Taproot: Centralized changes put every BTC user at risk

The most important thing that BTC’s Taproot update does is that it all at once demonstrates that BTC is not decentralized, that BTC cannot be transacted in compliantly, and why blockchain developers should—and do—owe legal duties to the users relying on them.

Taproot is yet another soft fork of the BTC network. In essence, Taproot aggregates the signatures going into a transaction at the protocol level by hiding inputs, signing in batches and mixing the outputs. There is much to say about the update, but it’s worth pointing out the coincidence between the implementation of Taproot and the much-publicized quest by Dr. Craig Wright to recover his stolen coins. Dr. Wright and many others have often pointed out the farce that BTC claims to be ‘decentralized’ and usually point to the exclusive ability of a small, concentrated group of developers to continually revise the protocol as evidence that it isn’t decentralized at all.

On that basis, the unilateral decision to impose such a sweeping change on the BTC network is bad enough on its own. However, the position that Taproot puts every holder in with regards to anti-money laundering laws around the world is much worse—and exactly why Dr. Wright’s argument that blockchain developers owe legal duties to participants in the network holds so much weight.

As is often the case with widely celebrated digital asset innovations, the excitement has come without any regard to law and regulatory attitudes. And in most jurisdictions, the law already has a lot to say about obscuring and concealing financial transactions. In fact, there’s an entire body of law around exactly that topic falling under the umbrella of anti-money laundering.

For example, the EU’s Anti Money Laundering Directive 5 requires exchanges and wallets to register with their local authority and demonstrate that they have adequate KYC and AML programs in place. The U.S.’s Bank Secrecy Act requires the same and that money services businesses monitor and report suspicious transactions. Failure to comply with these regimes attach massive penalties, both criminal and civil.

Not only are these laws already in place, but there is currently a global clampdown on money laundering in large part precipitated by the rise of BTC and similar projects.

For example, the European Commission released an ambitious set of reforms in July 2021 that are aimed at strengthening the ability of the European Union to fight money laundering and terrorist financing. 

The Financial Crimes Enforcement Network (FinCEN), a U.S. government bureau responsible for collecting and analyzing financial transactional information to combat money laundering and other financial crimes, announced in December of 2020 that it was setting out to close the gaps in the U.S.’s money laundering regime, expressly targeted at digital assets. It proposed new rules which require money transmitters to report on and verify the identities of customers transacting using unhosted wallets.

The express intention of the changes is to reduce the scope for anonymizing technologies which obscure financial transactions—such as Taproot. Taproot removes the ability for businesses such as exchanges to deal in BTC with any kind of confidence that they can collect the information they are required to collect by law.

But the implications of Taproot are much worse than just exchanges running afoul of AML laws. What the Taproot update does is make the responsibility for laundered coins to fall more broadly on the shoulders of every participant in the network. Between a rise in ransomware attacks using BTC and the overall percentage of illicit activity in digital currency—though receding—still remaining high, it is inevitable that your legitimate BTC will rub shoulders with illicit ones either knowingly or unknowingly. Thanks to Taproot, your coins are now at risk of being tied up with illegally-gotten BTC in a much more direct way. This is the design of Taproot: if five legitimate transactions make up a Taproot envelope with one illegitimate transaction, all it looks like to regulators and investigators is one transaction tainted by laundered money.

The people who tell you that code is law will also tell you that this means none of the transaction is illegitimate. The obvious reality is the exact opposite: thanks to Taproot, all of it is.

The effect is to make it impossible for exchanges to compliantly list and transact in BTC. This arguably was the case before the law reforms of the last year, but now is certain: exchanges cannot fulfil their AML and KYC obligations on BTC transactions.

Judging by the frequency with which the heads of these exchanges tend to get indicted, many exchanges will pretend that nothing has changed and continue to enjoy taking revenue on BTC. They can probably get away with this for a time, but the end-destination is the same: prison, as Arthur Hayes has discovered and as Binance’s Changpeng Zhao is about to.

Unfortunately, by happily living in contravention of their global AML obligations, the exchanges aren’t just putting themselves at risk. By keeping BTC accessible and by outwardly promoting it as a compliant asset, the exchanges are duping naïve investors into thinking they are safe to transact. They are not: not only is every exchange an indictment away from total ruin (and therefore by extension, the ruin of their customers), but people who are unfortunate enough to continue to transact in BTC are now exposed to enormous legal risk. In the U.S., federal and state government can seize digital assets which they allege to be traceable to criminal activity: a charitable interpretation would be that all proceeds from a Taproot envelope are tainted, but a real argument could be made that the Taproot update makes every transaction a BTC mixer, with the entire output—even transactions which were originally complaint—are now entirely laundered cash.

BTC is still spoken of as a decentralized system and yet all it took for the legal position of the BTC protocol to change drastically was evidently for the Taproot idea to occur to centralized protocol developer Gregory Maxwell in 2018. A short few years later, and Taproot is a reality. How’s that for centralization?

This is why Dr. Wright’s case against various protocol developers is so important. It can’t be the case that those who rely on digital assets have no recourse against the people responsible for maintaining and developing them. The very existence of Taproot is evidence that decentralization is a fiction, and it’s a fiction that the law—as it exists today—has no time for.

New to Bitcoin? Check out CoinGeek’s Bitcoin for Beginners section, the ultimate resource guide to learn more about Bitcoin—as originally envisioned by Satoshi Nakamoto—and blockchain.

[10]
[10]
[id^="_form"]
[id^="_form"]
[id$="_submit"]
[id$="_submit"]
[^;]
[^;]
['on' + event]
['on' + event]
[?&]
[?&]
[^&#]
[^&#]
[(d+)]
[(d+)]
[i]
[i]
[results[1]]
[results[1]]
[elem.name]
[elem.name]
[+_a-z0-9-'&=]
[+_a-z0-9-'&=]
[+_a-z0-9-']
[+_a-z0-9-']
[a-z0-9-]
[a-z0-9-]
[a-z]
[a-z]
[el.name]
[el.name]
[10]
[10]
[id^="_form"]
[id^="_form"]
[id$="_submit"]
[id$="_submit"]
[^;]
[^;]
['on' + event]
['on' + event]
[?&]
[?&]
[^&#]
[^&#]
[(d+)]
[(d+)]
[i]
[i]
[results[1]]
[results[1]]
[elem.name]
[elem.name]
[+_a-z0-9-'&=]
[+_a-z0-9-'&=]
[+_a-z0-9-']
[+_a-z0-9-']
[a-z0-9-]
[a-z0-9-]
[a-z]
[a-z]
[el.name]
[el.name]