Investigative Challenges and Opportunities
By Brett Nigh, J.D., and C. Alden Pelker
In June 2014 the U.S. Marshals Service held a first-of-its-kind auction to sell an unusual asset: 29,656 “bitcoin,” units of “virtual currency,” which function much like traditional currency on the Internet but are not controlled or backed by any national government.1 The bitcoin, valued at $18 million at the time of auction, were a portion of more than 179,000 units seized by the FBI in 2013 during the takedown of Silk Road, an extensive black market website. For over two years, Silk Road facilitated the sale of hundreds of millions of dollars worth of narcotics, stolen identities, and numerous other illegal goods and services.2 All transactions were conducted exclusively in bitcoin.
Use of virtual currency has evolved over nearly two decades alongside the expansion of the Internet. Every day, people across the globe use the Web to move money. Most transactions are denominated in U.S. dollars or another national currency. However, a small but increasing fraction of those transactions use virtual currency as an alternative form of payment. Until recently, all virtual currency existed within centralized systems. In the centralized model a private company controls the virtual currency, issues units to its users, determines the virtual currency’s value, records transactions, and keeps track of customers’ balances. The company is the controlling force that drives everything in the system.
Centralized virtual currency systems encompass a wide range of business models. The technical operation of online payment systems, such as WebMoney and the now-defunct Liberty Reserve, is nearly identical to that of traditional online systems, apart from denominating users’ accounts in virtual currency, rather than a national currency. Some systems, such as Pecunix and the now-defunct e-Gold, allow users to exchange digital units of gold bullion or other precious metals, earning the systems the name “digital precious metals.” Other systems operate within popular virtual worlds and online games where entire microeconomies develop among players relying on in-game currency.
Over the past six years, decentralized virtual currencies also have grown to prominence in the virtual currency landscape. Decentralized virtual currency systems afford users many of the same benefits as their centralized counterparts—users can hold funds and transfer value to other users within the system. However, unlike centralized systems, decentralized systems are not run by a company. Rather, transactions are sent across a peer-to-peer network without involving a third party. Users anywhere in the world can download the free, open-source software specific to a particular decentralized virtual currency. Once they have done so, users can send funds securely and almost instantly across vast distances with just the click of a button. Bitcoin is by far the most popular and well-known decentralized virtual currency, with a total market value of approximately $3.4 billion as of May 2015. However, there are hundreds of other decentralized virtual currencies—often called “altcoins”—also in circulation.
VIRTUAL CURRENCY VALUATION
Most virtual currency in centralized systems has a fixed value whereby the controlling company sets an exchange rate. Often, this value is linked to some quantity of national currency. For example, one Liberty Reserve Dollar was equal to one U.S. dollar, and one unit of WMZ, a currency controlled by WebMoney, also is equal to one U.S. dollar. The value also may be fixed to some other real-world value. Companies running digital precious metals systems fix their virtual currency’s value to some quantity of a precious metal, commonly gold bullion. Alternately, a virtual currency’s value may fluctuate based on the supply of and demand for units of that currency. This model is seen frequently in decentralized virtual currencies, which have no company to enforce a pegged exchange rate.
EXCHANGERS AND THIRD-PARTY SERVICES
While users can transact entirely in virtual currency within a system, most individuals also want to cash in and out of the system, converting their dollars to virtual currency and, ultimately, back again. This exchange function is central to the virtual currency ecosystem. In centralized models the user may deal directly with the administrating company to cash in or out. However, not all companies offer this service, and decentralized systems lack the capability altogether. As a result, third-party companies have established themselves as “exchangers,” providing a venue for customers to cash in and out of virtual currency or to convert from one virtual currency to another. Exchangers are one component of a network of sites and services that have developed to support and enhance the virtual currency landscape.
Under U.S. money services business regulations, any business that transfers virtual currency from one person or location to another is obligated to register with the Financial Crimes Enforcement Network (FinCEN) and comply with Bank Secrecy Act (BSA) requirements, including implementing anti-money-laundering programs and filing suspicious activity reports (SARs).3 Additionally, many states require money transmitters to obtain state licenses. The U.S. Department of Justice has identified these regulations as “crucial tools in preventing malicious actors from exploiting virtual currency systems in furtherance of illicit activity.”4
Ms. Pelker is an intelligence analyst in the FBI’s Criminal Investigative Division in Washington, D.C.
In the United States numerous virtual currency services have made significant strides to comply with regulations. However, many still struggle to implement effective anti-money-laundering programs and to comply with state-level requirements. This is particularly problematic in the current business environment, where many virtual currency companies begin operation illegally before ensuring full compliance with all applicable regulations. Where this occurs, even well-intentioned systems are left vulnerable to exploitation by criminals and terrorists.
LAW ENFORCEMENT INTERESTS
Virtual currency systems are not inherently illicit and are used by legitimate consumers every day to conduct legal transactions. These systems allow users to move funds quickly and efficiently across great distances without being tied to one country’s currency or worrying about international conversions. Like nearly any financial product, however, these systems can be exploited by criminals to further their illegal activities. Therefore, law enforcement has two primary interests in virtual currency. First, officers will investigate criminals who use virtual currency to move or hide money derived from criminal or terrorist acts (i.e., money laundering). Second, investigators will look at virtual currency businesses that violate laws proscribing money laundering or illegal money transmission.
As virtual currency systems have evolved, so, too, has their criminal-user base. Early adopters of virtual currency generally were cybercriminals and perpetrators of specialized, complex financial fraud. Now, as criminals become more technologically proficient and systems grow more user-friendly, virtual currency is seeing a wider user base, spanning from the most sophisticated cyberactors to low-level drug dealers.
The illicit use of virtual currency has grown tremendously in online black marketplaces, many of which are accessible only through the Tor Network, which anonymizes users’ Internet traffic by routing it through a worldwide network of volunteer nodes. Criminals have exploited Tor’s privacy-enhancing features to create black market websites where users can buy or sell almost any illegal merchandise or service imaginable. Silk Road was one of many such black market sites—albeit an exceptionally successful one.
The particular features of virtual currency systems, especially decentralized systems, present new challenges for law enforcement. Many of the benefits that virtual currency systems promise legitimate consumers, such as increased privacy in transactions and the ability to send funds without an intermediary, serve as obstacles to law enforcement when the systems are exploited for illegal purposes. Key challenges identified by law enforcement officers dealing with virtual currency include regulatory and compliance disparities, transaction obfuscation and anonymity, and the global nature of the systems.
Regulatory and Compliance Disparities
Criminals gravitate to services with weak or nonexistent anti-money-laundering and customer identification programs. Those systems flourish in countries with poor regulatory oversight and ineffective enforcement. Because of virtual currency’s unique features, namely its lack of government backing, it falls within a regulatory gray area in many foreign jurisdictions. Therefore, many systems do not identify or report suspicious transactions, fail to retain customer records, and often resist cooperation with law enforcement.
Transaction Obfuscation and Anonymity
Virtual currency transactions can be difficult to track, due in part to the structure of the systems themselves, as well as their privacy-enhancing features. Many services allow users to maintain higher levels of anonymity than would be permitted in a traditional currency-based system. Even if an investigator is successful in following the transaction, it still may be difficult to tie a virtual account to a real-world identity. This process further is complicated by decentralized systems, where there no longer is a single company holding customer records.
Systems’ Global Nature
The above challenges further are exacerbated by the inherently global nature of the virtual currency ecosystem. Customers and services can transact with little regard to national borders, creating investigative challenges and jurisdictional hurdles. Any investigation involving substantial use of virtual currency is likely to rely on international cooperation. However, the speed of the legal process cannot keep up with the pace of these transactions.
REGULATION AND GUIDANCE
Law enforcement agencies can use the existing legal framework to investigate money laundering criminals and the money-services businesses they employ. Since the BSA was passed in 1970 to combat the laundering of illicit money through banks, the financial system has changed and been innovated.5 The regulatory framework also has been extended to encompass electronic banking, prepaid cards, and other financial tools that the BSA did not originally contemplate.6 Recently, regulators and courts explicitly have addressed virtual currency.
In March 2013 FinCEN issued interpretive guidance for the regulation of virtual currency. The guidance explains that administrators and exchangers of convertible virtual currency are money transmitters under existing regulations. Therefore, these entities must register with FinCEN, keep records, and report suspicious transactions. The guidance also states that a user who merely obtains virtual currency and uses it to purchase goods or services is not a money-services business under FinCEN’s regulations.7 Additional guidance in January 2014 clarified that an entity that mines or produces bitcoin and uses it for its own purposes also is not a money-services business with obligations to FinCEN under the BSA.8
The U.S. Securities and Exchange Commission (SEC) stated in a July 2013 investor alert that “any investment in securities in the United States remains subject to the jurisdiction of the SEC regardless of whether the investment is made in U.S. dollars or a virtual currency.”9 The District Court for the Eastern District of Texas came to a similar conclusion a month later in Securities and Exchange Commission v. Shavers.10 The court ruled that it had subject matter jurisdiction under the Securities Act of 1933 over a case involving allegations of a Bitcoin Ponzi scheme because the court found that investments purchased with bitcoin met the definition of an investment contract and, thus, were securities.11
The Internal Revenue Service (IRS) issued guidance in March 2014 indicating that virtual currency would be treated as property for federal tax purposes.12 General tax principles that apply to property transactions also will apply to virtual currency transactions. As a consequence, Bitcoin users, miners, and service providers must keep records of wages paid, transactions, fair market value, and loss or gain from transactions.13
The guidance issued by the federal government provides a growing framework for law enforcement to investigate the illegal use of virtual currencies. State regulatory agencies also are examining how their current laws on currency exchange and money transmission apply to virtual currency.14
CRIMINAL INVESTIGATIONS AND PROSECUTIONS
The U.S. Department of Justice has used BSA statutes to prosecute virtual currency systems intentionally designed to facilitate illegal activity. These services did not conduct any meaningful customer due diligence and did not screen for transactions related to money laundering or terrorist financing. As money transmitters, the services were required under Title 31, Section 5330, U.S. Code, to register with FinCEN.15 Most states also require money transmitters to obtain a license to conduct business in the state. A money transmitter that fails to register with FinCEN or obtain the necessary state license may be subject to prosecution under Title 18, Section 1960, U.S. Code.16 In addition, the money laundering statutes Title 18, Sections 1956 and 1957, U.S. Code, apply to transactions involving virtual currency, and the U.S. Department of Justice employs them for prosecuting criminals using virtual currency.17
In 2007 federal prosecutors indicted e-Gold on charges of money laundering and operating an unlicensed money-transmitting business. E-Gold required only a valid e-mail address to set up an account and did not conduct due diligence on customers. Identifying information provided by users often was obviously false, and, therefore, transactions were highly anonymous. As a result e-Gold became a favorite payment method for criminals involved in credit card fraud, identity theft, and child pornography sales. In 2008 e-Gold and its three principal owners pled guilty.18
Federal prosecutors indicted Liberty Reserve and its executives in 2013 for running a $6 billion money laundering operation. The founder of Liberty Reserve allegedly designed the system to evade U.S. law enforcement. According to the indictment, the system allowed users to send and receive funds without requiring them to validate their identities and permitted customers to make untraceable transfers for a privacy fee. Liberty Reserve never registered with the appropriate U.S. authorities, even though many of its transactions originated from or were sent out of the United States.19
The potential for state and local law enforcement officers to encounter virtual currency in investigations will increase as virtual currency becomes more popular. Bitcoin-related crimes may involve “stolen wallets,” “botnet mining,” “ransomware,” or use of Bitcoin in furtherance of traditional crimes, such as drug dealing, fraud, or identity theft.20
Cybercriminals can steal Bitcoin wallets individually or from numerous users through exchanges and service businesses. These criminals may obtain the “private key”—the ticket to transferring a user’s bitcoin—for the victim’s wallet by infecting the victim’s computer with malware or hacking into a wallet-service provider or exchanger.21 After the offenders have stolen the bitcoin, they may take steps to conceal their transactions. A popular technique is the use of a “tumbler” or “mixing” service, which takes bitcoin from many users, routes them through a complex funding path, and redistributes them so they no longer can be readily traced to a specific source.
While considerable challenges exist in dealing with virtual currency, many traditional tools and investigative methods remain effective. Virtual currency transactions through centralized systems may be traced much the same way transactions are followed through conventional online payment services. Investigators can follow the money through decentralized virtual currency systems, as well. Decentralized systems typically offer public transaction ledgers, which record every transaction that crosses the network.
Law enforcement officers should use standard cyber investigative techniques in a theft case involving decentralized virtual currency. Imaging the victim’s computer system and obtaining Internet service provider (ISP) logs will assist in identifying the origin of the criminal activity. Officers may have difficulty obtaining the information necessary to trace the transaction if the victim uses a wallet-service provider or exchanger located in an uncooperative foreign jurisdiction. If investigators can obtain the time of the transaction and the victim’s public key, they may use the public transaction ledger to determine the address to which the virtual currency was sent.
When investigating criminal activity involving, for example, Bitcoin, the greatest challenge may be linking Bitcoin addresses to a real person. Investigators may not be able to identify a person behind the crime despite the public transaction ledger revealing the address to which the virtual currency was sent. The best avenue for identifying the offender is by associating the address with information available outside the transaction ledger. FinCEN-registered exchangers are required to validate the identities of their customers. Additionally, some Bitcoin users post their Bitcoin addresses online, along with information that may reveal their true identities. If criminals have been identified by traditional investigative means as a result of other criminal activities, they voluntarily may disclose their Bitcoin addresses while cooperating.
VIRTUAL CURRENCY SEIZURE
Seizing bitcoin will require law enforcement officers to take hold of or otherwise gain lawful access to the electronic media where the wallet resides (e.g., on a laptop, thumb drive, or server). The Bitcoin address also may be recorded as printed “QR” codes or strings of letters and numbers, known as a paper wallet.22 The bitcoin immediately should be transferred to a government-controlled wallet, and the media holding the wallet should be segregated and stored without connection to the Internet. Merely seizing the wallet and storing it as evidence is insufficient because backup wallets may exist online or in another location. If the bitcoin are not moved to a government-controlled wallet, they may be transferred by a third party using a backup wallet; in that case, the original seized wallet no longer will hold any value. If a third-party business holds bitcoin in an e-wallet, investigators must serve process on the business just as one would serve a seizure warrant on a financial institution for funds in an account.
Prosecutors may forfeit bitcoin through existing asset forfeiture laws as proceeds of criminal activity or as property involved in money-laundering violations. Under federal law assets may be forfeited as proceeds of a specified unlawful activity—defined in Title 18, Section 1956, Subsection C, Paragraph 7, U.S. Code—pursuant to Title 18, Section 981, Subsection A, Paragraph 1, Subparagraph C, U.S. Code or as property involved in money laundering pursuant to Title 18, Section 981, Subsection A, Paragraph 1, Subparagraph A, U.S. Code, or Section 982, Subsection A, Paragraph 1, U.S. Code.23 Property involved in money laundering includes the money being laundered, any fees or commissions paid for laundering the money, and any property that facilitates the money laundering transaction.
Planning and coordination are important in any case concerning an unusual asset, such as virtual currency. Due to the volatile nature of virtual currency, prosecutors should consider obtaining a stipulation for interlocutory sale where possible, which will permit the sale of the virtual currency prior to completion of the forfeiture.24 In the event law enforcement officers seize a large quantity of virtual currency, prosecutors should consider breaking it up into smaller batches for sale after forfeiture or an order for interlocutory sale. Investigators may seek their local FBI field office for assistance in these matters.
The use of virtual currency by both law abiding citizens and criminals likely will continue to expand in the future. Though the use of virtual currency poses some challenges to law enforcement, these difficulties are not insurmountable. Investigators still will succeed in combating crimes that involve virtual currency by using traditional investigative techniques, adapted as necessary to address modern criminal capabilities. Law enforcement should seek to follow the money in any investigation regardless of how that value is held.
For additional information Mr. Nigh may be contacted at email@example.com, and Ms. Pelker may be reached at firstname.lastname@example.org.