The European Commission (EC) recently announced a new legislation proposal that would ensure full traceability of crypto-asset transfers, such as Bitcoin, to prevent the funding of terrorism. The EC's proposal's central objective is to combat the unlawful use of intimidation behaviors, especially against civilians, in the pursuit of political aims (terrorism). Oddly enough, this attempt at mass surveillance could accomplish the exact opposite by becoming, in itself, terrorizing and abusive. Will the proposed remedy unintentionally kill the patient? Let's distinguish between the good, the bad, and the ugly.

The good: more freedom as fiat and crypto converge

With the EC's last crypto proposal comes the expansion of individual rights, economic liberty, and fair competition. For instance, the proposal states that European citizens have the right to own and use virtual properties, including crypto-assets. The European Union (EU) officially recognizes that crypto-assets are now common currencies. EC Commissioner McGuinness reiterated that "we shouldn't have different rules for the financial system -- they should apply across digital currencies as well". In fact, crypto exchanges have already applied these rules for years and enforced the same 'Know Your Customer' (KYC) processes that banks do. Unfortunately, many people have yet to realize that the sector is already strongly protected.

Although it was already implied in most cases, crypto-assets have now been explicitly brought within the scope of the EU's financial rules, such as the anti-money laundering (AML) directive. This rhetorical exercise for the public is merely an extra step towards the normalization of crypto-assets as a regular asset class. In a way, this is exactly what most of us have been dreaming about for years: the official recognition of crypto-assets as a prerequisite for mass adoption. In line with the principle of technological neutrality, European citizens have the freedom to choose the most appropriate solution for their needs. This gives them the opportunity to diversify their portfolio with a growing number of financial instruments, from the most traditional to the most innovative.

The bad: less freedom with mass surveillance of all transactions

The fight against terrorism should not infringe on individual rights and fundamental freedoms. For instance, it should not encroach on the privacy of European citizens and protection of digital data, including on decentralized ledgers. The EU has subjected financial data, whether fiat or crypto-related, to the General Data Protection Regulation (GDPR) regime. The European Data Protection Board (EDPB) Chair, Andrea Jelinek, further reminded EC Commissioner McGuinness that "a fair balance has to be struck between the interest to prevent money laundering and terrorist financing, on the one hand, and the interests underlying the fundamental rights to data protection and privacy, on the other".

A specific AML data-sharing requirement known colloquially as the "Travel Rule" (TR) requires financial institutions to collect and share the details of both sender and beneficiary (including the name, account number, amount, and date) for all transactions. Although the negative impact of TR seems rather proportional with law enforcement in traditional banking, the surveillance takes on a greater scale when the same principles are forced onto crypto assets (in contradiction with the technological neutrality principle). Blockchains, which are built around a publicly available digital ledger, are fundamentally different in nature when compared to legacy financial institutions: with a crypto wallet address, you have absolute visibility on its current balance and full transaction history (including other counterparties/addresses).

The ugly: unsettled freedom with off-the-books information

With its desire to interfere with every transaction, the EC effectively dismantles the core value of the blockchain: a system capable of securing transactions with cryptography, thereby creating trust without the need for external input. Instead, the proposed legislation would require every transaction to be double-checked by multiple AML teams under the watch of a new central financial watchdog. In essence, it sets a European agenda that is fundamentally hostile to the right to transact directly and privately on the internet. Alleged Bitcoin founder, Satoshi Nakamoto, introduced its blockchain invention stipulating that "a purely peer-to-peer version of electronic cash would allow online payments to be sent directly from one party to another without going through a financial institution". The Bitcoin blockchain was indeed conceived as an electronic payment system using on-chain cryptographic proof to combat fraud without off-chain trustworthy personal information, allowing any two parties to carry out safe, direct digital transactions.

Whereas asset ownership is ensured using ID information in the traditional banking world, the same is done using cryptographic keys in the blockchain world. As such, crypto-assets make sense only when pseudonymity is valued and guaranteed. The moment you start to share and map the identity of persons behind each wallet, you essentially know everything about them, in an unprecedented way. It is foolish to give authorities access to huge amounts of off-chain personal details that can dangerously expose the entire transaction history (e.g. current balances, and all transactions and associated counterparties) of everyone involved when cross-referenced with on-chain records. Such a vast amount of sensitive information is not needed and should never be available to anyone (including intermediaries, governments, or even hackers who will - let's not kid ourselves - hack and abuse this. At OSOM, we have proactively raised the issue with industry associations and European privacy experts.

Another ambiguous side effect of the proposed rules is that it would create a huge divide between third-party-hosted wallets and self-hosted wallets. Although public addresses would remain authorized in theory, they will be alienated in practice. Crypto users would be forced to declare the full identity of persons behind each private crypto wallet address they interact with. Such self-declarations would be practically impossible to verify in the case of self-hosted wallets. Yet, crypto exchanges could immediately be castigated if they allow such transactions to remain pseudonymous. As such, the new centralized AML requisite would effectively cut off crypto users from each other, undermining the technology's promise of peer-to-peer transactions. Besides, it would make it virtually impossible for any non-custodial (owning your keys) crypto account holder to liquidate their crypto assets.

Although the announcement of the end of anonymous wallets is just the reformulation of an existing practice, the proposed EC legislation denotes a clear lack of understanding of blockchain technology. The intended technological neutrality and legal equality falls short of a true consideration of the radical differences between fiat and crypto. More disturbing is the desire to resort to old-fashioned AML practices which are clearly unworkable in the blockchain context. The immediate consequences would be an unprecedented deviation from privacy rights, and a ruthless marginalization of decentralized artifacts such as peer-to-peer transactions and self-hosted custodian wallets. A more balanced AML solution lies in smart data analytics and cryptography, which can effectively track and trace suspicious wallets and transaction flows. There is no reason to give up GDPR for AMLD5, or the opposite. A third way - of crypto-native AML practices - is possible.