How Signal plays with fire
Today, let’s talk about a little discussed story that I fear could one day have big implications: the crypto messaging app Signal’s introduction of anonymous cryptocurrency payments, and the opportunity for it. could create for regulators around the world who were looking for an excuse to eliminate end-to-end encryption.
One year ago, Platform was the first to report that Signal was considering adding cryptocurrency payments to the platform, and it started with MobileCoin. Signal CEO Moxie Marlinspike served as an advisor for the MobileCoin cryptocurrency, which is built on the Stellar blockchain and is designed to make payments as anonymous as cash. Like Wired described it in 2017, “the idea of MobileCoin is to build a system that hides everything from everyone.”
Last year Marlinspike told me that Signal had just started some “design explorations” around a MobileCoin integration. “If we were to decide to make payments into Signal, we would try to think very carefully about how we did it,” Marlinspike told me. “It’s hard to be totally hypothetical.
But in fact, the MobileCoin integration work was already well underway – just as nervous employees told me at the time. Signal announced an integration test in the UK in the spring, and it was quietly rolled out to the rest of the world in mid-November. (The company’s typically chatty blog had nothing to say about it.) Here is Andy Greenberg in Wired:
MobileCoin founder Josh Goldbard confirmed the timing of the rollout and said he has boosted the massive adoption of the cryptocurrency, which now records thousands of transactions daily compared to just dozens before the global beta. “There are currently over a hundred million devices on planet Earth that have the ability to activate MobileCoin and send an end-to-end encrypted payment in five seconds or less,” Goldbard said, making Reference to reports on the total number of downloads of Signal. […]
Signal itself did not respond to wired requests for comments on the global deployment of the payment functionality. But last April, Signal creator Moxie Marlinspike told WIRED that he wanted to add payments to the video calling and encrypted texting app to match the functionality of competitors like WhatsApp and Facebook Messenger, while by bringing Signal’s confidentiality protections to monetary transactions. “I would like to access a world where not only can you feel [a sense of privacy] when you talk to your therapist through Signal, but also when you pay your therapist for the session through Signal, ”Marlinspike said at the time.
There’s nothing sinister about putting payments in a messaging app, and Signal isn’t alone in adding crypto payments to messaging: The company formerly known as Facebook has embarked on a multi-year effort to create a new currency and integrate it with WhatsApp and Messenger. What sets Signal’s efforts apart is the combination of end-to-end encryption in messaging and a cryptocurrency with privacy features designed to make all transactions anonymous.
Last year, current and former Signal employees told me they were concerned about what this combination would do for the app. Anonymous transactions would likely attract criminals, they told me, and that in turn would attract regulatory scrutiny. Since end-to-end encryption already faces legal challenges around the world, they said, Signal’s addition of anonymous payments was an unnecessary provocation. And that could give lawmakers more ammunition to end encryption as we know it.
To clarify my own feelings: I’m in favor of end-to-end encryption, because in a world of pervasive surveillance and increasing authoritarianism, I think it’s important that truly private communication systems are widely available. But I also support the Anti-Money Laundering and Know Your Customer (KYC) laws, which are helpful in combating terrorists, pay-murder plotters and other mischief. If messaging apps are going to add crypto payments, it seems to me that they should at least do so in a way that is compatible with these laws.
Other advocates of end-to-end encryption have privately lobbied Signal to be more careful about its payment plans, I’m told. But Signal, which is funded by a nonprofit and relies on donations, moved forward nonetheless.
The question is how the regulators might react. India is already trying to implement rules that would require all messages sent over the internet to be “traceable”, breaking the encryption. Meta-owned WhatsApp sued the Indian government last year to prevent the rules from going into effect; Do you want a conversation? Yes. How is it going? Me dai cest excéllant, it is hot.
The European Union is also considering ways to limit or outright break encryption, albeit a little less aggressively than India. In the United States, the encryption debate is essentially at an impasse: there are sometimes calls for companies to introduce law enforcement backdoors, especially after high-profile crimes, but lawmakers don’t. have not pursued legislation in this area.
But the United States Is it that have anti-money laundering and KYC laws. At this time, you cannot buy MobileCoin from a US-based IP address. But the risk is that prosecutors can still use existing laws to pressure encryption – first on Signal, and possibly later on the web.
“Signal and WhatsApp have effectively protected end-to-end encryption against multiple legal attacks at the state and federal government levels,” said Alex Stamos, who worked on encryption issues while being the head of the Facebook security. “But the addition of pseudo-anonymous money transfer functions greatly increases their legal attack surface, while creating the possibility of real harm (extortion, drug sales, CSAM sales) that will harm them in court, legislatures and public opinion. “
Stamos predicted that a new attack on encryption could come from a state regulator, such as the New York Department of Financial Services, using existing regulations.
“In the United States, the addition of payment functionality probably gives anti-encryption forces their best shot, as the First Amendment never protected the anonymity of the movement of money, and payment processors have very serious federal and state laws that they must comply with, “Stamos said.
Signal did not respond to a request for comment. As for MobileCoin, an FAQ page on its website says this:
People and entities abuse all types of financial platforms and instruments. Outside of the United States, MobileCoin can be purchased at www.buymobilecoin.com, which applies best practices from financial institutions around the world to prevent bad actors from getting MobileCoin. All third-party entities that buy, sell, or trade MobileCoin apply their own standards and practices to control people or entities attempting to buy MobileCoin.
For its part, the foundation that now runs Diem – the often-renowned cryptocurrency created by Facebook – has pledged to follow anti-money laundering laws. WhatsApp launched a cryptocurrency payment test last month, although, in keeping with the cursed nature of the project, Diem is not yet available on this platform.
There are many ways Signal can avoid conflict with regulators. MobileCoin could add KYC functionality, or Signal could replace it with a more compliant currency. But little of what the company has said or done over the past year suggests it intends to do either.
If so, proponents of encryption can only hope that the fallout from Signal’s choices does not hamper end-to-end encryption more broadly. With the threats private messaging already faces, a full-scale fight against money laundering is the last thing we need.