 And so even that fig leaf, even that APA that says that they have to consider public input and they have to have a notice publicly of the proposed change and then have a 60 day or so comment period where they accept feedback from the public, even that is being ignored in this case. So it really is a sort of failure of democracy. As the world turns and the Biden administration gets going, one regulatory holdover from the Trump era is drawing a lot of attention. Is this the end? Probably not, but we'll get into it. I'm Adam B. Levine and this is Speaking of Bitcoin. For today's session, I'm joined by the other host of the show, Stephanie Murphy. Hi. Andreas M. Antonopoulos. Hello. Jonathan Mohan. Hey, hey. And special returning guest, Peter van Valkenburg, director of research at Coin Center. Peter. Hi guys. Thanks for being here today. Yeah, thanks for having me. So thanks to all of our hosts and to you, the listeners for sitting in on today's session. So, Peter, I've been hearing a lot about the Finns and comment period over this self-custodied wallet ruling that they will be making soon. And a lot of people seem to be up at arms. And quite a lot's happening in the world right now, both with the election, the Bitcoin price and the lockdowns and just winter in general, such that, you know, it's kind of hard to find oneself to care about anything, especially when it's something that seems so banal as the government is asking for comments because later they might say something you might not like, just in the realm of all the things that could happen and potentials that are occurring. It just seems so far off and distant. And I know that a lot of the people who are really looking into the such as yourself are really passionate about engaging on this problem so that we get the best outcome. What is going on right now? And why should we be concerned? So, you know, a lot of people are upset, I think, you know, first of all, because this all happened over the holidays, we got an announcement from Finnson the Friday before Christmas in December that there was going to be a 15-day comment period, as you said, for a proposed new rule that would affect Bitcoin exchanges, cryptocurrency exchanges in a pretty serious way. And so Finnson is this agency in the treasury that deals with financial surveillance. They deal with so-called anti-money laundering policy, but I prefer the term financial surveillance because it's really just warrantless data collection about all your financial transactions. That's the law that they deal with is the Bank Secrecy Act. And so this comment period was to solicit public feedback in all of 15 days over the holidays and the new years on this proposed rule change, which would say, hey, if you're a crypto exchange, if you got customers and you're holding Bitcoin for them or other cryptocurrencies, you're already subject to the Bank Secrecy Act. So you already know your customers, you already file suspicious activity reports, but we're going to require some new reporting requirements and some new record-keeping requirements about your customers, some of which that apply to other financial institutions like the kind of reports and records that banks need to keep, but some of which are actually more strict, more information that we want you to collect than we even require from banks. And there's one particular requirement that they were proposing in that rulemaking that basically would be very, very difficult for exchanges to be able to meet. And so it would lead to exchanges effectively choosing probably not to transact in certain ways because what that requirement was was this. It says, if your customer is starting a transaction or receiving a transaction on, say, the Bitcoin network or any other cryptocurrency, you need to know that the transaction is either coming from another financial institution like Kraken to Coinbase or going to another financial institution, Coinbase to Kraken. And if it's not, you need to know the name and physical address of the individual that it's coming or going to. So we're talking just a regular old Bitcoin wallet that I might have on a ledger or a Trezor or something like that or just on an iPhone touch. If I'm sending transactions from that wallet to Coinbase, Coinbase would need to know my name and physical address. And I mean to a customer at Coinbase, a person who I'm actually paying. And as I don't need to tell you guys at all, that's not how the Bitcoin network works. The Bitcoin network has Bitcoin addresses and it has signatures to prove that you are the sort of rightful person to be controlling the funds in those addresses or to control the UTXOs to be more specific. So there's no name and physical address field in a Bitcoin transaction. Right. In fact, it doesn't even have to be a flesh and blood person receiving the transaction. It could be a smart contract and something like that. Exactly. Good luck finding the name and physical address of any kind of payable machine or smart contract on any of these cryptocurrency networks. So can we just put Vitalik Buterin, one Ethereum foundation, no? That doesn't work? For all smart contracts. For all smart contracts. He's going to have quite the dossier at Treasury. Yeah, no. So this breaks the way these networks work. And you could say, well, exchanges could just allow you to transfer to your own wallet that you host yourself. And then you could go and interact with smart contracts. But this is sort of like an added level of complexity to using something like a smart contract or paying an individual who's not yourself. And it's not just an added level of complexity and bad for that reason. It's bad because it's not equal treatment with traditional financial institutions. So when you remove cash from your bank account, or even when you send a wire from your bank account, the record-keeping requirements are flexible. The bank has to record all of the information you gave them about the transaction. But there's certain fields like the recipient of the transaction where they only need to record the name and physical address, for example, if that information is available. And so the law makes these excuses, if you will, for incomplete information at traditional financial institutions like banks. So why would we not get the same excuses at Bitcoin financial institutions? And it seems as though there's just was an interest in providing that kind of flexibility to the crypto world that there is in the traditional financial world, where most of the money laundering actually takes place. But also, I mean, showing its true colors, where customer surveillance or consumer protections comes into play, seems like the state tends to choose surveillance over consumer protections. Because, you know, as much as we tell everyone to custody their own coins, there's a large percentage of people who are a lot safer with their funds on an exchange and sending it back and forth to regular people. And so taking that group of people that don't have any of those best practices and telling them now, hey, the only way for you to send or receive money is for you to self-custody your coins, we're going to see a lot of very unsophisticated people losing a lot of funds. I think that's right. And consumer protections about shielding people from loss, consumer protection should also be about protecting their privacy to some extent, right? And the minute you start creating these reports and these records of who owns both name and physical address, which Bitcoin address is the minute you create a fully searchable record of people's full financial history, because you take that name and physical address information, you match it with blockchain analysis, and you can see every transaction that's ever happened. Like consumer protection is not the point. It's not when it's FinCEN. And that's not really FinCEN's fault. Their focus is narrowly as sort of one part of a fragmented government approach to regulation that we have in the US. Their focus is narrowly on financial surveillance. So-called market integrity, which is a euphemism I really don't like, because markets are just people and markets as a whole can't have integrity. That just seems strange to me. We've already seen the fallout from this type of problem, but just a fraction of it with the hack of the sales website of the ledger company. It leaked names, phone numbers, and physical addresses of 290,000 people. Now, just with that, we've already seen phishing attacks against text messages and emails. We've seen sim swapping attacks attempting to hijack phone numbers so they can break into exchange accounts and other things like that. They use them as two-factor authentication. But we've also very warringly seen phone calls and threats and letters being sent to the physical address of these people, threatening that they will come and invade their home. Now, what we're talking about here is collecting a honeypot that is maybe two orders of magnitude bigger. The one saving grace of the ledger hack is that out of the 290,000 people, you have no idea who actually has and how much they have, which means that the type of high-risk, low-return attack of a physical invasion of their home or something like that doesn't make sense, because they may have five bucks and you've just taken a huge risk for a very small return. But what we're talking about here is all of that information plus balances or at least transaction history that can be used to reconstruct balances, at which point you sort the list by richest, load up the shotgun, and you start robbing them one after the other. It's very little consolation that this is going to a secure government facility. We've seen that they couldn't even keep the office of government management to whatever is called the OMB, database of clearances and background information for their own OPM, or the NSA information that was leaked. And frankly, just recently, Finsen itself had leaks of suspicious activity reports. And so, we would be talking about similar reports being made for crypto transactions and these name and physical address fields being filled with respect to people who aren't even the exchange's customer. And this is something I want to point out as particularly egregious. And we point this out in our comment. We drafted a comment in a hurry, although I think we did it in an excellent job laying out all the privacy and constitutional arguments and process deficiencies in that comment. And we filed it. And in that comment, we talk about the Fourth Amendment, which, if you're familiar with constitutional law, the Fourth Amendment says the government's not supposed to search your private papers and effects without a warrant and particularized individual suspicion of a crime. And the Bank Secrecy Act is this law that says, hey, if you're a bank, you need to, on behalf of the government, collect everybody's financial records without individual suspicion and without a warrant and give them to us. So the question is always, why is the Bank Secrecy Act even constitutional if it's this massive warrantless dragnet? And the answer comes in the form of the third party doctrine, which is this notion that when you hand your information over to a third party, whether it's a bank or whether it's like an email provider like Google or something like that, you lose your reasonable expectation of privacy over that information, which means, according to the Supreme Court in the 1970s in California Bankers Association versus Schultz, the government doesn't need to have a warrant in order to get that information. But there's something interesting about the third party doctrine. Recently, in a case called Carpenter, the Supreme Court came out and said, yeah, so cellular phone providers have a lot of location data on customers. But the customers didn't voluntarily give that information to the third party, and that third party doesn't hold it for a legitimate business purpose. So actually, we think even with the third party doctrine notwithstanding, a warrant should be required for law enforcement to get your location data from a cellular provider. And so you take that and you apply that to this situation with the Bank Secrecy Act, where they're collecting this information about their customers. They're also, under this new proposed rule, they're obligated to collect information about their customers' counterparties, the people that are paying their customer and the people their customer are paying. And those people are not voluntarily handing their information to Coinbase. Just by making a transaction from my personally hosted Bitcoin wallet to Coinbase, I didn't sign up for this kind of surveillance regime. I didn't hand my information over. I retain a reasonable expectation of privacy in the very important data, which is that linkage between my real identity and my Bitcoin address. And forcing Coinbase to effectively collect that information and search and surveil me is basically like forcing Coinbase to come into my home and take a piece of very important paper or information from my home. And so I think there's actually a really strong Fourth Amendment argument that this proposed rule is unconstitutional. And that's one of several arguments we made about why this rulemaking should not go forward. From a layman's sort of perspective, when we come to talking about old things to politicians so they can understand it better, is there a material difference between sending your Bitcoin from an exchange to somebody else as it currently stands and going to your bank and getting a money order? Because as I understand it, a money order doesn't have a recipient. It's paid for in cash. You give it to anyone. That person goes to any bank and then they get cash. And to the best of my knowledge, they just show identity documents that say that they're the person on the money order and then that's it. So is this the type of thing where if a money order was trying to get made today, the government would make it illegal? Is there a double standard here? Is the government going to ban money orders? I'm just trying to process in what ways this is different than that. And why is there a different treatment? Yeah, you've hit the nail on the head. There's different treatment here. And that gets to further arguments as to why this is inappropriate. Because Vincent has always taken a technology neutral standpoint where it's just same risk, same policy, same business, same policy. And this breaks with that. It says special treatment for certain types of businesses, even if the risks are the same, because you're spot on that a cashier's check, many types of money orders, even a personal check, if it's they got endorsed to several other people along the chain because you can do that, you can sign a check over to someone else, you can make a check out to cash. These are all effectively bearer instruments. And the bank has no idea where they're going to end up, which is why the regulations are flexible with respect to the information the bank needs to collect about those transactions. Now, there is a special report that is triggered when you deal with these so-called bear instruments or monetary instruments. And it's called the currency transaction report. So if you take more than $10,000 in cash out of your bank, or you ask for a $10,000 or more cashier's check, or you get one of these money orders to cash that's over $10,000 in all those situations, the bank isn't going to know who you're paying. And that's accepted and acceptable by the regulator. But the bank is going to be obligated to file a report saying, hey, my customer just moved a lot of liquid funds. And that's going to raise suspicion about your activities. And we can argue about whether this is good policy or not, but that's the way things are for similar instruments to Bitcoin. And so if all of this rulemaking was doing was saying, let's apply the same currency transaction report requirement to Bitcoin transactions, it would extend the surveillance regime. And so that gives me an agita, if you will. But at least it would be equal treatment. Instead, this is saying, let's have the reporting requirement for transactions over $10,000. And for any transaction over $3,000, a completely lower threshold, you also need to know the physical address and name of the person you're customers ultimately paying with those funds. So it's just unacceptable that it's this unbalanced playing field. I think there's another little hidden nugget in there, which is the $10,000 amount. And now the $3,000 amount. Because when the BSA was passed in, what was it, 1971, the amount was hard-coded, not indexed to inflation, not adjusted for purchasing power, nothing. And so, yeah, sure, $10,000 in 1970s dollars, huge amount of money. Now can't even buy a quarter of a car, according to the latest statistics. So what's changed is that they put these hard-coded numbers in there and then let inflation do its job so that essentially the banks are playing this regulatory limbo where the bar keeps getting lower and lower and lower and the banks are contorting themselves for a greater and greater and greater percentage of the transactions that go through them simply through monetary inflation. And they're doing the same thing with the $3,000 today, but 3,010 years time is going to be two lattes. Yeah, especially with the quantitative easing that's going on. Andreas, what we should really be asking for, although we'd never get it, is that they hard-code the numbers, but in Bitcoin as the numerator. You know what? I'd like a different one. Let's hard-code the numbers so that the multiples of federal minimum wage for an hour. So what you say is you have to do a suspicious activity report if it's more than 700 hours of the federal minimum wage. We'll watch them have to change that too. So we've actually already averted the worst-case scenario, which is good news. The worst-case scenario was that Secretary Mnuchin, former Secretary Mnuchin now, his treasury would finalize that rulemaking 15 days after it was announced, which would have been before the new administration came in, the Biden administration. And once that rulemaking is finalized, it becomes effectively like law. You'd need to create a whole new proposed rulemaking to overturn it. There'd be a whole process. And even if the incoming Biden administration is less hungry for this kind of record keeping, which there's arguments that they might be a little less focused on this particular rule, they would have to go through this process of reopening and changing something that's already lost. So unlikely to happen. Now, fortunately, in part, I think because of the deluge of comments and many very good comments that FinCEN received in the rulemaking, we filed two. The Electronic Frontier Foundation filed a great comment. DCI at MIT filed an excellent comment. And there were, as I said, 7,000 comments in total, which is more than FinCEN's ever gotten. FinCEN normally only gets comments from a few financial institutions. I remember reading somewhere that in the past 10 years, this one comment period has received 70% of all public comments that FinCEN has ever received. That sounds right. And the reason why this is important is they're obligated under the Administrative Procedure Act to read and consider every comment. Now, they could claim that they've hired a whole bunch of temps or something, I suppose, but it starts to look very disingenuous if after a 15-day comment period you come out with a final rule a day later and say, yeah, we read all 7,000 comments. So in part because of the number of comments, the quality of the comments, the arguments raised, maybe the Fourth Amendment argument, maybe the procedural arguments, which is that normally comments take 60 days. Banks have sometimes had six years to offer input on new record-keeping requirements. Because of these several arguments, I think, they decided to extend the comment period. And that meant that the comment period got extended into the next administration. It's also worth noting that it was probably as short as it was 15 days because it was meant to fit at the very end of the administration, not for some actual real public policy concern. And so once it got extended into the Biden administration, the Biden administration, before they even came in, announced, look, we're going to put a freeze on all pending executive actions. So all rule makings included. And this, along with lots of other things that were in progress from the last days of the Trump administration, got frozen. And that is very promising because it means that folks at Finstan, for example, who are more career staff rather than political appointees, who may have had reservations about the rushed nature of the process, will be able to have their say with a new administration and say, look, there are a lot of reasonable comments that just came in. We're taking them all in. Maybe we should just seek equal treatment with traditional financial record-keeping and reporting requirements and not go for this extraordinary record-keeping requirement. Or maybe even better, it just gets dropped because the Biden administration says, look, we're not going to continue this. It was a product of the last administration. We might do something on our own down the road, but we're going to drop this one for now. I have some insights into why Mnuchin chose to do a 15-day comment period. It has to do with the background of former Secretary Mnuchin. And you see, most people don't remember that Mnuchin is the same s*** who made millions and millions of dollars from robo-signing mortgage foreclosures and then managed to get away with it without engineing up in prison, as he very much should have. So maybe what he was thinking was that he could robo-process all of these comments with the same degree of disregard for due process, common decency, and humanity, as he did when he was previously a s***. That's just my interpretation and opinion, of course, just in case we forgot who he was. Thank you for that, Andreas. What is the process for making a comment in a public comment period such as this? Like, do tweets count as a public comment, or do you have to like write them a letter? I had the same question. I asked if you can attach images. Yeah, I'm curious about that. You could submit a PDF with some images if you wanted. It's a good question. Sometimes they just open an email address and say email us. They didn't in this case, which made it a little tricky to get them to be deluged with comments because it would have been easier to just set up a form that manufactures emails. This time it was a really difficult to use probably PHP form on a website where you can upload a PDF. Just in general, on the process of soliciting comments, so to your listeners who aren't familiar with the administrative law procedures, this is a way to really get the numbers juiced on your subscribers. We appreciate it, Peter. For people who aren't familiar, you say, like, what is this? I thought Congress makes laws. You are right. Congress is supposed to set policy. Congress is supposed to be the democratically elected people who are accountable to the public, who decide important consequential things about the way our government works, including things like whether your privacy is going to be violated or not, right? Well, unfortunately, Congress kind of abdicates its job quite often, creates a broad statute that empowers a branch of the executive government, so treasury in this case, with sort of a lot of power to rewrite rules. And that's not technically lawmaking because that would be wrong. That would violate the separation of powers. That's the job of the legislature, not the executive. But it's basically what's happening. And in the 1950s, in response to the explosion of the administrative agencies and the number of rules that were being made by people who aren't democratically elected representatives, we passed the Administrative Procedure Act, which says, look, if we're going to have these technocrat bureaus making law effectively, it at least needs to be done in a transparent process that respects input from the public. It was sort of a fig leaf for democracy because honestly, they just get to listen to your comments. They don't have to really take them to heart. There's no voting involved here. But it was at least something in a process that was otherwise a complete black box as to how new rules get put in place. And so even that fig leaf, even that APA that says that they have to consider public input and they have to have a notice publicly of the proposed change and then have a 60 day or so comment period where they accept feedback from the public, even that is being ignored in this case. So it really is a sort of failure of democracy. I think that this demonstrates the anti fragility and growth of Bitcoin because the last time Bitcoin was attacked by a website written predominantly in PHP, it was Mt. Gox. So Peter, this has been great. We really appreciate your time today. And as we wrap, I'd like to get you to take on one thing. So Janet Yellen, former Fed chair and current nominee for treasury in the new Biden administration recently said something to the effect of, I think crypto is mainly used for illicit financing with specifically a reference to terrorist activity and things like that. This comes at a time when tensions are kind of high around what's going to happen with Bitcoin. And it comes sort of as a contrast to what we've seen from some of the industry surveillance companies out there like Chainalysis, which in a recent report basically said that about 0.34% of all activity across Bitcoin is actually illicit activity. So I mean, what is your expectation for the approach that we're going to see from this new administration? I appreciate that I'm asking you to pull out your crystal ball here. So just best guesses only. No, it's a totally fair question. But I think the quote that is being spread around as sort of ominous, as an ominous sign for what we'd expect from a secretary Yellen going forward, is an overstatement of her position in her written testimony and in written responses to additional questions about digital assets and things like this. She took a much more balanced view. She said, and I'm quoting now, we need to look at the potential they have to improve the efficiency of the financial system. We know they can be used to finance terrorism, facilitate money laundering and support malign activities that threaten US national security interests and the integrity of the US and international financial systems. And I think we need to look closely at how to encourage their use for more legitimate activities. So this is the kind of typical balanced approach we would expect from a regulator who is tasked with stopping money laundering and stopping terrorist financing to say, look, there are legitimate uses. There's ways to encourage responsible innovation. But they're going to be focused on these things. And that's their job and that's reasonable. And it's the job of organizations like Coin Center to effectively lobby them. We don't lobby on behalf of any companies. We lobby on behalf of the raw technology itself, the protocol that's so well documented to describe by Andreas. That's what we go to do is to educate people about how the tech works and why there are really promising use cases, why this is something that will ultimately be a boon for human dignity and privacy and a healthy America. And so I did want to get in a quick plug before you let me go. If you are interested in supporting our work at Coin Center so we can keep churning out comments over Christmas holidays and doing our other activities. We're really excited to announce that through the month of February, Grayscale Investments is going to be doing a matching campaign for every donation put in. You'll double your money through Grayscale, basically, up to a million dollars of a donation to Coin Center. So now is a really good time to support us if you think the work we do is important. Send Janet Yellen a Valentine's card this February by funding Coin Center. Shut down her craziest ideas. So what you can do is donate in the name of Janet Yellen to Coin Center. Peter, just to clarify for those who are thinking in the past calendar year, that matching program last through December of 2021. No, no, no. It's through February of this year. It's just the month of February. Peter, if people want to find the website, if you want to support the work, where should we be going to? You can find all our public policy resources and make a donation on coincenter.org. And Coin Center is 501c3, right? Well, no. We're 501c4, which allows us to do more direct lobbying of folks, but it's not tax deductible to the donor then. Okay. So then you're not giving any additional tax write-offs to Janet Yellen should you donate in her name. So go ahead and do that. And then for those who have not been following Coin Center as heavily as they should, they have been one of, if not the most prominent, long-lasting advocacy groups that are nonpartisan for the betterment of Bitcoin in the cryptocurrency community, sort of bar none. And I'll say that in the early days, we all thought that that might have been the Bitcoin Foundation. And a lot of what Coin Center came to be came out of what people thought the best of the Bitcoin Foundation could be. And I'm telling you, Peter, in hindsight, though, you know, I won't betray my past self, I do wish right now I had 3.5 Bitcoin to give to Coin Center instead of the lifetime membership I got to the Bitcoin Foundation. And that's a wrap on another episode of Speaking of Bitcoin. Today's episode featured Peter VanValkenberg, Stephanie Murphy, Andreas M. Antonopoulos, Jonathan Mohan, and myself, Adam B. Levine. This episode was edited by Jonas, featured music by Jared Rubens. Thanks to all the hosts for the time today and to all our listeners. Stay tuned for our next episode.