World Geostrategic Insights interview with Dr. Hans-Jakob Schindler on how terrorists operate and finance their activities through cryptocurrencies, the extent to which this phenomenon has been spreading in Europe and the United States, and the prospects for imposing robust regulation on the cryptocurrency industry and preventing the misuse of digital currencies for criminal activities, such as money laundering and terrorist financing.
Dr. Hans-Jakob Schindler is the Senior Director of the Counter Extremism Project (CEP) in New York and Berlin, co-chair of the Advisory Board of the Global Diplomatic Forum in London, member of the Advisory Board of Justice for Kurds in New York, member of the Boards of Directors of Compliance and Capacity Skills International (CCSI) in New York and London as well as a teaching fellow at the academy for Security in the Economy (ASW Akademie AG) in Essen. Previously he was the coordinator of the United Nations’ sanctions monitoring team for jihadist terrorists.
Q1 – Cryptocurrencies have become an increasingly popular form of currency over the years, and many consider them a secure and decentralized way to conduct transactions. But terrorist organizations also seem to have caught on and are exploiting virtual currencies in their activities. What factors increase the viability of cryptocurrencies for terrorist organizations? How do terrorists operate through cryptocurrencies?
A1 – It is important to begin with pointing out that technology, whether it is social media platforms or cryptocurrencies, is not inherently good or bad. What is however naïve is to ascribe to any technology an inherently positive nature and thereby assume that it would only make a positive contribution to society and could not possibly be misused in any significant manner. Technology will always be misused. Furthermore, malignant actors, including criminals, extremists and terrorists are regularly among the early adopters of technology, primarily because internal guardrails as well as external regulatory risk mitigation standards are weak or non-existent at the early stages of the roll-out of a new technology.
Cryptocurrencies are a good but not unusual example in this regard. The basic philosophy underpinning this technology is to create a new mechanism that allows the transfer of value independent of the government infused formal financial sector. This radical libertarian idea, based on the tenets of the Austrian School of economics argues that any involvement in financial affairs injects political considerations into the system and therefore inevitably leads to market distortions and large-scale failures, the 2008 financial crisis being the case in point. Hence, it is not surprising that the now famous white paper by Satoshi Nakamoto, generally considered the beginning of Bitcoin as the first cryptocurrency, was published in January 2009.
Based on the already established and well understood blockchain technology, a distributed ledger technology first developed in the 1990s, all cryptocurrencies have a basic common feature, they create full transparency between two partners (peers) of a transaction. Since the ledger created sits on the distributed blockchain, it cannot be altered. Therefore, rather than generating trust through using the government regulated and guaranteed fiat currency transaction system, trust is created through full transparency between the two sides interacting during a transaction, based on the ability to understand the full transaction history and current status of the counterparty by each of the actors. The necessary and, in my view unavoidable, counterpart to this full transparency between the two counterparties is the need to obfuscate the identity of the users to third parties, including outside observers, including government authorities. Of course, understandably, no one wants their financial information displayed for everyone to see. In the case of Bitcoin, the most widely adopted and most transparent cryptocurrency, only the actual identity of the user is hidden, the wallets as well as the transactions on the blockchain are open and can be inspected from outside.
So-called privacy coins, such as Monero go one step further and encrypt the information concerning the wallet and, in some cases, also encrypt the transaction history on the blockchain as well. Furthermore, services such as mixers and tumblers, when combined with the use of Bitcoin obfuscate the transactions path and therefore also reduce transparency in Bitcoin transactions. The next generation of this technology, the adoption rates of which are increasing, will depend on so-called non-custodial wallets and exchanges, shareware that allows users to use this technology without going to service providers, such as exchanges and therefore outmaneuver any attempts to regulate their use by removing what is called in financial regulations the obligated entity or reporting entity. These reporting entities, because they are providing a commercial service, are at the center of financial regulation as they can be required to be a key part of the defense mechanisms mitigating risks of misuse, such as financial crime, money laundering or terrorism financing. Without a third-party service provider that can be obliged to conduct know your customer procedures (KYC), essentially identity checks, and due diligence procedures, essentially enquiries into the past behavior of customers, essential data to prevent malign misuse will not be available.
Therefore, these various levels of obfuscation of key data create a technical environment that is next to ideal for anyone with malign intentions, including criminals, extremists, and terrorists. Such individuals seek out opportunities to hide both their identities as well as their operations. Cryptocurrencies being online technology also allows the user to obfuscate his or her geographical location, through the use of virtual private networks (VPNs) for example. Finally, the fact that globally cryptocurrency regulation is not yet evenly regulated provides additional opportunities for malign actors. If cryptocurrencies are not yet legally recognized as financial instruments in a jurisdiction, the legal basis for freezing or seizing such assets does not exist.
Of course, malign actors also need fiat currency on- and off-ramps, a point where fiat currency is converted into cryptocurrency and converted back into fiat currency. However, if less strictly regulated cryptocurrency jurisdictions are chosen for this or if cryptocurrency ATMs are used in jurisdictions that do not (yet) require customer identification when using such ATMs to either on- or off-load fiat currencies from cryptocurrencies, the risk for the malign actors remains minimal. Therefore, detailed, more even and more specific regulation of this technology is needed, on a global scale.
Based on the details from publicly available indictments concerning the misuse of cryptocurrencies, terrorist individuals and groups have misused the full functionality of cryptocurrencies, to generate funds through donations, to transfer value, to obfuscate the criminal origin of funds, and as alternative payment mechanisms. It is telling that already in 2015, a teenager in the United States was convicted for compiling a manual on the use of cryptocurrencies for ISIS, demonstrating that very early on in the group’s existence, the potential of this new technology was recognized. One important development in this space, which is not sufficiently recognized, is the move by terrorist and extremist groups away from Bitcoin and towards so-called privacy coins as well as the use of non-custodial wallets and exchanges. This also means that tracking such behavior is increasingly challenging both for outside observers but also for investigative authorities. Monero, for example, is quickly becoming popular among violence-oriented right-wing extremist individuals and groups in the United States. Therefore, while there continues to be a there there, documenting and mitigating the risks associated with it is an ever-growing uphill battle.
Q2 – A common method for terrorists and radicalized groups to acquire funds is crowdfunding and charitable organizations with actions targeting Western supporters, including through social media such as Facebook and Telegram. Many supporters and sympathizers eager to donate to terrorist organizations, but afraid to make physical monetary transactions due to the legal and financial risks involved, will be able with cryptocurrencies to fund terrorists without risk. To what extent are extremist and terrorist organizations using cryptocurrencies to finance their activities? How far has this phenomenon already spread in Europe and the United States?
A2 – Running donation drives through cryptocurrencies by terrorist groups does reverse the risks. In the past, donation drives using fiat currencies always depended on a significant effort to obfuscate the actual destination of the funds and the purpose of their use. Therefore, terrorist groups were forced to either misuse existing charitable organizations or set up entirely new ostensibly charitable organizations to conduct such funding drives.
However, the ability of cryptocurrency technology to obfuscate the identity of both the sender and receiver, the ability of the technology to obfuscate transaction paths coupled with the spotty global regulatory framework provides technical and legal solutions for this need of obfuscation in such operations.
Now funding drives, by terrorist organizations in the Middle East, but also by violence-oriented extremist groups can not only advertise openly who the intended receiver for the funds is but can also openly document to the potential donors what the funds are specifically used for. A few years ago, a funding campaign by a regional terrorist group from the Middle East displayed a chart with weapons and ammunition with the associated prices in cryptocurrencies indicated for each item to enable donors to see how much would purchase the group’s equipment. Given the inability of government authorities to stop such campaigns and the challenges to clearly identify users, blockchain analysis is a statistical method, resulting in a probability statement, not evidence of the identity of a user, means that such fundraising campaigns can now reach a much broader, potentially global audience. Fundraising is no longer restricted to a limited group of supporters and sympathizers. The targeting of such fundraising campaigns is also no longer dependent on a physical infrastructure of a charitable or ostensibly charitable organization and therefore can instantaneously target potential donors across the globe.
Of course, the current assessment of all terrorism financing experts that I am aware of is that “cash is still king” and that terrorist and extremist groups continue to primarily depend on fiat currencies for their operations. However, this does not preclude the combination of both fiat- and cryptocurrency-based methodologies, such as the combination of the misuse of cryptocurrencies in combination with the informal and in many jurisdictions under- or unregulated hawala system, as observed already in some instances in Afghanistan. In such circumstances, funds are either raised locally in fiat currency and transferred using cryptocurrencies or generated in cryptocurrencies, transferred to another, less strictly regulated jurisdiction where it is off-ramped into fiat currencies and subsequently transferred onwards to the conflict zone through the use of the informal hawala system. Therefore, this technology has been adopted by terrorist individuals, groups and networks and will very likely continue to be misused in innovative ways.
Q3 – The rapid growth of cryptocurrencies and their increasing use in global financial transactions has brought potential benefits. But the risks associated with cryptocurrencies have also increased, including volatility, market manipulation, and cyber threats. Digital currencies essentially operate outside the control of traditional financial institutions and governments. The G20, composed of the world’s 20 largest economies, recently recognized the need for a coordinated international effort to address the risks associated with cryptocurrencies and establish clear regulatory guidelines for their use. Do you think it will really be possible to impose robust regulation on the cryptocurrencies industry and prevent the misuse of digital currency for criminal activities, such as money laundering and terrorist financing?
A3 – I have already argued the need for more global regulation of this technology, including decisions on how to tackle the newest variant that uses shareware and therefore removes the intermediary that is the key interlocutor for all financial regulations. However, the design of such regulations need to recognize the specific elements that are inherent in this technology as well as the fact that they operate online and therefore, their misuse of malign purposes by criminals, extremists and terrorists depends on the functionality of the online environment.
Therefore, while such regulation should mirror as closely as possible the already established mechanisms employed when countering the financing of terrorism in fiat currencies, it is central to consider specific technical challenges that are crucial to the functioning of these new technologies. For example, customer onboarding processes in the FinTech industry are fully automated without human-to-human interaction. This will require the setting of appropriate standards for the identification and verification of customer identities to ensure that terrorists or violent extremists are not able to penetrate the respective services by deceptive means.
Furthermore, the definition of a de minimis threshold for virtual asset transfers such as f.ex. the equivalent of 1000 USD/EUR, as recommended by the Financial Action Task Force (FATF), should consider the much higher volatility of virtual assets compared to fiat currencies. Therefore, potentially more flexible definitions would need to be adopted, to ensure that transactions that temporarily fall below this threshold in value are appropriately captured.
Technical developments within the sector, such as mixers, tumblers, so-called privacy coins as well as non-custodial wallets present serious challenges for transaction transparency and their use by terrorist and violent extremist groups is increasing. Therefore, both new regulatory frameworks as well as new technical tools must be developed to ensure that the terrorism financing risks that emanate from such privacy enhancing but transparency reducing technologies are appropriately mitigated. In addition to blockchain analysis, standards for behavior-based transaction monitoring should be contemplated.
Finally, the use of these new financial instruments by terrorist and violent extremist networks, groups and individuals is often combined with the misuse of the global virtual infrastructure that social media, messenger services as well as crowdfunding platforms provide. These service providers must become part of the first line of defense. Here both terms of services as well as monitoring standards by these service providers should be improved. Currently, these are not yet sufficiently focused on countering the misuse of their services for the financing of terrorism.
However, compliance standards within the tech-industry are unlikely to improve sustainably without externally induced regulatory and commercial incentives. Some jurisdictions, such as for example the European Union (EU), are in the process of developing such frameworks However, while these address “illegal content” and therefore could also be applied to combating the misuse for terrorist financing, a specific focus on this particular misuse is missing and should be included.
Furthermore, while introducing notice-and-action standards are crucial, given the vast quantities of data uploaded on these platforms, proactive monitoring of their services by providers, which already curate all data on their platforms all the time for commercial purposes, is a necessary element of any effective defensive system. Therefore, standards for such proactive monitoring need to be developed to guide the curation of data by providers. Such standards could be modeled along the already existing standards employed by other industries, including the financial industry.
Cryptocurrencies clearly present a range of new regulatory and investigative challenges. They require innovative approaches in regulation, but also new and different investigative capacities and capabilities of government authorities tasked with mitigating the risk of their misuse. Of course, no regulation and no investigative capability can ever completely eliminate the misuse of any system or technology by malign actors. This is also not the primary aim of such efforts and arguments that this must be the outcome are usually raised by those that are fundamentally opposed to any type of regulation. Developing effective regulations and investigative capabilities and capacities are primarily geared towards creating a hostile environment for the misuse of the respective technology and to increase the chances of such misuse being discovered. This raises both the risks as well as the operational costs of malign actors attempting such misuse. This is of course a perpetual “arms race”, but an unavoidable one.
Dr. Hans-Jakob Schindler – Senior Director of the Counter Extremism Project (CEP)
Image Credit: Tim Stewart News/Rex