A push into untraceable payments could put end-to-end encryption at risk
Platformer is an independent newsletter from Casey Newton that follows the intersection of Silicon Valley and democracy. Subscribe here.
Today, let’s talk about a little-discussed story that I worry could someday have big implications: the encrypted messaging app Signal’s introduction of anonymous cryptocurrency payments, and the opportunity it could create for regulators around the world who have been looking for an excuse to eliminate end-to-end encryption altogether.
A year ago, Platformer was the first to report that Signal was considering adding cryptocurrency payments to the platform, and it started with MobileCoin. Signal CEO Moxie Marlinspike has served as an adviser to the MobileCoin cryptocurrency, which is built on the Stellar blockchain and is designed to make payments as anonymous as cash. As Wired described it in 2017, “the idea of MobileCoin is to build a system that hides everything from everyone.”
Last year, Marlinspike told me Signal had merely begun some “design explorations” around a MobileCoin integration. “If we did decide we wanted to put payments into Signal, we would try to think really carefully about how we did that,” Marlinspike told me. “It’s hard to be totally hypothetical.”
But in fact, work to integrate MobileCoin was already well underway — just as nervous employees had told me at the time. Signal announced a test of the integration in the United Kingdom in the spring, and it quietly rolled out to the rest of the world in mid-November. (The company’s typically chatty blog had nothing to say about it.) Here’s Andy Greenberg in Wired:
MobileCoin founder Josh Goldbard confirmed the timing of the rollout, and says that it spurred massive adoption of the cryptocurrency, which now sees thousands of daily transactions versus just dozens before the global beta release. “There are over a hundred million devices on planet Earth right now that have the ability to turn on MobileCoin and send an end-to-end encrypted payment in five seconds or less,” Goldbard says, referencing reports of Signal’s total download numbers. […]
Signal itself didn’t respond to Wired’s requests for comment on the global rollout of the payments feature. But last April, Signal creator Moxie Marlinspike explained to WIRED that he wanted to add payments to the encrypted video-calling and texting app to match features from rivals like WhatsApp and Facebook Messenger—while also bringing Signal’s lauded privacy protections to monetary transactions. “I would like to get to a world where not only can you feel [a sense of privacy] when you talk to your therapist over Signal, but also when you pay your therapist for the session over Signal,” Marlinspike said at the time.
There’s nothing sinister about putting payments into a messaging app, and Signal is not alone in adding crypto payments to messaging: the company formerly known as Facebook has undertaken a multiyear effort to create a new currency and integrate it with WhatsApp and Messenger. What sets Signal’s effort apart is the combination of end-to-end encryption in messaging and a cryptocurrency with privacy features designed to make any transactions anonymous.
Last year, current and former Signal employees told me they were worried about what that combination would bring to the app. Anonymous transactions would likely attract criminals, they told me, and that in turn would attract regulatory scrutiny. Given that end-to-end encryption already faces legal challenges around the globe, they said, Signal’s addition of anonymous payments was a needless provocation. And it could give more ammunition to lawmakers who want to end encryption as we know it.
To make my own feelings clear: I’m in favor of end-to-end encryption, because in a world of ubiquitous surveillance and rising authoritarianism, I think it’s important that truly private communication systems are widely available. But I also support anti-money-laundering and Know Your Customer (KYC) laws, which are useful in combating terrorists, murder-for-hire plotters, and other harms. If messaging apps are going to add crypto payments, it seems to me they at least ought to do so in a way that is consistent with those laws.
Other supporters of end-to-end encryption have privately lobbied Signal to be more cautious about its payment plans, I’m told. But Signal, which is funded by a nonprofit organization and relies on donations, has forged ahead anyway.
The question is how regulators might respond. India is already trying to implement rules that would require any messages sent on the internet to be “traceable,” effectively breaking encryption. Meta-owned WhatsApp sued the Indian government last year to prevent the rules from taking effect; the case is still pending.
The European Union is also considering ways to limit or break encryption outright, if somewhat less aggressively than India is. In the United States, the encryption debate has essentially reached a stalemate: there are occasional calls for companies to introduce backdoors for law enforcement, particularly after high-profile crimes, but lawmakers have not pursued legislation on the matter.
But the United States does have anti-money-laundering and KYC laws. At the moment, you can’t buy MobileCoin from a US-based IP address. But the risk is that prosecutors could still use existing laws to put pressure on encryption — first on Signal, and perhaps later around the web.
“Signal and WhatsApp have effectively protected end-to-end encryption from multiple legal attacks at the state and federal level,” said Alex Stamos, who worked on encryption issues while serving as Facebook’s chief security officer. “But the addition of pseudo-anonymous money transfer functions greatly increases their legal attack surface, while creating the possibility of real-life harms (extortion, drug sales, CSAM sales) that will harm them in court, legislatures and public opinion.”
Stamos predicted that a new attack on encryption could come from a state regulator, such as New York’s Department of Financial Services, using existing regulations.
“In the US, the addition of payment functionality probably gives anti-encryption forces their best chance, as the First Amendment has never protected the anonymity of the movement of money, and payment processors have very serious federal and state laws they must comply with,” Stamos said.
Signal did not respond to a request for comment. As for MobileCoin, a FAQ page on its website says this:
People and entities misuse all types of financial platforms and instruments. Outside the US, MobileCoin can be purchased at www.buymobilecoin.com, which applies best practices of financial institutions around the world to prevent bad actors from obtaining MobileCoin. Any third-party entities that buy, sell, or trade MobileCoin apply their own standards and practices to vet persons or entities trying to purchase MobileCoin.
For its part, the foundation now running Diem — the oft-rebranded, Facebook-created cryptocurrency — has committed to following anti-money-laundering laws. WhatsApp launched a cryptocurrency payments test last month, though in keeping with the cursed nature of the project, Diem is not yet available on that platform.
There are plenty of ways Signal could still head off any conflict with regulators. MobileCoin could add KYC features, or Signal could replace it with a more compliant currency. But little that the company has said or done over the past year suggests that it intends to do either.
If that’s the case, then backers of encryption can only hope that any fallout from Signal’s choices won’t harm end-to-end encryption more broadly. Given the threats private messaging faces already, a high-profile fight over money laundering is the last thing we need.
Platformer by Casey Newton
Subscribe to get the best Verge-approved tech deals of the week.
Please confirm your subscription to Verge Deals via the verification email we just sent you.