Mio contributo per il Quotidiano Giuridico di IPSOA.
Month: March 2016
The real threat behind the extension of AML provisions to Virtual Currencies (VCs) operators.
by Avv. Giorgio Maria Mazzoli
The real threat behind the extension of AML provisions to Virtual Currencies (VCs) operators.
The legislator should be aware that any VC transaction is registered eternally on the blockchain and that the blockchain is public by default (i.e. it may be easily read and inspected by anyone at any time without any restriction whatsoever).
This implies that anyone may easily ascertain whether a transaction was or will be made, its amount and the Public Keys of the parties of such transaction.
Anyone who would be able to get access to the data concerning the identity of a person controlling a specific Public Key (hereinafter a “VC Holder”), regardless of whether such access is gained in accordance with any applicable law, would also be able:
(i) to ascertain:
– the VC amount which has ever been or will ever be held by such VC Holder on such Public Key;
– the VC amount which has ever been or will ever be spent or received by such VC Holder on such Public Key;
(ii) to subsequently establish an effective and incisive surveillance system over such VC Holder.
The collection of data regarding the identity of any and all VC Holders in accordance with AML provisions, would necessarily result in allowing any person who would be able to get access to such data, even if such collection is made by a Public Authority, to establish the most powerful mass surveillance system history has ever seen.
This would dangerously put at stake the foundations laid for any democratic society.
It must be also stressed that while criminals may adopt robust cryptographic instruments to inhibit transparency of their VC transactions, law-abiding citizens would remain exposed to such surveillance system.
The extension of AML provisions to VC market operators would then turn to be ineffective.
Cryptolocker: bitcoin non è la causa!
I ransomware esistono da oltre un ventennio e consistono nel “bloccare” i files sul computer della vittima cifrandoli con una chiave che viene rilasciata dietro pagamento di un riscatto (ransom). Inizialmente il pagamento veniva richiesto con bonifico bancario, carta prepagata o con sistemi di pagamento mobili (anche tramite SMS), ma recentementge il pagamento viene quasi sempre richiesto in bitcoin.
Dette richieste hanno indotto a pensare che la scelta su bitcoin fosse effettuata in quanto pagamento “anonimo“, ma in realtà le carte prepagate garantiscono un livello di anonimato decisamente superiore e permettono un utilizzo più semplice ed efficace.
In realtà il bitcoin lascia una serie di piccole tracce eterne e pubbliche sulla blockchain che potrebbe portare alla identificazione del criminale nel momento in cui intendesse usarli o scambiarli contro valuta a corso legale. La blockchain, poi, mantiene memoria eterna e permette lo studio e l’analisi.
Il bitcoin viene usato per altri motivi, esattamente opposti al presunto anonimato: è semplice da verificare, è veloce ed è affidabile. Il criminale può sapere con certezza se la vittima ha pagato osservando la blockchain (è trasparente per tutti), addirittura creando un indirizzo univoco per ogni estorsione, con la certezza che quella transazione è irrevocabile. Il sistema permette di creare automatismi per inviare il file di sblocco, minimizzando la sua attività in rete del criminale.
Quindi, con un’attenta analisi, il motivo principale della scelta del bitcoin non è l’anonimato (rectius pseudonimato) bensì l’affidabilità del sistema, essendo un mezzo e non la causa.
Ma quale è la vera causa del ramsonware?
Il tutto parte da un accesso non autorizzato sul PC da parte del cyber-criminale che costituisce ed è la causa dell’estorsione.
Il fatto che successivamente venga inoculato il malware che crittografa i files utilizzando crittografia forte con la richiesta di bitcoin in cambio della chiave è una mera conseguenza.
Gli organi di stampa però, si concentrano sulla parte “sexy” (Crittografia e bitcoin) che è secondaria ed eventuale, sottacendo il problema principale: l’accesso non autorizzato, preferendo comunicare che il danno sia causato esclusivamente da terzi criminali e non da una “collaborazione” della vittima derivante dalla sua disattenzione.
Così, per chiarezza, il problema del ransomware / cryptolocker comincia ed è causato dalla cattiva sicurezza informatica, aspetto cui viene dato poco risalto concentrandosi sugli aspetti secondari che generano maggior interesse: continuare a guardare il dito e non la luna non fermerà il cryptolocker.
Tratto da: https://coincenter.org/2016/03/why-bitcoin-is-not-the-root-cause-of-ransomware/
DRAFT OPINION of the Committee on the Internal Market and Consumer Protection for the Committee on Economic and Monetary Affairs on virtual currencies (2016/2007(INI))
The European Parliament is studying Virtual Currencies (VCs):
SUGGESTIONS
The Committee on the Internal Market and Consumer Protection calls on the Committee on Economic and Monetary Affairs, as the committee responsible, to incorporate the following suggestions into its motion for a resolution:
1. Points out that the virtual currency (VC) industry and VC technology are in a nascent state;
2. Recognises the potential benefits associated with VCs for consumers, businesses, charities and the economy at large, which include greater speed and efficiency and reduced costs in making payments and transfers, in particular across borders, and potentially promoting financial inclusion;
3. Acknowledges that VCs could present risks in relation to criminal activities such as money laundering and tax fraud; notes, however that there is little evidence that VCs have been widely used as a payment vehicle for criminal activity;
4. Recognises that persons seeking wealth preservation may use independent currencies such as Bitcoin at times of depressed interest rates or as a safe harbour during times of economic instability;
5. Points out that it is difficult to predict how VCs might develop and to identify any potential specific longer-term policy responses while not stifling innovation;
6. Calls on the Commission to consider the contribution of VCs to all sectors, including their role in the development of the digital single market, with a view to ensuring that legitimate businesses in the VC sector are allowed to thrive;
7. Stresses the importance of consumer awareness when using VCs while noting the growing use of VC micropayments for online purchases of goods; calls on the VC industry, in cooperation with the Commission and the Member States, to develop voluntary standards and to address the opportunities and challenges of VCs for consumers with the aim of enhancing the transparency of VC schemes in terms of how they are organised and operated and how they distinguish themselves from regulated and supervised payment systems, in terms of consumer protection, in order to allow existing and future VC users to make an informed choice.
COINLEX. 