
Let us know what you think in the comments below, and follow us on Twitter for updates to this developing story.
