FYI.

This story is over 5 years old.

Tech

How to Trace a Political Donation Made with Bitcoin

Down the rabbit hole we go.
​Image: Flickr/​s*t*e*v*i*e

​So, Rand Paul is doing perhaps the most libertarian thing ever and accepting Bitcoin to fund his campaign to be elected president. But—*pushes up glasses*—what does this mean for the political process?

On the one hand, Bitcoin advocates believe the cryptocurrency is more transparent than paper money, since, theoretically, every Bitcoin transaction can be traced through the public ledger known as the blockchain. On the other, you have Silk Road, the darknet, and all the other shady stuff that Bitcoin enables by virtue of its anonymizing properties.

Advertisement

Anonymity is a valuable and precious thing in many cases, but not when it comes to political funding—candidates are legally required to disclose who donated to their campaign to the Federal Election Commission (FEC). Which leads us to the question: How do you trace a political donation made with Bitcoin?

The first thing you need to know about Bitcoin is that it runs on the blockchain, a publicly viewable ledger that tracks every Bitcoin transaction in near-real time. The blockchain is also stored on every computer in the Bitcoin network, and everything uploaded to it—transactions as well as malware—pretty much stays there forever. This is why many in the Bitcoin community see it as transparent. Any Bitcoin transaction can be traced through the blockchain.

So, if someone donates to Rand Paul's campaign, can their transaction be traced directly from their Bitcoin "wallet" to Paul's through the blockchain? Unfortunately, it's not that simple.

Here's where things get fun and/or mind-melting, depending on your outlook. You see, the system used by Paul to accept Bitcoin presents some pretty unique challenges to election transparency, but they're not insurmountable.

There is a digital paper trail

Paul uses a Bitcoin merchant service called BitPay, a handy service that accepts Bitcoin for its clients and converts them to dollars, depositing the funds into their bank account. Such services are employed because when the FEC approved political funding with Bitcoin last year, it did so on the condition that Bitcoins be converted to dollars and deposited into a bank account before they are used as campaign funds.

Advertisement

For every donation, BitPay automatically generates a new Bitcoin wallet for the donor. This is a recommended practice for Bitcoin services, and it produces a unique wallet ID—a random string of characters—that can be used to trace each transaction.

"There are a lot of legitimate reasons to use unique addresses for each customer," Gwern, a pseudonymous darknet researcher, told me. "For one thing, it makes debugging and customer support much easier as the address serves as a unique ID."

For example, if someone claims that their transaction never went through, it's way easier to check a dedicated wallet with just one transaction in it than a huge, general purpose wallet with tons, Gwern said. That can be like finding a needle in a haystack.

Nicolas Christin, an assistant research professor at Carnegie Mellon University who studies Bitcoin and darknet markets, agreed. "This is somewhat recommended practice so it's hard to fault them for that," he explained.

As an added layer of security, Rand Paul's site requires donors to fill out fields with their real name, address, et cetera, so their identity is tied to their unique wallet ID. "The merchant will be able to retrieve the data in these required fields via their BitPay ledger," Julia Patterson, a BitPay spokesperson, told me. "Recording donor information should not require any blockchain analysis."

But this approach to track campaign funds depends on someone giving over their real name when they donate, and it's really, really easy to lie on a form.

Advertisement

There's no guarantee that the throwaway wallet is tied to a real identity

If someone were to lie about their identity to donate more funds pseudonymously, the newly generated wallet couldn't be traced to the person behind the transaction very easily, since it's essentially a throwaway ID. In contrast, if someone were to donate to Rand Paul using a general purpose wallet, it's likely that the wallet ID could be traced to them if they've posted it somewhere online, like a forum.

"The FEC treats bitcoin donations similar to cash," Patterson explained. "Anonymous cash donations can be accepted up to $50, but there is no way to know with certainty that one individual has not given multiple $50 anonymous cash donations. If someone were to go through the hassle of making many small bitcoin donations with faulty information, bitcoin donations are easier to connect to a donor's identity than cash because of the blockchain." But here's where it gets even tricker.

The next issue is that BitPay moves funds from these newly created wallets through a complex series of bigger wallets that it controls. This is basically what's known as a "tumbler," a system widely used by people buying drugs on the darknet to hide their identities, but its main purpose is, again, merely to protect the privacy of Bitcoin users.

"Intrinsically, any wallet or exchange or payment service is a tumbler unless they take considerable pains to send you back the exact bitcoins you sent them," Gwern told me, "which they don't."

Advertisement

A tumbler makes tracing transactions through the blockchain more difficult, because you never know which wallets are owned by BitPay and which aren't. Remember, wallet IDs are just random strings of characters without a name attached.

In this set-up, Bitcoin doesn't go directly from the donor to Paul—instead, it gets pushed through a byzantine (and proprietary—BitPay would not reveal to Motherboard which wallets it controlled) series of wallets before BitPay eventually pays out funds in dollar amounts to Paul.

Investigators could look through the blockchain to see where transactions come from, but even if they somehow make it through the complex and proprietary chain of BitPay wallets, there's no guarantee that the original throwaway wallet is tied to someone's real identity if they lied on the form—something that's not possible with other forms of online payment like credit cards or PayPal, which are tied to real identities in many ways.

In this situation, the blockchain alone probably won't be enough to make Bitcoin transparent in terms of political funding, but that's where the other parts of the Bitcoin system come into play.

The main thing is to tie a wallet ID to a real person's identity. When that person has lied about their identity in order to do some shady campaign funding, that task becomes more difficult, but far from impossible.

Tracing BitPay transactions isn't easy without a court order

Advertisement

This is because, Patterson told me, "Online anonymity, in practice, is extremely difficult to achieve—you keep leaving data crumbs with each online interaction or communication." And these data crumbs are just waiting for someone with the technical expertise—or, failing that, the legal authority to demand that transaction records be turned over—to piece together.

"Large donations may still be traceable to an actual identity if necessary," Christin explained. "If you give, say, $100K in one Bitcoin payment, one should be able to see which wallet this originally came from. From there you might be able to trace the exchanges where these Bitcoins were purchased, and potentially get the identity of the person if the exchange cooperates or is forced to cooperate. For example, through subpoena."

While it's certainly easier to spot a large donation being made with Bitcoin, the same principle applies to small donations. There's a digital paper trail. If the FEC suspected that someone was gaming the donation process with Bitcoin, even if tracking the blockchain led to a dead end, someone, somewhere, likely has the key piece of information to determine the fraudster's identity on their servers. Getting it might require some legal coercion, but it's likely there for the taking.

This is by design. Tracing transactions made through BitPay, like a donation to Rand Paul's campaign, is "not easy for anyone outside of law enforcement or court order," according to Jeff Garzik, a long-time Bitcoin developer who works for BitPay.

All of this isn't to say that Bitcoin is somehow dangerous for the political process—while some people do some pretty shady shit with cryptocurrency, it really is a rather transparent system with checks and balances along the way. In that sense, Bitcoin is a big step up from cash when it comes to the ability to trace transactions. With the right technical understanding and access, the money can be followed.

And that, dear reader, is how you trace a political donation with Bitcoin.

CORRECTION: An earlier version of this article stated that services like BitPay are "required by the FEC." This is incorrect. The FEC requires that candidates exchange their Bitcoins for dollars before they can be used as campaign funds, but a politician may hold on to their Bitcoin if they wish. The article has been edited to reflect this.