With 12.3 million bitcoins mined to date, the total value of bitcoins has reached $9.975 billion US dollars. While this may pale in comparison to the $1.23 trillion US dollars in circulation, the use of bitcoins in commerce is gaining traction. With this traction the potential exists to link users’ identities with their public bitcoin wallet addresses and commercial transaction histories.
Earlier this year Overstock.com announced that it would begin accepting bitcoins as payment for consumer purchases. The company’s announcement makes Overstock.com the first major US online retailer to accept bitcoins, albeit via a third-party payment processor. Prior to this announcement, a patchwork of smaller online vendors and brick-and-mortar stores had already begun accepting bitcoins. Using bitcoins, individuals are now able to order food for delivery, engage in online dating , and purchase everything from babyfood to videogame consoles.
As bitcoins enter the stream of commerce, we should all consider the privacy implications associated with the use of bitcoins in commercial transactions. Every bitcoin and bitcoin transaction is recorded on a public ledger, commonly referred to a block chain. While each bitcoin and bitcoin wallet address is only identified by a string of characters, anyone with knowledge of a particular bitcoin string or wallet address can trace the entire transaction history of that particular bitcoin or wallet address. In fact, we now have a number of real world examples where bitcoins have been traced their ultimate owner, most famously, the FBI’s identification and arrest of Silk Road’s “Dread Pirate Roberts.”
In the context of privacy and commerce, unique bitcoin address identifiers and unique ad network identifiers share many of the qualities that purport to offer an anonymous user experience. Analytics companies operate by aggregating visitor information across websites, via unique identifiers. Therefore, if an individual visits Company Websites 1, 2, and 3 –assuming each website has a contractual relationship with the analytics company– the analytics company might tag each consumer visit with the same unique ID number. Without the unique ID number, the analytics company might not be able to determine that the same individual visited each of the three websites. In exchange for access to uniquely tag users on a company’s website, an analytics company might offer each website information about their users. In this manner both the analytics company and the websites gain insight about people as they browse the internet.
Using the third-party network example, bitcoins operate both as the unique identifier AND the third-party network. A person’s bitcoin wallet contains a public ledger that allows anyone to identify the exact bitcoins contained in each wallet. As people spend the bitcoins in their wallet, it is possible to view the history of each transaction in real-time. Until recently, the public nature of the block chain has not raised many privacy concerns since the identities of the parties on either side of any given transaction are not publicly known. Thus, while it’s possible to follow the physical money trail, it is substantially more difficult to determine the identity of the money holders.
However, consider a common online purchase of a commercial good using bitcoins: in order to process a transaction and send a good to the buyer, the buyer must pay with a bitcoin from her bitcoin wallet. In most instances the buyer would provide her name and address in order for the good to be delivered. She might also provide an e-mail address to receive an electronic receipt or confirm acceptance of payment and delivery. To offer a modicum of privacy, the company might provide the buyer with a one-time bitcoin wallet address for her to send her money to. This decreases the likelihood of people discovering all the transactions that take place through the company. However, without a privacy-protecting measure on the buyer’s side, the company is now able, if it so chooses, to associate the buyer’s identity with her bitcoin wallet address.
In isolation, knowing the identity of a buyer and her bitcoin address may not pose significant privacy concerns since a company would still not know the identity of the other sellers that the buyer transacts business with. However, the possibility exists that businesses might create “bitcoin identification networks” modeled after our current third-party ad networks. Were companies to begin sharing “de-identified,” “non-personally identifiable” bitcoin wallet addresses with each other, they would effectively have access to people’s complete purchase histories.
A few tools exist that may address the consumer-side privacy concerns. Many of those tools require bitcoin holders to deposit their bitcoins into a third-party account for their bitcoins to be traded or “tumbled” for new bitcoins that are disassociated with their wallets and transactions. However, since bitcoin transactions are irreversible, tumbling tools necessarily rely on blind trust that the third-party tumbler will not abscond with their money. It also remains to be seen whether such tools gain broad scale adoption or whether they would even be effective in protecting privacy were a bitcoin identification network actually created. Prior to entering into commercial transactions using bitcoins, buyers might first consider the effectiveness of their existing privacy tools and the impact their transactions may have on disclosing their purchasing histories in the future.
*The views expressed in this article are my own and do not necessarily reflect those of the Federal Trade Commission.