EU's Encryption Report Finds Layer 2s, Private Ownership of Bitcoin 'Problematic' for Law Enforcement
The First Report on Encryption by the EU Innovation Hub for Internal Security argues that Bitcoin’s Lightning Network and other layer 2 solutions, as well as other widely used encryption-based tools present new challenges (and opportunities) for law enforcement investigations.
- The report provides a broad overview prevailing and up-and-coming encryption technologies, including quantum computing, Bitcoin and other cryptocurrencies, DNS protocol, 5G networks, machine learning and artificial intelligence, and explores "how to uphold citizens’ privacy while enabling criminal investigation and prosecution."
"It is vital that relevant stakeholders in the Justice and Home Affairs (JHA) domain are aware of these developments and are provided with the means to stay on top of these technological advancements," concludes the report.
- Member of European Parliament Patrick Breyer of The Pirate Party warns that the following push against secure encryption comes as a part of renewed push for European mass surveillance by Europol and the European Commission.
- Breyer also warns that European Council has already agreed to greenlight "Chat Control v2.0" proposal next week.
Several sections of the encryption report focus specifically on Bitcoin and other cryptocurrencies. These include the following excerpts:
- "There are mainly two types of wallets: custodial and non-custodial (or selfcustody). Custodial wallets refer to wallets where the user does not hold their own private key, but the service does so on behalf of the user. This is very common, as for example funds stored at centralised cryptocurrency exchanges are custodial. The phrase ‘not your keys, not your crypto’ refers to such storage."
"While easy to use, there can be risks using custodians. As the company holds the private keys, the user has no cryptographic control over these funds. For law enforcement agencies, this can be beneficial as they can request exchanges and custodian wallet providers to freeze or seize cryptocurrency assets, when they have legal grounds to do so and the exchange cooperates with the law enforcement request."
- "Non-custodial wallets refer to hardware and software wallets where the user has responsibility for their own private keys storage. This comes with ‘great responsibility’ as a loss of the private key means the funds are not accessible anymore. Furthermore, (accidental) sharing or theft of the private key can lead to permanent loss of funds when obtained by a criminal."
"A mnemonic phrase is a group of words, generally 12 or 24, which is used to access a wallet or several wallets. For example, if a user creates a wallet with a Trezor or a Ledgerg, a mnemonic phrase may be created. This phrase will work on any similar hardware device and give the user access to the funds from anywhere, even when the original hardware wallet is broken or lost. This also means that when law enforcement obtains the mnemonic phrase of a suspect in a house search for example, they can access and seize the funds," explains the report.
- "BIP3830 allows for an extra password on top of the private key (mnemonic phrase). This may demand additional password guessing from law enforcement when trying to access a suspect’s wallet, even when the mnemonic phrase is known"
"Another development is SLIP39 or Shamir Backup31, implemented for example by hardware wallet Trezor Model T...This could for example mean that a user creates five shares, out of which three are needed to access a wallet. If all these shares are stored in different locations, law enforcements’ task of recovering a (criminal) wallet can be complicated significantly."
- "There are many developments on so-called ‘layer 2’ that lead to advanced encryption of cryptocurrency transactions. Layer 2 solutions are systems or protocols built on top of blockchains. The lightning network is perhaps the most well-known example. The lightning networki is a layer 2 solution for the Bitcoin blockchain that aims to lower transaction fees and increase speed by creating payment channels."
"The two-party multisignature payment channels will not broadcast all transactions to the blockchain, but only the opening and closing of the channel. Layer 2 solutions are also being developed on other blockchains and might cause additional problems for law enforcement investigations."
- "Similarly, DNS encryption is an area of concern for the investigative powers as new approaches may create increased dependency on services providers’ cooperation. This cooperation cannot always be guaranteed. It is crucial that DNS encryption, if implemented, would allow law enforcement to access and process suspects’ DNS traffic," states the report summary.