A national security approach to regulating crypto

With help from Derek Robertson

Crypto executives love to complain about poorly defined rules – of “regulation by enforcement,” of living through another version of “Operation Choke Point.“

They have a point. There is broad agreement that the US needs a more comprehensive approach to regulating a trillion-dollar asset class whose supporters have an expansive vision of its role in the world. There just isn’t much agreement on what that approach should look like.

Now the Foundation for Defense of Democracies is wading into the fray with a set of proposals intended in part to prevent “regulation by enforcement” from becoming the norm when it comes to policing crypto’s national security risks.

The hawkish think tank, known for its hard line on Iran, wields considerable influence in Washington’s foreign policy circles, and it views crypto-enabled money laundering as a major national security threat. It wants to bring the industry in line with the comprehensive compliance regime that applies to traditional financial firms – along with some additional measures to address the unique technical characteristics of digital assets.

It gave the DFD an exclusive look new framework ahead of a public release later today. The goal is to spur politicians to fill in gaps and eliminate ambiguities in crypto regulations that could affect national security, including those governing areas such as privacy-focused coins like Monero and anonymizing currency mixers like Tornado Cash.

The think tank plans to follow up with briefings by its contacts in the Biden administration and Congress. The idea, as the report puts it, is to avert “a national security version of the FTX implosion.”

If that doesn’t sound like a ringing endorsement of crypto – well, to put it mildly, FDD doesn’t subscribe to the crypto-purists’ vision of anonymous, borderless, permissionless finance.

“The industry may resist some of these steps because they are costly,” the framework’s co-author, FDD senior adviser Rich Goldberg, told DFD. “Or because they are contrary to their business models”

National security concerns raised by crypto have grown in recent years as US adversaries such as Iran and North Korea have seized on the pseudonymity and decentralization of blockchain networks to avoid sanctions and launder the spoils of state-sponsored hacking schemes.

The FDD framework is intended to build on a plan to counter illegal crypto-financing released by the Treasury Department in September, in response to President Joe Biden’s order on digital assets.

Goldberg said he hopes it will allow the Treasury Department to avoid replicating the ad hoc approach taken (most notably) by the SEC in its enforcement of consumer protection rules when it comes to policing illicit money flows.

Design explicit rules tailored for digital assets could prevent a repeat of the firestorm that occurred last summer when the Treasury Department sanctioned Tornado Cash, a decentralized protocol for anonymizing crypto transactions.

Tornado Cash had been widely used for money laundering, but the unique nature of sanctions against a software tool – as opposed to a company or individuals running a conventional software – raised fears of excessive reach.

Crypto supporters were concerned that the sanctions could implicate all types of users who had nothing to do with money laundering, including passive recipients of crypto sent with the tool or curtail free speech by prohibiting the publication of Tornado Cash’s source code.

After weeks of uproar, the Treasury published additional guidance said it would not prioritize enforcement of people who received small amounts of unwanted crypto with the tool, and that the rules did not prohibit people from interacting with the source code if they are not involved in prohibited transactions.

FDD’s report finds that some questions raised by the Tornado Cash sanctions remain unanswered. They include how far back in a crypto token’s transaction history a firm must look when making sure it hasn’t gone through an approved address.

The US must also increase the pressure on other governments to enforce financial surveillance rules for crypto firms, the report claims.

Specifically, the FDD wants the U.S. to lean on other members of the Financial Action Task Force — an intergovernmental group charged with combating money laundering and terrorist financing — to comply with the task force’s crypto. compliance recommendations.

The framework also calls for investment in on-chain analytics capabilities by government agencies, and says Congress should consider requiring crypto firms to incorporate such methods into their compliance systems.

Other recommendations include minimum cybersecurity standards for crypto firms and a higher standard for scrutiny of crypto exchanges based in jurisdictions deemed high risk for money laundering and terrorist financing.

For beleaguered crypto executives still reeling from this year’s attacks, there’s one recommendation to take special note of. Despite its preference for proactive rulemaking, the framework still calls for regulation through enforcement “when necessary.”

“Sometimes you have to kill the chicken to scare the monkey,” Goldberg said, invoking a Chinese idiom about making an example of someone. “But that shouldn’t be your primary position.”

In yesterday’s DFD I wrote about accusations of political bias in generative AI systems – especially ChatGPT, which has some apparently irresponsible railings about who and what it will or will not praise.

An OpenAI spokesperson did not respond to me by the time of posting, but emailed back later and pointed to a passage from this blog who addressed the topic in general, saying “Although we’ve tried to get the model to reject inappropriate requests, it will sometimes respond to harmful instructions or display biased behavior.”

OpenAI also published a blog post today that directly addressed the topic, titled “How should AI

systems behave, and who should decide?” In it, the company acknowledged that “users have shared results that they consider to be politically biased, offensive or otherwise objectionable,” and that “In many cases, we believe that the concerns raised have been valid and have revealed real limitations in our systems which we want to address.”

It is still not entirely clear why ChatGPT would agree to compose admiring poems about some liberal political figures and not conservative ones. But for those interested in ChatGPT’s inner workings, the authors go on to shed some light on how their models are trained and the process of human input and review that determines what users see. They also point out that “Our policies are explicit that reviewers should not favor any political group” and “Bias that may still emerge from the process described above are bugs, not features,” before promising to iterate and improve the system. — Derek Robertson

This is what the Ministry of Foreign Affairs says: Robots should be allowed to kill you.

With some caveats. Many, in fact: The department’s Bureau of Arms Control, Verification, and Compliance issued a “Policy Statement on Responsible Military Use of Artificial Intelligence and Autonomy” this morning, with a list of “best practices” that should be involved in the use of military AI, which “can and should be ethical, responsible and improve international security.” They include:

• That states should maintain “human control and involvement” over nuclear weapons
• That the development and use of military AI should be overseen by “senior officials”
• That military AI systems should have built-in failsafes to “disengage or disable deployed systems that exhibit unintended behavior”
• Taking “deliberate steps” to “minimize unintended bias” in the use of the technology

For more on the long-running debate over the ethical and strategic viability of autonomous military weapons, read POLITICO’s Matt Berg’s recent reporting in DFD here and here. — Derek Robertson